Suricata: PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 165

4o4rh

Getting the below the below when i switched from Suricata legacy mode to inline mode.

Crash report begins.  Anonymous machine information:

amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT amd64 1400094 #1 plus-RELENG_23_09_1-n256200-3de1e293f3a: Wed Dec  6 21:00:32 UTC 2023     root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/obj/amd64/Obhu6gXB/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1

Crash report details:

PHP Errors:
[07-Jan-2024 12:26:08 Europe/Berlin] PHP Fatal error:  str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 165
[07-Jan-2024 12:26:23 Europe/Berlin] PHP Fatal error:  str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 165
[07-Jan-2024 12:26:31 Europe/Berlin] PHP Fatal error:  str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 165
[07-Jan-2024 12:26:39 Europe/Berlin] PHP Fatal error:  str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 165
[07-Jan-2024 12:27:19 Europe/Berlin] PHP Fatal error:  str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 165
[07-Jan-2024 12:27:41 Europe/Berlin] PHP Fatal error:  str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 165
[07-Jan-2024 12:28:11 Europe/Berlin] PHP Fatal error:  preg_replace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 163

No FreeBSD crash data found.

4o4rh

@gwaitsi it seems the trigger for this is;

• go into interface
• go into rules
• change available rule categories, to something else

bmeeks

Those error messages are not coming directly from Suricata package GUI code. They are coming from the Cross-Site Request Forgery logic in pfSense.

I have no clue what is causing that. The error is being generated in this file:

/usr/local/www/csrf/csrf-magic.php

which is not part of the Suricata package.

Perhaps it has something to do with language translation code ??? I see you are the Europe/Berlin time zone, so I assume maybe you have another language selected for the GUI besides English.

jimp

When you see an error like that in CSRF magic it usually means something else caused output on the page before it had a chance to load since it expects to be first in line.

So on that page if you view/inspect source and go to the very top of the file then you will probably see the actual underlying output/error that made CSRF fail.

4o4rh

@jimp thanks Jim, I'll try to reproduce and get the output.

4o4rh

@jimp still happening intermittently;

• only on the interface rules page
• only when changing rules to view from the dropdown
• gives a blank screen when it happens and the web developers screen returns nothing on the blank screen.
• has only started since I changed the interface from legacy to inline

not able to repeat consistently, so i have not been able to see the web developerer screen before/after it happens yet.