Simple Invoices logo
HOME | DOWNLOAD | BLOG | FORUM | DEMO
Not signed in (Sign In)

Support: PDF generation grabs wrong page

Bottom of Page

1 to 9 of 9

  1.  
    • CommentAuthorRuben
    • CommentTimeJan 6th 2008 edited
     permalink
    Hi guys,

    just found a sleepless night to play with si again and upgraded to 2007-31-12 (skipped the one before). Most went quite smoothly. The PDF generation however now grabs a page from a different virtual host in my apache, a bit bizarre. Anyway, hoping that you guys might know what's the prob straight out. Otherwise I'll start digging.

    Here's the GET string should someone be interested :
    GET /include/pdf/html2ps.php?process_mode=single&renderfields=1&renderlinks=1&renderimages=1&scalepoints=1&pixels=800&media=A4&leftmargin=15&rightmargin=15&topmargin=15&bottommargin=15&transparency_workaround=1&imagequality_workaround=1&output=1&location=pdf&pdfname=2007000052&URL=http%3A%2F%2FMY.SERVER.NL%3A10007%3A10007%2F%2Findex.php%3Fmodule%3Dinvoices%26view%3Dtemplates%2Ftemplate%26invoice%3D2007000052%26action%3Dview%26location%3Dpdf%26type%3D2 HTTP/1.1" 200 27209 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11"

    Later,

    Ruben
    • CommentAuthorRuben
    • CommentTimeJan 6th 2008 edited
     permalink
    I've moved the virtualHost where pdf-generation grabs from to simplify debugging a little and turned on logging.
    This session returns a blanc page :

    Sun Jan 06 16:08:58 2008] [error] [client MY_DSL_WAN_IP] PHP Notice: Undefined variable: authenticationOn in /usr/local/Hosted/si/abubble/include/include_auth.php on line 3, referer: [url=http://SI.MYSERVER.NL:10007/index.php?module=invoices&view=manage    Well, the authentication variable might be a problem but :

    [Sun Jan 06 16:08:59 2008] [error] [client MY_DSL_WAN_IP] Fetching: http://SI.MYSERVER.NL:10007:10007//index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2, referer: http://SI.MYSERVER.NL:10007/index.php?module=invoices&view=manage />
    This already seems more of problem, the port is appended to the string which already contains the port.


    [Sun Jan 06 16:08:59 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: pageActive in /usr/local/Hosted/si/abubble/modules/invoices/template.php on line 69, referer:     http://SI.MYSERVER.NLl:10007//index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2 />

    [Sun Jan 06 16:08:59 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: pageActive in /usr/local/Hosted/si/abubble/modules/invoices/template.php on line 70, referer:     http://SI.MYSERVER.NL:10007//index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2 />
    These dont seem problematic.
    Next stage :


    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [06/Jan/2008:16:08:59 +0100] "HEAD //index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2 HTTP/1.1" 200 - "http://SI.MYSERVER.NL:10007//index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    This is good, the url string accessed here is the correct url, when pasted into the browser it shows the correct page.


    ==> /var/log/httpd-error.log <==
    [Sun Jan 06 16:08:59 2008] [error] [client MY_DSL_WAN_IP] Status code:200, referer:     http://SI.MYSERVER.NL:10007/index.php?module=invoices&view=manage />[Sun Jan 06 16:08:59 2008] [error] [client 192.168.1.32] client denied by server configuration: /usr/local/Hosted/ticket

    Now things really get fubarred : there is no reason why the code should attempt to access a page outside of its webroot. This is where the wrong page would have been grabbed from should that virtualhost root still exist.

    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [06/Jan/2008:16:08:59 +0100] "GET //index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2 HTTP/1.0" 403 358 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    Why does the server client report being Windows XP by the way ? Do we need this ?


    ==> /var/log/httpd-error.log <==
    [Sun Jan 06 16:08:59 2008] [error] [client MY_DSL_WAN_IP] Processing of 'http://SI.MYSERVER.NL:10007:10007//index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2' completed in 0 seconds, referer:     http://SI.MYSERVER.NL:10007/index.php?module=invoices&view=manage />
    Ok, this is odd. When pasting this string into the browser, the superfluous port gets strippped correctly and the correct page is shown. But in this session it is in error state and the resulting pdf is blanc.

    ==> /var/log/httpd-access.log <==
    MY_DSL_WAN_IP - - [06/Jan/2008:16:08:58 +0100] "GET /include/pdf/html2ps.php?process_mode=single&renderfields=1&renderlinks=1&renderimages=1&scalepoints=1&pixels=800&media=A4&leftmargin=15&rightmargin=15&topmargin=15&bottommargin=15&transparency_workaround=1&imagequality_workaround=1&output=1&location=pdf&pdfname=2007000052&URL=http%3A%2F%2FSI.MYSERVER.NL%3A10007%3A10007%2F%2Findex.php%3Fmodule%3Dinvoices%26view%3Dtemplates%2Ftemplate%26invoice%3D2007000052%26action%3Dview%26location%3Dpdf%26type%3D2 HTTP/1.1" 200 816 "http://SI.MYSERVER.NL:10007/index.php?module=invoices&view=manage" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11"

    This is the end of the pdf session. The string seems correct.
    The main problem seems to be when the pdf session tries to access a page outside of the si virtualhost webroot.

    Further information :
    I'm still running si in a namebased virtual host inside a freeBSD jail (virtual server) behind a NAT firewall with PHP 5.2.1_3 and apache 2.0.59.

    Thanks for any input.
    • CommentAuthorjustin
    • CommentTimeJan 7th 2008 edited
     permalink
    Hey Ruben,

    we introduced a new PDF url thing a release or 2 back which may be causing your issues

    refer urlPDF function in ./include/sql_queries.php
    function urlPDF($invoiceID,$invoiceTypeID)
    {
    global $http_auth;

    $script = "/index.php?module=invoices&view=templates/template&invoice=".htmlspecialchars($invoiceID)."&action=view&location=pdf&type=".htmlspecialchars($invoiceTypeID);
    $port = "";
    $dir = dirname($_SERVER['PHP_SELF']);

    //set the port of http(s) section
    if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') {
    $_SERVER['FULL_URL'] = "https://";
    if($_SERVER['SERVER_PORT']!="443") {
    $port .= "://" . $_SERVER[’SERVER_PORT’];
    }
    } else {
    $_SERVER['FULL_URL'] = "http://";
    if($_SERVER['SERVER_PORT']!="80") {
    $port = ":" . $_SERVER['SERVER_PORT'];
    }
    }

    //merge it all togehter
    if (isset($_SERVER['HTTP_HOST'])) {
    $_SERVER['FULL_URL'] .= $http_auth.$_SERVER['HTTP_HOST'].$port.$dir.$script;
    } else {
    $_SERVER['FULL_URL'] .= $http_auth.$_SERVER['HTTP_HOST'].$port.$dir.$script;
    }

    return $_SERVER['FULL_URL'];



    you may want to try just echoing some of the variables used to create the url for the PDF to make sure its getting the right info for your setup

    Cheers

    Justin
    • CommentAuthorRuben
    • CommentTimeJan 7th 2008 edited
     permalink
    Justin,
    the urlPDF generated string is correct, otherwise pasting [code] 'http://SI.MYSERVER.NL:10007:10007//index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2 [/code]
    into the browser would not get me the correct data, right ?
    Also, when removing the virtualhost from the apache Includes, the pdf's are generated correctly. I have another 8 virtualhost in this setup so I don't really get why this one would be a problem. More to the point however is that the pdf code should NEVER be able to look outside of its webroot.

    Here's a session where the offending virtualHost was removed from apache and the pdf is generated correctly :

    [code]
    [Mon Jan 07 16:32:24 2008] [error] [client MY_DSL_WAN_IP] PHP Notice: Undefined variable: authenticationOn in /usr/local/Hosted/si/abubble/include/include_auth.php on line 3, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:32:24 2008] [error] [client MY_DSL_WAN_IP] Fetching: http://SI.SERVER.NL:10007:10007//index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:32:24 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: pageActive in /usr/local/Hosted/si/abubble/modules/invoices/template.php on line 69, referer: http://SI.SERVER.NL:10007//index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2
    [Mon Jan 07 16:32:24 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: pageActive in /usr/local/Hosted/si/abubble/modules/invoices/template.php on line 70, referer: http://SI.SERVER.NL:10007//index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2

    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:32:24 +0100] "HEAD //index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2 HTTP/1.1" 200 - "http://SI.SERVER.NL:10007//index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:32:24 2008] [error] [client MY_DSL_WAN_IP] Status code:200, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:32:25 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: pageActive in /usr/local/Hosted/si/abubble/modules/invoices/template.php on line 69
    [Mon Jan 07 16:32:25 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: pageActive in /usr/local/Hosted/si/abubble/modules/invoices/template.php on line 70

    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:32:24 +0100] "GET //index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2 HTTP/1.0" 200 6824 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:32:25 2008] [error] [client MY_DSL_WAN_IP] Guessed: 'http://SI.SERVER.NL:10007:10007//./templates/invoices/default/style.css', referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:32:25 2008] [error] [client MY_DSL_WAN_IP] Fetching: http://SI.SERVER.NL:10007:10007//./templates/invoices/default/style.css, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage

    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:32:25 +0100] "HEAD //./templates/invoices/default/style.css HTTP/1.1" 200 - "http://SI.SERVER.NL:10007//./templates/invoices/default/style.css" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:32:25 2008] [error] [client MY_DSL_WAN_IP] Status code:200, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage

    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:32:25 +0100] "GET //./templates/invoices/default/style.css HTTP/1.0" 200 879 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:32:25 2008] [error] [client MY_DSL_WAN_IP] Guessed: 'http://SI.SERVER.NL:10007:10007//./templates/invoices/logos/abubbleTextLogo.png', referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:32:25 2008] [error] [client MY_DSL_WAN_IP] Fetching: http://SI.SERVER.NL:10007:10007//./templates/invoices/logos/abubbleTextLogo.png, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage

    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:32:25 +0100] "HEAD //./templates/invoices/logos/abubbleTextLogo.png HTTP/1.1" 200 - "http://SI.SERVER.NL:10007//./templates/invoices/logos/abubbleTextLogo.png" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:32:25 2008] [error] [client MY_DSL_WAN_IP] Status code:200, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage

    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:32:25 +0100] "GET //./templates/invoices/logos/abubbleTextLogo.png HTTP/1.0" 200 7236 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:32:29 2008] [error] [client MY_DSL_WAN_IP] Processing of 'http://SI.SERVER.NL:10007:10007//index.php?module=invoices&view=templates/template&invoice=2007000052&action=view&location=pdf&type=2' completed in 5 seconds, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage

    ==> /var/log/httpd-access.log <==
    MY_DSL_WAN_IP - - [07/Jan/2008:16:32:24 +0100] "GET /include/pdf/html2ps.php?process_mode=single&renderfields=1&renderlinks=1&renderimages=1&scalepoints=1&pixels=800&media=A4&leftmargin=15&rightmargin=15&topmargin=15&bottommargin=15&transparency_workaround=1&imagequality_workaround=1&output=1&location=pdf&pdfname=2007000052&URL=http%3A%2F%2FSI.SERVER.NL%3A10007%3A10007%2F%2Findex.php%3Fmodule%3Dinvoices%26view%3Dtemplates%2Ftemplate%26invoice%3D2007000052%26action%3Dview%26location%3Dpdf%26type%3D2 HTTP/1.1" 200 45985 "http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11"
    [/code]

    And here's one where things go wrong :
    [code]
    [Mon Jan 07 16:37:15 2008] [error] [client MY_DSL_WAN_IP] PHP Notice: Undefined variable: authenticationOn in /usr/local/Hosted/si/abubble/include/include_auth.php on line 3, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Fetching: http://SI.SERVER.NL:10007:10007//index.php?module=invoices&view=templates/template&invoice=2007000051&action=view&location=pdf&type=2, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: pageActive in /usr/local/Hosted/si/abubble/modules/invoices/template.php on line 69, referer: http://SI.SERVER.NL:10007//index.php?module=invoices&view=templates/template&invoice=2007000051&action=view&location=pdf&type=2
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: pageActive in /usr/local/Hosted/si/abubble/modules/invoices/template.php on line 70, referer: http://SI.SERVER.NL:10007//index.php?module=invoices&view=templates/template&invoice=2007000051&action=view&location=pdf&type=2

    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:37:16 +0100] "HEAD //index.php?module=invoices&view=templates/template&invoice=2007000051&action=view&location=pdf&type=2 HTTP/1.1" 200 - "http://SI.SERVER.NL:10007//index.php?module=invoices&view=templates/template&invoice=2007000051&action=view&location=pdf&type=2" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"
    [/code]
    Up to this bit things are the same.
    [code]
    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Status code:200, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: HTTP_POST_VARS in /usr/local/Hosted/ticket/abubble/init.php on line 169
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: HTTP_POST_FILES in /usr/local/Hosted/ticket/abubble/init.php on line 177
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: nosession in /usr/local/Hosted/ticket/abubble/init.php on line 184
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: A session had already been started - ignoring session_start() in /usr/local/Hosted/ticket/abubble/init.php on line 185
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: user in /usr/local/Hosted/ticket/abubble/init.php on line 206
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: user in /usr/local/Hosted/ticket/abubble/init.php on line 207
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: a in /usr/local/Hosted/ticket/abubble/inc/class.ticket.php on line 132
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: view in /usr/local/Hosted/ticket/abubble/init.php on line 216
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: a in /usr/local/Hosted/ticket/abubble/init.php on line 238
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: a in /usr/local/Hosted/ticket/abubble/init.php on line 249
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: inc in /usr/local/Hosted/ticket/abubble/inc/themecore.php on line 6
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: in /usr/local/Hosted/ticket/abubble/inc/themecore.php on line 6
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: err in /usr/local/Hosted/ticket/abubble/inc/header.php on line 8
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: warn in /usr/local/Hosted/ticket/abubble/inc/header.php on line 13
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: name in /usr/local/Hosted/ticket/abubble/inc/open_form.php on line 18
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: email in /usr/local/Hosted/ticket/abubble/inc/open_form.php on line 26
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: phone in /usr/local/Hosted/ticket/abubble/inc/open_form.php on line 31
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: user in /usr/local/Hosted/ticket/abubble/inc/open_form.php on line 38
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: cat in /usr/local/Hosted/ticket/abubble/inc/open_form.php on line 42
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: cat in /usr/local/Hosted/ticket/abubble/inc/open_form.php on line 42
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: subject in /usr/local/Hosted/ticket/abubble/inc/open_form.php on line 51
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: message in /usr/local/Hosted/ticket/abubble/inc/open_form.php on line 55
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined index: user in /usr/local/Hosted/ticket/abubble/inc/open_form.php on line 72
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: e in /usr/local/Hosted/ticket/abubble/index.php on line 32
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] PHP Notice: Undefined variable: t in /usr/local/Hosted/ticket/abubble/index.php on line 34
    [/code]
    This is where si goes and tries to access /usr/local/Hosted/ticket/abubble/init.php which is completely outside of si's webroot.
    [code]
    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:37:16 +0100] "GET //index.php?module=invoices&view=templates/template&invoice=2007000051&action=view&location=pdf&type=2 HTTP/1.0" 200 4208 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"
    [/code]
    Fine, sure, this is good.
    [code]
    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Guessed: 'http://SI.SERVER.NL:10007:10007//themes/eticket/style.css', referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Fetching: http://SI.SERVER.NL:10007:10007//themes/eticket/style.css, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] File does not exist: /usr/local/Hosted/si/abubble/themes, referer: http://SI.SERVER.NL:10007//themes/eticket/style.css
    [/code]
    Here it goes to work on a url that does not exist. Duh, it's appending one virtualhost string to another vhost hostname.
    [code]
    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:37:16 +0100] "HEAD //themes/eticket/style.css HTTP/1.1" 404 - "http://SI.SERVER.NL:10007//themes/eticket/style.css" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Status code:404, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [/code]
    And it goes looking for another 404. Having fun !
    [code]
    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:37:16 +0100] "GET //themes/eticket/style.css HTTP/1.0" 200 3707 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Cannot open http://SI.SERVER.NL:10007:10007//themes/eticket/style.css, HTTP result code is: 404, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Guessed: 'http://SI.SERVER.NL:10007:10007//view.php', referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Guessed: 'http://SI.SERVER.NL:10007:10007//themes/eticket/images/logo.gif', referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Fetching: http://SI.SERVER.NL:10007:10007//themes/eticket/images/logo.gif, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] File does not exist: /usr/local/Hosted/si/abubble/themes, referer: http://SI.SERVER.NL:10007//themes/eticket/images/logo.gif
    [/code]
    Why not start guessing ? That's always a good thing, right?
    [code]
    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:37:16 +0100] "HEAD //themes/eticket/images/logo.gif HTTP/1.1" 404 - "http://SI.SERVER.NL:10007//themes/eticket/images/logo.gif" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Status code:404, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [/code]
    Let's access another couple of pages I should know nothing about.
    [code]
    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Cannot open http://SI.SERVER.NL:10007:10007//themes/eticket/images/logo.gif, HTTP result code is: 404, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Cannot fetch image: http://SI.SERVER.NL:10007:10007//themes/eticket/images/logo.gif, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Guessed: 'http://SI.SERVER.NL:10007:10007//view.php', referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Guessed: 'http://SI.SERVER.NL:10007:10007//themes/eticket/images/arrow.gif', referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Fetching: http://SI.SERVER.NL:10007:10007//themes/eticket/images/arrow.gif, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client 192.168.1.32] File does not exist: /usr/local/Hosted/si/abubble/themes, referer: http://SI.SERVER.NL:10007//themes/eticket/images/arrow.gif

    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:37:16 +0100] "HEAD //themes/eticket/images/arrow.gif HTTP/1.1" 404 - "http://SI.SERVER.NL:10007//themes/eticket/images/arrow.gif" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Status code:404, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage

    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:37:16 +0100] "GET //themes/eticket/images/arrow.gif HTTP/1.0" 200 275 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Cannot open http://SI.SERVER.NL:10007:10007//themes/eticket/images/arrow.gif, HTTP result code is: 404, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:16 2008] [error] [client MY_DSL_WAN_IP] Cannot fetch image: http://SI.SERVER.NL:10007:10007//themes/eticket/images/arrow.gif, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:17 2008] [error] [client MY_DSL_WAN_IP] Fetching: http://support.abubble.nl:10007/captcha.php, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:27 2008] [error] [client MY_DSL_WAN_IP] Cannot connect to support.abubble.nl:10007 - (60) Operation timed out, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:27 2008] [error] [client MY_DSL_WAN_IP] Cannot open http://support.abubble.nl:10007/captcha.php, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:27 2008] [error] [client MY_DSL_WAN_IP] Cannot fetch image: http://support.abubble.nl:10007/captcha.php, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:27 2008] [error] [client MY_DSL_WAN_IP] Guessed: 'http://SI.SERVER.NL:10007:10007//view.php', referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:27 2008] [error] [client MY_DSL_WAN_IP] Guessed: 'http://SI.SERVER.NL:10007:10007//themes/eticket/images/powered_by.gif', referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:27 2008] [error] [client MY_DSL_WAN_IP] Fetching: http://SI.SERVER.NL:10007:10007//themes/eticket/images/powered_by.gif, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:27 2008] [error] [client 192.168.1.32] File does not exist: /usr/local/Hosted/si/abubble/themes, referer: http://SI.SERVER.NL:10007//themes/eticket/images/powered_by.gif

    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:37:27 +0100] "HEAD //themes/eticket/images/powered_by.gif HTTP/1.1" 404 - "http://SI.SERVER.NL:10007//themes/eticket/images/powered_by.gif" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:37:27 2008] [error] [client MY_DSL_WAN_IP] Status code:404, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage

    ==> /var/log/httpd-access.log <==
    192.168.1.32 - - [07/Jan/2008:16:37:27 +0100] "GET //themes/eticket/images/powered_by.gif HTTP/1.0" 200 1069 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7) Gecko/20040803 Firefox/0.9.3"

    ==> /var/log/httpd-error.log <==
    [Mon Jan 07 16:37:27 2008] [error] [client MY_DSL_WAN_IP] Cannot open http://SI.SERVER.NL:10007:10007//themes/eticket/images/powered_by.gif, HTTP result code is: 404, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:27 2008] [error] [client MY_DSL_WAN_IP] Cannot fetch image: http://SI.SERVER.NL:10007:10007//themes/eticket/images/powered_by.gif, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [Mon Jan 07 16:37:28 2008] [error] [client MY_DSL_WAN_IP] Processing of 'http://SI.SERVER.NL:10007:10007//index.php?module=invoices&view=templates/template&invoice=2007000051&action=view&location=pdf&type=2' completed in 12 seconds, referer: http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage
    [/code]
    And again.
    [code]
    ==> /var/log/httpd-access.log <==
    MY_DSL_WAN_IP - - [07/Jan/2008:16:37:15 +0100] "GET /include/pdf/html2ps.php?process_mode=single&renderfields=1&renderlinks=1&renderimages=1&scalepoints=1&pixels=800&media=A4&leftmargin=15&rightmargin=15&topmargin=15&bottommargin=15&transparency_workaround=1&imagequality_workaround=1&output=1&location=pdf&pdfname=2007000051&URL=http%3A%2F%2FSI.SERVER.NL%3A10007%3A10007%2F%2Findex.php%3Fmodule%3Dinvoices%26view%3Dtemplates%2Ftemplate%26invoice%3D2007000051%26action%3Dview%26location%3Dpdf%26type%3D2 HTTP/1.1" 200 27209 "http://SI.SERVER.NL:10007/index.php?module=invoices&view=manage" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11"
    [/code]
    Ok, this is where things become superfunny. Lets go ahead and actually generate a pdf from a set of pages I should not have been looking for and could not find. Wheeeeeooo.
    At the very least this should be considered a security bug i'd say. What do you think Justin ?

    Wow,
    Ruben
    • CommentAuthorapmuthu
    • CommentTimeJan 9th 2008 edited
     permalink
    The Authentication variable (now passed onto smarty in the index.php itself) and the include_auth file (now written into the pdf generating file itself) issues in the current release have been rectified. The PDF printing is now wrapped inside another file and you will now never have to go beyond the webroot.

    Please grab the SVN version and benefit from the library encapsulation for PDFReports and PDF libraries.

    Possibly time for a bugfix release I guess.
    • CommentAuthorRuben
    • CommentTimeJan 9th 2008 edited
     permalink
    Excellent work apmuthu ! I'll check out the svn version as soon as I can and I'll get back to you.
    • CommentAuthorRuben
    • CommentTimeJan 11th 2008 edited
     permalink
    Apmuthu,
    could you post the changes you made for this fix. The svn version has too many other changes to comfortably use, not to mention the additional dependencies (like pdo).
    Thanks,
    Ruben
    • CommentAuthorjustin
    • CommentTimeJan 12th 2008 edited
     permalink
    hey ruben

    try using ./branches/nextrelease in svn

    basically the last release plus the above mods and some extra

    cheers

    justin
    • CommentAuthorapmuthu
    • CommentTimeJan 19th 2008 edited
     permalink
    Visit
    http://simpleinvoices.org/wiki/single_domain_version

    Get the latest 19th Jan 2008 Patch SVN 1445 with many fixes included besides a new pdfmaker intermediary file.

1 to 9 of 9

  1.