A month or so ago, I wrote that I couldn’t access my weblog because when I tried, nothing showed. My host had upgraded to PHP 4.4.1 and it broke something in the application, but what we couldn’t tell. My host said they could find nothing in the logs to explain the problem. In the meantime, they backed out 4.4.1 on my machine, and haven’t upgraded it back.
Yesterday, I heard from a weblogger who is using the semantic web plugins I created for WordPress: all of a sudden, he couldn’t access his administration pages. However, in his case he was able to find the problem in his error log:
PHP Fatal error: Maximum execution time of 30 seconds exceeded in
…/wp-content/plugins/delSetup.php on line 31
I didn’t see this error message in my error logs, but his email gave me a key to the problem. The line number indicated pointed to the following lines in the plugin:
reset( $del_menu_items );
while( $arr = current( $del_menu_items ))
{
while( $submenu[’metadata.php’][$index] ) $index++;
$submenu[’metadata.php’][$index++] = array(__($arr[’title’]), 5, $arr[’script’]);
next($del_menu_items);
}
The culprit is the code traversing the submenu and testing to see if it exists. Seeing this tiggered my memory about one of the first bugs issued for PHP 4.4.1 that had to do with next and current array functions, and other array problems introduced with the security fix. These have since been fixed in the CVS source, but not issued as a new release.
The code used in the plugin is a copy of code that others have used to add administrative menu extensions to WordPress. Further checking showed that WordPress now has functions to manage menu additions starting in WordPress 1.51 and 1.52. Examining the function code, there shouldn’t be any problems with PHP 4.4.1, so I’m changing my plugins to use the new functions.
Note, though, to other WordPress users: if you’re using a plug-in that’s extended the administrative menus, check with the creator to see if they’re using the old hack or the new admin menu functions. If they’re using the old hack, disable the extension until new plugins are released. If you don’t and your ISP upgrades to 4.4.1, you’ll be dead in the water.
