Hi,

My website www.imagi.eu has been working for years but has suddenly started showing error messages on certain pages – see http://www.imagi.eu/blog

I was going to update the installation and views but wondered if this will fix the problem.

I've not made any changes, other than adding content, so I'm not sure what has gone wrong?! I did increment the monthly view (top right) as I always do (as a list) but, again, this is what normally happens.

Thanks, if anyone has ideas.
Matt

Comments

Sam Moore’s picture

What you're seeing is just a PHP warning about how a function is called or defined in the module. Nothing's broken or in danger, but I'll bet Views is out of date on your site.
This kind of thing happens when code that worked on PHP 4 is run against PHP5 for instance. This is one of the fun parts of PHP.
Have you updated Drupal core? Or perhaps your PHP version on your server?

You may want to search the issue queue for Views about this.
But if I were you I'd back up the site and run updates (drush up) to see if Views has been patched.

yogavenger’s picture

I was planning on updating everything, to see if that helped. I'll try that. (My core and modules are a little out-of-date).

Many thanks Sam, for the quick response.

Matt

yogavenger’s picture

I've updated the core Drupal installation and all my modules but it still is displaying the error messages.

I am getting an error message:

Temporary files directory Not fully protected
See http://drupal.org/SA-CORE-2013-003 for information about the recommended .htaccess file which should be added to the /tmp directory to help protect against arbitrary code execution.

Could this be the problem?

Matt

Sam Moore’s picture

Are you still getting messages from Views? Your site's in Maintenance Mode...

yogavenger’s picture

I am – I will put the site back online to demonstrate.

yogavenger’s picture

Could it be related to the hosting server?

Sam Moore’s picture

It's likely related to your server's PHP version.
Apparently D6 modules sometimes have trouble with PHP 5.4 for example.
https://www.drupal.org/node/2234851

Check your Status Report - it'll tell you what version of PHP you're running.

You can set PHP to a less-strict error reporting level, but you'll need to edit your php.ini - you may need your host to do that for you if you're on shared hosting.

Also I'd recommend not writing errors to the screen on a production site, as a basic security measure. You can turn that off at /admin/config/development/logging, once you don't need to see these messages any more.

yogavenger’s picture

For all your help! :)

yogavenger’s picture

Adding this (for Drupal 6).

# Turn off all options we don't need.
Options None
Options +FollowSymLinks

# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006

# Override the handler again if we're run later in the evaluation list.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003

# If we know how to do it safely, disable the PHP engine entirely.

php_flag engine off

# PHP 4, Apache 1.

php_flag engine off

# PHP 4, Apache 2.

php_flag engine off

Does this just tag on the end of any .htaccess files?

Matt

Sam Moore’s picture

That's a completely different issue, related to protecting your various directories (public and private files, as well as temp) from uploads of malicious code.
You'll want to edit (or create) .htaccess files in all three places you've designated in your filesystem settings and add the appropriate code as recommended. Your warning on the Status report page will give a link to a page on d.o that explains why and what to do in more detail.
Note you do NOT want to do this to your main .htaccess file at the top level of your site.

yogavenger’s picture

OK – I'll see if I can get my head around this.

Yes, realised it wasn't for the main .htaccess when it locked everything up. :)