Internal Server Error
Netsparker Cloud identified an internal server error.
The server responded with an HTTP status 500, indicating there is a server-side error. Reasons may vary, and the behavior should be analyzed carefully. If Netsparker Cloud is able to find a security issue in the same resource, it will report this as a separate vulnerability.
When hitting https://domain.com/en/sites/default/files/styles/thumbnail" URL, error 500 is getting displayed. This is happening for all the folders inside styles.
The exact error message is "ArgumentCountError: Too few arguments to function image_style_deliver(), 1 passed in /var/www/html/domain.com/docs/includes/menu.inc on line 527 and exactly 2 expected in image_style_deliver() (line 807 of /var/www/html/domain.com/docs/modules/image/image.module)."
At least 404 page not found should be displayed instead of 500.
Comment | File | Size | Author |
---|---|---|---|
#13 | 3063048-13.patch | 2.11 KB | mcdruid |
#13 | interdiff-3063048-6-13.txt | 806 bytes | mcdruid |
Comments
Comment #2
oranges13We received this error as well and it was because a crawl bot was hitting invalid urls on our installation, such as `oururl.com/sites/default/files/styles/large/` with no actual image information.
I agree a more graceful error recovery should probably occur.
Comment #3
asvira CreditAttribution: asvira at DrupalSquad commentedThis patch makes .../styles/%image_style request to behave in the same way as .../styles/%image_style/public request (403 Access denied).
Comment #4
prabha.venkatesan CreditAttribution: prabha.venkatesan commentedThanks for the patch asvira , but the patch is breaking the site. It is throwing 500 error on all the pages at the bottom of the page. Even on the https://domain.com/en/sites/default/files/styles/thumbnail page it is throwing a 500 error along with the 404.
Any other solution would be helpful.
Comment #5
darkodev CreditAttribution: darkodev commentedAdding to the list of users seeing this error. Netsparker also ran recently on our sites. Will report our findings as we debug . . .
/sites/default/files/styles/large/
results in
ArgumentCountError: Too few arguments to function image_style_deliver(), 1 passed in [...]/includes/menu.inc on line 527 and exactly 2 expected in image_style_deliver() (line 807 of [...]/modules/image/image.module).
On my local dev environment, this throws a generic 404.
Perhaps an Apache configuration issue, since we're not seeing more people reporting this issue?Comment #6
darkodev CreditAttribution: darkodev commentedAdding !empty($scheme) to check for $valid as well as $scheme = NULL works for me. I feel that it can't hurt to check !empty($scheme) since we're already checking !empty($style).
https://www.php.net/manual/en/migration71.incompatible.php
Our site that runs an older version of PHP only emits the warning (so all versions of 7.x core suffer this issue).
So, this warning in PHP < 7.1:
Warning: Missing argument 2 for image_style_deliver(), called in /includes/menu.inc on line 527 and defined in image_style_deliver() (line 807 of /modules/image/image.module).
Becomes this fatal error in PHP >= 7.1:
ArgumentCountError: Too few arguments to function image_style_deliver(), 1 passed in /includes/menu.inc on line 527 and exactly 2 expected in image_style_deliver() (line 807 of /modules/image/image.module).
Comment #7
joelpittetThat seems like a reasonable fix, thanks @darkodev, @asvira, and @prabha.venkat
Comment #8
Steven Jones CreditAttribution: Steven Jones at ComputerMinds commentedThis fix works for me, does it need a test though?
Comment #9
sjerdoPatch #6 LGTM +1
Comment #10
malcolm_p CreditAttribution: malcolm_p commentedWorking well for me, preventing these server errors with no issue.
Comment #11
webservant316 CreditAttribution: webservant316 commentedI am seeing this error. Why isn't this patch committed?
Comment #12
mcdruidPer #8 it would be good to add a (very basic) test for this.
Comment #13
mcdruidHopefully this'll do.
As we're adding to the helper function which several different tests call, this new code will be run a handful of times. On the one hand perhaps that's overkill, but at least it'll mean more coverage...
I've only manually tested this:
...so we'll see if all the other test that call
\ImageStylesPathAndUrlTestCase::_testImageStyleUrlAndPath()
also behave as expected.Comment #14
mcdruidOops forgot the test only patch, which might make things a bit messy.
Also noticed a comment typo (mine) which can be fixed on commit:
s/return/returns/
Comment #16
mcdruidLet's see if hiding the test only patch helps show the testbot that we want #13
Comment #17
darkodev CreditAttribution: darkodev commentedSo sorry I didn't pay more attention to the need for a test, and thanks very much to @mcdruid for jumping on it. Respect!
Comment #19
mcdruidThank you!