App for Cloudflare® Pro 1.9.2

grafwebcuso · Wednesday at 3:13 PM

We just did the update and we had to disable the plugin because it keeps throwing a 500 server error!!!!!!!!!!

digitalpoint · Wednesday at 3:16 PM

What version of PHP are you using? Do you happen to have access to error log so you could see exactly what the error is?

There really isn't a whole lot that changed with the update.

JHewess · 2025-07-03T01:37:30-0700

We've also experienced this issue. We initially thought it was contained to Woocommerce pages as the 500 error originally only appears when attempting to login via the /my-account URL, however after disabling caching (Flyingpress), it occurred site-wide.

PHP version: 8.3.22
No logs as yet as we've had to revert to the previous version of the plugin.

digitalpoint · 2025-07-03T07:06:57-0700

Still haven't been able to replicate this on our end no matter the setup/config I try. I did find some old references to stacking ob_start() being problematic when a PHP is using an internal output handler that doesn't support stacking. Not sure if this is what's going on since I haven't been able to replicate it yet, but it's a lead to try and test.

If someone is able to check if their phpinfo has an output_handler set, that could be useful to know what it's set to.

JHewess · 2025-07-03T08:26:34-0700

Looking through phpinfo, output_handler shows 'no value'.

digitalpoint · 2025-07-03T08:30:56-0700

One thought that just came to mind (and maybe why I'm unable to replicate it). It could be that some servers have certain PHP functions/classes explicitly disabled (ones that are being used). Any chance you could check to see if your phpinfo shows anything for disable_functions or disable_classes?

JHewess · 2025-07-03T08:34:04-0700

disable_classes is: 'no value'
disable_functions is: 'opcache_get_status'

digitalpoint · 2025-07-03T08:47:44-0700

JHewess said:
disable_classes is: 'no value'
disable_functions is: 'opcache_get_status'

Okay, so not that... 🤔

Not sure how willing you are to test things, but unfortunately I'm not able to since I can't come up with a PHP/web server combo that causes any issues. But if you are...

If you make a new file on your server with this (can name it test.php or anything really):

PHP:

<?php
echo inet_ntop(inet_pton('103.21.244.0')) . '; '; // IPv4
echo inet_ntop(inet_pton('2a06:98c0::')) . '; '; // IPv6
echo inet_ntop(inet_pton('1.2.3.300')) . '; '; // Invalid IP

Request that file with a browser and you should see:

Code:

103.21.244.0; 2a06:98c0::; ;

One (of the two) changes in the new version is it simplified the code for replacing Cloudflare's IP with the user's actual IP... so if a server is barfing when using inet_ntop or inet_pton (standard PHP functions), it will be a problem.

JHewess · 2025-07-03T08:49:46-0700

Sure, leave it with me. Will get back to you shortly.

JHewess · 2025-07-03T08:53:09-0700

parsing the file returns:

103.21.244.0; 2a06:98c0::; ;

digitalpoint · 2025-07-03T09:03:11-0700

JHewess said:
parsing the file returns:

103.21.244.0; 2a06:98c0::; ;

Ok... so not that.

Did you enable the new option (preload resources)?

With that enabled, it does trigger an ob_start() call so any output is buffered (allows us to add the necessary preload header after WordPress generates it's content).

So maybe something going on with ob_start(), but that shouldn't be called unless the new option is enabled.

JHewess · 2025-07-03T09:05:40-0700

Yes, I believe that option was enabled out of the box. Let me just update the plugin to the new version again and I'll try and run it without that option switched on, just in case.

JHewess · 2025-07-03T09:10:13-0700

Disabling that option has made no difference, unfortunately. I also un-ticked all of the options on the plugin's main setup page, and still encountered the 500 error.

digitalpoint · 2025-07-03T09:21:09-0700

Augh... sorry for all the testing (feel free to not do anything). I really wish I was able to replicate it somehow.

In the wp-content/plugins/app-for-cf/src/DigitalPoint/Cloudflare/Base/Pub.php file, if you just remove these lines (around line #20):

PHP:

$cloudflareRepo = new \DigitalPoint\Cloudflare\Repository\Cloudflare();
if ($cloudflareRepo->option('cloudflarePreload'))
{
    ob_start();
}

...does that help?

Maybe it has something to do with WordPress not being able to initialize a PHP class at that point for some reason.

JHewess · 2025-07-03T09:42:06-0700

Nope, unfortunately deleting that code has made no difference. I've just spun up a staging version of the site so can do some proper testing. Just waiting for the SSL to sort itself out!

digitalpoint · 2025-07-03T09:44:23-0700

May be as easy as adding this to your config.php file once it's ready:

PHP:

define('WP_DEBUG', true);

Debugging in WordPress – Advanced Administration Handbook | Developer.WordPress.org

Debugging PHP code is part of any project, but WordPress comes with specific debugging systems designed to simplify the process as well as…

developer.wordpress.org

Did I mention how much I hate that I can't replicate it? 😂

JHewess · 2025-07-03T09:46:41-0700

You might hate it even more that when I turned on WP Debugging earlier, no error messages were being shown for the plugin ;-) Will try again once the staging site is operational.

digitalpoint · 2025-07-03T10:15:45-0700

I've been digging and trying to think of various "what if" situations. One possibility I've come up with (and would cause an issue regardless if the new option was enabled or not) would be an invalid script or CSS URL came through WordPress's filter mechanism. It's *supposed* to be a string, but if something (like a third-party plugin) turned it into something that isn't a string (a null value or an array or something like that), I could see an error happening when it tries to use that as it's supposed to be (a string).

Even if that doesn't end up being the case here, I've added a check to make sure that what is supposed to be a string actually *is* a string (it never hurts to add sanity checks when third-party plugins have the potential to return something unexpected).

You could test that one by just commenting out these two lines (around line #95 in the same Pub.php referenced here):

PHP:

//        add_filter('script_loader_tag', [$this, 'handleScriptLoaderTag'], 9999999, 3);
//        add_filter('style_loader_tag', [$this, 'handleStyleLoaderTag'], 9999999, 3);

JHewess · 2025-07-03T10:37:21-0700

Yep, that worked!

digitalpoint · 2025-07-03T10:44:08-0700

JHewess said:
Yep, that worked!

Okay... one last test (hopefully).

If you uncomment those two lines, and also replace the handleScriptLoaderTag and handleStyleLoaderTag methods farther down that file (approx line #223) with this:

PHP:

    public function handleScriptLoaderTag($tag, $handle, $src)
    {
        if (is_string($src) && strlen($src) > 3)
        {
            $this->preload['<' . sanitize_url($src) . '>;as=script;rel=preload'] = true;
        }
        return $tag;
    }

    public function handleStyleLoaderTag($tag, $handle, $href)
    {
        if (is_string($href) && strlen($href) > 3 && strpos($href, '/ie.css') === false)
        {
            $this->preload['<' . sanitize_url($href) . '>;as=style;rel=preload'] = true;
        }
        return $tag;
    }

...does that work?

That's the new code I added to handle the "what if" situation where a third-party plugin might be mucking a URL that's supposed to be a string. It doesn't answer the question about what may be transforming the URLs into something unusable, but it at least ignores them in that case.

App for Cloudflare® Pro 1.9.2

New Update gave 500 server error

New member

Developer

New member

Developer

New member

Developer

New member

Developer

New member

New member

Developer

New member

New member

Developer

New member

Developer

New member

Developer

New member

Developer

Similar threads