j_freeman Posted July 14, 2006 Share Posted July 14, 2006 I've been looking all day on the Web, trying to figure this one out. I'm hoping someone will be able to just give me a good slap and that'll be the end of it.Anyway, PHP code passed to a script can cause linked stylesheets to be ignored by the browser, even if the value is not used. For instance, consider this pure XHTML saved with a PHP extension (test.php):[code]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <link href="style.css" rel="stylesheet" type="text/css" /> <title>test</title> </head> <body><p>Hello, World!</p></body></html>[/code]With a style.css like this:[code]body{ font-family: sans-serif; font-size: 2em; text-align: center; color: white; background-color: black;}[/code]If you were to call [font=Courier New]test.php?test=hello[/font], styles would be applied. However, if you were to call [font=Courier New]test.php?test=<?php echo('Hello'); ?>[/font], no styles would be applied. It doesn't matter if the value passed is used or not--the result is the same.Here is a demo of it in action:http://www.haikuhost.com/misc/test.php?test=abcdef[url=http://www.haikuhost.com/misc/test.php?test=<?php echo("What is the problem?"); ?>]http://www.haikuhost.com/misc/test.php?test=<?php echo("What is the problem?"); ?>[/url] (May need to refresh your browser for the style to go away, if it was cached by the previous link.)I've tried this on two different servers, both running PHP 4.4.2. One runs Apache 1.3.34 and one 1.3.36; it only happens with the one running 1.3.34. Quote Link to comment Share on other sites More sharing options...
pixy Posted July 14, 2006 Share Posted July 14, 2006 What exactly are you trying to do? I think I'm missing "the point". Quote Link to comment Share on other sites More sharing options...
j_freeman Posted July 14, 2006 Author Share Posted July 14, 2006 [quote author=pixy link=topic=100525.msg396803#msg396803 date=1152846199]What exactly are you trying to do? I think I'm missing "the point".[/quote]One of my scripts' CSS breaks when a user tries to search for PHP code; that's "the point". :) (And yes, URL-encoding is performed but doesn't cut it.) Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted July 14, 2006 Share Posted July 14, 2006 That looks like a bogus URL.I tested it with FireFox with the LiveHeaders extension. After the refresh I'm getting back "403 Forbidden" from your server.What happens if you have the same source but name it ".html" so PHP isn't invoked?Ken Quote Link to comment Share on other sites More sharing options...
j_freeman Posted July 14, 2006 Author Share Posted July 14, 2006 [quote author=kenrbnsn link=topic=100525.msg396805#msg396805 date=1152846555]That is a bogus URL.I tested it with FireFox with the LiveHeaders extension.[/quote]Try this URL-encoded one instead, then, and run your extension on it:http://www.haikuhost.com/misc/test.php?test=%3C?php%20echo(%22What%20is%20the%20problem?%22);%20?%3E[quote]After the refresh I'm getting back "403 Forbidden" from your server.[/quote]Strange.[quote]What happens if you have the same source but name it ".html" so PHP isn't invoked?Ken[/quote]I haven't tried it, but that's beside the point, as this is simply a demonstration of the problem I'm having in script that must be parsed (see my reply to pixy). Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted July 14, 2006 Share Posted July 14, 2006 I saw your reply after I posted my reply. The URL-encoded URL is the one giving me the 403 Forbidden return. I do see the unformatted "Hello World" on my screen.The reason I asked if a file with the .html extension does the same thing, is that if it does, then we can rule out PHP as the cause. I believe this will turn out to be the case, since you have no PHP code in your source at all, so PHP isn't really being invoked.Ken Quote Link to comment Share on other sites More sharing options...
j_freeman Posted July 14, 2006 Author Share Posted July 14, 2006 [quote author=kenrbnsn link=topic=100525.msg396811#msg396811 date=1152847236]I saw your reply after I posted my reply. The URL-encoded URL is the one giving me the 403 Forbidden return. I do see the unformatted "Hello World" on my screen.[/quote]Hmm, even stranger. I get 200 here. And at work. And at at a friend's.Is the 403 when requesting test.php, or when your browser requests style.css?[quote]The reason I asked if a file with the .html extension does the same thing, is that if it does, then we can rule out PHP as the cause. I believe this will turn out to be the case, since you have no PHP code in your source at all, so PHP isn't really being invoked.[/quote]That's what I was thinking. But considering that the same data is being sent to the browser, how could it be Apache? Perhaps the PHP causes Apache to deny the subsequent request for the stylesheet?I've posted at my host's forums to see what they have to say about this. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted July 14, 2006 Share Posted July 14, 2006 It's coming back on the request for the stylesheet, which would explain why there is no formatting being done.Ken Quote Link to comment Share on other sites More sharing options...
j_freeman Posted July 14, 2006 Author Share Posted July 14, 2006 [quote author=kenrbnsn link=topic=100525.msg396821#msg396821 date=1152847983]It's coming back on the request for the stylesheet, which would explain why there is no formatting being done.Ken[/quote]I was hoping that wasn't the cause. ;D Now I'm off to find out why Apache does this.Anyway, thanks for your help, kensbnsn. :) (I'd give you some positive karma but SMF is foreign to me.) Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted July 14, 2006 Share Posted July 14, 2006 I just tried your code on my laptop (xampp: Apache 2.0.54, php 5.0.5) and it runs fine. So there is something funny going on with your server.Ken Quote Link to comment Share on other sites More sharing options...
PotatoBob Posted July 14, 2006 Share Posted July 14, 2006 http://www.haikuhost.com/misc/test.php?test=<?php echo("What is the problem?"); ?> Um we cant run this link its a server side thingit would be more like thishttp://www.haikuhost.com/misc/test.php?test=whatisurproblem Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted July 14, 2006 Share Posted July 14, 2006 I think you just click on the [nobbc][grace] or [smite][/nobbc] links under the Karma on one of my posts Grace is for positive feedback, smite, negative.Ken Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted July 14, 2006 Share Posted July 14, 2006 The link is fine -- I've been testing it for a while. His CSS file is a normal CSS file, i.e. it's not being processed by PHP. At least I don't think it is, but if it were and that header wasn't in it, it wouldn't work at all.Ken Quote Link to comment Share on other sites More sharing options...
j_freeman Posted July 14, 2006 Author Share Posted July 14, 2006 [quote author=kenrbnsn link=topic=100525.msg396833#msg396833 date=1152848709]I think you just click on the [nobbc][grace] or [smite][/nobbc] links under the Karma on one of my posts Grace is for positive feedback, smite, negative.Ken[/quote]It seems I need some karma to give karma, as I see no links like that. Oh well, real karma is better for you anyway. ;D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.