Big error message files

  • Resolved inge12

    (@inge12)


    10 years, 11 months ago

    I have the latest stable version of PHP installed: PHP 5.4.22
    Wordpress 3.7.a
    site: https://ssnet.org/

    I first got huge error files which had repeated messages like this:

    [14-Dec-2013 19:25:07 America/New_York] PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/local/lib/php/extensions/no-debug-non-zts-20100525/suhosin.so’ – /usr/local/lib/php/extensions/no-debug-non-zts-20100525/suhosin.so: undefined symbol: output_globals in Unknown on line 0

    I found out that suhosin.so is no longer supported by PHP 5.4.22

    So I deleted suhosin.so file at
    /usr/local/lib/php/extensions/no-debug-non-zts-20100525/suhosin.so

    Since that wasn’t enough, I also commented out the suhosin.co reference in php.ini

    No more PHP errors like that ??

    But I promptly got warnings in error files that said that dir “/public_html/wp-content/mu-plugins” does not exist. So I created the dir, naturally.

    Now get multiple Worpress errors like the following, which I did not get before inactivating suhosin.so:

    [15-Dec-2013 18:52:52 UTC] PHP Warning: ini_set() has been disabled for security reasons in /home/ssnet/public_html/wp-includes/load.php on line 278
    [15-Dec-2013 18:52:53 UTC] PHP Warning: Cannot modify header information – headers already sent by (output started at /home/ssnet/public_html/wp-includes/load.php:278) in /home/ssnet/public_html/wp-includes/class-IXR.php on line 475
    [15-Dec-2013 18:52:53 UTC] PHP Warning: Cannot modify header information – headers already sent by (output started at /home/ssnet/public_html/wp-includes/load.php:278) in /home/ssnet/public_html/wp-includes/class-IXR.php on line 476
    [15-Dec-2013 18:52:53 UTC] PHP Warning: Cannot modify header information – headers already sent by (output started at /home/ssnet/public_html/wp-includes/load.php:278) in /home/ssnet/public_html/wp-includes/class-IXR.php on line 478
    [15-Dec-2013 18:52:53 UTC] PHP Warning: Cannot modify header information – headers already sent by (output started at /home/ssnet/public_html/wp-includes/load.php:278) in /home/ssnet/public_html/wp-includes/class-IXR.php on line 481

    My load.php line 277-278 read:

    if ( defined( 'XMLRPC_REQUEST' ) )
		ini_set( 'display_errors', 0 );

    My class-IXR.php lines 472 – 483 read:

    else
            $xml = '<?xml version="1.0"?>'."\n".$xml;
        $length = strlen($xml);
        header('Connection: close');
        header('Content-Length: '.$length);
        if ($charset)
            header('Content-Type: text/xml; charset='.$charset);
        else
            header('Content-Type: text/xml');
        header('Date: '.date('r'));
        echo $xml;
        exit;

    I’m stumped. I did locate xmlrpc.php, but I don’t know what to do with it. I thought there used to be something in general WordPress settings to enable or disable xmlrpc. I have a feeling that it should just be disabled. (How?)(We post only through the WordPress web interface, but might some plugins require this?)

    I did find out that suhosin.so provided “hardening” to make PHP more secure. This hardening has now been built into the new PHP 5 versions, and thus suhosin.so is no longer needed.

    That said, I’m pretty ignorant about all of this .. just did a lot of googling before turning to you good people who have helped me so much before.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    DO NOT EDIT CORE FILES

    I know you didn’t, but they’re probably not the problem.

    I found out that suhosin.so is no longer supported by PHP 5.4.22

    So I deleted suhosin.so file at
    /usr/local/lib/php/extensions/no-debug-non-zts-20100525/suhosin.so

    Since that wasn’t enough, I also commented out the suhosin.co reference in php.ini

    You may need to totally rebuild PHP on your box to make this clean up enough.

    Thread Starter inge12

    (@inge12)

    Thanks for responding, Mika.

    PHP 5 documentation says that suhosin.so is no longer needed and no longer supported. It was a “hardening” of PHP that is built into the current version of PHP. So I believe that disabling suhosin.so was the right thing to do.

    I have since discovered that the current version of WP does not yet play nicely with PHP 5. I wish I had known that before. Not sure how to roll back the PHP version.

    Since I have your attention now (I hope), can you please tell me whether or not it is safe to delete the xmlrpc.php file, or whether deletion leaves security holes.

    I deleted the file, and the errors stopped. And everything seems to be working. But I don’t know how the functioning of WordPress is actually affected. (I redid the WordPress update, and it did not install another copy of xmlrpc.php in the public_html directory.

    So is it really safe to delete?

    Thread Starter inge12

    (@inge12)

    Another question: What’s the difference between a WP update and a re-install?

    Will a re-install overwrite all settings, etc?

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    I agree that DISABLING suhosin was right. I’m saying in ADDITION to that, you may have to rebuild your PHP instance in order to get it to work right ??

    I have since discovered that the current version of WP does not yet play nicely with PHP 5.

    Not true unless you mean “5.4.22” which is not the same as “5”. WordPress requires PHP 5.2 and works just fine on 5.3 and 5.4 in my experience (running now, no issues), which is again why I think you need to rebuild your PHP.

    tl;dr I don’t think that JUST disabling suhosin make your PHP find it’s brain.

    can you please tell me whether or not it is safe to delete the xmlrpc.php file, or whether deletion leaves security holes

    It’s safe to delete it. It’s safe to leave it there. The ‘security holes’ in xmlrpc are not such that I would delete it, since I don’t agree that they’re holes. It’s like saying your window is a security hole because someone can throw a rock at it and break in.

    What’s the difference between a WP update and a re-install?

    An update updates files.

    A reinstall MAY mean you delete everything and start over. It may also mean “I have deleted all the core WP files and am reinstalling them.” And if you mean the second, then no, you won’t delete your settings/data.

    WP core is meant to be able to be nuked and reinstalled in that way ??

    Thread Starter inge12

    (@inge12)

    Thanks, Mika, for the clarification.

    We have some very smart people on the WP forum. One of them is Karen Arnold who calls herself a “Happiness Engineer.” ??

    It was her post on a Jetpack support thread that pointed my nose in the right direction.

    I found out that both my wp-config.php file and xmlrpc.php were missing two apparently crucial characters at the end, namely
    ?>

    After fixing that little problem, I re-enabled xmlrpc.php on the chance that it might be useful to some plugin, and everything is working just fine. No more error messages at all. (Just checked again to make sure.)That just feels good! ??

    Since the suhosin.so functionality has been built into the current version of PHP, it really is not needed, and I didn’t change anything else in the PHP configuration.

    Thanks a lot for your attention to this. I shall keep in mind that if worst ever comes to worst, I can delete the WP Core files (I assume that means wp-admin and wp-includes directory and their contents, as well as a few files in public_html?) and start over.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    You don’t need those in either wp-config.php or xmlrpc.php – You misunderstood what that post said.

    Here;s what XMLRPC should be: https://core.trac.www.ads-software.com/browser/tags/3.8/src/xmlrpc.php

    No closing PHP tags are required unless your PHP install is somehow broken… which goes right back to what I said in the beginning: you need to rebuild PHP, I think it’s busted.

    As for cleaning WP files, read this: https://halfelf.org/2013/command-line-cleaning-wp/

    I do it almost every day for someone ??

    Thread Starter inge12

    (@inge12)

    Ah … okay, thanks much. A bit of a learning curve for me but looks to be worth it. (Have been spoiled by graphical interfaces lately ?? )

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    WordPress you can mostly get away with GUI.

    Multisite requires more tech know how. CLI will be way faster.

    Thread Starter inge12

    (@inge12)

    Thanks again. ?? Am bookmarking this for when I need to do some house cleaning.

    MEUS AMIGOS DO FORUM, ESTOU COM PROBLEMAS COM O SEGUINTE ERRO NO BLOG:
    “Warning: ini_set() has been disabled for security reasons in /home/patricia/public_html/blog/wp-includes/load.php on line 271

    Warning: Cannot modify header information – headers already sent by (output started at /home/patricia/public_html/blog/wp-includes/load.php:271) in /home/patricia/public_html/blog/wp-includes/class-IXR.php on line 372″

    Esta mensagem n?o deixa publicar nada via Windows Live Write. Já vasculhei tudo e nada de encontrar solu??o para o problema. Já atualizei o WordPress para nova vers?o, etc. Porém nada resolveu.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Big error message files’ is closed to new replies.

Tags