Forum

This forum is now read-only. Support is provided at https://wordpress.org/support/plugin/sermon-browser/

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
error_log entry for 20 Aug 2013 re: Sermon Browser
20 August, 2013
10:18 am
ddhservices
Saanichton, BC, CA
Enthusiast
Members
Forum Posts: 47
Member Since:
19 February, 2013
sp_UserOfflineSmall Offline

I was investigating why my WordPress error_log for churchofourlord.org had dramatically increased in size in the last few days. The most recent error as shown here http://pastebin.com/rPtrdtJq

Any ideas about what needs fixing?

John Vickers, Church of Our Lord, Victoria, BC, CA
Customized Sermon Browser vs. 0.45.12 on WordPress 4.1

20 August, 2013
5:15 pm
Ben Miller
Appleton, WI, USA
Moderator
Members

Moderators
Forum Posts: 1628
Member Since:
18 June, 2009
sp_UserOfflineSmall Offline

ddhservices,

I haven't seen this before. The problem in your query is the text 'gjnfofjnqrj'.  This is supposed to be the direction of the sort, which should only be either 'asc' or 'desc'.  A user can alter the direction of the query by using a shortcode or a filter, and the filter gets passed to Sermon Browser either by GET (in the URL) or in the POST.

The first thing to check is your shortcodes.  Make sure that you don't have anything in there like this:

dir=ginfofjnqrj

If your shortcodes look good, then perhaps someone external is calling your sermon page in a strange way, with something like this in the URL:

dir=ginfofjnqrj

We can filter out this bad request.  The query that is in your log is set up in the sermon.php file, in function sb_create_multi_sermon_query, which starts at around line 757.  On line 776, you'll see the following line:

$order = array_merge($default_order, (array)$order);

Immediately after that line, add the following code:

http://pastebin.com/1hzhmsxz

That should filter out any weird direction requests.

 

If you want to try to narrow down where this is coming from, you could add some code to write some more info to the log.  In sermon.php, function sb_shortcode begins at around line 483.  At the very beginning of that function, add the following 6 lines of code:

http://pastebin.com/h5UDfNbT

That will add a line to your error log file anytime there is a request for a specific direction.  You can test it out by hitting your Sermons page, but adding this to the end of your URL:

?dir=asc

This will show you your sermons in reverse order, putting the oldest ones at the top.  In your error log, you should see the following entry:

$_GET['dir'] = asc

If you find some weird things in your error log later, you will know if they are coming through GET (URL), POST, or shortcode.

 

Let me know how this turns out.  I'll probably be adding the first change above to the next version of SB.  If you have any questions about any of this, please let me know.

Ben Miller, Pathways Church, Appleton, Wisconsin, USA
Read the new FAQ, last updated 11/21/2013
Announcing version 0.45.12

20 August, 2013
6:21 pm
ddhservices
Saanichton, BC, CA
Enthusiast
Members
Forum Posts: 47
Member Since:
19 February, 2013
sp_UserOfflineSmall Offline

Hi Ben,

After applying the 2nd set of changes to sermon.php I see this

This plugin has been deactivated because your changes resulted in a fatal error.

Parse error: syntax error, unexpected T_IF, expecting '(' in /home/dd3ndh7/public_html/churchofourlord.org/wp-content/plugins/sermon-browser/sermon.php on line 484

 

I suspect that I added the new 6 lines incorrectly.  Removing them, the plugin reactivates no problems at all. I had added the lines 6 immediately following ($atts, $content=null). Was this what you intended or did I misunderstand?

 

I did check my shortcode, as requested and found this (sermons) () = square brackets.

John Vickers, Church of Our Lord, Victoria, BC, CA
Customized Sermon Browser vs. 0.45.12 on WordPress 4.1

20 August, 2013
6:34 pm
Ben Miller
Appleton, WI, USA
Moderator
Members

Moderators
Forum Posts: 1628
Member Since:
18 June, 2009
sp_UserOfflineSmall Offline

Thanks for checking your shortcode.  I doubted that the shortcode was the problem, I was just trying to think of all the possibilities.

The first change should prevent you from getting the error anymore in your error log.

 

The second change was only to provide you with some debugging info in your error log, if you want to look into this further.  Because of the first change, you won't see the same error you were seeing again, so the second change will alert you to the problem trying to happen again.  This change is optional, and only if you are curious and want to understand what is going on.  The 6 lines in the second change were supposed to go in immediately after the following line:

function sb_shortcode($atts, $content=null) {

and immediately before this line:

global $wpdb, $record_count, $sermon_domain;

If you want to put this in, but you are having trouble with it, paste your entire sermon.php file into Pastebin and tell me the error that you are seeing, and I'll try to figure out what went wrong.

Ben Miller, Pathways Church, Appleton, Wisconsin, USA
Read the new FAQ, last updated 11/21/2013
Announcing version 0.45.12

20 August, 2013
6:42 pm
ddhservices
Saanichton, BC, CA
Enthusiast
Members
Forum Posts: 47
Member Since:
19 February, 2013
sp_UserOfflineSmall Offline

Wahoo I have such a small new error_log and the message has nothing to do with Sermon Browser clap, clap, clap.

Thank you for being very specific as to where the debug 6 lines are supposed to go. I've done that now ... so  now it's wait and see if the error shows up again.

 

Thank you Ben!

John Vickers, Church of Our Lord, Victoria, BC, CA
Customized Sermon Browser vs. 0.45.12 on WordPress 4.1

20 August, 2013
11:29 pm
ddhservices
Saanichton, BC, CA
Enthusiast
Members
Forum Posts: 47
Member Since:
19 February, 2013
sp_UserOfflineSmall Offline

Ben,

 

After the changes you suggested here is a snippet from my error_log earlier today http://pastebin.com/6Fxp0qN3

John Vickers, Church of Our Lord, Victoria, BC, CA
Customized Sermon Browser vs. 0.45.12 on WordPress 4.1

21 August, 2013
4:38 am
Ben Miller
Appleton, WI, USA
Moderator
Members

Moderators
Forum Posts: 1628
Member Since:
18 June, 2009
sp_UserOfflineSmall Offline

John,

A theory I have right now is that W3 Total Cache is appending weird strings on to the end of your URLs and confusing Sermon Browser.

I have a question for you.  In the admin panel, go to Performance, Browser Cache.  Look at the setting called "Prevent caching of objects after settings change".  Is this checked?  If it is checked, you could try unchecking it for a while and see if you stop getting the weird $_GET['dir'] entries in the error log.

Or you could completely deactivate W3 Total Cache for a while and see if the error log entries stop.

If you decide to do this test, let me know what you find out.

Ben Miller, Pathways Church, Appleton, Wisconsin, USA
Read the new FAQ, last updated 11/21/2013
Announcing version 0.45.12

21 August, 2013
5:29 am
ddhservices
Saanichton, BC, CA
Enthusiast
Members
Forum Posts: 47
Member Since:
19 February, 2013
sp_UserOfflineSmall Offline

I've disabled W3 for the present. I checked Performance, Browser Cache before doing so and "Prevent caching of objects after settings change" was NOT checked. I then decided to uninstall W3 for the present and I've done so. The result is this one line in my error_log  

[21-Aug-2013 04:25:51] $_GET['dir'] = qzliqlwlmcvpmod

at present.

 

John Vickers, Church of Our Lord, Victoria, BC, CA
Customized Sermon Browser vs. 0.45.12 on WordPress 4.1

21 August, 2013
7:51 am
ddhservices
Saanichton, BC, CA
Enthusiast
Members
Forum Posts: 47
Member Since:
19 February, 2013
sp_UserOfflineSmall Offline

At 11:50 pm in my time zone the error_log had increased in size to 3KB and is here - http://pastebin.com/wPabqvB4 for your information.

Cheers,

John V.

John Vickers, Church of Our Lord, Victoria, BC, CA
Customized Sermon Browser vs. 0.45.12 on WordPress 4.1

21 August, 2013
1:30 pm
Ben Miller
Appleton, WI, USA
Moderator
Members

Moderators
Forum Posts: 1628
Member Since:
18 June, 2009
sp_UserOfflineSmall Offline

Well, that disproves my theory about W3 Total Cache.  Thanks for trying it out.

I see that something came through on the 'by' parameter.  Let's look into that more.  I'd like you to change the debug code that we put into sermon.php.  We put those 6 lines in at around line 483.  Take those 6 lines out and replace them with this one line:

http://pastebin.com/nuwnh54u

Put this in the same spot that you had the six lines before.  This will add a line to your log everytime anyone hits your Sermons page, and it will tell us everything they had in the URL when they did it.  Hopefully, this will give us another clue as to whether this is something that is being caused by your site, or something that is coming in externally.  Leave that in place for a while, then post your error log.

Ben Miller, Pathways Church, Appleton, Wisconsin, USA
Read the new FAQ, last updated 11/21/2013
Announcing version 0.45.12

21 August, 2013
11:29 pm
ddhservices
Saanichton, BC, CA
Enthusiast
Members
Forum Posts: 47
Member Since:
19 February, 2013
sp_UserOfflineSmall Offline

Ben I got two things to show you today

Be interested in the next step or any ideas/suggestions you may now have.

 

Question can I reinstall, re activate W3 now?

John Vickers, Church of Our Lord, Victoria, BC, CA
Customized Sermon Browser vs. 0.45.12 on WordPress 4.1

21 August, 2013
11:56 pm
Ben Miller
Appleton, WI, USA
Moderator
Members

Moderators
Forum Posts: 1628
Member Since:
18 June, 2009
sp_UserOfflineSmall Offline

Yes, feel free to reactivate W3 Total Cache.

About the second pastebin you sent me, with the query error: Do you have the "Sermon Browser URL" line that was just before this query error in the log?

Ben Miller, Pathways Church, Appleton, Wisconsin, USA
Read the new FAQ, last updated 11/21/2013
Announcing version 0.45.12

22 August, 2013
2:53 am
ddhservices
Saanichton, BC, CA
Enthusiast
Members
Forum Posts: 47
Member Since:
19 February, 2013
sp_UserOfflineSmall Offline

Yes here is is ... 

[21-Aug-2013 21:59:46] Sermon Browser URL = /worship-2/online-sermons/?sortby=date&preacher=4&service=1
[21-Aug-2013 21:59:46] WordPress database error Unknown column 'date' ....

John Vickers, Church of Our Lord, Victoria, BC, CA
Customized Sermon Browser vs. 0.45.12 on WordPress 4.1

22 August, 2013
9:21 pm
Ben Miller
Appleton, WI, USA
Moderator
Members

Moderators
Forum Posts: 1628
Member Since:
18 June, 2009
sp_UserOfflineSmall Offline

John,

Today I heard from another user that is experiencing the same thing that you are in his error log.  I believe that it is something external causing these bad requests, such as a hack attempt. 

I've checked our plugin code, and the inputs to Sermon Browser are all being sanitized correctly.  This means that, as far as I can tell, there isn't anything that anyone can put into a URL to hack your site through Sermon Browser.  The only annoyance is the errors in the error log, and the first fix I had you put in at the top of this topic should take care of that.  I'll include that fix in the next version of SB.  Again, it's not a security problem, just an error log problem.

For the last error log you posted, with the "Unknown column 'date'" error: I'm not sure if this is another external hack attempt, or if it was caused by something in Sermon Browser.  I'll look into this further.  Either way, it's not a security concern that needs to be fixed immediately, but it is something that will add errors in your log file until we fix it.

Ben Miller, Pathways Church, Appleton, Wisconsin, USA
Read the new FAQ, last updated 11/21/2013
Announcing version 0.45.12

22 August, 2013
11:14 pm
ddhservices
Saanichton, BC, CA
Enthusiast
Members
Forum Posts: 47
Member Since:
19 February, 2013
sp_UserOfflineSmall Offline

Thxs Ben.  I find myself wondering if this site is under spiritual attack and this is not something I take lightly. Hear me out for a moment please. Presently I have the ongoing error_log / sermon browser issue, problems with the sites download manager which have just come to light and which are making downloaded PDF files not open - reports an error. Also, I purchased UpDraftPlus Premium for this site. When this works, this is by far the best backup plugin I've ever seen or tried for WordPress. However, in this sites case, the host (hostgator) has prevented wp-cron.php from running as it was causing too much load to other sites. And it's the host (hostgator) that requires I run W3 Total Cache in this site. As you know I uninstalled the W3 for our testing purposes and now I can't get it running properly <Argh!> lol.   Oh well back to the salt mines for me.

 

John Vickers, Church of Our Lord, Victoria, BC, CA
Customized Sermon Browser vs. 0.45.12 on WordPress 4.1

23 August, 2013
6:28 am
Ben Miller
Appleton, WI, USA
Moderator
Members

Moderators
Forum Posts: 1628
Member Since:
18 June, 2009
sp_UserOfflineSmall Offline

I've added a few more lines to help protect against a bad "sortby" parameter in the URL, which it looks like you had in that last log you posted.  These lines go just after the lines in the very first edit at the top of this thread: sermon.php, function sb_create_multi_sermon_query, immediately after the following line:

$order = array_merge($default_order, (array)$order);

Here are all the lines, including the ones you added earlier:

http://pastebin.com/TkuL3hAA

This change will be in the next version.  Let me know if you have any questions.

Ben Miller, Pathways Church, Appleton, Wisconsin, USA
Read the new FAQ, last updated 11/21/2013
Announcing version 0.45.12

23 August, 2013
8:10 am
ddhservices
Saanichton, BC, CA
Enthusiast
Members
Forum Posts: 47
Member Since:
19 February, 2013
sp_UserOfflineSmall Offline

Thxs Ben ....

 

http://pastebin.com/nXZRTG8K

John Vickers, Church of Our Lord, Victoria, BC, CA
Customized Sermon Browser vs. 0.45.12 on WordPress 4.1

23 August, 2013
3:40 pm
Ben Miller
Appleton, WI, USA
Moderator
Members

Moderators
Forum Posts: 1628
Member Since:
18 June, 2009
sp_UserOfflineSmall Offline

Yes, your site is still getting "attacked," but the bad values are not making there way to causing errors in the query.  You can take out the "Sermon Browser URL" line of code whenever you like, and you'll stop seeing those entries in your log.

Ben Miller, Pathways Church, Appleton, Wisconsin, USA
Read the new FAQ, last updated 11/21/2013
Announcing version 0.45.12

Forum Timezone: Europe/London

Most Users Ever Online: 381

Currently Online:
15 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Rich Brown: 358

Matt Schlueter: 93

Mindy: 72

Don Johnson: 65

anointed: 57

0be1: 55

Member Stats:

Guest Posters: 7

Members: 3188

Moderators: 1

Admins: 1

Forum Stats:

Groups: 1

Forums: 2

Topics: 1713

Posts: 7499

Newest Members:

marktest, deatles50, ValeriaGoodriz, dapedPup, oapedPup, Margarettoimb

Moderators: Ben Miller: 1628

Administrators: Mark Barnes: 435