What are your PHP settings for:
- register_globals
- post_max_size
- magic_quotes_gpx
- magic_quotes_runtime
- magic_quotes_sybase
- output_buffering
- zlib.output_compression
- variables_order
Is PHP running as an Apache module or as CGI ?
Do you have Zend Optimizer installed ? What version?
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
This is from php.ini:
- register_globals=off
- post_max_size=8M
- magic_quotes_gpc=off
- magic_quotes_runtime=off
- magic_quotes_sybase=off
- output_buffering=4096
- zlib.output_compression=off
- variables_order=GPCS
PHP5 is compiled and running as an apache module.
Zend Optimizer is installed. version: 220060519 (Zend Engine v2.2.0)
Back to the debugging idea ... instead of checking $_POST, try checking $HTTP_RAW_POST_DATA instead.
(ref: http://bugs.php.net/bug.php?id=32109 old php bug report)
Perhaps check $_REQUEST too ?
http://bugs.php.net/bug.php?id=31417
Here's a workaround someone proposed, assuming affirmative results for the test of the raw data:(Horrible to implement everywhere, but ... )Code:if (isset($GLOBALS['HTTP_RAW_POST_DATA']) && !count($_POST)) parse_str($GLOBALS['HTTP_RAW_POST_DATA'] , $_POST);
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Better yet ... do you have mod_auth_sspi 1.0.4 compiled into your configuration ?
http://yellow5.us/journal/empty_post_requests_and_ie7/
This article discusses almost identical symptoms, and suggests that it happens only if you click your Submit within 15 seconds of a previous click. Would be interesting to know if that has any bearing for you.
(I doubt it for the carterellis site, since I see symptoms even without the 15-sec timer just on the catalog)
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
I think I've already tried it, but I'll try again.
Interesting...your code (the <pre> tag) yields nothing. I checked to see if it isset() and it is NOT.
(Notice: Undefined variable: HTTP_RAW_POST_DATA in /usr/home/jar/store/zencart/admin/configuration.php on line 28) after the isset code, denoting its not recognized...but thats obvious
I have mod_auth but not mod_auth_sspi installed.
(That link doesn't work for me btw, but 15 second rule doesn't apply)
Last edited by Athenon; 26 Aug 2007 at 09:11 AM.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
The article contents:Empty POST requests and IE7
I experienced a serious issue having to do with POST requests, and the only browser that seemed to be affected was IE7 RC.
The Symptom
After submitting form data as a POST request multiple times to the same page, my PHP test page would return an empty $_POST superglobal, meaning no data was received. Strangely, this only occurred if I submitted the form more than once within 15 seconds.
The first form submit always worked as expected, but any subsequent submit within the next 15 seconds came up empty. If I waited beyond the seemingly arbitrary 15-second limit and submitted the form, it again worked as expected.
Furthermore, I noticed that the issue only manifested itself on my machine, the test server. If I submitted a request using the same test script on the production server, IE7 worked flawlessly.
The Solution
I compared settings in my php.ini, .htaccess, and httpd.conf files, with no luck. I then decided to check the versions of everything, including PHP, Apache, and all installed modules and extensions. The test server had the latest versions of Apache, PHP, and most modules installed, while the production server was one or two minor revisions behind on each.
One of the loaded Apache modules I found with differing versions was mod_auth_sspi, which is conveniently hosted here. The test server used mod_auth_sspi 1.0.4, while the production server used 1.0.3. After downgrading to mod_auth_sspi 1.0.3, the annoying empty POST issue disappeared.
Final Words
If you're running Apache and using mod_auth_sspi 1.0.4, I strongly suggest writing a quick script to submit data as a POST, and testing it with IE7. If you notice any strange activity at all, consider rolling back to 1.0.3. It may save you a serious headache later on.
It's possible that this is an issue with IE7 RC. If so, it may be fixed in the final version
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Bookmarks