Undefined index: HTTP_USER_AGENT in Sources/Subs.php on line 2848

Started by Speeddymon, May 11, 2010, 10:54:12 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Speeddymon

May 11, 2010, 10:54:12 AM
    * Version(s) of SMF
          o 2.0 RC3
    * Your Setup:
          o List any Modifications you have installed
          o List any Themes you have installed
                + Default theme
          o List any non-English Language packs you have installed
          o Are you using UTF-8? No
          o Any other related information? No
    * Server Software:
          o Apache/IIS version?: Apache 2.2
          o PHP version?: 5.2.6
          o Database type and version: MySQL 5.0.51a
          o Any other related server information?
    * Where the Error Occurred
          o File: Sources/Subs.php
          o Line: 2848
          o Any relevant errors in the SMF error log (if so please post them)?:
                    [11-May-2010 14:35:46] PHP Notice:  Undefined index:  HTTP_USER_AGENT in /home/uahacker/www/Sources/Subs.php on line 2848
    * How to Reproduce this Error?:
          o Unknown - Possibly from a bad spider?
    * Additional Information?
                    Site was just brought online a week ago. I assume by the error that $_SERVER['HTTP_USER_AGENT'] is null and most likely that is because of a bad spider which doesn't provide a user agent. Suspected fix would be to wrap line 2848 in an if condition that checks if HTTP_USER_AGENT is set before executing said code, and places "unknown" in both variables if it is null.

Speeddymon

#1
May 11, 2010, 11:04:46 AM
Found these entries in my access log related to the same timestamp:

12.68.230.64 - - [11/May/2010:14:55:46 +0000] "GET /index.php?action=keepalive;time=1273589694822 HTTP/1.1" 301 20 "hxxp:android-hackers.net/themes/gallery-bootanimation.zip-install-guide-5.0.html [nonactive]" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)"
12.68.230.64 - - [11/May/2010:14:55:46 +0000] "GET /index.php?action=keepalive;time=1273589694822 HTTP/1.1" 301 - "-" "-"
12.68.230.64 - - [11/May/2010:14:55:46 +0000] "GET /keepalive/time,1273589694822/ HTTP/1.1" 200 57 "hxxp:android-hackers.net/themes/gallery-bootanimation.zip-install-guide-5.0.html [nonactive]" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)"

Norv

#2
July 18, 2010, 04:38:25 AM
Sorry for the delay on this.
I didn't see this happening, but I will try to take a look. You are probably right as to the cause. (I didn't check though)

Thank you for the report!
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

Joshua Dickerson

#3
July 10, 2011, 12:13:17 AM
We should really be checking this early, but the easy answer to this is    $_SESSION['USER_AGENT'] = empty($_SERVER['HTTP_USER_AGENT']) ? '' : $_SERVER['HTTP_USER_AGENT'];
Come work with me at Promenade Group


Need help? See the wiki. Want to help SMF? See the wiki!

Did you know you can help develop SMF? See us on Github.

How have you bettered the world today?
Print
Go Up Pages1
User actions
Advertisement: