Searching the forums I found another thread covering the same issue with a ZC 1.5.3 version:
https://www.zen-cart.com/showthread....iles-yesterday
Searching the forums I found another thread covering the same issue with a ZC 1.5.3 version:
https://www.zen-cart.com/showthread....iles-yesterday
Are you able to trigger it on-demand? That would be helpful for proper resolution.
Could possibly be caused by IP address spoofing, or malicious manipulation by the visitor to mask their address such that the $_SERVER array doesn't have a value there, or perhaps crafty DNS registration which reports invalid data.
Or a weird proxy server configuraiton if you're using one.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Thanks
Can't trigger it on demand but found the corresponding server log entry for this error:
Log entry (adusted for server/UTC time difference):[28-Jan-2015 19:55:58 UTC] PHP Warning: strstr(): Empty needle in /home/sunnsand/public_html/includes/functions/functions_lookups.php on line 712
As far as I know my server is not using a weird proxy server configuration.78.129.250.17 - - [29/Jan/2015:06:55:58 +1100] "GET /index.php?main_page=index&cPath=13_15_23 HTTP/1.1" 200 11389 "-" "Mozilla/5.0 (compatible; aiHitBot/2.9; +http://www.aihitdata.com/about)"
I am frequently checking the logs of all (virtual) servers and have never seen this particular error before with any of the hosted ZC sites - this is a first in 5 years with the same host.
And - all sites are residing on the same physical server.
Perhaps not, but the issue could arise if the client is using a proxy and it is their proxy that is mangling things.
I have seen it before, but not enough for me to consider it worth worrying about.
I've just been doing a bit of Googling though and found that others have overcome the problem by adding a function to retrieve the IP address rather than simply relying on the $_SERVER['REMOTE_ADDR'] variable.
https://gist.github.com/cballou/2201933
It shouldn't be difficult to incorporate into ZenCart if you are really that concerned about it.
FYI, the $_SERVER['REMOTE_ADDR'] variable has never been 100% reliable, because even if the client is coming in from a correctly configured proxy the IP address returned will be for the Proxy server rather than the end user (To get the end users IP address in this case you'd need to use the $_SERVER['HTTP_X_FORWARDED_FOR'] variable).
If the proxy has been configured to use invalid data for its own IP address there isn't much you can do about it other than to retrieve the data from elsewhere (as per the function in the link above).
Cheers
RodG
the reason is because the variable $_SERVER['REMOTE_ADDR'] can be empty, when it is empty the function strstr() throws the error, because it can't have an empty needle parameter
my 2nd suggestion should prevent the error because it doesn't run strstr() when $_SERVER['REMOTE_ADDR'] is empty
you could try additional ways to get the visitor's ip address, but nothing is 100% bullet proof, and in this case only administrator IP addresses are relevant, when the store is in maintenance mode, it is not necessary to resolve the IP address of all visitors all the time
zen cart does have a function to check several other environment variables for an IP address
admin/includes/functions/general.php
to prevent the error you would still have to avoid running strstr() on an empty stringCode:/** * Get and sanitize the current IP address, detecting past proxies where possible * @return IP address */ function zen_get_ip_address() { if (isset($_SERVER)) { if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (isset($_SERVER['HTTP_X_FORWARDED'])) { $ip = $_SERVER['HTTP_X_FORWARDED']; } elseif (isset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP'])) { $ip = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP']; } elseif (isset($_SERVER['HTTP_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_FORWARDED_FOR']; } elseif (isset($_SERVER['HTTP_FORWARDED'])) { $ip = $_SERVER['HTTP_FORWARDED']; } else { $ip = $_SERVER['REMOTE_ADDR']; } } else { if (getenv('HTTP_X_FORWARDED_FOR')) { $ip = getenv('HTTP_X_FORWARDED_FOR'); } elseif (getenv('HTTP_CLIENT_IP')) { $ip = getenv('HTTP_CLIENT_IP'); } else { $ip = getenv('REMOTE_ADDR'); } } return $ip; }
we've been referring to it as an error, it is actually a warning, suppressing the warning with @ should be viable
That's good, FWIW that is what I suggested in post #2