This: <!---->
This... this... thing. Right there.
7 characters of evil, forcing IE to render all pages with it at the top like this in quirks mode:
<!----><!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
If it's not evil I don't know what is, because it certainly isn't in my template file, since the first few lines of that are:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<?php $this->outputHead(); ?>
</head>
I certainly don't see any issues in my actual outputting code:
function build()
{
if ($this->disabled)
{
return $this->content;
}
else
{
global $footer;
ob_start();
$location = $this->location;
include($this->location['theme_nr'].'/overall.php');
return ob_get_clean();
}
}
function outputAll()
{
// stop capturing everything
$this->content = ob_get_clean();
// build the page
echo $this->build();
}
I really just don't get it. How could this thing get into my code?
I can just imagine that > bit at the end turning into a smile, and the thing is laughing at me.
It haunts my dreams, it kills my cats, I don't know what it's going to do next but it's going to kill something.
Help me, ye gods of web development!
EDIT: Just a note, it does appear in all browsers, but it seems to drive IE ballistic and none of the others.
I found the culprit.
Somehow, a kludge I have in a function to hide a MySQL error is only causing issues in one of my branches, even though the function and where it's called from hasn't changed between the two branches.
For those interested, the code in question:
function isexistinguser($uname,$pwd)
{
global $location;
$uname = mysql_real_escape_string($uname);
$result = mysql_query("SELECT * FROM users WHERE user_username = '$uname'");
$hit = 0;
$rowcounted = false;
$salt = '';
echo '<!--'; // cheap fix for mysql error - FIND A BETTER WAY!
while($row = mysql_fetch_array($result))
{
// Do stuff to figure out what to return
}
echo '-->'; // cheap fix for mysql error - FIND A BETTER WAY!
return array($hit,$salt);
}
I looked into the git repo you posted and it is not contained within. You could try a diff from the copy on github to your current copy as the change is in the changes you made.
If you are using an IDE do a global file search for the string of characters. These kinda of "bugs" can be troublesome.
Seems like a situation where grep would be handy, if you can use it either through cygwin or directly in Linux. A quick example of just finding files with that HTML comment
grep -R "<\!---->" ./*
That should narrow the search.
About your error handling. The first way of dealing with it is to define and use your own handlers instead of php default ones with set_error_handler.
As a simple fix, modify this line : $result = mysql_query("SELECT * FROM users WHERE user_username = '$uname'");
with something like that :
$result = mysql_query("SELECT * FROM users WHERE user_username = '$uname'");
if(!$result || !is_resource($result){
return array(0, '');
}
To end this, I recommend you check PDO to use databases.
I would have looked for the 'evil' string:
grep -R '\-\->' /your/folder
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论