Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By NancyDru on
I'm getting a connection reset on my local computer and these messages in the Apache log:
[Mon Apr 30 14:02:05 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?:(?:\\\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\\\\$_(?:(?:pos|ge)t|session))\\\\b|<\\\\?)" at ARGS:body. [id "950013"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [hostname "docs"] [uri "/node/76/edit?destination=admin%2Fcontent%2Fnode"] [unique_id "SG5EusCoAWQAAA6MkoEAAAD5"]
[Mon Apr 30 14:02:12 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Match of "rx \\\\b(?:(?:i(?:nterplay|hdr|d3)|(?:(?:ex|jf)i|%pd)f|m(?:ovi|thd)|r(?:ar!|iff)|f(?:lv|ws)|varg|.ra|cws)\\\\b|gif)" against "RESPONSE_BODY" required. [id "970902"] [msg "PHP source code leakage"] [severity "WARNING"] [hostname "docs"] [uri "/index.php?q=node/89"] [unique_id "SNOYq8CoAWQAAA6MkoQAAAD5"]
This is from a snippet I got from this site:
// Database size = table size + index size:
$rows = db_query("SHOW TABLE STATUS");
$dbssize = 0;
while ($row = mysql_fetch_array($rows)) {
$dbssize += $row['Data_length'] + $row['Index_length'];
}
$output = "$dbssize bytes<br />";
$dbssize = db_size_info($dbssize);
$output .= "or<br />" . "{$dbssize['size']} {$dbssize['type']}";
print $output;
function db_size_scale($dbsize) {
$bytes = array('KB', 'KB', 'MB', 'GB', 'TB');
if ($dbsize < 1024) $dbsize = 1;
for ($i = 0; $dbsize > 1024; $i++) $dbsize /= 1024;
$db_size_info['size'] = ceil($dbsize);
$db_size_info['type'] = $bytes[$i];
return $db_size_info;
}
Comments
mod_security
If you want to enter PHP into Drupal blocks or nodes etc, you'll need to tell mod_security (an Apache third party add on module) not to block PHP.
I have no idea how to configure mod_security, but my opinion is that turning it off is probably the best idea.
--
Anton
New to Drupal? | Troubleshooting FAQ
Example knowledge base built with Drupal
I use lots of php
I use lots of php and have never had this problem. As a matter of fact I use this same code in a block on another site with no trouble.
Nancy W.
Drupal Cookbook (for New Drupallers)
Adding Hidden Design or How To notes in your database
NancyDru
=-=
but does said other site, have mod_security enabled ?
No
Nancy W.
Drupal Cookbook (for New Drupallers)
Adding Hidden Design or How To notes in your database
NancyDru
=-=
then there is the reason it worked on one and not the other. Quite a few hosts use mod_secuirty. This module on the apache side can be a pain in the rear end. certain words used won't allow the user to make posts either mod_security thinks its a programming language.
Multi-site
On my local PC, I am basically a multi-site. I'm using the same copy of Apache, MySql, and Drupal base code in all my test sites. And, actually I have no idea what mod_security is, so I wouldn't have enabled it on one "site" and not another.
Even though I'm using the same SQL statement, I have gotten around this problem by using different code (for one thing db_fetch_object instead of the array form in my original post.
Nancy W.
Drupal Cookbook (for New Drupallers)
Adding Hidden Design or How To notes in your database
NancyDru