Website bug dumps server internals

hddharvey · August 15, 2023, 7:22pm

When I load the page from this link:

I get the following dumped at the top of the page:

[ edit: redacted - TG ]

I think I’ve seen this on other pages, but not sure. The full text was:

[ edit: redacted - TG ]

Prlgmnr · August 14, 2023, 4:14pm

looks like someones cracked the code

Troy · August 14, 2023, 6:33pm

Thanks for reporting — we know what this is, and will take a look. It’s not malicious, it’s just a reporting setting we have turned on for debugging.

hddharvey · August 16, 2023, 2:39am

Also, FYI.

One of the videos on the page I linked does not load for me:

TheRealMikeD · August 21, 2023, 3:29pm

As a career web developer, I’ll tell you that this is the server-side scripting language (PHP in this case) hitting an error and printing the error messages to the output. There is a setting that can be changed in the server configuration to prevent error messages from being displayed to end-users (which is recommended, because sometimes the information can be potentially used by those with malicious intentions). You can still configure error messages to be logged to a file on the server, so that the web dev team can see them and use them for debugging.

Cheers!

Troy · August 22, 2023, 7:19pm

Thanks for the note! I’m aware of said settings, I just have verbose output turned on so that we (or users) will notice when these errors pop up in older code and we can fix them. As far as we know we have found and fixed all of these on the actual instructional site pages. So this shouldn’t be an issue for anything important on the site.

This instance is a blog post, where, for various Wordpress-y reasons some of our code won’t work correctly if someone isn’t logged in. It’s a lower prority but we’ll get to it.

TLDR all the items linked to in this blog post actually work fine if you just go directly to those pages. Their display in the blog post itself may be a little janky but that’s just a display issue.

TheRealMikeD · August 22, 2023, 9:02pm

Cool, as long as you’re aware of it. Just keep in mind that WordPress sites are under attack from hacker bots all the time (the stats are fairly dumbfounding). If there’s even a little bit of seemingly harmless info about your server internals visible to attackers, “it is possible, however unlikely, that they might find a weakness, and exploit it.”

Cheers!