Bug in Firefox 1.5 Causing Server Issues with SMF 1.1

Started by Grudge, January 20, 2006, 07:47:20 PM

Previous topic - Next topic

Grudge

It's come to our attention that a bug in Firefox 1.5 is causing some issues on SMF forums. The bug causes Firefox to time its javascript functions incorrectly, which in turn results in a page reloading in the background many, many times. It's possible that some hosts may incorrectly flag this as a Denial of Service (DoS) attack due to the ferocity of the calls. If you are having problems with your server, with many calls looking like: "index.php?action=keepalive", then it almost certainly is this Firefox bug - in this case we recommend you following the advanced information included in this post.

To minimize the risk to this happening when viewing an SMF forum, we've created a work around for the bug which should solve this issue. If you are using SMF 1.1 RC1 or RC2 we recommend you simply replace the current script.js file found in your Themes/default directory with the attached file. This does not affect uses running SMF 1.0.6 or lower.

Advanced Information:
If you are currently experiencing these issues, replacing script.js with the attached should solve them for all new users, but existing users may hold a cached version of the file in their browser. If you are still experiencing issues after changing the file, we recommend editing your copy of index.template.php in your themes and searching for:
Code:

$settings['default_theme_url'], '/script.js?


After this line, regardless of what currently follows the "?", simply add a "j", this will invalidate any cached data and force clients to refetch the document.

Regards,

Simple Machines
I'm only a half geek really...

digit

what is the point of the "j"?

I just renamed my .js file to  script2.js (after copying over some membermap javascript!)

Is that ok too?

Thanks!
Happily using a heavily modified 1.1.16 version of SMF!

2748011 Posts in 320998 Topics by 50986 Members


SOLD my website - thanks it was a good run - they converted to vbadvanced. (and screwed it up good!)

Thantos

by adding the j after ? you invalidate any previous cache of it.  If you rename it then any other theme that doesn't have it's own script.js will try to use the now nonexistant script.js causing problems.

dimitrist

So the code will be ?

$settings['default_theme_url'], '/script.js?j

dtm.exe


AngelSL

do we need to put it on every heme or just default?

Jay T

Thanks!

I had a server overload the other day due to this. I had around 2000 "index.php?action=keepalive" requests in a span of just a couple minutes. First I thought it was an exploit attempt.

JayBachatero

AngelSL if your theme uses it's own script.js then you have to replace that one also.

-JayBachatero
Follow me on Twitter

"HELP!!! I've fallen and I can't get up"
This moment has been brought to you by LifeAlert

Simplemachines Cowboy

I presume that 1.1 final will have the new script.js in the package?
My SMF forum: The Open Range

JayBachatero

Follow me on Twitter

"HELP!!! I've fallen and I can't get up"
This moment has been brought to you by LifeAlert

bjp

Propulsé par SMF 1.1 Beta 3 Public.

Does this version also have the bug ?

JayBachatero

Yes.  This affects the whole 1.1 Line.  1.1 Beta 1 to 1.1 RC2
Follow me on Twitter

"HELP!!! I've fallen and I can't get up"
This moment has been brought to you by LifeAlert

Cobra

Quote from: Grudge on January 20, 2006, 07:47:20 PM
All,

If you are using SMF 1.1 RC1 or RC2 we recommend you simply replace the current script.js file found in your Themes/default directory with the attached file.

Regards,

Simple Machines

I received this email this morning hours after updating.
But i don't see any attached file "script.js " with the email, where can i download that one so i can replace it ?

Thanks !

adrianbj

The update script is attached to the first message in this thread.

Skipdawg

Grudge thank you so very much. I had been affected by this twice in the last 2 weeks. Pats on the back for all who fixed this up.  ;)
Skipdawg's Community

Powered by SMF 1.1.3

Cobra


Aaron

Good job on fixing it so fast after it came under your attention, devs! Thanks for fixing it. :)

IngeJones

If we add that 'j' to the line as indicated, should we remove it after a few days so that users aren't downloading the script every time they need to run it?

Thijsie

Aaah, so that's why my server crashed this often!
Thanks alot!

Grudge

IngeJones, The "j" doesn't cause users to download it each page load. Instead it just changes the name of the file (As far as browsers are concerned). By adding a "j" (or any other letter) a browser thinks it's a different file from the last one so downloads it again. The next time they visit they see they already have the version with a "j" in it so don't bother themselves at getting it again.
I'm only a half geek really...

Advertisement: