PDA

View Full Version : Strange behaviour from Firefox with php files


Barrie Greed
02-27-2007, 07:01 AM
I have some very strange behaviour with Firefox 1.5.0.10 on my laptop running Windows XP. Whenever I try to access this forum Firefox offers to either open forumdisplay.php or save it to disk for me. This is not universal behaviour. I have tested this against other php files on the desktoppublishingforum.com site and other sites and they work perfectly as expected.

This started to happen shortly after I updated Firefox (presumably from 1.5.0.9) and upgraded Norton Internet Security to the 2007 version. But I can see nothing in the settings for either Firefox downloads or Norton which suggest php files should be downloaded.

I’m a little alarmed that it is possible to actually download a php file.

Searching with Google identifies one or two references to similar problems but no definitive solution.

Has anybody else come across this problem and more importantly a solution?

My Windows desktop PC running Firefox 1.5.0.10 works perfectly. It runs Zone Alarm and AVG which may be the difference.


Barrie Greed

ktinkel
02-27-2007, 08:24 AM
I have some very strange behaviour with Firefox 1.5.0.10 on my laptop running Windows XP. Whenever I try to access this forum Firefox offers to either open forumdisplay.php or save it to disk for me. This is not universal behaviour. I have tested this against other php files on the desktoppublishingforum.com site and other sites and they work perfectly as expected.

This started to happen shortly after I updated Firefox (presumably from 1.5.0.9) and upgraded Norton Internet Security to the 2007 version. But I can see nothing in the settings for either Firefox downloads or Norton which suggest php files should be downloaded.

I’m a little alarmed that it is possible to actually download a php file.We had an outage last week, and Firefox kept trying to download the forum index.php file. So I assume it is something the browser does when it cannot interpret the file.

I use Firefox 2.0.0.2, and that is the only time it has ever played that little trick on me.

Anyway, I checked what I could, and the forum seems to be stable enough (hope you are not being harbinger of bad news)!

Do other browsers do this? Any reason not to upgrade to FF2?

gary
02-27-2007, 08:51 AM
When a PHP file is properly processed by the web server it should be delivered with an appropriate "Content-Type" header; it sounds like a (temporary) server configuration error causing the file to be delivered as-is (octet-stream).

ktinkel
02-27-2007, 09:04 AM
When a PHP file is properly processed by the web server it should be delivered with an appropriate "Content-Type" header; it sounds like a (temporary) server configuration error causing the file to be delivered as-is (octet-stream).Ouch! Does that mean we may be on the verge of another catastrophe? Do you think I should ask the host to check the server?

We were out for 5 hours one day last week, and that was the major first symptom — browser trying to download PHP files.

dthomsen8
02-27-2007, 09:24 AM
Ouch! Does that mean we may be on the verge of another catastrophe? Do you think I should ask the host to check the server?

We were out for 5 hours one day last week, and that was the major first symptom — browser trying to download PHP files.

While I don't think you are on the verge of a catastrophe, you should ask the web hosting company to check it out. Getting the actual PHP text can give away userids and passwords, so ask them to consider changing passwords for updating to the site. You don't want some hacker playing games, but I doubt that it is likely.

ktinkel
02-27-2007, 10:01 AM
While I don't think you are on the verge of a catastrophe, you should ask the web hosting company to check it out. Getting the actual PHP text can give away userids and passwords, so ask them to consider changing passwords for updating to the site. You don't want some hacker playing games, but I doubt that it is likely.I do not think the member (or forum) directories were at risk. What seems likely to download is the index.php for the front page of the forum. It has mostly replacement variable IDs, not the data.

But I have asked the host to check, anyway. Makes me nervous!

gary
02-27-2007, 10:48 AM
Makes me nervous!It should - knowing the specific software and version would allow someone to download the config file and learn the database username and password. This could be a significant exposure if the DB u/p were the same as used for site admin/maintenance.

ktinkel
02-27-2007, 11:24 AM
It should - knowing the specific software and version would allow someone to download the config file and learn the database username and password. This could be a significant exposure if the DB u/p were the same as used for site admin/maintenance.Thanks, Gary. I’m having the server checked out.

If it’s not one thing, it’s another!

Barrie Greed
02-27-2007, 05:41 PM
We had an outage last week, and Firefox kept trying to download the forum index.php file. So I assume it is something the browser does when it cannot interpret the file.

I use Firefox 2.0.0.2, and that is the only time it has ever played that little trick on me.

Anyway, I checked what I could, and the forum seems to be stable enough (hope you are not being harbinger of bad news)!

Do other browsers do this? Any reason not to upgrade to FF2?

This only happens with Firefox on my laptop. I'm typing this now in Firefox on the desktop with no problems. That's why I wondered whether it was my computer as opposed to the forum server. Perhaps the laptop is hypersensitive to whatever woes the server might be suffering.

All the early reports on FF2 suggested it was more trouble than it was worth. If it has settled down now it may be worth upgrading.

I have just tested the laptop again and it still wants to download forumdisplay.php. Perhaps it's time to give FF2 a chance.

ktinkel
02-27-2007, 05:49 PM
This only happens with Firefox on my laptop. I'm typing this now in Firefox on the desktop with no problems. That's why I wondered whether it was my computer as opposed to the forum server. Perhaps the laptop is hypersensitive to whatever woes the server might be suffering.

All the early reports on FF2 suggested it was more trouble than it was worth. If it has settled down now it may be worth upgrading.

I have just tested the laptop again and it still wants to download forumdisplay.php. Perhaps it's time to give FF2 a chance.I asked our host to check the server, and he proclaims it healthy and normal. And I looked at the reports, and saw nothing awry.

I have been using FF 2 since it came out, with no problems. On a Mac, I should say.

gary
02-27-2007, 08:47 PM
I have just tested the laptop again and it still wants to download forumdisplay.php.Go ahead and download -- do you get a PHP file or just HTML?

Kelvyn
02-28-2007, 12:53 AM
All the early reports on FF2 suggested it was more trouble than it was worth. If it has settled down now it may be worth upgrading.
The only reproducible problem areas with FF2 were related to the use of certain plugins and with certain graphics cards. I ran it from the first beta and have not had any problems that I can recall. The 2.0.0.1 release apparently fixed the graphics problems and extension developers soon caught up! We are now at version 2.0.0.2

FireFox 3 based on the Gecko 1.9 engine has been available for alpha testing since December, but I have not yet had time to play!

Barrie Greed
02-28-2007, 03:08 AM
Go ahead and download -- do you get a PHP file or just HTML?
Gary

I did. I got the php file complete with V Bulletins copyright and the download info for the file. That is what scared the pants off me. I immediately pointed FF at some of my database login files but thankfully was not able to download them. But I no longer believe that a php file is secure and will always be rendered to html rather than be downloadable.

At the moment it is only forumdisplay.php which pops up the download dialog box.

In some ways I am more interested in finding out how FF achieves this than simply upgrading to make the problem go away.

Barrie Greed

Barrie Greed
02-28-2007, 07:18 AM
Well even stranger. I'm typing this from the laptop. No changes made at my end so I can only guess there must have been something at the server end that interacted with something odd at my end - and whatever oddness it is it is still there - and will presumably return if the same server conditions exist again in the future.

Barrie Greed

Kelvyn
02-28-2007, 08:13 AM
Barrie, have you tried clearing the browser cache?

gary
02-28-2007, 08:56 AM
In some ways I am more interested in finding out how FF achieves this than simply upgrading to make the problem go away.It's an issue at the server end; the PHP script should have been passed through the PHP processor, not just handed up like an ordinary text file. In your case "forumdisplay.php" was treated the same as an "arbitrary.txt" file - i.e. as if the server handler for *.php was missing.

Andrew B.
02-28-2007, 09:05 AM
Opera did this to me, even after the server was fixed. But it stopped, and I assume it stopped because it was no longer going to cache. Have you tried clearing your cache?

Barrie Greed
02-28-2007, 10:05 AM
Barrie, have you tried clearing the browser cache?
Kelvyn

No I hadn't tried it although perhaps I should have done. This has only been happening for a couple of days. Going back to the 6 days plus category in the history there are plenty of DTP forum items from 20 Feb so I'm not sure it would have been the solution.

Then again maybe something else dropped out of the cache on the 50MB limit and cleared things anyway. I certainly did not do anything consciously to change things.

Barrie Greed

Barrie Greed
02-28-2007, 10:09 AM
It's an issue at the server end; the PHP script should have been passed through the PHP processor, not just handed up like an ordinary text file. In your case "forumdisplay.php" was treated the same as an "arbitrary.txt" file - i.e. as if the server handler for *.php was missing.
Yes that was my assumption. But why only forumdisplay.php and not other php files on the server and why only the laptop? Why wasn't everyone getting an offer to download forumdisplay.php?

Barrie Greed

gary
02-28-2007, 11:17 AM
But why only forumdisplay.php and not other php files on the server and why only the laptop? Why wasn't everyone getting an offer to download forumdisplay.php?I can only assume that (1) the anomaly was brief and (2) you were lucky enough to request and cache forumdisplay.php on your laptop during the anomaly.

Barrie Greed
02-28-2007, 01:43 PM
Opera did this to me, even after the server was fixed. But it stopped, and I assume it stopped because it was no longer going to cache. Have you tried clearing your cache?
Its back working OK now. I hadn't cleared the cache but it was probably a good idea. Perhaps the problem fell out of the 50MB limit.