Make WordPress Core

Opened 14 years ago

Closed 14 years ago

#3025 closed defect (bug) (invalid)

Bad php include() results in 1000s of mysql connections/queries

Reported by: yinw Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:


A few hours ago, my dedicated server shut down and, after investigation, tracked the problem to a misplaced include file in Header.php

In Header.php, I added a line to do a php include of an .html file (which simply contains a snippet of ad code).

I then moved the directory the file was in to another level, and when I tried to view my site, Header.php went berserk trying to find the misplaced .html file to include.

Each time it retried [100(0)s of times, faster than the queries could be processed], it sent a mysql query until there were 100s of opened mysql sockets, and overloaded the server.

I rebooted the server, went back in [could only do that thru FTP] then fixed the new location of the .html file -- and presto, no more server problem.

I guess I could have coded this better with a check for the file existence before inclusion, but a missing file should not cause the server to crash. Maybe restrict retries to only a couple before gracefully failing?

Great product, love it, you're all doing a great job. Thanks!

Kind regards,
http://www.photoxels.com/photobook [the blog that brought the server down]

Change History (3)

#1 @foolswisdom
14 years ago

  • Cc lloydomattic@… added
  • Component changed from Security to General
  • Priority changed from highest to normal
  • Summary changed from Misplaced Include File Shuts Down Server With mysql Attacks to Bad php include() results in 1000s of mysql connections/queries

No one has taken this bug, 1 month old, questions below, lowering priority/severity for now, and moving out of component security.

What release of WordPress / PHP / ?apache? were you running when you experienced the problem?

I am knoew to PHP, but I don't understand how mysql queries enter the scenario?

What is different between how the problem manifests itself in WordPress and what would happen in another PHP application? Is there a solution from another application that WP can adopt?

#2 @foolswisdom
14 years ago

  • Severity changed from blocker to normal

As per last update meant to change severity to normal.

#3 @masquerade
14 years ago

  • Resolution set to invalid
  • Status changed from new to closed

This has almost nothing to do with WordPress, and WordPress can't do anything to stop you from making mistakes like these.

Note: See TracTickets for help on using tickets.