iframes disappearing??

sneakyimp

I've had this problem before but it seemed to come and go ....now it's consistently happening. I have an iframe in my page...simple:

                          <tr> 
                            <td colspan="2"><iframe width="100%" height="75" src="<?=add_sid('looks_fun.php?id=' . $_GET['id']) ?>" frameborder="0"></iframe></td>
                          </tr>

when i view the page in a browser (firefox OR ie for windows xp) then the leading iframe tag is GONE but the closing iframe tag is still there:

                          <tr> 
                            <td colspan="2">                                                                              </iframe></td>
                          </tr>

WHAT IS THE DEAL ??

zabmilenko

Can you post what add_sid() does specifically? and maybe and example of what $_GET['id'] may contain?

sneakyimp

zabmilenko wrote:
Can you post what add_sid() does specifically? and maybe and example of what $_GET['id'] may contain?

add_sid() is just like the phpbb append_sid() function. all it does is add the session id to a url if the application hasn't found the session id in a cookie. it's meant to make sure sessions are maintained for those who have their cookies turned off.

  function add_sid($url) {
    // no SID for bots
    if (user_agent_is_bot()) return $url;

$pattern = '#' . SESSION_NAME . '=#';
if ((SID != '') && !preg_match($pattern, $url)) {
  if (strpos($url, '?') != false) {
    $url .= "&" . SID;
  } else {
    $url .= "?" . SID;
  }
}

return $url;

  } // add_sid()

In other words, it is just changing a url like 'looks_fun.php' to 'looks_fun.php?mysite_sid=ad4a5e5f54'

$_GET['id'] should only contain an integer.

Basically this iframe displays a script within a page that is displaying an event listing. the i frame has a button the user can click to indicate they think the event looks fun. it's basically a simple form related to the page it gets displayed in and is hosted by the same server at the same domain.

but none of this should have any impact on the WHOLE IFRAME OPENING TAG DISAPPEARING and leaving behind only the closing </iframe> tag. The only thing I can think of is that maybe I have some security setting on that is preventing it for some reason? It's totally bizarre and I have noticed it happening in both firefox and IE with this code being hosted from two different LAMP servers.

MarkR

Have you got any "personal firewall" products installed?

Is there a proxy server (transparent or otherwise) between your client and server?

Have you tried getting the output of the page directly (e.g. wget) from a host which you know has none of these?

Mark

sneakyimp

I have McAfee firewall installed. I've used iframes while developing before and never noticed any issue. I also have a linksys router between my PC and the cable modem.

I'm not sure if there is any proxy server. I have my own dynamically assigned IP given to me by Time Warner cable who recently bought adelphia. might that have something to do with it?

and FYI, it is a sporadic problem. sometimes the iframe is there, sometimes not. the closing </iframe> tag is ALWAYS there.

EDIT - OH...forgot...when i connect to the site using LYNX from a unix command line, the iframe is there...or at least a link to it is...LYNX is old school, it's not a GUI.

MarkR

Sounds like something is removing this iframe from the HTML source. The personal firewall and/or your provider's proxy are the primary suspects (hence it affects all browsers).

Try downloading the page using (e.g.) wget from your workstation and a remote location which is known not to have any proxies / etc, and comparing the source code.

If the ISP uses a transparent proxy, you can usually see by looking at the client / server headers of the HTTP request. Also, it's likely that requests will come from the proxy's IP not your workstation's.

If the ISP does use a transparent proxy, you can bypass it by connecting to a site on a port other than 80, or using HTTPS (try it to compare results).

Whoever is messing with your HTML presumably has a rule which attempts to detect some kind of web-bugs and remove them - if it's your ISP's transparent proxy, that's a bit rude of them (perhaps you can complain to support and make them stop?).

Definitely check out your personal firewall too - try stopping it or uninstalling it and comparing results.

Mark

sneakyimp

The problem is totally erratic. One particular page on the site i'm working on has 2 iframes. i clicked through a bunch of links that led me to it and i get one or the other if the i frames about every 4th page. so weird.

i tried turning off mcAfee firewall and putting my computer in the DMZ and that didn't help a bit. i put the site in my list of safe sites in IE and that didn't help either.

at the moment the site is protected by http authentication so wget doesn't work. like i said, i tried lynx and both iframes were consistently visible and accessible.

If the ISP uses a transparent proxy, you can usually see by looking at the client / server headers of the HTTP request. Also, it's likely that requests will come from the proxy's IP not your workstation's.

How might I do this? I would like to know what is causing the problem.

MarkR

sneakyimp wrote:
at the moment the site is protected by http authentication so wget doesn't work.

wget supports http authentication. Try harder 🙂

like i said, i tried lynx and both iframes were consistently visible and accessible.

Sounds suspiciously like I'm right (Personal firewall or ISP transparent proxy is at fault).

How might I do this? I would like to know what is causing the problem.

Run a packet logger on the server and capture a session from the offending client. Inspect it for proxy-related headers.

Do likewise at the client end. Compare the traces of the same request.

Look at the requesting IP on the web server access log, compare with the client's true address.

Instead of removing mcaffee, try uninstalling it completely or try another client box on your LAN that doesn't have it.

Mark