Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
There is no security.output_filter defined in your application config file
  • Hi,

    Strange error that only pops up when running oil, and only on heroku, not locally.

    There is no security.output_filter defined in your application config file

    It's difficult to read the backtrace since it's full of html and inline css and only exists as output in my logs... but the gist is:

    COREPATH/classes/security.php @ line 68
    throw new \FuelException('There is no security.output_filter defined in your application config file');
    COREPATH/classes/autoloader.php @ line 375
    COREPATH/classes/autoloader.php @ line 249
    COREPATH/base.php @ line 252
    function e($string)
    {
    return \Security::htmlentities($string);
    }
    COREPATH/views/errors/php_fatal_error.php @ line 37
    e($message);
    COREPATH/classes/view.php @ line 238
    COREPATH/classes/view.php @ line 252
    COREPATH/classes/view.php @ line 589
    COREPATH/classes/view.php @ line 205
    COREPATH/bootstrap.php @ line 93
    set_error_handler(function ($severity, $message, $filepath, $line)
    {
    // reset the autoloader
    \Autoloader::_reset();

    // deal with PHP bugs #42098/#54054
    if ( ! class_exists('Errorhandler'))
    {
    include COREPATH.'classes/errorhandler.php';
    class_alias('\Fuel\Core\Errorhandler', 'Errorhandler');
    class_alias('\Fuel\Core\PhpErrorException', 'PhpErrorException');
    }

    return \Errorhandler::error_handler($severity, $message, $filepath, $line); //93
    });

    ...god these forums suck, I can't even quote code...

    Anyone have any thoughts as to what's causing this?
  • You get this error when Security class is loaded before the global config is loaded.

    Easiest is to add a

    echo Debug::backtrace();

    to Security::_init() to see what triggers the load.
  • When I run the following locally, I get the backtrace:

    $ php oil r install


    #0 /munin/Development/____/fuel/core/classes/security.php:52 Fuel\Core\Debug::backtrace()


    #1 [internal function] Fuel\Core\Security::_init()


    #2 /munin/Development/____/fuel/core/classes/autoloader.php:377 call_user_func()


    #3 /munin/Development/____/fuel/core/classes/autoloader.php:249 Fuel\Core\Autoloader::init_class()


    #4 [internal function] Fuel\Core\Autoloader::load()


    #5 /munin/Development/____/fuel/core/classes/fuel.php:186 spl_autoload_call()


    #6 /munin/Development/____/fuel/app/bootstrap.php:35 Fuel\Core\Fuel::init()


    #7 /munin/Development/____/oil:62 require()


    When I run it on heroku, it doesn't run. I just get the same HTML output:



    $ heroku run php oil r install

    Running php oil r install on ______... up, run.8612

    <!DOCTYPE html>

    <html>

    <head>

    ..etc...

    1. COREPATH/classes/autoloader.php @ line 375
    2. COREPATH/classes/autoloader.php @ line 249
    3. COREPATH/base.php @ line 252
    4. COREPATH/views/errors/php_fatal_error.php @ line 37
    5. COREPATH/classes/view.php @ line 238
    6. COREPATH/classes/view.php @ line 252
    7. COREPATH/classes/view.php @ line 589
    8. COREPATH/classes/view.php @ line 205
    9. COREPATH/bootstrap.php @ line 93

    Edit: Duh.. because it's loading fuelphp from composer. So I can't really make edits to COREPATH without...something.
  • Here's the beginning of that, bootstrap:
    set_exception_handler(function ($e)
    {
    // reset the autoloader
    \Autoloader::_reset();

    // deal with PHP bugs #42098/#54054
    if ( ! class_exists('Errorhandler'))
    {
    include COREPATH.'classes/errorhandler.php';
    class_alias('\Fuel\Core\Errorhandler', 'Errorhandler');
    class_alias('\Fuel\Core\PhpErrorException', 'PhpErrorException');
    }

    return \Errorhandler::exception_handler($e); // line 93
    });
  • I still don't understand what you think the problem is, and why you want to edit COREPATH? And if you would want to, why that is a problem.

    COREPATH is defined in both the oil script in the installation root, and the index.php in the public folder. Both are from the fuel\fuel repo, which is the repo you should clone to start building your own application.

    Heroku should install from that repo, and then use composer to pull the dependencies in.
  • You said:

    Easiest is to add a 

    echo Debug::backtrace();

    to Security::_init() to see what triggers the load.

    Except I can't. Because fuel/core is loaded fresh every time I push it to heroku. I haven't made any changes to fuel/core locally or, obviously, on heroku.

    My issue is, for reasons unknown, I get a "There is no security.output_filter defined in your application config file" error when oil runs on heroku, but I don't get the error when it runs locally.
  • Ok, problem solved.
    I had another extension that was looking for a .env file and couldn't find one (since it's in .gitignore). This necessarily loads before config.php since it's loading environment variables.

    I solved the problem by copying COREPATH/views/errors/php_fatal_error.php to APPPATH/views/errors/php_fatal_error.php and replacing all e() with htmlentities(). This allows the actual error to display rather than an error that it couldn't display the error.

    So, it seems that for whatever reason, fuel has no way to display an error if one occurs before config.php is loaded. I would classify this as a bug with fuelphp and suggest implementing a simpler non-html error handler until the config or core is loaded, if possible. I haven't looked around enough in core to know how this might be accomplished, but this has been a huge pain just trying to see the bloody error to deal with it.
  • How did you exactly cause the error? You had something in your app bootstrap.php that caused a PHP, before Fuel::init() was called?

    If we know how to reproduce it, we can address it.

    I've never had this issue in the 6 years I work with Fuel, so I didn't know it existed.
  • Here's the updated code from my modified APPPATH/bootstrap.php. I need the .env file to load first so that it can populate the config. There may be a better place to put this code, but this seems to make the most sense. In production, I have my config through heroku, so no .env file.

    The issue was, it was just trying to load the .env file...except there wasn't one (it was in .gitignore, ergo not on heroku). Really stupid coding mistake on my part, but I couldn't debug it because when php_fatal_error.php was loaded, the config hadn't parsed yet, so it threw an additional error when it got to e($message) in the file, which hid my actual error. Simply changing e() to htmlentities() allowed my error to display and allowed me to quickly fix the issue.

    if (\Fuel::$env == 'development') {
    if (file_exists(APPPATH.'.env')) {
    $dotenv = new Dotenv\Dotenv(APPPATH);
    $dotenv->load();
    }
    }

    // Initialize the framework with the config file.
    \Fuel::init('config.php');
  • Ok,

    So you didn't have the file_exists() before? Ok, I think I've got enough to reproduce it.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion