phpinfo tab blank page

  • Resolved alx359

    (@alx359)


    6 years, 4 months ago

    I’m getting a strange behavior. Hitting the phpinfo tab returns a blank page. Have already done the usual common-sense debug stuff (disabled all other plugins, default twentyseventeen theme, antivir off, etc.). Tested on a couple of chrome/firefox -based browsers, with latest WP 4.9.7 on localhost WAMP32/Win7-x64.

    The pertinent plugin code looks straightforward:

    health-check\includes\class-health-check.php
    line 317:
    'phpinfo' => esc_html__( 'PHP Information', 'health-check' ),

    li 346:

    case 'phpinfo':
include_once( HEALTH_CHECK_PLUGIN_DIRECTORY . '/pages/phpinfo.php' );
break;

    Interestingly, if I rename the ‘phpinfo’ tab param to say ‘phppage’ it start working, but whatever other near spellings of ‘phpinfo’: ‘php-info’, ‘phpinfo123’, etc. it doesn’t. I’m dumbfounded. It seems like a security kind of filter somewhere, but can’t figure out how it happens.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Marius L. J.

    (@clorith)

    Hi,

    It does sound like your webserver has some kind of protection to avoid accidental exposure of system variables by a mis-placed phpinfo.php file.

    This is likely set up by your web host, likely by something called modsecurity/modsec or similar.

    I’m not sure if re-naming this tab is a sensible solution, ideally a host would disallow phpinfo if they didn’t want them to be used, which would also hide that tab from our plugin.

    Thread Starter alx359

    (@alx359)

    It does sound like your webserver has some kind of protection […]

    That’s indeed a plausible explanation. Didn’t think of it before. Thank you.

    I’m unable though to pin any apache/php extension that would handle such type of security. It’s just a WAMP32/Win7 https setup hosted locally.

    [php 7.1.19]
extension=php_bz2.dll
extension=php_curl.dll
extension=php_com_dotnet.dll
extension=php_fileinfo.dll
extension=php_gd2.dll
extension=php_gettext.dll
extension=php_gmp.dll
extension=php_intl.dll
extension=php_imap.dll
extension=php_ldap.dll
extension=php_mbstring.dll
extension=php_exif.dll
extension=php_mysqli.dll
extension=php_openssl.dll
extension=php_pdo_mysql.dll
extension=php_pdo_sqlite.dll
extension=php_soap.dll
extension=php_sockets.dll
extension=php_sqlite3.dll
extension=php_xmlrpc.dll
extension=php_xsl.dll
extension=php_imagick.dll
    [Apache 2.4.33]
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule allowmethods_module modules/mod_allowmethods.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so

    I’m not sure if re-naming this tab is a sensible solution […]

    Hiding the tab altogether or displaying a sensible message would make sense, instead of just staring at a blank page, so perhaps you might reconsider the quick and easy fix.

    Plugin Author Marius L. J.

    (@clorith)

    With it being a completely blank page, are you seeing a 500 error or anything similar (a 500 error should also show up in your error log on the server level if nothing else) ?

    Or do you have a non-standard .htaccess file in your project root which may contain a rule here, alternatively you may wish to do a recursive search for php and info in your apache directories as there may be a rule declared on a higher level.

    As for your last statement, we -do- already hide it if the phpinfo function is unavailable, but if there’s any kind of config literally blocking based on the URL (which it sounds like here), we can’t reasonably detect that unfortunately.

    Thread Starter alx359

    (@alx359)

    Yes, completely blank. No masked error 500. I’m in debug mode and should log everything.

    The .htaccess suggestion had the culprit. Thanks for that! It’s always better to know why stuff happens. The offending line is from old forgotten code that should be rewriting some legacy links into WP: RewriteCond %{QUERY_STRING} info [OR,NC]

    Plugin Author Marius L. J.

    (@clorith)

    Excellent, glad to see you found the root source!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘phpinfo tab blank page’ is closed to new replies.