magic quotes question

warrenc · Unread post by **warrenc** » Wed Aug 06, 2008 10:16 pm

Does anyone have any idea what could have caused one of the below updated packages to bring down all of my customers' WordPress installation? Via trial and error I found that disabling magic_quotes_gpc & runtime fixes the issue. Seems to me this could be a sloppy fix for another problem.

I updated the system using the centos, atomic (prod), and asl (test!) channels and then various fatal errors and white screens and 500's.

Common error across all WP sites:

Code: Select all

Cannot unset string offsets in /vhosts/domain.com/httpdocs/wp-includes/widgets.php

A certain plugin on some seemed to cause stuff like this:

Code: Select all

 WordPress database error Got a packet bigger than 'max_allowed_packet' bytes for query UPDATE droppings_options SET option
_value = 'a:1:{i:1;s:786792:\\"a:1:{i:1;s:393556:\\\\\\"a:1:{i:1;s:196928:\\\\\\\\\\\\\\"a:1:{i:1;s:98605:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"a:1:{i:1;s:49434:\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"a:1:{i:1;s:24839:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\"a:1:{i:1;s:12532:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

......(there is actually enough there to almost fill my screen)

And then these:

Code: Select all

PHP Fatal error:  Allowed memory size of 67108864 bytes exhausted (tried to allocate 25166759 bytes)

Here's last night's yum log around the time this all started. I just wanted convert so I could use a perl script that auto-thumbnails all files in the current directory (not web based). It sure does have a lot of dependencies I don't want.

Code: Select all

Aug 05 19:41:33 Erased: mod_jk-ap20
Aug 05 20:08:32 Installed: glib2 - 2.12.3-2.fc6.i386
Aug 05 20:08:32 Installed: freetype - 2.2.1-20.el5_2.i386
Aug 05 20:08:36 Installed: fontconfig - 2.4.1-7.el5.i386
Aug 05 20:08:36 Installed: libjpeg - 6b-37.i386
Aug 05 20:08:37 Installed: libpng - 2:1.2.10-7.1.el5_0.1.i386
Aug 05 20:08:37 Installed: libXrender - 0.9.1-3.1.i386
Aug 05 20:08:38 Installed: libtiff - 3.8.2-7.el5.i386
Aug 05 20:08:39 Installed: cairo - 1.2.4-5.el5.i386
Aug 05 20:08:40 Installed: atk - 1.12.2-1.fc6.i386
Aug 05 20:08:40 Installed: bzip2-libs - 1.0.3-3.i386
Aug 05 20:08:41 Installed: cups-libs - 1:1.2.4-11.18.el5_2.1.i386
Aug 05 20:08:41 Installed: dbus-glib - 0.70-5.i386
Aug 05 20:08:42 Installed: libattr - 2.4.32-1.1.i386
Aug 05 20:08:42 Installed: libXfixes - 4.0.1-2.1.i386
Aug 05 20:08:43 Installed: lcms - 1.15-1.2.2.x86_64
Aug 05 20:08:43 Installed: libXcursor - 1.1.7-1.1.i386
Aug 05 20:08:43 Installed: libacl - 2.2.39-3.el5.i386
Aug 05 20:08:44 Installed: lcms - 1.15-1.2.2.i386
Aug 05 20:08:44 Installed: libXrandr - 1.1.1-3.1.i386
Aug 05 20:08:44 Installed: libXft - 2.1.10-1.1.i386
Aug 05 20:08:46 Installed: pango - 1.14.9-3.el5.centos.i386
Aug 05 20:08:46 Installed: libcroco - 0.6.1-2.1.i386
Aug 05 20:08:47 Installed: libIDL - 0.8.7-1.fc6.i386
Aug 05 20:08:47 Installed: ORBit2 - 2.14.3-4.el5.i386
Aug 05 20:08:48 Installed: libbonobo - 2.16.0-1.fc6.i386
Aug 05 20:08:49 Installed: avahi-glib - 0.6.16-1.el5.i386
Aug 05 20:08:49 Installed: gamin - 0.1.7-8.el5.i386
Aug 05 20:08:50 Installed: popt - 1.10.2-48.el5.i386
Aug 05 20:08:50 Installed: libusb - 0.1.12-5.1.i386
Aug 05 20:08:50 Installed: libXinerama - 1.0.1-2.1.i386
Aug 05 20:08:55 Installed: gtk2 - 2.10.4-20.el5.i386
Aug 05 20:08:56 Installed: libwmf - 0.2.8.4-10.1.x86_64
Aug 05 20:08:58 Installed: GConf2 - 2.14.0-9.el5.i386
Aug 05 20:08:58 Installed: libwmf - 0.2.8.4-10.1.i386
Aug 05 20:08:58 Installed: libvolume_id - 095-14.16.el5.i386
Aug 05 20:09:02 Installed: ghostscript-fonts - 5.50-13.1.1.noarch
Aug 05 20:09:03 Installed: hal - 0.5.8.1-35.el5.i386
Aug 05 20:09:07 Installed: gnome-vfs2 - 2.16.2-4.el5.i386
Aug 05 20:09:08 Installed: libgsf - 1.14.1-6.1.i386
Aug 05 20:09:08 Installed: librsvg2 - 2.16.1-1.el5.i386
Aug 05 20:09:08 Installed: chkfontpath - 1.10.1-1.1.x86_64
Aug 05 20:09:09 Installed: xorg-x11-xfs - 1:1.0.2-4.x86_64
Aug 05 20:09:12 Installed: urw-fonts - 2.3-6.1.1.noarch
Aug 05 20:09:19 Installed: ghostscript - 8.15.2-9.3.el5.x86_64
Aug 05 20:09:21 Installed: ghostscript - 8.15.2-9.3.el5.i386
Aug 05 20:09:24 Installed: ImageMagick - 6.2.8.0-4.el5_1.1.x86_64
Aug 05 20:09:27 Installed: ImageMagick - 6.2.8.0-4.el5_1.1.i386
Aug 05 21:08:00 Updated: chkrootkit - 0.48-7.el5.x86_64
Aug 05 21:11:48 Updated: mod_security - 2.5.6-1.el5.art.x86_64
Aug 05 21:11:51 Updated: asl - 1:2.0.4-6.el5.art.noarch
Aug 05 21:11:52 Updated: atomic-scanner - 0.2-1.el5.art.noarch

breun · Unread post by **breun** » Thu Aug 07, 2008 9:17 am

Dependencies you don't want? ImageMagick needs those dependencies, so either you get ImageMagick and its dependencies or you don't get ImageMagick.

For "Got a packet bigger than 'max_allowed_packet' bytes", see http://dev.mysql.com/doc/refman/5.0/en/ ... large.html

For "Allowed memory size of 67108864 bytes exhausted (tried to allocate 25166759 bytes)", see http://www.php.net/manual/en/ini.core.p ... t-max-size

Sounds like a script was trying to use more memory than allowed in your php.ini and try to store a packet larger than your MySQL server's max_allowed_packet setting (defaults to 1 MB I believe). Before raising these limits I'd first check if what the script is trying to do should really take the amount of memory requested, but if you're handling large images, then yes, I can see this happening.

warrenc · Unread post by **warrenc** » Thu Aug 07, 2008 6:47 pm

Sorry if I wasn't clear about my question/concerns. I'm well aware that if I want a package I must live with its dependencies. (At least these days its painless to satisfy them all.) I just prefer to keep the number of installed packages installed to a minimum. I guess my point is prior to the updates in the yum log I pasted, the errors did not occur. Seemingly, either ImageMagick and friends or something from asl-testing (which maybe I've gotten too comfy with in Prod, but usually are pretty solid) caused this issue.

Again, the first error is the common one that happens on every WordPress installation in this shared hosting environment - "Cannot unset string offsets". The other two errors I'm familiar with but can't answer as to why the script normally does not spin out of control or why turning off magic_quotes_* in a pinch would temporarily resolve the problem (not to mention a little worried about any security risks and/or the performance hit I'm dealing with.)

ASL is also kind of weird about magic_quotes_* with my configuration:

[w4 24] /var/ossec/logs # egrep -i magic /etc/php.ini |egrep -v \;; egrep -i magic /etc/asl/config; asl -m php_check.sh |egrep -i magic
magic_quotes_gpc = off
magic_quotes_runtime = off
magic_quotes_sybase = Off
PHP_MAGIC_QUOTES_GPC="off"
PHP_MAGIC_QUOTES_RUNTIME="off"
Magic Quotes GPC: off [MODERATE]
Magic Qutes Runtime: off [MODERATE]

When I run an asl -s -f -t, it claims to 'fix' it, yet seems correct to me (well, at least configured to be off in both places). Subsequent runs still state it's fixing it, all while the values in php.ini do not change.

Scott, let me know if you need me to gather any info and submit a ticket regarding the ASL oddities or...

Thanks