[Résolu] REQUEST_METHOD _POST ne marche pas -
ben500fr - 19/09/2011
Citation :#~~~~~ DEBUT BLOC A NE PAS SUPPRIMER ~~~~~
#~ Version du CMS: #1.9.4.3
#~ Url du site : http://www.christinedeveyrac.fr
#~ Hébergeur / Soft : Serveur dédié OVH (debian Wheezy)
#~ Informations Système :
#~ Linux 3.0.0-1-amd64 x86_64
#~ PHP Version 5.3.8-1
#~ Apache API Version 20051115
#~ This server is protected with the Suhosin Extension 0.9.32.1
#~~~~~ FIN BLOC A NE PAS SUPPRIMER ~~~~~
Bonjour,
Je viens de transférer le site
http://www.christinedeveyrac.fr d'un serveur a un autre, en mettant, par la même occasion, à jour cmsmadesimple.
Mon soucis est que depuis, le formulaire de cette page:
http://www.christinedeveyrac.fr/contact/ ne marche plus quand on clique sur 'envoyer'.
Qu'a cela ne tienne, je me suis lancé dans la création d'une balise utilisateur pour créer le formulaire à la main (je sais, ce n'est pas très propre mais bon...).
Ce nouveau formulaire est disponible ici:
http://www.christinedeveyrac.fr/test-2/
Quand vous cliquez sur 'envoyer', la page affiche la variable '$_SERVER'.
Et la, SURPRISE: [REQUEST_METHOD] => GET
Donc on ne reçoit rien du _POST du formulaire => ceci peut expliquer pourquoi le formulaire de la page
http://www.christinedeveyrac.fr/contact/, créé avec FormBuilder, ne fonctionne pas.
Je me retrouve donc bloqué. Si quelqu’un a une idée
Merci d'avance!
[Résolu] REQUEST_METHOD _POST ne marche pas -
jissey - 19/09/2011
Bonjour et bienvenue,
plutôt que d'afficher $_SERVER, peux-tu afficher $_POST?
[Résolu] REQUEST_METHOD _POST ne marche pas -
ben500fr - 20/09/2011
Merci de t’intéresser a mon problème.
Voici le code que j'ai rajouté:
Code :
echo("SERVER:");
print_r($_SERVER);
echo("<br/><br/>");
echo("POST:");
print_r($_POST);
echo("<br/><br/>");
On constate bien que la page ne reçoit rien en POST...
[Résolu] REQUEST_METHOD _POST ne marche pas -
jissey - 20/09/2011
bonjour,
et si tu ajoutes echo $_GET?
Ce qui est bizarre dans le formulaire de formbuilder, c'est qu'il ne prefixe pas les noms des champs comme d'habitude. Chez toi, il mets f62b34 alors jusqu'à présent, il y a cntnt01.
[Résolu] REQUEST_METHOD _POST ne marche pas -
jce76350 - 20/09/2011
Il n'y pas le Copyright dans ton site
ce n'est pas normal, pas de respect du droit d'auteur
<meta name="Generator" content="CMS Made Simple - Copyright © 2004-10 Ted Kulp. All rights reserved." />
et bientot 2004-11
[Résolu] REQUEST_METHOD _POST ne marche pas -
ben500fr - 20/09/2011
Citation :Il n'y pas le Copyright dans ton site
ce n'est pas normal, pas de respect du droit d'auteur
<meta name="Generator" content="CMS Made Simple - Copyright © 2004-10 Ted Kulp. All rights reserved." />
et bientot 2004-11
Voila qui est fait! En fait je viens de reprendre ce site qui à été fait par une autre personne que moi, donc si tu vois d'autres problemes/erreur/manques, n'hesite surtout pas.
Citation :bonjour,
et si tu ajoutes echo $_GET?
Ce qui est bizarre dans le formulaire de formbuilder, c'est qu'il ne prefixe pas les noms des champs comme d'habitude. Chez toi, il mets f62b34 alors jusqu'à présent, il y a cntnt01.
Je viens de rajouté l'affichage du $_GET, et il contient: array ( [page] => test-2/ )
Même si FormBuilder à un pb, il n'est pas normal que je n'arrive pas a récupérer les malheurs de mon formulaire via POST.
[Résolu] REQUEST_METHOD _POST ne marche pas -
jissey - 20/09/2011
et si tu faisais un autre formulaire avec formbuilder pour voir?
[Résolu] REQUEST_METHOD _POST ne marche pas -
ben500fr - 22/09/2011
J'ai fais trois formulaires: celui d'origine sans rien changer, un nouveau après avoir installé la dernière version de formBuilder en utilisant le XML de celui d'origine, et un 100% nouveau, dans tous les cas quand on clique sur 'envoyer' ça ne change pas de page.
Je suis désespéré la :/
[Résolu] REQUEST_METHOD _POST ne marche pas -
jissey - 22/09/2011
salut,
n'y a-t-il rien dans php.ini qui foute le bazard???
J'avoue ne plus avoir d'idée là :mad:
[Résolu] REQUEST_METHOD _POST ne marche pas -
ben500fr - 22/09/2011
Citation :salut,
n'y a-t-il rien dans php.ini qui foute le bazard???
J'avoue ne plus avoir d'idée là :o
Je n'ai moi non plus plus d'idée
phpinfo():
Code :
PHP Version 5.3.8-1
System Linux andrieu 3.0.0-1-amd64 #1 SMP Sat Aug 27 16:21:11 UTC 2011 x86_64
Build Date Aug 24 2011 11:20:46
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /etc/php5/apache2
Loaded Configuration File /etc/php5/apache2/php.ini
Scan this dir for additional .ini files /etc/php5/apache2/conf.d
Additional .ini files parsed /etc/php5/apache2/conf.d/gd.ini, /etc/php5/apache2/conf.d/mcrypt.ini, /etc/php5/apache2/conf.d/mysql.ini, /etc/php5/apache2/conf.d/mysqli.ini, /etc/php5/apache2/conf.d/pdo.ini, /etc/php5/apache2/conf.d/pdo_mysql.ini, /etc/php5/apache2/conf.d/suhosin.ini
PHP API 20090626
PHP Extension 20090626
Zend Extension 220090626
Zend Extension Build API220090626,NTS
PHP Extension Build API20090626,NTS
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
Zend Multibyte Support disabled
IPv6 Support enabled
Registered PHP Streams https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, tls
Registered Stream Filters zlib.*, bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk, mcrypt.*, mdecrypt.*
This server is protected with the Suhosin Patch 0.9.10
Copyright (c) 2006-2007 Hardened-PHP Project Copyright (c) 2007-2009 SektionEins GmbH
This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH
PHP Credits
Configuration
apache2handler
Apache Version Apache
Apache API Version 20051115
Server Administrator [no address given]
Hostname:Port admin.andrieu.com:0
User/Group www-data(33)/33
Max Requests Per Child: 0 - Keep Alive: on - Max Per Connection: 100
Timeouts Connection: 300 - Keep-Alive: 5
Virtual Server Yes
Server Root /etc/apache2
Loaded Modules core mod_log_config mod_logio prefork http_core mod_so mod_alias mod_auth_basic mod_auth_digest mod_authn_file mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_cgi mod_dav mod_dav_fs mod_dav_lock mod_deflate mod_dir mod_env mod_mime mod_negotiation mod_php5 mod_proxy mod_proxy_http mod_reqtimeout mod_rewrite mod_setenvif mod_ssl mod_status
Directive Local Value Master Value
engine 1 1
last_modified 0 0
xbithack 0 0
Apache Environment
Variable Value
HTTPS on
SSL_TLS_SNI admin.andrieu.com
HTTP_HOST admin.andrieu.com
HTTP_CONNECTION keep-alive
HTTP_USER_AGENT Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_REFERER https://admin.andrieu.com/
HTTP_ACCEPT_ENCODING gzip,deflate,sdch
HTTP_ACCEPT_LANGUAGE fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.3
HTTP_COOKIE __utma=159588717.1267071713.1297009424.1297017735.1297020321.3; __utma=252639065.939906447.1291915250.1316187045.1316550330.32; __utmc=252639065; __utmz=252639065.1308924084.16.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
PATH /usr/local/bin:/usr/bin:/bin
SERVER_SIGNATURE no value
SERVER_SOFTWARE Apache
SERVER_NAME admin.andrieu.com
SERVER_ADDR 88.191.92.23
SERVER_PORT 443
REMOTE_ADDR 78.227.65.169
DOCUMENT_ROOT /home/web/admin/
SERVER_ADMIN [no address given]
SCRIPT_FILENAME /home/web/admin/php_info.php
REMOTE_PORT 20080
REMOTE_USER ben
AUTH_TYPE Basic
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.1
REQUEST_METHOD GET
QUERY_STRING no value
REQUEST_URI /php_info.php
SCRIPT_NAME /php_info.php
HTTP Headers Information
HTTP Request Headers
HTTP Request GET /php_info.php HTTP/1.1
Host admin.andrieu.com
Connection keep-alive
Authorization Basic YmVuOkNWMjAxMC0y
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer https://admin.andrieu.com/
Accept-Encoding gzip,deflate,sdch
Accept-Language fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie __utma=159588717.1267071713.1297009424.1297017735.1297020321.3; __utma=252639065.939906447.1291915250.1316187045.1316550330.32; __utmc=252639065; __utmz=252639065.1308924084.16.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
HTTP Response Headers
X-Powered-By PHP/5.3.8-1
Vary Accept-Encoding
Content-Encoding gzip
bcmath
BCMath support enabled
Directive Local Value Master Value
bcmath.scale 0 0
bz2
BZip2 Support Enabled
Stream Wrapper support compress.bzip2://
Stream Filter support bzip2.decompress, bzip2.compress
BZip2 Version 1.0.5, 10-Dec-2007
calendar
Calendar support enabled
Core
PHP Version 5.3.8-1
Directive Local Value Master Value
allow_call_time_pass_reference Off Off
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors Off Off
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl Off Off
error_append_string no value no value
error_log no value no value
error_prepend_string no value no value
error_reporting 22527 22527
exit_on_timeout Off Off
expose_php On On
extension_dir /usr/lib/php5/20090626 /usr/lib/php5/20090626
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors Off Off
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/usr/share/php:/usr/share/pear .:/usr/share/php:/usr/share/pear
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.add_x_header On On
mail.force_extra_parameters no value no value
mail.log no value no value
max_execution_time 70 70
max_file_uploads 20 20
max_input_nesting_level 64 64
max_input_time 60 60
memory_limit 128M 128M
open_basedir no value no value
output_buffering 4096 4096
output_handler no value no value
post_max_size 16M 16M
precision 14 14
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv Off Off
register_globals Off Off
register_long_arrays Off Off
report_memleaks On On
report_zend_debug On On
request_order GP GP
safe_mode Off Off
safe_mode_exec_dir no value no value
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 16M 16M
upload_tmp_dir no value no value
user_dir no value no value
user_ini.cache_ttl 300 300
user_ini.filename .user.ini .user.ini
variables_order GPCS GPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.enable_gc On On
ctype
ctype functions enabled
date
date/time support enabled
"Olson" Timezone Database Version 0.system
Timezone Database internal
Default timezone Europe/Berlin
Directive Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no value
dba
DBA support enabled
Supported handlers cdb cdb_make db4 inifile flatfile qdbm
Directive Local Value Master Value
dba.default_handler flatfile flatfile
dom
DOM/XML enabled
DOM/XML API Version 20031129
libxml Version 2.7.8
HTML Support enabled
XPath Support enabled
XPointer Support enabled
Schema Support enabled
RelaxNG Support enabled
ereg
Regex Library Bundled library enabled
exif
EXIF Support enabled
EXIF Version 1.4 $Id: exif.c 314376 2011-08-06 14:47:44Z felipe $
Supported EXIF Version 0220
Supported filetypes JPEG,TIFF
Directive Local Value Master Value
exif.decode_jis_intel JIS JIS
exif.decode_jis_motorola JIS JIS
exif.decode_unicode_intel UCS-2LE UCS-2LE
exif.decode_unicode_motorola UCS-2BE UCS-2BE
exif.encode_jis no value no value
exif.encode_unicode ISO-8859-15 ISO-8859-15
fileinfo
fileinfo support enabled
version 1.0.5-dev
filter
Input Validation and Filtering enabled
Revision $Revision: 313665 $
Directive Local Value Master Value
filter.default unsafe_raw unsafe_raw
filter.default_flags no value no value
ftp
FTP support enabled
gd
GD Support enabled
GD Version 2.0
FreeType Support enabled
FreeType Linkage with freetype
FreeType Version 2.4.6
T1Lib Support enabled
GIF Read Support enabled
GIF Create Support enabled
JPEG Support enabled
libJPEG Version unknown
PNG Support enabled
libPNG Version 1.2.46
WBMP Support enabled
Directive Local Value Master Value
gd.jpeg_ignore_warning 0 0
gettext
GetText Support enabled
hash
hash support enabled
Hashing Engines md2 md4 md5 sha1 sha224 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost adler32 crc32 crc32b salsa10 salsa20 haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5
iconv
iconv support enabled
iconv implementation glibc
iconv library version 2.13
Directive Local Value Master Value
iconv.input_encoding ISO-8859-1 ISO-8859-1
iconv.internal_encoding ISO-8859-1 ISO-8859-1
iconv.output_encoding ISO-8859-1 ISO-8859-1
json
json support enabled
json version 1.2.1
libxml
libXML support active
libXML Compiled Version 2.7.8
libXML Loaded Version 20708
libXML streams enabled
mbstring
Multibyte Support enabled
Multibyte string engine libmbfl
HTTP input encoding translation disabled
mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.
Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) version 5.9.1
Directive Local Value Master Value
mbstring.detect_order no value no value
mbstring.encoding_translation Off Off
mbstring.func_overload 0 0
mbstring.http_input pass pass
mbstring.http_output pass pass
mbstring.http_output_conv_mimetypes ^(text/|application/xhtml\+xml) ^(text/|application/xhtml\+xml)
mbstring.internal_encoding no value no value
mbstring.language neutral neutral
mbstring.strict_detection Off Off
mbstring.substitute_character no value no value
mcrypt
mcrypt support enabled
mcrypt_filter support enabled
Version 2.5.8
Api No 20021217
Supported ciphers cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modes cbc cfb ctr ecb ncfb nofb ofb stream
Directive Local Value Master Value
mcrypt.algorithms_dir no value no value
mcrypt.modes_dir no value no value
mhash
MHASH support Enabled
MHASH API Version Emulated Support
mysql
MySQL Support enabled
Active Persistent Links 0
Active Links 0
Client API version 5.1.58
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /var/run/mysqld/mysqld.sock
MYSQL_INCLUDE -I/usr/include/mysql
MYSQL_LIBS -L/usr/lib -lmysqlclient_r
Directive Local Value Master Value
mysql.allow_local_infile On On
mysql.allow_persistent On On
mysql.connect_timeout 60 60
mysql.default_host no value no value
mysql.default_password no value no value
mysql.default_port no value no value
mysql.default_socket /var/run/mysqld/mysqld.sock /var/run/mysqld/mysqld.sock
mysql.default_user no value no value
mysql.max_links Unlimited Unlimited
mysql.max_persistent Unlimited Unlimited
mysql.trace_mode Off Off
mysqli
MysqlI Support enabled
Client API library version 5.1.58
Active Persistent Links 0
Inactive Persistent Links 0
Active Links 0
Client API header version 5.1.58
MYSQLI_SOCKET /var/run/mysqld/mysqld.sock
Directive Local Value Master Value
mysqli.allow_local_infile On On
mysqli.allow_persistent On On
mysqli.default_host no value no value
mysqli.default_port 3306 3306
mysqli.default_pw no value no value
mysqli.default_socket no value no value
mysqli.default_user no value no value
mysqli.max_links Unlimited Unlimited
mysqli.max_persistent Unlimited Unlimited
mysqli.reconnect Off Off
openssl
OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.0d 8 Feb 2011
OpenSSL Header Version OpenSSL 1.0.0d 8 Feb 2011
pcre
PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 8.12 2011-01-15
Directive Local Value Master Value
pcre.backtrack_limit 1000000 1000000
pcre.recursion_limit 100000 100000
PDO
PDO support enabled
PDO drivers mysql
pdo_mysql
PDO Driver for MySQL enabled
Client API version 5.1.58
Phar
Phar: PHP Archive support enabled
Phar EXT version 2.0.1
Phar API version 1.1.1
SVN revision $Revision: 314419 $
Phar-based phar archives enabled
Tar-based phar archives enabled
ZIP-based phar archives enabled
gzip compression enabled
bzip2 compression enabled
OpenSSL support enabled
Phar based on pear/PHP_Archive, original concept by Davey Shafik.
Phar fully realized by Gregory Beaver and Marcus Boerger.
Portions of tar implementation Copyright (c) 2003-2009 Tim Kientzle.
Directive Local Value Master Value
phar.cache_list no value no value
phar.readonly On On
phar.require_hash On On
posix
Revision $Revision: 313665 $
Reflection
Reflection enabled
Version $Revision: 313665 $
session
Session Support enabled
Registered save handlers files user
Registered serializer handlers php php_binary wddx
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 0 0
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php5 /var/lib/php5
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
shmop
shmop support enabled
SimpleXML
Simplexml support enabled
Revision $Revision: 314376 $
Schema support enabled
soap
Soap Client enabled
Soap Server enabled
Directive Local Value Master Value
soap.wsdl_cache 1 1
soap.wsdl_cache_dir /tmp /tmp
soap.wsdl_cache_enabled 1 1
soap.wsdl_cache_limit 5 5
soap.wsdl_cache_ttl 86400 86400
sockets
Sockets Support enabled
SPL
SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException
standard
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -i
Directive Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
from no value no value
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags a=href,area=href,frame=src,input=src,form=fakeentry a=href,area=href,frame=src,input=src,form=fakeentry
user_agent no value no value
suhosin
This server is protected with the Suhosin Extension 0.9.32.1
Copyright (c) 2006-2007 Hardened-PHP Project
Copyright (c) 2007-2010 SektionEins GmbH
Directive Local Value Master Value
suhosin.apc_bug_workaround Off Off
suhosin.cookie.checkraddr 0 0
suhosin.cookie.cryptdocroot On On
suhosin.cookie.cryptkey [ protected ] [ protected ]
suhosin.cookie.cryptlist no value no value
suhosin.cookie.cryptraddr 0 0
suhosin.cookie.cryptua On On
suhosin.cookie.disallow_nul 1 1
suhosin.cookie.disallow_ws 1 1
suhosin.cookie.encrypt Off Off
suhosin.cookie.max_array_depth 50 50
suhosin.cookie.max_array_index_length 64 64
suhosin.cookie.max_name_length 64 64
suhosin.cookie.max_totalname_length 256 256
suhosin.cookie.max_value_length 10000 10000
suhosin.cookie.max_vars 100 100
suhosin.cookie.plainlist no value no value
suhosin.coredump Off Off
suhosin.disable.display_errors Off Off
suhosin.executor.allow_symlink Off Off
suhosin.executor.disable_emodifier Off Off
suhosin.executor.disable_eval Off Off
suhosin.executor.eval.blacklist no value no value
suhosin.executor.eval.whitelist no value no value
suhosin.executor.func.blacklist no value no value
suhosin.executor.func.whitelist no value no value
suhosin.executor.include.allow_writable_files On On
suhosin.executor.include.blacklist no value no value
suhosin.executor.include.max_traversal 0 0
suhosin.executor.include.whitelist no value no value
suhosin.executor.max_depth 0 0
suhosin.filter.action no value no value
suhosin.get.disallow_nul 1 1
suhosin.get.disallow_ws 0 0
suhosin.get.max_array_depth 50 50
suhosin.get.max_array_index_length 64 64
suhosin.get.max_name_length 64 64
suhosin.get.max_totalname_length 256 256
suhosin.get.max_value_length 512 512
suhosin.get.max_vars 100 100
suhosin.log.file 0 0
suhosin.log.file.name no value no value
suhosin.log.phpscript 0 0
suhosin.log.phpscript.is_safe Off Off
suhosin.log.phpscript.name no value no value
suhosin.log.sapi 0 0
suhosin.log.script 0 0
suhosin.log.script.name no value no value
suhosin.log.syslog no value no value
suhosin.log.syslog.facility no value no value
suhosin.log.syslog.priority no value no value
suhosin.log.use-x-forwarded-for Off Off
suhosin.mail.protect 0 0
suhosin.memory_limit 0 0
suhosin.mt_srand.ignore On On
suhosin.multiheader Off Off
suhosin.perdir 0 0
suhosin.post.disallow_nul 1 1
suhosin.post.disallow_ws 0 0
suhosin.post.max_array_depth 50 50
suhosin.post.max_array_index_length 64 64
suhosin.post.max_name_length 64 64
suhosin.post.max_totalname_length 256 256
suhosin.post.max_value_length 1000000 1000000
suhosin.post.max_vars 1000 1000
suhosin.protectkey On On
suhosin.request.disallow_nul 1 1
suhosin.request.disallow_ws 0 0
suhosin.request.max_array_depth 50 50
suhosin.request.max_array_index_length 64 64
suhosin.request.max_totalname_length 256 256
suhosin.request.max_value_length 1000000 1000000
suhosin.request.max_varname_length 64 64
suhosin.request.max_vars 1000 1000
suhosin.server.encode On On
suhosin.server.strip On On
suhosin.session.checkraddr 0 0
suhosin.session.cryptdocroot On On
suhosin.session.cryptkey [ protected ] [ protected ]
suhosin.session.cryptraddr 0 0
suhosin.session.cryptua Off Off
suhosin.session.encrypt On On
suhosin.session.max_id_length 128 128
suhosin.simulation Off Off
suhosin.sql.bailout_on_error Off Off
suhosin.sql.comment 0 0
suhosin.sql.multiselect 0 0
suhosin.sql.opencomment 0 0
suhosin.sql.union 0 0
suhosin.sql.user_postfix no value no value
suhosin.sql.user_prefix no value no value
suhosin.srand.ignore On On
suhosin.stealth On On
suhosin.upload.disallow_binary 0 0
suhosin.upload.disallow_elf 1 1
suhosin.upload.max_uploads 25 25
suhosin.upload.remove_binary 0 0
suhosin.upload.verification_script no value no value
sysvmsg
sysvmsg support enabled
Revision $Revision: 313665 $
tokenizer
Tokenizer Support enabled
wddx
WDDX Support enabled
WDDX Session Serializer enabled
xml
XML Support active
XML Namespace Support active
libxml2 Version 2.7.8
xmlreader
XMLReader enabled
xmlwriter
XMLWriter enabled
zip
Zip enabled
Extension Version $Id: php_zip.c 313665 2011-07-25 11:42:53Z felipe $
Zip version 1.9.1
Libzip version 0.9.0
zlib
ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.1.1
Linked Version 1.2.3.4
Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level -1 -1
zlib.output_handler no value no value
Additional Modules
Module Name
sysvsem
sysvshm
Environment
Variable Value
APACHE_RUN_DIR /var/run/apache2
APACHE_PID_FILE /var/run/apache2.pid
PATH /usr/local/bin:/usr/bin:/bin
APACHE_LOCK_DIR /var/lock/apache2
LANG C
APACHE_RUN_USER www-data
APACHE_RUN_GROUP www-data
APACHE_LOG_DIR /var/log/apache2
PWD /
PHP Variables
Variable Value
_COOKIE["__utma"] 159588717.1267071713.1297009424.1297017735.1297020321.3
_COOKIE["__utmc"] 252639065
_COOKIE["__utmz"] 252639065.1308924084.16.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
_SERVER["HTTPS"] on
_SERVER["SSL_TLS_SNI"] admin.andrieu.com
_SERVER["HTTP_HOST"] admin.andrieu.com
_SERVER["HTTP_CONNECTION"] keep-alive
_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1
_SERVER["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
_SERVER["HTTP_REFERER"] https://admin.andrieu.com/
_SERVER["HTTP_ACCEPT_ENCODING"] gzip,deflate,sdch
_SERVER["HTTP_ACCEPT_LANGUAGE"] fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
_SERVER["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,*;q=0.3
_SERVER["HTTP_COOKIE"] __utma=159588717.1267071713.1297009424.1297017735.1297020321.3; __utma=252639065.939906447.1291915250.1316187045.1316550330.32; __utmc=252639065; __utmz=252639065.1308924084.16.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
_SERVER["PATH"] /usr/local/bin:/usr/bin:/bin
_SERVER["SERVER_SIGNATURE"] no value
_SERVER["SERVER_SOFTWARE"] Apache
_SERVER["SERVER_NAME"] admin.andrieu.com
_SERVER["SERVER_ADDR"] 88.191.92.23
_SERVER["SERVER_PORT"] 443
_SERVER["REMOTE_ADDR"] 78.227.65.169
_SERVER["DOCUMENT_ROOT"] /home/web/admin/
_SERVER["SERVER_ADMIN"] [no address given]
_SERVER["SCRIPT_FILENAME"] /home/web/admin/php_info.php
_SERVER["REMOTE_PORT"] 20080
_SERVER["REMOTE_USER"] ben
_SERVER["AUTH_TYPE"] Basic
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["SERVER_PROTOCOL"] HTTP/1.1
_SERVER["REQUEST_METHOD"] GET
_SERVER["QUERY_STRING"] no value
_SERVER["REQUEST_URI"] /php_info.php
_SERVER["SCRIPT_NAME"] /php_info.php
_SERVER["PHP_SELF"] /php_info.php
_SERVER["PHP_AUTH_USER"] xxx
_SERVER["PHP_AUTH_PW"] xxx
_SERVER["REQUEST_TIME"] 1316713778
php.ini:
[code]
root@andrieu:/home/ben# cat /etc/php5/apache2/php.ini
[PHP]
;;;;;;;;;;;;;;;;;;;
; About php.ini ;
;;;;;;;;;;;;;;;;;;;
; PHP's initialization file, generally called php.ini, is responsible for
; configuring many of the aspects of PHP's behavior.
; PHP attempts to find and load this configuration from a number of locations.
; The following is a summary of its search order:
; 1. SAPI module specific location.
; 2. The PHPRC environment variable. (As of PHP 5.2.0)
; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
; 4. Current working directory (except CLI)
; 5. The web server's directory (for SAPI modules), or directory of PHP
; (otherwise in Windows)
; 6. The directory from the --with-config-file-path compile time option, or the
; Windows directory (C:\windows or C:\winnt)
; See the PHP docs for more specific information.
;
http://php.net/configuration.file
; The syntax of the file is extremely simple. Whitespace and Lines
; beginning with a semicolon are silently ignored (as you probably guessed).
; Section headers (e.g. [Foo]) are also silently ignored, even though
; they might mean something in the future.
; Directives following the section heading [PATH=/www/mysite] only
; apply to PHP files in the /www/mysite directory. Directives
; following the section heading [HOST=www.example.com] only apply to
; PHP files served from
www.example.com. Directives set in these
; special sections cannot be overridden by user-defined INI files or
; at runtime. Currently, [PATH=] and [HOST=] sections only work under
; CGI/FastCGI.
;
http://php.net/ini.sections
; Directives are specified using the following syntax:
; directive = value
; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
; Directives are variables used to configure PHP or PHP extensions.
; There is no name validation. If PHP can't find an expected
; directive because it is not set or is mistyped, a default value will be used.
; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
; previously set variable or directive (e.g. ${foo})
; Expressions in the INI file are limited to bitwise operators and parentheses:
; | bitwise OR
; ^ bitwise XOR
; & bitwise AND
; ~ bitwise NOT
; ! boolean NOT
; Boolean flags can be turned on using the values 1, On, True or Yes.
; They can be turned off using the values 0, Off, False or No.
; An empty string can be denoted by simply not writing anything after the equal
; sign, or by using the None keyword:
; foo = ; sets foo to an empty string
; foo = None ; sets foo to an empty string
; foo = "None" ; sets foo to the string 'None'
; If you use constants in your value, and these constants belong to a
; dynamically loaded extension (either a PHP extension or a Zend extension),
; you may only use these constants *after* the line that loads the extension.
;;;;;;;;;;;;;;;;;;;
; About this file ;
;;;;;;;;;;;;;;;;;;;
; PHP comes packaged with two INI files. One that is recommended to be used
; in production environments and one that is recommended to be used in
; development environments.
; php.ini-production contains settings which hold security, performance and
; best practices at its core. But please be aware, these settings may break
; compatibility with older or less security conscience applications. We
; recommending using the production ini in production and testing environments.
; php.ini-development is very similar to its production variant, except it's
; much more verbose when it comes to errors. We recommending using the
; development version only in development environments as errors shown to
; application users can inadvertently leak otherwise secure information.
;;;;;;;;;;;;;;;;;;;
; Quick Reference ;
;;;;;;;;;;;;;;;;;;;
; The following are all the settings which are different in either the production
; or development versions of the INIs with respect to PHP's default behavior.
; Please see the actual settings later in the document for more details as to why
; we recommend these changes in PHP's behavior.
; allow_call_time_pass_reference
; Default Value: On
; Development Value: Off
; Production Value: Off
; display_errors
; Default Value: On
; Development Value: On
; Production Value: Off
; display_startup_errors
; Default Value: Off
; Development Value: On
; Production Value: Off
; error_reporting
; Default Value: E_ALL & ~E_NOTICE
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED
; html_errors
; Default Value: On
; Development Value: On
; Production value: Off
; log_errors
; Default Value: Off
; Development Value: On
; Production Value: On
; magic_quotes_gpc
; Default Value: On
; Development Value: Off
; Production Value: Off
; max_input_time
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
; output_buffering
; Default Value: Off
; Development Value: 4096
; Production Value: 4096
; register_argc_argv
; Default Value: On
; Development Value: Off
; Production Value: Off
; register_long_arrays
; Default Value: On
; Development Value: Off
; Production Value: Off
; request_order
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
; session.bug_compat_42
; Default Value: On
; Development Value: On
; Production Value: Off
; session.bug_compat_warn
; Default Value: On
; Development Value: On
; Production Value: Off
; session.gc_divisor
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
; session.hash_bits_per_character
; Default Value: 4
; Development Value: 5
; Production Value: 5
; short_open_tag
; Default Value: On
; Development Value: Off
; Production Value: Off
; track_errors
; Default Value: Off
; Development Value: On
; Production Value: Off
; url_rewriter.tags
; Default Value: "a=href,area=href,frame=src,form=,fieldset="
; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; variables_order
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS"
;;;;;;;;;;;;;;;;;;;;
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
;user_ini.filename = ".user.ini"
; To disable this feature set this option to empty value
;user_ini.filename =
; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
;user_ini.cache_ttl = 300
;;;;;;;;;;;;;;;;;;;;
; Language Options ;
;;;;;;;;;;;;;;;;;;;;
; Enable the PHP scripting language engine under Apache.
;
http://php.net/engine
engine = On
; This directive determines whether or not PHP will recognize code between
; <? and ?> tags as PHP source which should be processed as such. It's been
; recommended for several years that you not use the short tag "short cut" and
; instead to use the full <?php and ?> tag combination. With the wide spread use
; of XML and use of these tags by other languages, the server can become easily
; confused and end up parsing the wrong code in the wrong context. But because
; this short cut has been a feature for such a long time, it's currently still
; supported for backwards compatibility, but we recommend you don't use them.
; Default Value: On
; Development Value: Off
; Production Value: Off
;
http://php.net/short-open-tag
short_open_tag = On
; Allow ASP-style <% %> tags.
;
http://php.net/asp-tags
asp_tags = Off
; The number of significant digits displayed in floating point numbers.
;
http://php.net/precision
precision = 14
; Enforce year 2000 compliance (will cause problems with non-compliant browsers)
;
http://php.net/y2k-compliance
y2k_compliance = On
; Output buffering is a mechanism for controlling how much output data
; (excluding headers and cookies) PHP should keep internally before pushing that
; data to the client. If your application's output exceeds this setting, PHP
; will send that data in chunks of roughly the size you specify.
; Turning on this setting and managing its maximum buffer size can yield some
; interesting side-effects depending on your application and web server.
; You may be able to send headers and cookies after you've already sent output
; through print or echo. You also may see performance benefits if your server is
; emitting less packets due to buffered output versus PHP streaming the output
; as it gets it. On production servers, 4096 bytes is a good setting for performance
; reasons.
; Note: Output buffering can also be controlled via Output Buffering Control
; functions.
; Possible Values:
; On = Enabled and buffer is unlimited. (Use with caution)
; Off = Disabled
; Integer = Enables the buffer and sets its maximum size in bytes.
; Note: This directive is hardcoded to Off for the CLI SAPI
; Default Value: Off
; Development Value: 4096
; Production Value: 4096
;
http://php.net/output-buffering
output_buffering = 4096
; You can redirect all of the output of your scripts to a function. For
; example, if you set output_handler to "mb_output_handler", character
; encoding will be transparently converted to the specified encoding.
; Setting any output handler automatically turns on output buffering.
; Note: People who wrote portable scripts should not depend on this ini
; directive. Instead, explicitly set the output handler using ob_start().
; Using this ini directive may cause problems unless you know what script
; is doing.
; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
; and you cannot use both "ob_gzhandler" and "zlib.output_compression".
; Note: output_handler must be empty if this is set 'On' !!!!
; Instead you must use zlib.output_handler.
;
http://php.net/output-handler
;output_handler =
; Transparent output compression using the zlib library
; Valid values for this option are 'off', 'on', or a specific buffer size
; to be used for compression (default is 4KB)
; Note: Resulting chunk size may vary due to nature of compression. PHP
; outputs chunks that are few hundreds bytes each as a result of
; compression. If you prefer a larger chunk size for better
; performance, enable output_buffering in addition.
; Note: You need to use zlib.output_handler instead of the standard
; output_handler, or otherwise the output will be corrupted.
;
http://php.net/zlib.output-compression
zlib.output_compression = Off
;
http://php.net/zlib.output-compression-level
;zlib.output_compression_level = -1
; You cannot specify additional output handlers if zlib.output_compression
; is activated here. This setting does the same as output_handler but in
; a different order.
;
http://php.net/zlib.output-handler
;zlib.output_handler =
; Implicit flush tells PHP to tell the output layer to flush itself
; automatically after every output block. This is equivalent to calling the
; PHP function flush() after each and every call to print() or echo() and each
; and every HTML block. Turning this option on has serious performance
; implications and is generally recommended for debugging purposes only.
;
http://php.net/implicit-flush
; Note: This directive is hardcoded to On for the CLI SAPI
implicit_flush = Off
; The unserialize callback function will be called (with the undefined class'
; name as parameter), if the unserializer finds an undefined class
; which should be instantiated. A warning appears if the specified function is
; not defined, or if the function doesn't include/implement the missing class.
; So only set this entry, if you really want to implement such a
; callback-function.
unserialize_callback_func =
; When floats & doubles are serialized store serialize_precision significant
; digits after the floating point. The default value ensures that when floats
; are decoded with unserialize, the data will remain the same.
serialize_precision = 100
; This directive allows you to enable and disable warnings which PHP will issue
; if you pass a value by reference at function call time. Passing values by
; reference at function call time is a deprecated feature which will be removed
; from PHP at some point in the near future. The acceptable method for passing a
; value by reference to a function is by declaring the reference in the functions
; definition, not at call time. This directive does not disable this feature, it
; only determines whether PHP will warn you about it or not. These warnings
; should enabled in development environments only.
; Default Value: On (Suppress warnings)
; Development Value: Off (Issue warnings)
; Production Value: Off (Issue warnings)
;
http://php.net/allow-call-time-pass-reference
allow_call_time_pass_reference = Off
; Safe Mode
;
http://php.net/safe-mode
safe_mode = Off
; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.
;
http://php.net/safe-mode-gid
safe_mode_gid = Off
; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)
;
http://php.net/safe-mode-include-dir
safe_mode_include_dir =
; When safe_mode is on, only executables located in the safe_mode_exec_dir
; will be allowed to be executed via the exec family of functions.
;
http://php.net/safe-mode-exec-dir
safe_mode_exec_dir =
; Setting certain environment variables may be a potential security breach.
; This directive contains a comma-delimited list of prefixes. In Safe Mode,
; the user may only alter environment variables whose names begin with the
; prefixes supplied here. By default, users will only be able to set
; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
; Note: If this directive is empty, PHP will let the user modify ANY
; environment variable!
;
http://php.net/safe-mode-allowed-env-vars
safe_mode_allowed_env_vars = PHP_
; This directive contains a comma-delimited list of environment variables that
; the end user won't be able to change using putenv(). These variables will be
; protected even if safe_mode_allowed_env_vars is set to allow to change them.
;
http://php.net/safe-mode-protected-env-vars
safe_mode_protected_env_vars = LD_LIBRARY_PATH
; open_basedir, if set, limits all file operations to the defined directory
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
;
http://php.net/open-basedir
;open_basedir =
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
;
http://php.net/disable-functions
disable_functions =
; This directive allows you to disable certain classes for security reasons.
; It receives a comma-delimited list of class names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
;
http://php.net/disable-classes
disable_classes =
; Colors for Syntax Highlighting mode. Anything that's acceptable in
; <span style="color: ???????"> would work.
;
http://php.net/syntax-highlighting
;highlight.string = #DD0000
;highlight.comment = #FF9900
;highlight.keyword = #007700
;highlight.bg = #FFFFFF
;highlight.default = #0000BB
;highlight.html = #000000
; If enabled, the request will be allowed to complete even if the user aborts
; the request. Consider enabling it if executing long requests, which may end up
; being interrupted by the user or a browser timing out. PHP's default behavior
; is to disable this feature.
;
http://php.net/ignore-user-abort
;ignore_user_abort = On
; Determines the size of the realpath cache to be used by PHP. This value should
; be increased on systems where PHP opens many files to reflect the quantity of
; the file operations performed.
;
http://php.net/realpath-cache-size
;realpath_cache_size = 16k
; Duration of time, in seconds for which to cache realpath information for a given
; file or directory. For systems with rarely changing files, consider increasing this
; value.
;
http://php.net/realpath-cache-ttl
;realpath_cache_ttl = 120
;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
;
http://php.net/expose-php
expose_php = On
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
; Maximum execution time of each script, in seconds
;
http://php.net/max-execution-time
; Note: This directive is hardcoded to 0 for the CLI SAPI
max_execution_time = 70
; Maximum amount of time each script may spend parsing request data. It's a good
; idea to limit this time on productions servers in order to eliminate unexpectedly
; long running scripts.
; Note: This directive is hardcoded to -1 for the CLI SAPI
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
;
http://php.net/max-input-time
max_input_time = 60
; Maximum input variable nesting level
;
http://php.net/max-input-nesting-level
;max_input_nesting_level = 64
; Maximum amount of memory a script may consume (128MB)
;
http://php.net/memory-limit
memory_limit = 128M
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; This directive informs PHP of which errors, warnings and notices you would like
; it to take action for. The recommended way of setting values for this
; directive is through the use of the error level constants and bitwise
; operators. The error level constants are below here for convenience as well as
; some common settings and their meanings.
; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
; those related to E_NOTICE and E_STRICT, which together cover best practices and
; recommended coding standards in PHP. For performance reasons, this is the
; recommend error reporting setting. Your production server shouldn't be wasting
; resources complaining about best practices and coding standards. That's what
; development servers and development settings are for.
; Note: The php.ini-development file has this setting as E_ALL | E_STRICT. This
; means it pretty much reports everything which is exactly what you want during
; development and early testing.
;
; Error Level Constants:
; E_ALL - All errors and warnings (includes E_STRICT as of PHP 6.0.0)
; E_ERROR - fatal run-time errors
; E_RECOVERABLE_ERROR - almost fatal run-time errors
; E_WARNING - run-time warnings (non-fatal errors)
; E_PARSE - compile-time parse errors
; E_NOTICE - run-time notices (these are warnings which often result
; from a bug in your code, but it's possible that it was
; intentional (e.g., using an uninitialized variable and
; relying on the fact it's automatically initialized to an
; empty string)
; E_STRICT - run-time notices, enable to have PHP suggest changes
; to your code which will ensure the best interoperability
; and forward compatibility of your code
; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
; initial startup
; E_COMPILE_ERROR - fatal compile-time errors
; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
; E_USER_ERROR - user-generated error message
; E_USER_WARNING - user-generated warning message
; E_USER_NOTICE - user-generated notice message
; E_DEPRECATED - warn about code that will not work in future versions
; of PHP
; E_USER_DEPRECATED - user-generated deprecation warnings
;
; Common Values:
; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.)
; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.)
; Default Value: E_ALL & ~E_NOTICE
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED
;
http://php.net/error-reporting
error_reporting = E_ALL & ~E_DEPRECATED
; This directive controls whether or not and where PHP will output errors,
; notices and warnings too. Error output is very useful during development, but
; it could be very dangerous in production environments. Depending on the code
; which is triggering the error, sensitive information could potentially leak
; out of your application such as database usernames and passwords or worse.
; It's recommended that errors be logged on production servers rather than
; having the errors sent to STDOUT.
; Possible Values:
; Off = Do not display any errors
; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
; On or stdout = Display errors to STDOUT
; Default Value: On
; Development Value: On
; Production Value: Off
;
http://php.net/display-errors
display_errors = Off
; The display of errors which occur during PHP's startup sequence are handled
; separately from display_errors. PHP's default behavior is to suppress those
; errors from clients. Turning the display of startup errors on can be useful in
; debugging configuration problems. But, it's strongly recommended that you
; leave this setting off on production servers.
; Default Value: Off
; Development Value: On
; Production Value: Off
;
http://php.net/display-startup-errors
display_startup_errors = Off
; Besides displaying errors, PHP can also log errors to locations such as a
; server-specific log, STDERR, or a location specified by the error_log
; directive found below. While errors should not be displayed on productions
; servers they should still be monitored and logging is a great way to do that.
; Default Value: Off
; Development Value: On
; Production Value: On
;
http://php.net/log-errors
log_errors = On
; Set maximum length of log_errors. In error_log information about the source is
; added. The default is 1024 and 0 allows to not apply any maximum length at all.
;
http://php.net/log-errors-max-len
log_errors_max_len = 1024
; Do not log repeated messages. Repeated errors must occur in same file on same
; line unless ignore_repeated_source is set true.
;
http://php.net/ignore-repeated-errors
ignore_repeated_errors = Off
; Ignore source of message when ignoring repeated messages. When this setting
; is On you will not log errors with repeated messages from different files or
; source lines.
;
http://php.net/ignore-repeated-source
ignore_repeated_source = Off
; If this parameter is set to Off, then memory leaks will not be shown (on
; stdout or in the log). This has only effect in a debug compile, and if
; error reporting includes E_WARNING in the allowed list
;
http://php.net/report-memleaks
report_memleaks = On
; This setting is on by default.
;report_zend_debug = 0
; Store the last error/warning message in $php_errormsg (boolean). Setting this value
; to On can assist in debugging and is appropriate for development servers. It should
; however be disabled on production servers.
; Default Value: Off
; Development Value: On
; Production Value: Off
;
http://php.net/track-errors
track_errors = Off
; Turn off normal error reporting and emit XML-RPC error XML
;
http://php.net/xmlrpc-errors
;xmlrpc_errors = 0
; An XML-RPC faultCode
;xmlrpc_error_number = 0
; When PHP displays or logs an error, it has the capability of inserting html
; links to documentation related to that error. This directive controls whether
; those HTML links appear in error messages or not. For performance and security
; reasons, it's recommended you disable this on production servers.
; Note: This directive is hardcoded to Off for the CLI SAPI
; Default Value: On
; Development Value: On
; Production value: Off
;
http://php.net/html-errors
html_errors = Off
; If html_errors is set On PHP produces clickable error messages that direct
; to a page describing the error or function causing the error in detail.
; You can download a copy of the PHP manual from
http://php.net/docs
; and change docref_root to the base URL of your local copy including the
; leading '/'. You must also specify the file extension being used including
; the dot. PHP's default behavior is to leave these settings empty.
; Note: Never use this feature for production boxes.
;
http://php.net/docref-root
; Examples
;docref_root = "/phpmanual/"
;
http://php.net/docref-ext
;docref_ext = .html
; String to output before an error message. PHP's default behavior is to leave
; this setting blank.
;
http://php.net/error-prepend-string
; Example:
;error_prepend_string = "<font color=#ff0000>"
; String to output after an error message. PHP's default behavior is to leave
; this setting blank.
;
http://php.net/error-append-string
; Example:
;error_append_string = "</font>"
; Log errors to specified file. PHP's default behavior is to leave this value
; empty.
;
http://php.net/error-log
; Example:
;error_log = php_errors.log
; Log errors to syslog (Event Log on NT, not valid in Windows 95).
;error_log = syslog
;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
; The separator used in PHP generated URLs to separate arguments.
; PHP's default setting is "&".
;
http://php.net/arg-separator.output
; Example:
;arg_separator.output = "&"
; List of separator(s) used by PHP to parse input URLs into variables.
; PHP's default setting is "&".
; NOTE: Every character in this directive is considered as separator!
;
http://php.net/arg-separator.input
; Example:
;arg_separator.input = ";&"
; This directive determines which super global arrays are registered when PHP
; starts up. If the register_globals directive is enabled, it also determines
; what order variables are populated into the global space. G,P,C,E & S are
; abbreviations for the following respective super globals: GET, POST, COOKIE,
; ENV and SERVER. There is a performance penalty paid for the registration of
; these arrays and because ENV is not as commonly used as the others, ENV is
; is not recommended on productions servers. You can still get access to
; the environment variables through getenv() should you need to.
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS";
;
http://php.net/variables-order
variables_order = "GPCS"
; This directive determines which super global data (G,P,C,E & S) should
; be registered into the super global array REQUEST. If so, it also determines
; the order in which that data is registered. The values for this directive are
; specified in the same manner as the variables_order directive, EXCEPT one.
; Leaving this value empty will cause PHP to use the value set in the
; variables_order directive. It does not mean it will leave the super globals
; array REQUEST empty.
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
;
http://php.net/request-order
request_order = "GP"
; Whether or not to register the EGPCS variables as global variables. You may
; want to turn this off if you don't want to clutter your scripts' global scope
; with user data.
; You should do your best to write your scripts so that they do not require
; register_globals to be on; Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.
;
http://php.net/register-globals
register_globals = Off
; Determines whether the deprecated long $HTTP_*_VARS type predefined variables
; are registered by PHP or not. As they are deprecated, we obviously don't
; recommend you use them. They are on by default for compatibility reasons but
; they are not recommended on production servers.
; Default Value: On
; Development Value: Off
; Production Value: Off
;
http://php.net/register-long-arrays
register_long_arrays = Off
; This directive determines whether PHP registers $argv & $argc each time it
; runs. $argv contains an array of all the arguments passed to PHP when a script
; is invoked. $argc contains an integer representing the number of arguments
; that were passed when the script was invoked. These arrays are extremely
; useful when running scripts from the command line. When this directive is
; enabled, registering these variables consumes CPU cycles and memory each time
; a script is executed. For performance reasons, this feature should be disabled
; on production servers.
; Note: This directive is hardcoded to On for the CLI SAPI
; Default Value: On
; Development Value: Off
; Production Value: Off
;
http://php.net/register-argc-argv
register_argc_argv = Off
; When enabled, the SERVER and ENV variables are created when they're first
; used (Just In Time) instead of when the script starts. If these variables
; are not used within a script, having this directive on will result in a
; performance gain. The PHP directives register_globals, register_long_arrays,
; and register_argc_argv must be disabled for this directive to have any affect.
;
http://php.net/auto-globals-jit
auto_globals_jit = On
; Maximum size of POST data that PHP will accept.
;
http://php.net/post-max-size
post_max_size = 16M
; Magic quotes are a preprocessing feature of PHP where PHP will attempt to
; escape any character sequences in GET, POST, COOKIE and ENV data which might
; otherwise corrupt data being placed in resources such as databases before
; making that data available to you. Because of character encoding issues and
; non-standard SQL implementations across many databases, it's not currently
; possible for this feature to be 100% accurate. PHP's default behavior is to
; enable the feature. We strongly recommend you use the escaping mechanisms
; designed specifically for the database your using instead of relying on this
; feature. Also note, this feature has been deprecated as of PHP 5.3.0 and is
; scheduled for removal in PHP 6.
; Default Value: On
; Development Value: Off
; Production Value: Off
;
http://php.net/magic-quotes-gpc
magic_quotes_gpc = Off
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
;
http://php.net/magic-quotes-runtime
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
;
http://php.net/magic-quotes-sybase
magic_quotes_sybase = Off
; Automatically add files before PHP document.
;
http://php.net/auto-prepend-file
auto_prepend_file =
; Automatically add files after PHP document.
;
http://php.net/auto-append-file
auto_append_file =
; By default, PHP will output a character encoding using
; the Content-type: header. To disable sending of the charset, simply
; set it to be empty.
;
; PHP's built-in default is text/html
;
http://php.net/default-mimetype
default_mimetype = "text/html"
; PHP's default character set is set to empty.
;
http://php.net/default-charset
;default_charset = "iso-8859-1"
; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is
; to disable this feature.
;
http://php.net/always-populate-raw-post-data
;always_populate_raw_post_data = On
;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
; UNIX: "/path1:/path2"
;include_path = ".:/usr/share/php"
;
; Windows: "\path1;\path2"
;include_path = ".;c:\php\includes"
;
; PHP's default setting for include_path is ".;/path/to/php/pear"
;
http://php.net/include-path
; The root of the PHP pages, used only if nonempty.
; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
; if you are running php as a CGI under any web server (other than IIS)
; see documentation for security issues. The alternate is to use the
; cgi.force_redirect configuration below
;
http://php.net/doc-root
doc_root =
; The directory under which PHP opens the script using /~username used only
; if nonempty.
;
http://php.net/user-dir
user_dir =
; Directory in which the loadable extensions (modules) reside.
;
http://php.net/extension-dir
; extension_dir = "./"
; On windows:
; extension_dir = "ext"
; Whether or not to enable the dl() function. The dl() function does NOT work
; properly in multithreaded servers, such as IIS or Zeus, and is automatically
; disabled on them.
;
http://php.net/enable-dl
enable_dl = Off
; cgi.force_redirect is necessary to provide security running PHP as a CGI under
; most web servers. Left undefined, PHP turns this on by default. You can
; turn it off here AT YOUR OWN RISK
; **You CAN safely turn this off for IIS, in fact, you MUST.**
;
http://php.net/cgi.force-redirect
;cgi.force_redirect = 1
; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
; every request. PHP's default behavior is to disable this feature.
;cgi.nph = 1
; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
; will look for to know it is OK to continue execution. Setting this variable MAY
; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
;
http://php.net/cgi.redirect-status-env
;cgi.redirect_status_env = ;
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
;
http://php.net/cgi.fix-pathinfo
;cgi.fix_pathinfo=1
; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
; security tokens of the calling client. This allows IIS to define the
; security context that the request runs under. mod_fastcgi under Apache
; does not currently support this feature (03/17/2002)
; Set to 1 if running under IIS. Default is zero.
;
http://php.net/fastcgi.impersonate
;fastcgi.impersonate = 1;
; Disable logging through FastCGI connection. PHP's default behavior is to enable
; this feature.
;fastcgi.logging = 0
; cgi.rfc2616_headers configuration option tells PHP what type of headers to
; use when sending HTTP response code. If it's set 0 PHP sends Status: header that
; is supported by Apache. When this option is set to 1 PHP will send
; RFC2616 compliant header.
; Default is zero.
;
http://php.net/cgi.rfc2616-headers
;cgi.rfc2616_headers = 0
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
; Whether to allow HTTP file uploads.
;
http://php.net/file-uploads
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
;
http://php.net/upload-tmp-dir
;upload_tmp_dir =
; Maximum allowed size for uploaded files.
;
http://php.net/upload-max-filesize
upload_max_filesize = 16M
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20
;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
;
http://php.net/allow-url-fopen
allow_url_fopen = On
; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
;
http://php.net/allow-url-include
allow_url_include = Off
; Define the anonymous ftp password (your email address). PHP's default setting
; for this is empty.
;
http://php.net/from
;from="john@doe.com"
; Define the User-Agent string. PHP's default setting for this is empty.
;
http://php.net/user-agent
;user_agent="PHP"
; Default timeout for socket based streams (seconds)
;
http://php.net/default-socket-timeout
default_socket_timeout = 60
; If your scripts have to deal with files from Macintosh systems,
; or you are running on a Mac and need to deal with files from
; unix or win32 systems, setting this flag will cause PHP to
; automatically detect the EOL character in those files so that
; fgets() and file() will work regardless of the source of the file.
;
http://php.net/auto-detect-line-endings
;auto_detect_line_endings = Off
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
; If you wish to have an extension loaded automatically, use the following
; syntax:
;
; extension=modulename.extension
;
; For example, on Windows:
;
; extension=msql.dll
;
; ... or under UNIX:
;
; extension=msql.so
;
; ... or with a path:
;
; extension=/path/to/extension/msql.so
;
; If you only provide the name of the extension, PHP will look for it in its
; default extension dir...
[Résolu] REQUEST_METHOD _POST ne marche pas -
Jean le Chauve - 22/09/2011
En modifiant la méthode post en get (avec l'extension webdevelopper), on obtient ceci :
http://www.christinedeveyrac.fr/contact/?mact=FormBuilder%252Cm62b34%252Cdefault%252C1&m62b34returnid=42&page=42&m62b34fbrp_callcount=1&m62b34form_id=4&m62b34fbrp_continue=2&m62b34fbrp_done=1&m62b34fbrp__30=test&m62b34fbrp__31=test%2540gmail.com&m62b34fbrp__32=&m62b34fbrp__33=brux&m62b34fbrp__34=aine&m62b34fbrp__35=test&m62b34fbrp__36=test&m62b34fbrp_submit=Envoyer
Sur aucun de mes formulaires, je n'ai trouvé cette slash avant le point d'interrogation. Ton .htaccess doit sans doute l'ajouter. Essaye en enlevant cette réécriture, on ne sait jamais
Et avant toute chose remettre le copyright en place et corriger le code :
http://validator.w3.org/check?verbose=1&uri=http%3A%2F%2Fwww.christinedeveyrac.fr%2Fcontact%2F
[Résolu] REQUEST_METHOD _POST ne marche pas -
ben500fr - 22/09/2011
Pour le copyright, je ne comprend pas, j'ai bien mis la balise dans les meta (ligne 18 du code HTML), que dois-je rajouter de plus?
voici le .htaccess a la racine du site:
Code :
Options +FollowSymLinks
RewriteEngine on
RewriteBase /
# 301 Redirect all requests that don't contain a dot or trailing slash to
# include a trailing slash
RewriteCond %{REQUEST_URI} !/$
RewriteCond %{REQUEST_URI} !\.
RewriteRule ^(.*) %{REQUEST_URI}/ [R=301,L]
# Rewrites urls in the form of /parent/child/
# but only rewrites if the requested URL is not a file or directory
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
Voici la conf apache du site:
Citation :<VirtualHost *:80>
DocumentRoot /home/web/christinedeveyrac.fr/
ServerName christinedeveyrac.fr
ServerAlias www.christinedeveyrac.fr
ServerAlias christinedeveyrac.andrieu.com
ServerAlias www.christinedeveyrac.andrieu.com
<Directory />
#AllowOverride AuthConfig
allow from all
Options +FollowSymLinks
# RewriteEngine on
# RewriteBase /
# 301 Redirect all requests that don't contain a dot or trailing slash to
# include a trailing slash
# RewriteCond %{REQUEST_URI} !/$
# RewriteCond %{REQUEST_URI} !\.
# RewriteRule ^(.*) %{REQUEST_URI}/ [R=301,L]
# Rewrites urls in the form of /parent/child/
# but only rewrites if the requested URL is not a file or directory
# RewriteCond %{REQUEST_FILENAME} !-f
# RewriteCond %{REQUEST_FILENAME} !-d
# RewriteRule ^(.+)$ index.php?page=$1 [QSA]
</Directory>
</VirtualHost>
Effectivement j'ai tout mis en commentaire sur les params du site, mais j'ai oublié le .htaccess
Que me conseil tu de faire comme modif?
[Résolu] REQUEST_METHOD _POST ne marche pas -
jissey - 22/09/2011
supprime le 'RewriteBase /'
[Résolu] REQUEST_METHOD _POST ne marche pas -
ben500fr - 22/09/2011
ça marche!!!!
Voici le .htaccess qui fonction:
Code :
Options +FollowSymLinks
RewriteEngine on
#RewriteBase /
# 301 Redirect all requests that don't contain a dot or trailing slash to
# include a trailing slash
RewriteCond %{REQUEST_URI} !/$
RewriteCond %{REQUEST_URI} !\.
#RewriteRule ^(.*) %{REQUEST_URI}/ [R=301,L]
# Rewrites urls in the form of /parent/child/
# but only rewrites if the requested URL is not a file or directory
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
Il y avait bien un "RewriteRule" a commenter, par contre si je commente les autres le site fonctionne bizarrement (url avec le get apparent, WYSIWYG qui ne fonctionne plus....).
Merci beaucoup pour votre aide.
Me reste quand même du tag pour me mettre aux normes W3C...
[Résolu] REQUEST_METHOD _POST ne marche pas -
Jean le Chauve - 23/09/2011
Désolé pour le copyright, il est correct, je ne l'avais pas vu.
Voici un .htaccess avec les rewrite rules, une sécurité renforcée pour ovh (je te le conseille, il y a énormément d'attaques pour le moment, je viens d'en subir) et quelques petites fonctions utiles.
Code :
RewriteEngine On
SetEnv REGISTER_GLOBALS 0
SetEnv ZEND_OPTIMIZER 1
SetEnv MAGIC_QUOTES 1
SetEnv PHP_VER 5
#option to remove directory listings in all folder (avoid publishing unwanted contents)
Options -Indexes
Options +FollowSymLinks
# Deny access to config.php
# This can be useful if php ever breaks or dies
# Use with caution, this may break other functions of CMSms that use a config.php
# file. This may also break other programs you have running under your CMSms
# install that use config.php. You may need to add another .htaccess file to those
# directories to specifically allow config.php.
# <Files "config.php">
# order allow,deny
# deny from all
# </Files>
# No sense advertising what we are running
ServerSignature Off
###FILTRE CONTRE ROBOTS DES PIRATES ET ASPIRATEURS DE SITE WEB
### LISTE ICI: http://www.bg-pro.com/?goto=badbot
## EXCEPTION: TOUS LES ROBOTS MEMES ANONYMES OU BANNIS PEUVENT ACCEDER A CES FICHIERS
RewriteCond %{REQUEST_URI} !^/robots.txt
RewriteCond %{REQUEST_URI} !^/sitemap.xml
## EXCEPTION: SI UTILISATION DE *PAYPAL INSTANT NOTIFICATION PAYMENT*, COMME PAYPAL N'UTILISE PAS DE HTTP_USER_AGENT, L'IPN NE MARCHERA PAS.
RewriteCond %{REQUEST_URI} !^/paypal-ipn.php
##
RewriteCond %{HTTP_USER_AGENT} ^-?$ [OR]
## ANONYMES
RewriteCond %{HTTP_USER_AGENT} ^[bcdfghjklmnpqrstvwxz\ ]{8,}|^[0-9a-z]{15,}|^[0-9A-Za-z]{19,}|^[A-Za-z]{3,}\ [a-z]{4,}\ [a-z]{4,} [OR]
## CEUX QUI INVENTENT DES NOMS AU HASARD
RewriteCond %{HTTP_USER_AGENT} ^<sc|<\?|8484\ Boston\ Project|autoemailspider|@nonymouse|ADSARobot|Advanced\ Email\ Extractor|^adwords|ah-ha|aktuelles|amzn_assoc|Anarchie|anonymous|Art-Online|ASPSeek|ASSORT|ATHENS|Atomz|attach|autoemailspider|BackWeb|Bandit|BatchFTP|bdfetch|big.brother|BlackWidow|blogsearchbot-martin|bmclient|Boston\ Project|BravoBrian\ SpiderEngine\ MarcoPolo|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|compatible\ \;|Crescent|Crescent\ Internet|Custo|cyberalert|Deweb|diagem|Digger|Digimarc|DIIbot|DirectUpdate|disco|DISCoFinder|Downloader|Download\ Accelerator|Download\ Demon|Download\ Wonder|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|echo\ extense|ecollector|efp@gmx\.net|EirGrabber|EmailCollector|EmailSiphon|Email\ Siphon|EmailWolf|Email\ Extractor|Express\ WebPictures|ExtractorPro [NC,OR]
## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
RewriteCond %{HTTP_USER_AGENT} EyeNetIE|fastlwspider|FavOrg|Favorites\ Sweeper|^Fetch|FEZhead|FileHound|flashget|FlashGet\ WebWasher|FlickBot|fluffy|frontpage|GalaxyBot|Generic|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go!Zilla|go-ahead-got-it|GornKer|Grabber|GrabNet|Grafula|Green\ Research|grub-client|grub\ crawler|hanzoweb|Harvest|hhjhj@yahoo|hloader|HMView|HomePageSearch|HTTPConnect|httpdown|httplib|HttpProxy|HTTP\ agent|http\ generic|HTTrack|ia_archive|IBM_Planetwide|IDBot|id-search|imagefetch|Image\ Stripper|Image\ Sucker|IncyWincy|Indy\ Library|informant|Ingelin|InterGET|InternetLinkAgent|InternetSeer\.com|^Internet\ Explorer|Internet\ Ninja|IPiumBot|Iria|Irvine|Jakarta\ Commons|JBH*Agent [NC,OR]
## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
RewriteCond %{HTTP_USER_AGENT} JetCar|JOC|JOC\ Web\ Spider|JustView|Kapere|KWebGet|Lachesis|larbin|LeechFTP|LexiBot|lftp|likse|Link*Sleuth|LINKS\ ARoMATIZED|LinkWalker|Mac\ Finder|Mag-Net|Magnet|Mass\ Downloader|MCspider|Microsoft\ URL|Microsoft\ Data|MIDown\ tool|minibot\(NaverRobot\)|Mirror|Missigua|Mister\ PiX|MJ12bot|MMMtoCrawl\/UrlDispatcherLLL|Movable\ Type|Moozilla|^Mozilla$|^MSIE|Murzillo|MSProxy|multithreaddb|nationaldirectory|Navroad|NearSite|NetAnts|NetCarta|NetMechanic|netprospector|NetResearchServer|NetSpider|NetZIP|NetZippy|NetZip\ Downloader|Net\ Vampire|NEWT|nicerspro|NICErsPRO|NPBot|Nutch|Nutscrape/|Octopus|Offline\ Explorer|Offline\ Navigator|OmniExplorer|OpaL|Openfind|OpenTextSiteCrawler [NC,OR]
## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
##RewriteCond %{HTTP_USER_AGENT} OrangeBot|PackRat|PageGrabber|Papa\ Foto|pavuk|pcBrowser|PersonaPilot|PingALink|Pockey|Program\ Shareware|Proxy|psbot|PSurf|psycheclone|^puf|Pump|PushSite|PussyCat|PycURL|python|QRVA|QuepasaCreep|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|almaden|Robozilla|Rover|RPT-HTTPClient|Rsync|SearchExpress|searchhippo|searchterms\.it|Second\ Street\Research|Seeker|Shai|sitecheck|SiteMapper|SiteSnagger|SlySearch|SmartDownload|snagger|SpaceBison|Spegla|SpiderBot|SqWorm|Star\Downloader|Stripper|sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|SurveyBot|Szukacz|tAkeOut|tarspider|Teleport\Pro|Telesoft|Templeton|TrackBack|TrueRobot|Turing|TurnitinBot [NC,OR]
## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
RewriteCond %{HTTP_USER_AGENT} TV33_Mercator|UIowaCrawler|URL_Spider_Pro|^user|^User\ Agent:\ |^User-Agent:\ |UtilMind|Vacuum|vagabondo|vayala|visibilitygap|vobsub|VoidEYE|vspider|w3mir|WebaltBot|WebAuto|webbandit|WebCapture|Webclipping|webcollage|webcollector|WebCopier|webcraft@bea|WebDAV|webdevil|webdownloader|Webdup|WebEmailExtractor|WebFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WEBMASTERS|WebMiner|WebMirror|webmole|WebReaper|WebSauger|WEBsaver|Website\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|Web\ Data\ Extractor|Web\ Downloader|Web\ Image\ Collector|Web\ Sucker|web\.by\.mail|whizbang|WhosTalking|Widow|Widows|WISEbot|WISEnutbot|WUMPUS|Wweb|WWWOFFLE|Wysigot|x-Tractor|Xaldon\ WebSpider|XGET|Yandex|Zeus|Zeus.*Webster [NC]
## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
RewriteCond %{HTTP_USER_AGENT} ^curl|^Fetch\ API\ Request|GT\:\:WWW|^HTTP\:\:Lite|httplib|^Java/1.|^Java\ 1.|^LWP|libWeb|libwww|^PEAR|PECL\:\:HTTP|PHPCrawl|^Program\ Shareware|python|Rsync|Snoopy|^URI\:\:Fetch|WebDAV|^Wget [NC]
## BIBLIOTHEQUES / CLASSES HTTP DONT ON NE VEUT PAS. ATTENTION, CELA PEUT BLOQUER CERTAINES FONCTIONS DE VOTRE CMS. NE PAS TOUT EFFACER, MAIS CHERCHEZ LE NOM DE LA CLASSE HTTP CONCERNEE (DEMANDEZ AUX DEVELOPPEURS DE VOTRE CMS). CETTE LISTE BLOQUE 80% DES ROBOTS SPAMMEURS. IL FAUT LA CONSERVER.
RewriteRule (.*) - [F]
### DES FAUX URLS, ON LES NEUTRALISE
RedirectMatch gone ^/_vti.*
RedirectMatch gone ^/MSOffice.*
RedirectMatch gone ^[-_a-z0-9/\.]*//.*
RedirectMatch gone ^.*/etc/passwd.*
### FILTRE CONTRE XSS, REDIRECTIONS HTTP, base64_encode, VARIABLE PHP GLOBALS VIA URL, MODIFIER VARIABLE _REQUEST VIA URL, TEST DE FAILLE PHP, INJECTION SQL SIMPLE
RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
RewriteCond %{QUERY_STRING} ^(.*)(%3C|<)/?script(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=)?javascript(%3A|:)(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)document\.location\.href(.*)$ [OR]
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=)http(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
## ATTENTION A CETTE REGLE. ELLE PEUT CASSER CERTAINES REDIRECTIONS RESSEMBLANT A: http://www.truc.fr/index.php?r=http://www.google.fr ##
RewriteCond %{QUERY_STRING} ^(.*)base64_encode(.*)$ [OR]
RewriteCond %{QUERY_STRING} ^(.*)GLOBALS(=|[|%[0-9A-Z]{0,2})(.*)$ [OR]
RewriteCond %{QUERY_STRING} ^(.*)_REQUEST(=|[|%[0-9A-Z]{0,2})(.*)$ [OR]
RewriteCond %{QUERY_STRING} ^(.*)(SELECT|INSERT|DELETE|CHAR\(|UPDATE|REPLACE|LIMIT)(.*)$
### ON EVITE LE VOL D'IMAGES, VIDEO, SON, FEUILLE DE STYLE, PDF ET ZIP
### LES VISITEURS DOIVENT PASSER PAR LE SITE.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://[-_a-z0-9.]*christinedeveyrac\.fr$ [NC]
RewriteCond %{HTTP_REFERER} !^http://[-_a-z0-9.]*christinedeveyrac\.fr/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mediaplan\.ovh\.net/~promojeu/.*$ [NC] // à modifier
RewriteRule .*\.(gif|jpe?g?|jp2|png|svgz?|ico|css|pdf|zip|gz|js|mp3|m4a|mp4|mov|divx|avi|wma?v?|wmp|swf|flv|docx?|xlsx?|pptx?|vbs|rtf|asf?x?|odt|ods|odp|odg|odb)$ - [NC,F]
<FilesMatch "\.(ico|flv|jpe?g|png|gif|js|css|swf)$">
ExpiresActive On
ExpiresDefault "access plus 1 month"
</FilesMatch>
<IfModule mod_deflate.c>
# Insert filter on all content
SetOutputFilter DEFLATE
# Insert filter on selected content types only
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don't compress images
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>
FileETag MTime Size
# URL Filtering helps stop some hack attempts
#IF the URI contains a "http:"
RewriteCond %{QUERY_STRING} http\: [OR]
#OR if the URI contains a "["
RewriteCond %{QUERY_STRING} \[ [OR]
#OR if the URI contains a "]"
RewriteCond %{QUERY_STRING} \] [OR]
#OR if the URI contains a "<script>"
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
#OR if the script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
#OR if any script is trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
#OR if the URI contains UNION
RewriteCond %{QUERY_STRING} UNION [OR]
#OR if the URI contains a double slash
RewriteCond %{QUERY_STRING} // [OR]
#OR if the URI contains a *
RewriteCond %{QUERY_STRING} \*
#then deny the request (403)
RewriteRule ^.*$ - [F,L]
# End URL Filtering
# CMSMS Rewriting
# Set assume mod_rewrite to true in config.php and clear CMSMS cache
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
# END CMSMS
# END Rewrite rules
Une ligne à modifier pour être en corrélation avec ton serveur :
RewriteCond %{HTTP_REFERER} !^http://*****mediaplan\.ovh\.net/~*****/.*$ [NC]
Voir article 6 dans le post sur le forum ovh :
http://forum.ovh.com/showthread.php?t=19263
[Résolu] REQUEST_METHOD _POST ne marche pas -
bess - 23/09/2011
c'est du touffu ce .htaccess :lol:
[Résolu] REQUEST_METHOD _POST ne marche pas -
jissey - 23/09/2011
pfffouou,
on est spécialistes html, css, php, javascript, shell, sql, smarty, sécurité, référencement, hébergement, merise, uml, poo, graphisme...si j'en oublie, ne m'en voulez pas
Et dans l'inconscient collectif, le web, c'est gratuit et facile!
Bon, en tout cas, ben500fr, si ton problème est résolu, marque-le dans le titre du premier post.
[Résolu] REQUEST_METHOD _POST ne marche pas -
Jean le Chauve - 23/09/2011
Touffu oui, mais je préfère un petit copier-coller que de passer des heures pour supprimer les hacks. Un de mes sites était devenu un pishing pour récupérer le login et mdp du crédit général et un autre servait à envoyer des milliers de spams chaque jour...
Et tous mes sites sont passés en chmod 404 pour les .php et 505 pour les dossiers + un petit code php pour vérifier si un des fichiers a été modifié (code provenant du forum ovh, voir lien plus haut) :
Code :
<?php
/*
Donne la liste des derniers fichiers créés ET modifiés.
Très utile en cas de piratage pour savoir quels fichiers sont ajoutés et ceux qui ont été modifiés. Utile pour comprendre le comportement d'un script ou d'un CMS et voir quels fichiers ont été manipulés.
Mettez ce script dans votre hébergement, ouvrez-le avec votre navigateur web, donnez le nombre de jours représentant la période à vérifier, puis le nom du dossier à analyser.
Ce script ne va donner la liste que des dossiers à partir du chemin /home/votreloginftp/www/ de votre hébergement mutualisé chez OVH.
Crédits: Les 4/5 du code sont l'oeuvre de Linda MacPhee-Cobb (http://timestocome.com)
*/
$go_back = 0; // affiche résultat ou non
$i = 0; // compteur de boucle
$dir_count = 0; // initialisation de la boucle
$date = time(); // date et heure actuelle
$one_day = 86400; // nombre de secondes pour une journée
$days = preg_replace("/[^0-9]/i",'', $_POST["jours"]); // nombre de jours à vérifier
$path = preg_replace("/[^_A-Za-z0-9-\.%\/]/i",'', $_POST["chemin"]); // chemin de fichier absolu (avec nettoyage contre piratage)
$path = preg_replace("/\.\.\//",'', $path); // on interdit la commande ../
define('ABSPATH', dirname(__FILE__));
$path = ABSPATH.$path; // chemin de fichier absolu de votre compte OVH du genre /home/loginftp/www/ etc.
$directories_to_read[$dir_count] = $path;
// Formulaire pour remonter le temps
print "<html><body><h3>Contrôle des derniers fichiers modifiés <br />dans votre hébergement mutualisé chez OVH.</h3>";
print "<table><tr><td>";
print "<form method=\"post\">";
print "<tr><td>Nombre de jours à vérifier 1-99: </td>";
print "<td> <input type=\"text\" name=\"jours\" maxlength=\"2\" size=\"2\"></td></tr>";
print "<tr><td>Nom du répertoire à contrôler: </td>";
print "<td>".ABSPATH." <input type=\"text\" name=\"chemin\" maxlength=\"80\" size=\"30\" value=\"/\" > (mettre un / à la fin)</td></tr>";
print "<tr><td> </td><td><input type=\"submit\" value=\" Vérifier Fichiers \">";
print "</form>";
print "</td></tr></table>";
// Affichage du résultat
$go_back = $one_day * $days;
print "<br /> Retour sur les <strong>" . ($go_back/$one_day) ."</strong> derniers jours. <br /><br />";
if ( $go_back > 0 ){
print "<table><tr><th>Nom du Fichier</th><th>Date de modification</th></tr>";
$diff = $date - $go_back;
while ( $i <= $dir_count ){
$current_directory = $directories_to_read[$i];
// obtenir info fichier
$read_path = opendir( $directories_to_read[$i] );
while ( $file_name = readdir( $read_path)){
if (( $file_name != '.' )&&( $file_name != '..' )){
if ( is_dir( $current_directory . "/" . $file_name ) == "dir" ){
// besoin d'obtenir tous les fichiers d'un répertoire
$d_file_name = "$current_directory" . "$file_name";
$dir_count++;
$directories_to_read[$dir_count] = $d_file_name . "/";
}else{
$file_name = "$current_directory" . "$file_name";
// Si temps modifiés plus récent que x jours, affiche, sinon, passe
if ( (filemtime( $file_name)) > $diff ){
print "<tr><td> $file_name </td>";
$date_changed = filemtime( $file_name );
$pretty_date = date("d/m/Y H:i:s", $date_changed);
print "<td> ::: $pretty_date</td></tr>" ;
}
}
}
}
closedir ( $read_path );
$i++;
}
print "</table>";
print "</body></html>";
} // if go_back > 0 )
?>
[Résolu] REQUEST_METHOD _POST ne marche pas -
ben500fr - 23/09/2011
Je vais essayer le .htaccess et ce code php ce week-end, je vous tiens au courant ( le "SetEnv PHP_VER 5" je ne pense pas que ça marche en dehors des hébergements ovh).