MSM PHP errors on second site but not original

Hi readio,

I’m sorry you have encountered these errors!

In order to get you the best response possible, I need to know the version of ExpressionEngine and MSM that you are running here.

Cheers,

EE version is 2.4.0

MSM is 2.1.2

Looking at this in more detail, the pages that are showing those errors have a ‘TM’ entity within the copy.

Could this be causing it? Although it seems strange that the original site does not show any errors and has the same content.

Hi readio,

Ok - I need you to dig in to /system/codeigniter/Security.php and let me know what you find on line 610.

It should look exactly like this:

$str = preg_replace("/<(\/?[^><]+?)([^A-Za-z\-])(".implode('|', $attribs).")([\s><])([><]*)/i", '<$1$2$4$5', $str, -1, $count);

Also, can you post the template for the affected pages, and sample content from an entry that is causing this problem?

It is odd that it only affects one site and not the other.

Cheers,

Hi Dan

I do have that line of code in Security.php - the paths is slightly different /system/codeigniter/core/Security.php

Is there any way this thread can be made private or I can PM you? I’m not too sure about posting content/templates on a public forum.

Hi readio,

Indeed, sorry about the incorrect path!

Be on the lookout for an email from us.

Cheers,

hi- i’m seeing this error too, on first site, in MSM, same EE + MSM versions as above. my security.php has line 610 as you have it, too.

Hi littlered,

Sorry for the trouble you are having with this!

Are you trying to use special characters as well?

I checked for the follow up on this issue, but it literally fixed itself for the original poster.

Can you tell me a little about your server environment? PHP/MySQL version, etc.

Cheers,

I’m also seeing these errors on occasion in a 2.4.0 install, but no MSM. The issue seems to be the delimiters conflicting possibly with $str that is being passed to that function. I’m guessing URLs? (http://) where the regex doesn’t have the slashes escaped? Changing the delimiters in the preg_replace() call on line 610 of the core/Security.php file makes the warning go away. As a test I change the line to:

$str = preg_replace("#<(\/?[^><]+?)([^A-Za-z\-])(".implode('|', $attribs).")([\s><])([><]*)#i", '<$1$2$4$5', $str, -1, $count);

from

$str = preg_replace("/<(\/?[^><]+?)([^A-Za-z\-])(".implode('|', $attribs).")([\s><])([><]*)/i", '<$1$2$4$5', $str, -1, $count);

basically replacing the ‘/’ delimiters with ‘#’ ones. I’ll probably go check the 2.5.0 changlog, but is it possible this is a bug that was fixed?

IMPORTANT: I made this change as just a test. I would personally NEVER modify a core file and don’t recommend that you do either.

Hi Adam,

Thanks for your sleuthing, input and caveat!

Indeed, modifying Core files is not recommended.

Cheers,

So Dan, is this something that would be fixed in 2.5.0?

Hi Adam,

I do hesitate to say for sure. The affected files are in CodeIgnter and those changes aren’t tracked in the ExpressionEngine change log.

I haven’t experienced this in 2.5.x, but I didn’t run into it in the affected versions either, so I’m not a good test.

Cheers,

Any word on this? These errors are holding me up on a project,

Hi Adam,

Looking into ExpressionEngine 2.5.2:

$str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count);

So the line is still the same. I wonder if this would be related to the way PHP is configured? Simply because on my X 10.7.4 homebrew setup, I do not have this issue. Nor does the vast majority of our Community, or we would hear much more about it.

Cheers,