Undefined index: REDIRECT_QUERY_STRING & Incorrect string: '''' for inet_aton

[dodos26]

Code Select Expand

https://zzzz.org/index.php?url=//golem.com
Test for other with example //test.com - https://zzzz.org/index.php?url=//test.com
8: Undefined index: REDIRECT_QUERY_STRING
File: /var/www/zzzz.org/Sources/QueryString.php
Line: 121
Error Type: Unspecified
Error count: 4

113: // Are we going to need to parse the ; out?
114: if ((strpos(@ini_get('arg_separator.input'), ';') === false || @version_compare(PHP_VERSION, '4.2.0') == -1) && !empty($_SERVER['QUERY_STRING']))
115: {
116: // Get rid of the old one! You don't know where it's been!
117: $_GET = array();
118:
119: // Was this redirected? If so, get the REDIRECT_QUERY_STRING.
120: // Do not urldecode() the querystring, unless you so much wish to break OpenID implementation. :)
==>121: $_SERVER['QUERY_STRING'] = substr($_SERVER['QUERY_STRING'], 0, 5) === 'url=/' ? $_SERVER['REDIRECT_QUERY_STRING'] : $_SERVER['QUERY_STRING'];
122:
123: // Replace ';' with '&' and '&something&' with '&something=&'.  (this is done for compatibility...)
124: // !!! smflib
125: parse_str(preg_replace('/&(\w+)(?=&|$)/', '&$1=', strtr($_SERVER['QUERY_STRING'], array(';?' => '&', ';' => '&', '%00' => '', "\0" => ''))), $_GET);
126:
127: // Magic quotes still applies with parse_str - so clean it up.
128: if (version_compare(PHP_VERSION, '7.4.0') == -1 && function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes']))
129: $_GET = $removeMagicQuoteFunction($_GET);
130: }

Code Select Expand

https://zzzz.org/index.php?&action=calendar;viewweek;year=2025;month=6;day=7
And any links
Database error: Incorrect string value: '''' for function inet_aton
File: /var/www/zzzz.org/Sources/Subs.php
Line: 2741
Error type: Database
Error count: 65

2724: // Otherwise, we have to delete and insert.
2725: if (empty($_SESSION['log_time']))
2726: {
2727: if ($do_delete || !empty($user_info['id']))
2728: $smcFunc['db_query']('', '
2729: DELETE FROM {db_prefix}log_online
2730: WHERE ' . ($do_delete ? 'log_time < {int:log_time}' : '') . ($do_delete && !empty($user_info['id']) ? ' OR ' : '') . (empty($user_info['id']) ? '' : 'id_member = {int:current_member}'),
2731: array(
2732: 'current_member' => $user_info['id'],
2733: 'log_time' => time() - $modSettings['lastActive'] * 60,
2734: )
2735: );
2736:
2737: $smcFunc['db_insert']($do_delete ? 'ignore' : 'replace',
2738: '{db_prefix}log_online',
2739: array('session' => 'string', 'id_member' => 'int', 'id_spider' => 'int', 'log_time' => 'int', 'ip' => 'raw', 'url' => 'string'),
2740: array($session_id, $user_info['id'], empty($_SESSION['id_robot']) ? 0 : $_SESSION['id_robot'], time(), 'IFNULL(INET_ATON(\'' . $user_info['ip'] . '\'), 0)', $serialized),
==>2741: array('session')
2742: );
2743: }
AND
I am using a simple portal how can I redirect "?fbclid=" to the homepage?

[Aleksi "Lex" Kilpinen]

I'm really confused as to why on earth you would do that? It would end up redirecting literally every link ever shared on facebook, directly to your homepage, breaking the shared links. ?fbclid means Facebook Click ID, and is added to any link clicked on Facebook.

[dodos26]

I'm really confused as to why on earth you would do that? It would end up redirecting literally every link ever shared on facebook, directly to your homepage, breaking the shared links. ?fbclid means Facebook Click ID, and is added to any link clicked on Facebook.

I want to get rid of it otherwise I get it page with no content

[Kindred]

If it did,  then you have other problems causing the issue that you need to solve.
Doing what you are asking is wrong on all sorts of levels

Please provide a link to your site and a broken link with the fbcid argument

[dodos26]

This happens during the installation of the simple portal mod.
It will just open a page with nothing on it.
Facebook adds this ****** so going from any link opens up a page with nothing.
The page with nothing opens with any "request" parameter example domain.pp/?dd

That's why I want to get rid of this facebook id so as not to mess up the real redirect.

Also, let's deal with my two mistakes that seem more important.

[Kindred]

If your system is breaking because of the argument,  then your system is broken...   it's not the ?argument,  it's a problem that you need TO FIX,  not just try to patch the one case you identified with fb

That argument does not break any other smf installation... because, by default, SMF will redirect any 404 to the index page.  The fact that YOU are getting a blank page indicates a core php error. Look in your system log for the server error (not SMF error, the actual system error)


As for your two mistakes...
You seem to have some very basic code that is broken

What mods do you have installed?

[Steve]

Please provide a link to your site and a broken link with the fbcid argument

[dodos26]

If your system is breaking because of the argument,  then your system is broken...  it's not the ?argument,  it's a problem that you need TO FIX,  not just try to patch the one case you identified with fb

That argument does not break any other smf installation... because, by default, SMF will redirect any 404 to the index page.  The fact that YOU are getting a blank page indicates a core php error. Look in your system log for the server error (not SMF error, the actual system error)


As for your two mistakes...
You seem to have some very basic code that is broken

What mods do you have installed?

I will say this, the problem you have fallen down on is related to the Simple Portal mod itself. Disabling the portal or uninstalling it will work properly and indeed any request will redirect to the homepage.  I suspect the problem lies with the index modification or the sportalinit function.
However, the problem persists when using ?url= with a phrase starting with "/".

And here you have the logs you ask for from the last 3 days in which both the one and the other error above occurred.

Code Select Expand

Logs removed as requested by user. -Lex


[Arantor]

The problem, as you call it, is because you're using it wrong. That function is not designed to receive a full URL at any point, it's to handle partial relative URLs from inside SMF, e.g. coping with the ; or the index.php/topic,1.0.html syntax.

It's not EVER designed for //fulldomain.com URLs. And SP doesn't do that with it either - so the issue is that you're trying to make it do something it's not designed to do.

[dodos26]

REDIRECT_QUERY_STRING
Only I don't want to use it anywhere nor does any mod use it just some spammers or bots spam it in my site. Not to mention that collecting errors fills up the database.

So it is a bug perhaps of security. In any case, critical since it is intercepted.

FUNCION INET_ATON
The "inet_aton" problem from what I've dug up is probably ipv4 related.  Although looking at the logs I can see that there are users who can use the forum read. my knowledge is not good at this. This is a rare error but it haunts me. +-100 per week.

FBCLID
So now that we know that SimplePortal is responsible for the lack of correct redirection, let's try to fix it.

[Kindred]

1- there is no problem with ANY of those functions in the core SMF product.
There is no need to change those functions at all.

2- I don't believe that there is any problem with Simple Portal - as presented out of the box, since no one else has ever complained about the situation you are having...   which means that either a) you changed some code on your own which broke it or b) you misconfigured your core setup.

Yeah, it looks like you are getting alot of hits for wordpress URLs - do you (or did you) have wordpress installed in the same domain?

[dodos26]

1- there is no problem with ANY of those functions in the core SMF product.
There is no need to change those functions at all.

Yes need change. I don't know about security but it seems to me that this should not happen.
I have sacrificed these 2 minutes of my life to install a clean forum and test this..

In the case of a simple portal, a window without content will open. In the case of no portal, nothing will happen. In the case of using url=/example in both cases it will throw an error.

You cannot view this attachment.

2- I don't believe that there is any problem with Simple Portal - as presented out of the box, since no one else has ever complained about the situation you are having...   which means that either a) you changed some code on your own which broke it or b) you misconfigured your core setup.

FUNCION INET_ATON
Bro nowhere did I write that this error is related to simple portal. I wrote that it is probably related to ipv4 (here I was wrong, I meant ipv6).

[Kindred]

Then upgrade to 2.1.x which has better support of ipv6

I'll say again. No one else has any problems with ?arguments in URLs. There is no need to change it and The core code for 2.0 is not going to be changed, because  2.0.x is in security maintenance only - all work on dev is going to 2.1 and 3.0

[dodos26]

Then upgrade to 2.1.x which has better support of ipv6

I'll say again. No one else has any problems with ?arguments in URLs. There is no need to change it and The core code for 2.0 is not going to be changed, because  2.0.x is in security maintenance only - all work on dev is going to 2.1 and 3.0

Your message is unrelated to the main topic of the entire section 2.0

[Arantor]

It's very relevant - it isn't going to be fixed.

[Kindred]

no, my message is DIRECTLY related to your issues

1- if you want better support of IPv6 - then upgrade to 2.1.x. Period.  2.0.x is only receiving security updates and there will be no further enhancement in 2.0.x for IPv6.

2- that being said -- NO ONE ELSE has ever reported your issue regarding ?argument URLs breaking the page. This means that *YOU* have an issue that is probably due to some sort of modification of the existing code which is breaking URLs with a ?argument.  SimplePortal or core -- in both cases, your description of the behavior does not match any other reports.




once more. 2.0 is not receiving any further updates, except for security patches. 2.0.x is nearing End-of-Life and will stop receiving any updates or support at that time.

[dodos26]

2- that being said -- NO ONE ELSE has ever reported your issue regarding ?argument URLs breaking the page. This means that *YOU* have an issue that is probably due to some sort of modification of the existing code which is breaking URLs with a ?argument.  SimplePortal or core -- in both cases, your description of the behavior does not match any other reports.

U be rly? MBY SELF TRY!

Yes need change. I don't know about security but it seems to me that this should not happen.
I have sacrificed these 2 minutes of my life to install a clean forum and test this..

1- if you want better support of IPv6 - then upgrade to 2.1.x. Period.  2.0.x is only receiving security updates and there will be no further enhancement in 2.0.x for IPv6.

Remove the entire 2.0 support section why should it litter the forum when you should be writing me such nonsense, in anticipation of help.

[Kindred]

U be rly? MBY SELF TRY!

Well, first of all - if you actually want help, then using chatspeak is not the way to get it.
Second... you assume that I did not test...   guess what, I did.
https://www.simplemachines.org/community/index.php?topic=585618.msg4150279%3Btopicseen&fbclid=IwAR08WzFt76uF18a1PxaBlo9Uh0Nn2yQugoCRoJEb68qWJ8LKZN_Q1rPG0Do#new
link works just fine here (then again, we are on 2.1 here)
https://test.turtleshellprod.com/index.php?topic=3.0&fbclid=IwAR0b8nMMre9BmnPGCEhugHjd7eiN7Mhn2Pa-kdHWnzrL97aqYhe6Uu646IQ
link works just fine on my 2.0 test site...


As for your final snarky comment....
We *ARE* providing support...
1- we are telling you that the problem that you see is not reported by anyone else
2- we are telling you that, if your problem actually IS an IPv6 issue, then upgrading to 2.1.x is the best solution.
3- we are telling you that, if your problem actually IS a code issue in SMF related to IPv6, then - since there are no plans to address the issue in 2.0.x - you really need to update to 2.1.x.


How is that not providing support?   

[Aleksi "Lex" Kilpinen]

I can confirm this fbclid issue is not an issue with either SMF 2.0 or 2.1 fresh installs. I tested both earlier.
As for the ipv6 issue, there have been mods to extend 2.0 ipv6 support that may or may not help - but because full ipv6 support is not going to be worked in to 2.0, Kindred's advice on upgrading is really the best advice there is to give.

[dodos26]

U be rly? MBY SELF TRY!

Well, first of all - if you actually want help, then using chatspeak is not the way to get it.
Second... you assume that I did not test...  guess what, I did.
https://www.simplemachines.org/community/index.php?topic=585618.msg4150279%3Btopicseen&fbclid=IwAR08WzFt76uF18a1PxaBlo9Uh0Nn2yQugoCRoJEb68qWJ8LKZN_Q1rPG0Do#new
link works just fine here (then again, we are on 2.1 here)
https://test.turtleshellprod.com/index.php?topic=3.0&fbclid=IwAR0b8nMMre9BmnPGCEhugHjd7eiN7Mhn2Pa-kdHWnzrL97aqYhe6Uu646IQ
link works just fine on my 2.0 test site...


As for your final snarky comment....
We *ARE* providing support...
1- we are telling you that the problem that you see is not reported by anyone else
2- we are telling you that, if your problem actually IS an IPv6 issue, then upgrading to 2.1.x is the best solution.
3- we are telling you that, if your problem actually IS a code issue in SMF related to IPv6, then - since there are no plans to address the issue in 2.0.x - you really need to update to 2.1.x.


How is that not providing support? 

Man you are starting to annoy me. I wrote in 4 posts that the problem with fbclid is caused by SIMPLE PORTAL!

SAY ALL TIME ABOUT:
REDIRECT_QUERY_STRING
"In the case of using url=/example in both cases it will throw an error."
Try check error log now
https://test.turtleshellprod.com/
Imagine that someone experienced exploits this vulnerability and spams the forum, your database will fill up quite quickly, and the error log will abound in thousands or millions of events.

FUNCION INET_ATON
I know that ipv6 works fine because i used ipv6 proxy sites which allow to open pages then send screen view. I ran the same links where the error was caught. And I didn't notice any errors.

FBCLID
Error fbclid redirection is ONLY and ONLY simpleportal's fault!


I've removed the size tags from your last statement. Please don't do that again. ~ Steve

[Kindred]

rotfl....

ok, well, see, now we get to it.
1- your previous posts were rambling and useless to the point that only now does your explanation START to make sense.  I do indeed see the error thanks to your attempt to spam my test site.
2- This is not a vulnerability. Sure, I guess someone might spam the error log, like you did on my test site... but that's it... 
3- However, GUESS WHAT - there's a simple fix!!
As I have said, several times now...  upgrade to 2.1.x.   That version no longer triggers an error - and 2.0.x is not receiving any updates other than security updates (and this is not a security issue)

[Aleksi "Lex" Kilpinen]

I'm not at all sure I'd call ability to create an error in your log a "vulnerability".
Also, Simple Portal is a mod - Issues with mods should be handled with the mod authors.
Lastly, I believe inet_aton is purely an ipv4 function and if you are seeing errors from it, the most likely cause is that ipv6 is not working "perfectly fine" in all situations but is ending up handled by ipv4 routines somewhere.

[dodos26]

2. Nope!
This may be a problem, I don't know about security but I know that something that can be without restrictions / container, saved and displayed causes a serious security error first thing that comes to mind is an iframe that may cause transferring the administrator's ip, who knows maybe even session number and this is already a big threat. We are in the 2.0 support table and expect support to 2.0. Saying install 2.1 is like telling someone who uses windows to install linux...

Aleksi "Lex" Kilpinen
Yeah bro note that it wasn't until later that I found out that simple portal was having problems with custom redirection.

Why dont use inet_pton or INET6_ATON (that work also for ip normal) and why
'IFNULL(INET_ATON(\'' . $user_info['ip'] . '\'), 0)'
and what is \ 'IFNULL(INET_ATON(\'' . $user_info['ip'] . '\'), 0)'

Could this quality workaround or fix the problem?

[Arantor]

Because the problem isn't as simple as just switching to the other function. IPv6 addresses are larger; you need to upgrade to ensure the database is properly converted to allocate more space for IPv6 addresses (and also ensure that all the related functionality is also upgraded)

[Kindred]

No, telling you to upgrade smf versions is like telling someone who continued to use windows 98 and had problems on that ancient platform that they really should upgrade to windows 10

[Arantor]

Even that's a reference that's passing; Windows 10 goes out of mainstream support in 2025, we're getting there...

[Steve]

I believe this has gone on long enough. Question asked, solution provided (several times).

Locking.

@Kindred or Lex - by all means, unlock if you don't think it should have been.

[dodos26]

https://www.simplemachines.org/community/index.php?topic=585618.0
No solution to the requested problem was provided.
No solution to the requested problem was provided.
No solution to the requested problem was provided.

Why is my topic the only one of all topics in this section that has been closed.

[Aleksi "Lex" Kilpinen]

You were offered a solution, not our problem if you reject it.

Merged. Lock stays.