Recent update of bulletproof broke site

  • Resolved vrubba

    (@vrubba)


    2 years, 9 months ago

    We are running php 5.6 and have been for quite some time.

    This morning we saw wp has experienced an error message, site was down.

    The error was: 

    [Sun Jan 30 08:27:56 2022] [warn] [client 95.46.8.176] mod_fcgid: stderr: PHP Parse error:  syntax error, unexpected ':', expecting ';' or '{' in /wp-content/plugins/bulletproof-security/includes/mscan-ajax-functions.php on line 118, referer: https://144.217.83.237/

    Turns out the offending code was not 5.6 compatible:

    
if ( version_compare( PHP_VERSION, '9.0.0', '>=' ) ) {

	// Note: On Windows XAMPP ONLY backslashes \ are used in getSubPathName paths. On Linux ONLY forward slashes / are used in paths.
	class BPSMScanRecursiveFilterIterator extends RecursiveFilterIterator {
	
		public function accept():bool {

    First thing, pretty sure we’re not on php 9, I am currently coding using the latest which is 8.1.x, second thing is that regardless of this check the :bool returning a boolean type on the accept() function is throwing the error as 5.6 has no idea what to do with this syntax. I removed the :bool and the site started working again.

    We have updates to this plugin set to install automatically.

    This is from the main file, I hope you guys keep the version uptodate here:

    
Plugin Name: BulletProof Security
Plugin URI: https://forum.ait-pro.com/read-me-first/
Text Domain: bulletproof-security
Domain Path: /languages/
Description: <strong>Feature Highlights:</strong> Setup Wizard &bull; MScan Malware Scanner &bull; .htaccess Website Security Protection (Firewalls) &bull; Security Logging|HTTP Error Logging &bull; DB Backup &bull; DB Table Prefix Changer &bull; Login Security & Monitoring &bull; JTC-Lite Login Form Bot Lockout Protection &bull; Idle Session Logout (ISL) &bull; Auth Cookie Expiration (ACE) &bull; System Info: Extensive System, Server and Security Status Information &bull; FrontEnd|BackEnd Maintenance Mode &bull; WP Automatic Update Options (BPS MU Tools must-use plugin) &bull; Force Strong Passwords &bull; Email Alerts When New Plugins And Themes Are Available.
Version: 5.7
Author: AITpro Website Security
Author URI: https://forum.ait-pro.com/read-me-first/
    • This topic was modified 2 years, 9 months ago by vrubba.
    • This topic was modified 2 years, 9 months ago by vrubba.
    • This topic was modified 2 years, 9 months ago by vrubba.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author AITpro

    (@aitpro)

    Yes, I am aware of this issue. There have been a total of 4 people out of 20,000+ that were impacted by this issue. The other 3 people were running PHP 5.6.40. 2 people upgraded to PHP 7.4 and the problem went away.

    The code condition says > if a site is running PHP 9 then use the code for PHP 9 else use the older code for all versions of PHP below 9. I’m not sure why PHP 5.6.40 is unable to process that condition, but my guess would be a bad PHP 5.6.40 image/build/compile…

    https://forum.ait-pro.com/forums/topic/fatal-syntax-error-when-trying-to-activate-bps/#post-41421

    This is what I think is occurring…

    After logging into your site, I see that you upgraded to PHP 7.4.27. The PHP error is no longer occurring and BPS is working correctly. I did not find any other website or server issues. So it looks like the PHP 5.6.40 build/installation was either bad or there was a bug in PHP 5.6.40 that caused that php error. Years ago I ran into this similar type of issue where a bad PHP build/compile was circulating around many different web hosts and it may have even been a PHP 5.6.40 build/compile.

    Plugin Author AITpro

    (@aitpro)

    Also 2 of the 3 people were not aware that they were running an ancient version of PHP or the benefits of upgrading to at least PHP 7. So I just wanted to mention the benefits here…

    PHP 7 is 100% faster than PHP 5.6 – twice as fast and much more secure.
    PHP 7.4 is 26.84% faster than PHP 7.2.
    PHP 8 is even faster > 18.4% faster than PHP 7.4.

    • This reply was modified 2 years, 9 months ago by AITpro.
    Thread Starter vrubba

    (@vrubba)

    Yeah I realize its an old outdated PHP version. But the site has run for years and nobody has complained ?? Besides I think the site was down a whole 30 minutes between when i got the call and when I fixed the php, so it’s all good. I’d already convinced them to move to a managed WordPress hosting provider once their annual subscription comes up so this will no longer be a ‘me’ problem. Appreciate you responding though, and I hope it will help others who may run into the issue.

    Thread Starter vrubba

    (@vrubba)

    And for the record the server is running 5.6.40, it was the default that came with this OVH box running Webmin, about 5-6 years ago.

    Plugin Author AITpro

    (@aitpro)

    I thought about how I could create an additional condition for PHP 5.6.40, but if this version of PHP is not processing if ( version_compare( PHP_VERSION, '9.0.0', '>=' ) ) { correctly then most likely it would not process a condition like this correctly: if ( version_compare( PHP_VERSION, '5.6.40', '<=' ) ) { do X.

    To me it appears that the problem is that either the PHP_VERSION constant is not being processed correctly or the version_compare() function is not being processed correctly on this particular PHP 5.6.40 image. So adding a new condition for this particular bad image of PHP 5.6.40 would not work.

    Hi,

    I have many sites with BulletProof Security Pro installed. And I am very satisfied with this wonderful plugin!

    Some (not all) of my websites have “Genesis Blocks plugin” installed (last version 1.4.0) and it seems that there is an incompatibility between the BulletProof Security Pro version 16.3/16.3.1 and Genesis Blocks plugin because everywhere this plugin is installed there is a crash after update of BPS 16.3/16.3.1

    I had to remove BPS with FTP and put back the previous version of BPS to have my website back again.

    When “Genesis Blocks” is deactivated no problem. I can update BPS to the last version.

    And it doesn’t seem to be linked with a specific theme, only between “Genesis blocks” and “BPS”.

    Thank you !

    Robert

    Plugin Author AITpro

    (@aitpro)

    @bob23894 – I have copied your WP forum reply to the BPS Pro forum > https://forum.ait-pro.com/forums/topic/genesis-blocks-site-crash-after-bps-pro-upgrade/. Please reply to the question that I asked in the BPS Pro forum topic. I’m currently testing the Genesis Blocks free plugin.

    Thanks

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Recent update of bulletproof broke site’ is closed to new replies.