E_NOTICE: Trying to access array offset on value of type null

8 posts by 2 authors in: Forums > CMS Builder
Last Post: May 25, 2022   (RSS)

By weblm - April 18, 2022

We started getting a lot of developer log errors with the following:

E_NOTICE: Trying to access array offset on value of type null
https://www.CLIENTDOMAIN.com/the-loop-detail.php?Family-Medical-Leave-Act-128=%27nvOpzp;%20AND%201=1%20OR%20(%3C%27%22%3EiKO)),

Obviously the correct URL should be:
https://www.CLIENTDOMAIN.com/the-loop-detail.php?Family-Medical-Leave-Act-128

Seems bots or something is appending an encoded string onto the end of URLS.

Developer log doesn't show any referrer, so I'm guessing they are fishing for something?

Anyone know what they are looking for and what the best way to handle this is?  

LM

By weblm - April 22, 2022

Daniel,

Thanks for the details.  Yes I am using the standard "whereRecordNumberInUrl()" function.  Here's some more info:

One of the errors is:

E_NOTICE: Trying to access array offset on value of type null
https://www.CLIENT.com/the-loop-detail.php?Get-Preventive-Care-Back-on-Track-201=%27nvOpzp;%20AND%201=1%20OR%20(%3C%27%22%3EiKO)),
/home/CLIENT/CLIENT.com/the-loop-detail.php
Line number 34

#0 _errorlog_logErrorRecord() called at [/home/CLIENT/CLIENT.com/cmsAdmin/lib/errorlog_functions.php:64]
#1 _errorlog_catchRuntimeErrors() called at [/home/CLIENT/CLIENT.com/the-loop-detail.php:34]

Line 34 of that file

<title><?php if ($detailRecord['meta_title'] != ''): ?><?php echo $detailRecord['meta_title']; ?><?php else: ?><?php echo trim($detailRecord['title']).' | The Loop'; ?><?php endif ?></title>

All of the pages have the standard block like this:

// load detail record from 'the_loop'
list($the_loopRecords, $the_loopMetaData) = getRecords(array(
'tableName' => 'the_loop',
'where' => whereRecordNumberInUrl(0),
'loadUploads' => true,
'allowSearch' => false,
'limit' => '1',
'orderBy' => 'dragSortOrder DESC',
));
$detailRecord = @$the_loopRecords[0]; // get first record
if (!$detailRecord) { header("HTTP/1.1 301 Moved Permanently"); header( 'Location: /the-loop.php' ); } // redirect to list page if no record passed or found

// load list records from 'the_loop'
list($the_loopRecords, $the_loopMetaData) = getRecords(array(
'tableName' => 'the_loop',
'loadUploads' => false,
'allowSearch' => true,
'orderBy' => 'dragSortOrder DESC',
));

$relatedArticles = getRelatedArticles($detailRecord);
if (empty($relatedArticles)) { $recentArticles = getRecentArticles($detailRecord); }

The Apache log file shows this:

[Fri Apr 22 02:05:24.163989 2022] [:error] [pid 1405:tid 111776546576128] [client 149.104.108.14:47420] [client 149.104.108.14] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'son),' [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "65"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: son), found within ARGS:Get-Preventive-Care-Back-on-Track-201: 'nvOpzp; AND 1=1 OR (<'\\x22>iKO)),"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "www.CLIENT.com"] [uri "/the-loop-detail.php"] [unique_id "YmJv1BzcXMr4Wrpgip6P1AAAAUo"]

The client is hosted at Dreamhost and this is there Extra Security module helping to prevent these injections.

Let me know if there is anything else I can provide.  Also if there is a more secure place to upload files so only you see them, let me know and I can upload the entire file(s).

Thanks!

LM

By daniel - April 22, 2022

Hi LM,

Thanks for the additional info!

Given the error message, to get rid of the notice, you should be able to change line 34 from this:

<title><?php if ($detailRecord['meta_title'] != ''): ?><?php echo $detailRecord['meta_title']; ?><?php else: ?><?php echo trim($detailRecord['title']).' | The Loop'; ?><?php endif ?></title>

To this:

<title><?php if (!empty($detailRecord['meta_title'])): ?><?php echo $detailRecord['meta_title']; ?><?php else: ?><?php echo trim($detailRecord['title']).' | The Loop'; ?><?php endif ?></title>

ModSecurity is another well-known WAF, so it looks like you're covered there, and your getRecords() calls all look safe from that type of injection attack.

Let me know if you have any other questions!

Thanks,

Daniel
Technical Lead
interactivetools.com

By weblm - April 25, 2022

Thank you Daniel!!

Think I have a handle on making some changes to match what you have shown.   We have a bunch of echo statements that I'm now going to wrap in the PHP IF to mitigate those errors.

LM

By weblm - May 24, 2022

Hi Daniel,

Thanks for your help before, I think all my changes are working based on what you replied with.

However, we are noticing more errors, this time they are appending the code onto the end of pagination links:

https://www.CLIENT.com/the-loop.php?date_year=&category=health_care_reform&filter=yes&page=1%27nvOpzp;%20AND%201=1%20OR%20(%3C%27%22%3EiKO)),

We are using the standard pagination code I believe:

<!-- START PAGINATION CODE --> 
<div class="pagelinks">
	<?php  
		if (@!$_GET['page']): $current_page = "1"; 
		else: $current_page = $_GET['page'];    
	endif;  ?> 
		
	<?php 
		$startNumber = max($current_page - 2, 1); 
		$endNumber   = min($current_page + 2, $the_loopMetaData['totalPages']); 
	?>

	<?php if ($the_loopMetaData['prevPage']): ?>
		<a href="<?php echo $the_loopMetaData['prevPageLink'] ?>"><img src="/images/arrow-left.png" border="0" /> prev</a>&nbsp;&nbsp;&nbsp;
		<?php if ($startNumber > '1'): ?>
			<a href="?<?php echo http_build_query(array_merge($_REQUEST, array( 'page' => '1' ))) ?> ">1</a> ...
		<?php endif ?> 
	<?php else: ?>
		&nbsp;  
	<?php endif ?>	

<?php foreach (range($startNumber,$endNumber) as $page): ?>
	
		<?php if ($page == $current_page): ?> 
		 <b>[<?php echo $page; ?>]</b> 
		<?php else: ?> 
		 <a href="?<?php echo http_build_query(array_merge($_REQUEST, array( 'page' => $page ))) ?>"><?php echo $page; ?></a> 
		<?php endif ?> 

	<?php endforeach; ?> 
	
	
	<?php if ($the_loopMetaData['nextPage']): ?>
		<?php if ($the_loopMetaData['totalPages'] > $endNumber): ?>
			... <a href="?<?php echo http_build_query(array_merge($_REQUEST, array( 'page' => $the_loopMetaData['totalPages'] ))) ?> "><?php echo $the_loopMetaData['totalPages'];?></a> 
		<?php endif ?> 
			&nbsp;&nbsp;&nbsp;<a href="<?php echo $the_loopMetaData['nextPageLink'] ?>">next <img src="/images/arrow-right.png" border="0" /></a>  
		<?php else: ?>   
			&nbsp;  
	<?php endif ?>							
</div>
<!-- /END PAGINATION CODE -->

Is there anything we can do to drop all the extra code they are testing with?

Thanks for any help!

LM

By daniel - May 24, 2022

Hi LM,

It looks like you're probably getting errors when the page tries to do math with $current_page and finds a non-numeric value. You should be able to correct this by telling the script to force the value to be an integer by casting it like this:

else: $current_page = (int) $_GET['page'];

Let me know if that helps - if you're still getting errors, can you copy the error message here for me to check?

Thanks,

Daniel
Technical Lead
interactivetools.com

By weblm - May 25, 2022

Daniel,

Thank you so much!! This worked perfectly!!

LM