Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I just ran the Views security update and got a WSOD when I ran update.php.
I'm looking at the code now but thought I would lodge the bug report first to prevent others from breaking their sites.
Cheers,
Andrew
Comment | File | Size | Author |
---|---|---|---|
#25 | 3039953-25.patch | 2.25 KB | joelpittet |
#7 | parse_error-3039953-1.patch | 1.11 KB | dromansab |
Comments
Comment #2
awasson CreditAttribution: awasson commentedThis is a PHP version issue. I restored the site with a copy of Views 7.x-3.20 and then noted the version of PHP they are running is PHP 5.x.
The problem code is:
The older version of PHP won't parse that.
Andrew
Comment #3
darkodev CreditAttribution: darkodev commented+1
Forced to run older version of PHP on RHEL
Comment #4
andrewfn CreditAttribution: andrewfn as a volunteer commentedI'm getting exactly the same problem on my clients who have older servers.
Comment #5
darkodev CreditAttribution: darkodev commentedLooks like line 1010 also
$join->extra = [];
Comment #6
ron_s CreditAttribution: ron_s commentedAny
[]
needs to be set toarray()
to work with PHP 5.x.Edit: Just to be clear, this impacts earlier versions of PHP 5. I believe PHP 5.3.x requires
array()
Comment #7
dromansab CreditAttribution: dromansab commentedHello,
You have to change [] for array().
I've created a patch.
Comment #8
darkodev CreditAttribution: darkodev commentedPatch in #7 works here.
Comment #9
joseph.olstadtrigger tests
Comment #10
awasson CreditAttribution: awasson commentedPatch in #7 works here too.
Comment #11
joseph.olstadComment #12
TheWrench CreditAttribution: TheWrench commentedPatch in #7 works great for my sites as well
Comment #13
joseph.olstadpatch 7 looks good as reported
php lint passes for php 5.3.x
https://www.drupal.org/pift-ci-job/1227497
Comment #14
joseph.olstadpatch 7 works for the code, but the test code still contains [] syntax instead of array()
this explains why the php lint passes on the module but the tests fail
Comment #15
javier1968 CreditAttribution: javier1968 commentedSame issue for us, how is one supposed to apply the patch? which file would we need to modify?
Any help will be greatly appreciated?
Comment #16
awasson CreditAttribution: awasson commented@javier1968, I suspect there will be another Views update that will include the patch forthcoming.
If you are in a rush, you can apply the patch to a local copy of views 3.21 using your bash terminal by following the instructions on this page: https://www.oliverdavies.uk/articles/quickly-apply-patches-using-git-and...
I tend to use the curl method as not all systems have wget.
Once you've patch the module it should be good to go and you can manually update it with git or ftp (whatever method you are using for file transfer).
I'll be waiting for a fully baked update from the views folks.
Andrew
Comment #17
deker0 CreditAttribution: deker0 commentedI want to wait on a fully baked update as well. Do we know if they would release that today? Or this may be a few days away?
Comment #18
javier1968 CreditAttribution: javier1968 commented@awasson Thanks Andrew I shall do the same.
Best
Comment #19
hawkdavis CreditAttribution: hawkdavis commentedHow bad is the security issue for the module update that was released? Does the patch in #7 still mitigate this security issue?
Comment #20
DamienMcKennaThe patch in #7 will resolve the PHP syntax problem we introduced by through the fact we use newer versions of PHP locally. It in no way affects the security problems resolved in 7.x-3.21, so you're free to use the patch with 3.21 and not loose any of the security fixes.
Comment #21
DamienMcKennaAlso, sorry for not catching that.
Comment #22
TheWrench CreditAttribution: TheWrench commented@DamienMckenna thank you for all that you do!! :-)
Comment #23
hawkdavis CreditAttribution: hawkdavis commentedYes, thank you! @DamienMckenna
Comment #24
darkodev CreditAttribution: darkodev commentedAnother thanks to @DamienMckenna!
Wondering how we mitigate this going forward in the contrib space. I'm also guilty of accidentally using short array syntax locally without thought of very old versions. We wish 5.3 wasn't still deployed, but we need to keep supporting it since it's on the list (for now):
https://www.drupal.org/docs/7/system-requirements/php-requirements#php_r...
Even after it's removed, using short array syntax will break a ton of sites in higher ed, for example, that often lag tremendously in updating their infrastructure.
Comment #25
joelpittetReroll with the tests changed to traditional syntax as well.
Comment #26
awasson CreditAttribution: awasson commentedComment #27
DamienMcKennaI've kicked off a PHP 5.3 testbot on patch #25..
Comment #28
awasson CreditAttribution: awasson commentedThanks @DamienMcKenna.
Also thanks for keeping on top of everything else you do maintaining/co-maintaining.
Comment #29
javier1968 CreditAttribution: javier1968 commentedAny ETA for the release of the new module update?
Comment #30
JohnFF CreditAttribution: JohnFF commentedPlease merge this patch ASAP - badly needed.
Excellent job dromansab, joelpittet
Comment #31
Massimo25 CreditAttribution: Massimo25 commentedI prefer to wait for the next version because I'm using php 5.3 on D7 and apparently the problem is giving it to everyone
Comment #32
ron_s CreditAttribution: ron_s commented@Massimo25, you should be able to use the patch with confidence until a new version is available. Certainly not having the patch creates a problem for those running PHP 5.3.x, but it's a minor issue in the entire scope of possible issues.
Comment #33
DamienMcKennaComment #34
DamienMcKennaComment #36
DamienMcKennaCommitted. Thank you to everyone for working on this, I really appreciate it and, again, I'm sorry for letting that syntax change slip past us.
I'd like to encourage people with sites still using PHP 5.3 to: a) upgrade to a newer version of PHP, b) help test the current dev snapshot so we can get a 7.x-3.22 out ASAP with this and a wealth of other fixes.
Comment #37
joelpittetI’ve been using the dev snapshot on at least of the sites we manage still on PHP 5.3. It has a nice notice fix for exposed filters:)
Comment #38
Asterovim CreditAttribution: Asterovim as a volunteer commentedPatch #25 works thanks you !
Comment #39
nno CreditAttribution: nno commentedI can confirm that current dev fixes the issue on PHP 5.3.3
Thank you!
Comment #40
donaldp CreditAttribution: donaldp commentedI can also confirm that patch #25 is working OK on a couple of different servers and sites. Thanks.
Comment #41
ju1i3 CreditAttribution: ju1i3 commentedUsing shared hosting, one is at the mercy of the host for the PHP version. Through this problem I've discovered I could specify 5.6 at the host's control panel (their default was 5.3).
Views now installs fine.
Comment #42
DamienMcKennaPHP 5.3 hasn't been officially supported by the PHP community in.. four and a half years, asking your hosting provider to upgrade their out-of-date software isn't irrelevant, neither is suggesting you consider a different hosting provider that puts a bit more effort into maintaining their infrastructure.
Comment #43
joseph.olstadRed Hat is still supporting php 5.3.x afaik.
however, ya , I always encourage my clients to upgrade to php 7.x but this is not always easy to do as often they have servers hosting multiple applications.
Comment #44
Massimo25 CreditAttribution: Massimo25 commentedGuys, in the meantime I run the update in case it causes problems retrocedo to the previous version but I suppose everything should be fine
Comment #45
achillespogi CreditAttribution: achillespogi commentedThanks for this, This solved my issue.
This should be included in the next release
Comment #46
tarzadon CreditAttribution: tarzadon commentedI had the same error as described in: https://www.drupal.org/project/views/issues/3040789 when updating views with drush.
For what it's worth, I am running PHP 5.6.25 on RHEL 6.10 via Software Collections.
I applied patch #25 and no longer see the error.
Comment #47
joseph.olstadTarzadon,
Your vhost is misconfigured if you say you needed this patch for php 5.6.x
This is a php <= 5.3.x bug. Not 5.6
Comment #48
bsevere CreditAttribution: bsevere commentedHappy to report that the dev version works for us! Many thanks!
Comment #49
Eduardo Alvarez CreditAttribution: Eduardo Alvarez commentedPatch #25 resolved the issue for us.
We are also blocked with version 5.3.3 due RHEL 6
Thanks for the patch
Comment #50
David Radcliffe CreditAttribution: David Radcliffe at Triplo commentedPatch #25 worked for me. We have been hit with this issue several times because we have support contracts with sites that are running PHP 5.3, so I hope that a new version will be released soon.
Comment #51
TR CreditAttribution: TR commentedCan we get a new release with this fix, so that it doesn't keep breaking contrib testing with PHP 5.3?
Comment #52
gr8 CreditAttribution: gr8 commentedcould anyone tell us when the new release that will work for 5.3 will be please?
Comment #53
awasson CreditAttribution: awasson commented@TR and @gr8, I believe the 7.x-3.x-dev will work.
For my purposes, I downloaded Views 3.21 and applied the patch from #25 to use for the sites I maintain on older versions of PHP.
Comment #54
TR CreditAttribution: TR commented@awasson: You missed my point. Contributed module which have a dependency on Views cannot currently be tested against PHP 5.3 because the testbot uses the 3.21 release for testing, not the -dev, and not a patched version.
Because Views is so widely used, and because so many contributed modules depend on Views, PHP 5.3 testing is currently broken for many Drupal 7 modules. That is why a new release is needed as soon as possible.
Comment #55
awasson CreditAttribution: awasson commented@TR, you're preaching to the choir.
I haven't missed your point. I just have zero influence on what the Views Team do. I do however realize that websites must continue running in the meantime so I'm pointing you (and anyone else) at the solution that will keep your site secure and prevent a WSOD.
Here's the issue you're looking for: https://www.drupal.org/project/views/issues/2960871
Comment #56
TR CreditAttribution: TR commented@awasson: Oh, I guess *I* missed *your* point :-)
Comment #58
DamienMcKennaI decided to release this one single fix as 7.x-3.22: https://www.drupal.org/project/views/releases/7.x-3.22
Sorry for taking so long.
Comment #59
awasson CreditAttribution: awasson commentedAwesome! Thanks @DamienMcKenna
Comment #60
Pepe Roni CreditAttribution: Pepe Roni as a volunteer commentedSorry, the problem still persists for aggregated views. Had to return to 3.20 on a production site. :(
As the site is running with docker I will upgrade to php7 soon.
Comment #61
DamienMcKenna@Pepe Roni: Please a) test the current dev snapshot, b) check other issues, this one was just about the syntax problems.
Comment #62
Pepe Roni CreditAttribution: Pepe Roni as a volunteer commentedWarning: Illegal offset type in views_many_to_one_helper->ensure_my_table() (Zeile 1023 von /var/www/html/drupal/sites/all/modules/contrib/views/includes/handlers.inc).
and
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')AND (field_myfieldname' at line 12
are the errors described in this issue.
At least these errors do not occur in 3.20.
Just checked: the current dev-snapshot has solved this problem :)
Comment #63
DamienMcKenna@Pepe: Thank you for the update.