On 7 Oct 2013, at 14:34, Michael Alaimo <malaimo...@gmail.com> wrote:
> On Mon, Oct 7, 2013 at 9:29 AM, Stuart Dallas <stu...@3ft9.com> wrote:
>> On 7 Oct 2013, at 14:24, Michael Alaimo <malaimo...@gmail.com> wrote:
>>
>> > We have a server that gets a large number of requests each month.
>> >
>> > After a period of time I began to see this error in our error logs this
>> > weekend.
>> >
>> > PHP Fatal error: Call to undefined function ()
>> >
>> > It does not reference a function, so I found it odd. It did give a line to
>> > a function with array_merge on it.
>> >
>> > Has anyone seen this in the apache error logs? We are using PHP 5.3.3.
>>
>> Show us the line, and a few lines around it.
> public static function getInfo($params = array())
> {
> $results = array();
>
> $url = 'http://google.com';
>
>
> $props = array
> (
> 'key' => Yii::app()->params['param1'],
> 's' => Yii::app()->params['param2']
> );
>
> if (!empty($params))
> {
> $props = array_merge($props, $params);
>
> $url = $url . http_build_query($props, '', '/');
>
>
> It may be possible that params has unsafe data in it. The previous dev did
> not validate the data passed in via get.
>
> The code populating params looks like:
>
> $params = array
> (
> 'd' => $_GET['d'],
> );
>
> $job = Job::getInfo($params);
My best guess is that either $props or $params contain a function reference or
similar construct. Examine their contents with var_dump.
As a check you could expand out the effect of array_merge and see if you still
get the same with a PHP implementation.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
