🌍
English
Announcement
- [2025-05-27] Anonymous Piwigo Statistics: What They Reveal
- [2025-05-23] Piwigo AI: Artificial Intelligence is coming to Piwigo
- [2025-03-12] Piwigo 15.5.0 : batch manager gets more stable
- [2025-02-21] Piwigo 15.4.0 : SEO improved, load reduced, bugs fixed
- [2024-12-20] Piwigo 15.3.0 : same as 15.2.0 but compatible with PHP 7
#1 2023-04-05 17:12:27
- John.B
- Member
- 2016-03-27
- 46
Fatal error: Uncaught ValueError
Hello/Hi/Greetings,
here my base:
Piwigo 13.6.0
Linux
PHP: 8.1.17
MySQL: 5.7.38
In my server logs I see the following call:
https://myURL/index.php/x"><svG onLoad=prompt(9)>/?/category/344
The result is:
Fatal error: Uncaught ValueError: setcookie(): "path" option cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", or "\014" in /homepages/myurl/htdocs/piwigo/include/functions_user.inc.php:988 Stack trace: #0 /homepages/myurl/htdocs/piwigo/include/functions_user.inc.php(988): setcookie() #1 /homepages/myurl/htdocs/piwigo/include/functions_user.inc.php(1033): log_user() #2 /homepages/myurl/htdocs/piwigo/include/user.inc.php(28): auto_login() #3 /homepages/myurl/htdocs/piwigo/include/common.inc.php(178): include('/homepages/20/d...') #4 /homepages/myurl/htdocs/piwigo/index.php(11): include_once('/homepages/myurl/...') #5 {main} thrown in /homepages/myurl/htdocs/piwigo/include/functions_user.inc.php on line 988
Is someone here trying to take over my server?
How can I eliminate the error message and redirect the link?
By the way: A call to e.g. https://demo1.piwigo.com/index.php/x also brings a rather strange result.
Last edited by John.B (2023-04-05 17:25:17)
Offline
#2 2023-04-07 00:56:29
- erAck
- Only trying to help
- 2015-09-06
- 2217
Re: Fatal error: Uncaught ValueError
John.B wrote:
Is someone here trying to take over my server?
Always. There are a gazillion attempts to find weak spots on the internet.
How can I eliminate the error message and redirect the link?
The error message is fine. You could log to file instead though, like in [Forum, post 180778 by erAck in topic 31258] Error Message.
Redirect to what? Using RewriteCond you could match some part of the URI like onLoad=prompt and with RewriteRule deliver something else in that case, but that attempt is just one of a myriad of possibilities.
Running Piwigo at https://erack.net/gallery/
Offline
#3 2023-04-07 14:36:25
- John.B
- Member
- 2016-03-27
- 46
Re: Fatal error: Uncaught ValueError
erAck wrote:
Redirect to what? Using RewriteCond you could match some part of the URI like onLoad=prompt and with RewriteRule deliver something else in that case, but that attempt is just one of a myriad of possibilities.
Thank you very much for the hints, erAck.
erAck wrote:
The error message is fine. You could log to file instead though, like in [Forum, post 180778 by erAck in topic 31258] Error Message.
I have to take a look at that.
On the fly I made a redrect:
RewriteRule ^(.*)onLoad=prompt(.*)$ https://www.myDomain.de/ [R=301,L]
For the problem "https://demo1.piwigo.com/index.php/x" I still have no idea for the missing formatting or the missing theme.
Offline