Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Unidentifiable error injecting code before <!DOCTYPE...> in header

edited January 2008 in Vanilla 1.0 Help
I could use some help to rectify a problem that started this morning.

Although no new extensions were added or modified, the text at the bottom of this post has been injected into the first 20 or so lines of code on each page before the DOCTYPE heading. Aside from being unsightly, it has affected several functional parts of the site. (Blog extension no longer works, nor image rotator, style disrupted, etc.)

Can anyone identify the source file that is being modified? The cause of the modification I can only guess relates to the Mootools extension (only because it is listed twice.) Removing every extension by unchecking their boxes in Vanilla's settings only resulted in fewer lines of code being displayed. For example, when I remove AddMember the corresponding line of code is removed.

Cut from the page source:
include($Configuration['EXTENSIONS_PATH']."Mootools/default.php");
register_globals configuration array attack
if (!defined('IN_VANILLA')) exit();

include($Configuration['EXTENSIONS_PATH']."AccountPictures/default.php");
include($Configuration['EXTENSIONS_PATH']."AddMember/default.php");
include($Configuration['EXTENSIONS_PATH']."Blog/default.php");
include($Configuration['EXTENSIONS_PATH']."FeedPublisher/default.php");
include($Configuration['EXTENSIONS_PATH']."HtmlFormatter/default.php");
include($Configuration['EXTENSIONS_PATH']."MembersPage/default.php");
include($Configuration['EXTENSIONS_PATH']."MetaTags/default.php");
include($Configuration['EXTENSIONS_PATH']."Notify/default.php");
include($Configuration['EXTENSIONS_PATH']."Nugget/default.php");
include($Configuration['EXTENSIONS_PATH']."SidepanelRotator/default.php");
include($Configuration['EXTENSIONS_PATH']."badmootools/default.php");
include($Configuration['EXTENSIONS_PATH']."CollapsiblePanel/default.php");
include($Configuration['EXTENSIONS_PATH']."UserInfo/default.php");
?> *[bracket removed for this post]* !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
*[bracket removed for this post]* html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-ca">
*[bracket removed for this post]* head>
To view the error in context, the site is live at http://printerscorner.org.

Any help would be greatly appreciated.

Comments

  • edited January 2008
    Check conf/extension.php start by <?php
  • Like this? (it results in an error stating Parse error: parse error, unexpected T_STRING in /home/content/r/y/a/ryanrasmussen/html/conf/extensions.php on line 1)

    <?php include($Configuration['EXTENSIONS_PATH']."Mootools/default.php"); register_globals

    configuration array attack
    if (!defined('IN_VANILLA')) exit();

    include($Configuration['EXTENSIONS_PATH']."AccountPictures/default.php");
    include($Configuration['EXTENSIONS_PATH']."AddMember/default.php");
    include($Configuration['EXTENSIONS_PATH']."Blog/default.php");
    include($Configuration['EXTENSIONS_PATH']."FeedPublisher/default.php");
    include($Configuration['EXTENSIONS_PATH']."HtmlFormatter/default.php");
    include($Configuration['EXTENSIONS_PATH']."MembersPage/default.php");
    include($Configuration['EXTENSIONS_PATH']."MetaTags/default.php");
    include($Configuration['EXTENSIONS_PATH']."Notify/default.php");
    include($Configuration['EXTENSIONS_PATH']."Nugget/default.php");
    include($Configuration['EXTENSIONS_PATH']."SidepanelRotator/default.php");
    include($Configuration['EXTENSIONS_PATH']."badmootools/default.php");
    include($Configuration['EXTENSIONS_PATH']."CollapsiblePanel/default.php");
    include($Configuration['EXTENSIONS_PATH']."UserInfo/default.php");
    ?>
  • This file has been mangled.
    It should start as this:
    <?php // Make sure this file was not accessed directly and prevent register_globals configuration array attack if (!defined('IN_VANILLA')) exit(); // Enabled Extensions
  • Max_B, Dinoboff - Thank you both very much.
    Restructuring extensions.php fixed everything.
This discussion has been closed.