Help Me Understand the Low-Level Fix for RG_EMULATION Update

winuser · Post by **winuser** » Sat Sep 23, 2006 8:19 am

There is a particular component I use that has not been updated to support the RG_EMULATION change--and it likely won't be for some time. The component is not essential and not widely used.

I have verified that this particular component does NOT function properly when RG_EMULATION is FALSE.

I'd like to update the extension myself, but I need some help getting started. Yes, every component is different, but at some level there must be a common set of code changes represented in all the updates.

What is the common fix that all components undergo to support RG_EMULATION 0 ? When I understand this, I think I can proceed to mod the extension.

Note that I am not asking about the globals.php file.

Thanks for your technical help.

Post by **pe7er** » Sat Sep 23, 2006 12:03 pm

Register Gobals = ON -> you don't need the declaration of variables in scripts, which is at the same time a major security issue.
Register Globals = OFF -> you will need to declare variables within the script. If you need to use variables that were declared at other scripts (e.g. the Joomla core), you will need to include those with the global statement or specifically retrieve the variables in a safe way (with the built in Joomla function mosGetParam).

for integers:
$myval = intval(mosGetParam($_REQUEST,'myval', 0));
for strings:
$myval =(mosGetParam($_REQUEST,'myval', 0));

Please see: http://forum.joomla.org/index.php/topic,86525.0.html for other component fixes (components that needed Register Globals = ON).

winuser · Post by **winuser** » Sat Sep 23, 2006 12:25 pm

I love answers that are straight to the point

Very helpful information.

Thanks, pe7er!

sheva77 · Post by **sheva77** » Sun Oct 08, 2006 3:33 am

Hi

I wonder if you can help me with this thing, I had some script at some server, here it is :

Code: Select all

echo '<form action="'.$mosConfig_live_site .'/index.php?option=com_acajoom&act=sendsend&listnum='.$listnum.'&mailingnum='.$mailingnum.'&usernum='.$usernum.'" method="post" name="contact">
	Your Friend Email (<font class="form_check">*</font>)<br>
	<input name="friend" id="friend" type="text" value="" size="40"><br><br>
	<input name="submit" type="submit" value="Send Message">
	</form>';

and :

Code: Select all

	global $friend;
	$friend = (mosGetParam($_REQUEST, 'friend', 0));

this works perfectly at my server with Register globals ON but at another server with register globals OFF the variable "$friend" isnt posted, it equals "0" when I echo it, plz help

sheva77 · Post by **sheva77** » Sun Oct 08, 2006 4:15 am

hi, I used the $_post to get it and it worked, thanks for everyone here

o.b.l.x · Post by **o.b.l.x** » Wed Dec 06, 2006 7:27 pm

have You came acros or do You know of a way to use akocomment with rg emulation off

martinus · Post by **martinus** » Thu Dec 28, 2006 4:04 pm

Hi there
Stupid question I'm Sure, but anyway here it comes:
I trying to secure an installation. The RG_emulation is now off - found the globals file...
But what about the register_globals ... I don't seem to find the line.. Which file is to be altered...

Please somebody...

Yours
Claus

Post by **pe7er** » Thu Dec 28, 2006 4:09 pm

martinus wrote:I trying to secure an installation. The RG_emulation is now off - found the globals file...
But what about the register_globals ... I don't seem to find the line.. Which file is to be altered...

Only the RG_Emulation is in globals.php

Register Globals is a setting in php.ini and/or .htaccess
More info about Register Globals and how to configure:
http://forum.joomla.org/index.php/topic,93640.0.html

martinus · Post by **martinus** » Thu Dec 28, 2006 4:31 pm

Hi
Thanks for the prompt reply
I tried to insert this line 'php_flag register_globals off' in the htaccess.txt-file and uploaded it --- but it still says register_globals is on

Claus

Post by **pe7er** » Thu Dec 28, 2006 4:34 pm

I read in this forum (cannot find the topic though) that someone had the same problem, but solved it by putting a new .htaccess with only
php_flag register_globals off
in the /administrator directory.
Maybe that works for you too....

martinus · Post by **martinus** » Thu Dec 28, 2006 4:45 pm

I just put a file called '.htaccess' in the root folder with this line in it: php_flag register_globals off
But alas - it didn't work

should the file have any extentions? or could there be some sort of time relay between upload and execution?

By the way: the debate on security states that you simply change the name on the file htaccess.txt to .htaccess - is this true and can it be done without risk...

Post by **pe7er** » Thu Dec 28, 2006 5:29 pm

martinus wrote:should the file have any extentions? or could there be some sort of time relay between upload and execution?

No, just plain .htaccess
I don't think that there should be any delay: after changing .htaccess it should work immediatelly.
(though any changes in the PHP configuration file "php.ini" probably need a restart of PHP)

By the way: the debate on security states that you simply change the name on the file htaccess.txt to .htaccess - is this true and can it be done without risk..

Yes, but a faulty configured .htaccess will result in an error on the website.
htaccess.txt is a text file, .htaccess is a (hidden) system file for the Apache webserver. btw: what server OS / webserver software do you use? .htaccess does not work on Microsoft IIS.

martinus · Post by **martinus** » Thu Dec 28, 2006 6:05 pm

Actually I think my hosting is on a windows platform server....
It doesn't work then?
But then I can get the support on the hosting site to turn it off...
Thanks again

Post by **pe7er** » Thu Dec 28, 2006 6:29 pm

martinus wrote:Actually I think my hosting is on a windows platform server....
It doesn't work then?
But then I can get the support on the hosting site to turn it off...

It can work on Microsoft NT server OS with Apache webserver,
but not with Microsoft IIS webserver, that does not support .htaccess

I would indeed ask the host to turn Register Globals OFF (but I am not sure if they are willing, as it's probably a server wide setting which could affect other sites on shared hosting).

galaxyboss · Post by **galaxyboss** » Thu Jan 04, 2007 10:47 pm

i have the same problem with joomla 1.012
in admin area I have the Security recommendation :
* PHP register_globals setting is `ON` instead of `OFF`
i am on linux server in on host company(shared server),
I tried to use php_flag register_globals off on .haccess but this messege

:

Code: Select all

[b]Internal Server Error 500[/b]
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

i have joomla in : http://www.domain.com/joomla

my .haccess is :

Code: Select all

##
# @version $Id: htaccess.txt 2368 2006-02-14 17:40:02Z stingrey $
# @package Joomla
# @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##
 php_flag register_globals off

#####################################################
#  READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
#
# Only use one of the two SEF sections that follow.  Lines that can be uncommented
# (and thus used) have only one #.  Lines with two #'s should not be uncommented
# In the section that you don't use, all lines should start with #
#
# For Standard SEF, use the standard SEF section.  You can comment out
# all of the RewriteCond lines and reduce your server's load if you
# don't have directories in your root named 'component' or 'content'
#
# If you are using a 3rd Party SEF or the Core SEF solution
# uncomment all of the lines in the '3rd Party or Core SEF' section
#
#####################################################

#####  SOLVING PROBLEMS WITH COMPONENT URL's that don't work #####
# SPECIAL NOTE FOR SMF USERS WHEN SMF IS INTEGRATED AND BRIDGED
# OR ANY SITUATION WHERE A COMPONENT's URL's AREN't WORKING
#
# In both the 'Standard SEF', and '3rd Party or Core SEF' sections the line:
# RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes##
# May need to be uncommented.  If you are running your Joomla! from
# a subdirectory the name of the subdirectory will need to be inserted into this
# line.  For example, if your Joomla! is in a subdirectory called '/test/',
# change this:
# RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes##
# to this:
# RewriteCond %{REQUEST_URI} ^(/test/component/option,com) [NC,OR] ##optional - see notes##
#
#####################################################


##  Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

#
#  mod_rewrite in use

RewriteEngine On


#  Uncomment following line if your webserver's URL
#  is not directly related to physical file paths.
#  Update Your Joomla! Directory (just / for root)

RewriteBase /joomla/


########## Begin Standard SEF Section
## ALL (RewriteCond) lines in this section are only required if you actually
## have directories named 'content' or 'component' on your server
## If you do not have directories with these names, comment them out.
#
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] 		##optional - see notes##
#RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$  [NC]
RewriteRule ^(content/|component/) index.php
#
########## End Standard SEF Section


########## Begin 3rd Party or Core SEF Section
#
RewriteCond %{REQUEST_URI} ^(/jommla/component/option,com) [NC,OR] 		##optional - see notes##
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$  [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php
#
########## End 3rd Party or Core SEF Section

I contact my host company about the php.ini and they told me :
The register_globals can not be changed to "off", due to our shared hosting environment.

what shell I do, ??

thanks

Post by **pe7er** » Thu Jan 04, 2007 11:50 pm

create a new empty .htaccess with only:

php_flag register_globals off

If it works ok, you can start adding other settings in the .htaccess

galaxyboss · Post by **galaxyboss** » Fri Jan 05, 2007 4:50 pm

I did as pe7er said
and still not working,
My host is networksolution, and I am not happy @all with their hosting services:
No CRONTAB, NO-functions (like cpanel) poor ftp access, but anyway....
how can I solve this issue with my joomla,

the error 500 make me crazy :::

and how can turn of the PHP register_globals??

thanks

keke · Post by **keke** » Wed Mar 07, 2007 7:45 am

What did to solve this was to include in the main .htaccess this in main folder

##########Beging register_globals section
#
#php_flag register_globals off
#
##########End register_globals section

Then create a new .htaccess with a single line quote:

php_flag register_globals off

Then copy in the admin directory and there we go.

BR
keke

galaxyboss · Post by **galaxyboss** » Wed Mar 07, 2007 8:18 am

my problem was solve by adding php.ini in cgi-bin folder in root
note here this work for me, beacuse the host company configured their servers to run php setting for each customers.
the php.ini file :

Code: Select all

register_globals = Off
upload_tmp_dir = /data/tmp
session.save_path = "/data/tmp"

The Joomla! Forum™

Help Me Understand the Low-Level Fix for RG_EMULATION Update

Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update

Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update