Help Me Understand the Low-Level Fix for RG_EMULATION Update
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Intern
- Posts: 99
- Joined: Fri Aug 18, 2006 9:57 am
Help Me Understand the Low-Level Fix for RG_EMULATION Update
There is a particular component I use that has not been updated to support the RG_EMULATION change--and it likely won't be for some time. The component is not essential and not widely used.
I have verified that this particular component does NOT function properly when RG_EMULATION is FALSE.
I'd like to update the extension myself, but I need some help getting started. Yes, every component is different, but at some level there must be a common set of code changes represented in all the updates.
What is the common fix that all components undergo to support RG_EMULATION 0 ? When I understand this, I think I can proceed to mod the extension.
Note that I am not asking about the globals.php file.
Thanks for your technical help.
I have verified that this particular component does NOT function properly when RG_EMULATION is FALSE.
I'd like to update the extension myself, but I need some help getting started. Yes, every component is different, but at some level there must be a common set of code changes represented in all the updates.
What is the common fix that all components undergo to support RG_EMULATION 0 ? When I understand this, I think I can proceed to mod the extension.
Note that I am not asking about the globals.php file.
Thanks for your technical help.
Last edited by winuser on Sat Sep 23, 2006 8:27 am, edited 1 time in total.
Science • Education • Programming
- pe7er
- Joomla! Master
- Posts: 24985
- Joined: Thu Aug 18, 2005 8:55 pm
- Location: Nijmegen, Netherlands
- Contact:
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
Register Gobals = ON -> you don't need the declaration of variables in scripts, which is at the same time a major security issue.
Register Globals = OFF -> you will need to declare variables within the script. If you need to use variables that were declared at other scripts (e.g. the Joomla core), you will need to include those with the global statement or specifically retrieve the variables in a safe way (with the built in Joomla function mosGetParam).
for integers:
$myval = intval(mosGetParam($_REQUEST,'myval', 0));
for strings:
$myval =(mosGetParam($_REQUEST,'myval', 0));
Please see: http://forum.joomla.org/index.php/topic,86525.0.html for other component fixes (components that needed Register Globals = ON).
Register Globals = OFF -> you will need to declare variables within the script. If you need to use variables that were declared at other scripts (e.g. the Joomla core), you will need to include those with the global statement or specifically retrieve the variables in a safe way (with the built in Joomla function mosGetParam).
for integers:
$myval = intval(mosGetParam($_REQUEST,'myval', 0));
for strings:
$myval =(mosGetParam($_REQUEST,'myval', 0));
Please see: http://forum.joomla.org/index.php/topic,86525.0.html for other component fixes (components that needed Register Globals = ON).
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
-
- Joomla! Intern
- Posts: 99
- Joined: Fri Aug 18, 2006 9:57 am
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
I love answers that are straight to the point
Very helpful information.
Thanks, pe7er!
Very helpful information.
Thanks, pe7er!
Science • Education • Programming
- sheva77
- Joomla! Explorer
- Posts: 277
- Joined: Wed Jun 14, 2006 2:47 pm
- Contact:
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
Hi
I wonder if you can help me with this thing, I had some script at some server, here it is :
and :
this works perfectly at my server with Register globals ON but at another server with register globals OFF the variable "$friend" isnt posted, it equals "0" when I echo it, plz help
I wonder if you can help me with this thing, I had some script at some server, here it is :
Code: Select all
echo '<form action="'.$mosConfig_live_site .'/index.php?option=com_acajoom&act=sendsend&listnum='.$listnum.'&mailingnum='.$mailingnum.'&usernum='.$usernum.'" method="post" name="contact">
Your Friend Email (<font class="form_check">*</font>)<br>
<input name="friend" id="friend" type="text" value="" size="40"><br><br>
<input name="submit" type="submit" value="Send Message">
</form>';
Code: Select all
global $friend;
$friend = (mosGetParam($_REQUEST, 'friend', 0));
Max
ChronoForms For all your Joomla forms needs, ChronoConnectivity for Data Management tasks, ChronoForums is a leading free Joomla forums extension:
http://www.ChronoEngine.com
ChronoForms For all your Joomla forms needs, ChronoConnectivity for Data Management tasks, ChronoForums is a leading free Joomla forums extension:
http://www.ChronoEngine.com
- sheva77
- Joomla! Explorer
- Posts: 277
- Joined: Wed Jun 14, 2006 2:47 pm
- Contact:
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
hi, I used the $_post to get it and it worked, thanks for everyone here
Max
ChronoForms For all your Joomla forms needs, ChronoConnectivity for Data Management tasks, ChronoForums is a leading free Joomla forums extension:
http://www.ChronoEngine.com
ChronoForms For all your Joomla forms needs, ChronoConnectivity for Data Management tasks, ChronoForums is a leading free Joomla forums extension:
http://www.ChronoEngine.com
- o.b.l.x
- Joomla! Intern
- Posts: 57
- Joined: Mon Nov 13, 2006 10:51 pm
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
have You came acros or do You know of a way to use akocomment with rg emulation off
-
- Joomla! Intern
- Posts: 62
- Joined: Tue Nov 14, 2006 9:52 pm
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
Hi there
Stupid question I'm Sure, but anyway here it comes:
I trying to secure an installation. The RG_emulation is now off - found the globals file...
But what about the register_globals ... I don't seem to find the line.. Which file is to be altered...
Please somebody...
Yours
Claus
Stupid question I'm Sure, but anyway here it comes:
I trying to secure an installation. The RG_emulation is now off - found the globals file...
But what about the register_globals ... I don't seem to find the line.. Which file is to be altered...
Please somebody...
Yours
Claus
- pe7er
- Joomla! Master
- Posts: 24985
- Joined: Thu Aug 18, 2005 8:55 pm
- Location: Nijmegen, Netherlands
- Contact:
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
Only the RG_Emulation is in globals.phpmartinus wrote:I trying to secure an installation. The RG_emulation is now off - found the globals file...
But what about the register_globals ... I don't seem to find the line.. Which file is to be altered...
Register Globals is a setting in php.ini and/or .htaccess
More info about Register Globals and how to configure:
http://forum.joomla.org/index.php/topic,93640.0.html
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
-
- Joomla! Intern
- Posts: 62
- Joined: Tue Nov 14, 2006 9:52 pm
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
Hi
Thanks for the prompt reply
I tried to insert this line 'php_flag register_globals off' in the htaccess.txt-file and uploaded it --- but it still says register_globals is on
Claus
Thanks for the prompt reply
I tried to insert this line 'php_flag register_globals off' in the htaccess.txt-file and uploaded it --- but it still says register_globals is on
Claus
- pe7er
- Joomla! Master
- Posts: 24985
- Joined: Thu Aug 18, 2005 8:55 pm
- Location: Nijmegen, Netherlands
- Contact:
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
I read in this forum (cannot find the topic though) that someone had the same problem, but solved it by putting a new .htaccess with only
php_flag register_globals off
in the /administrator directory.
Maybe that works for you too....
php_flag register_globals off
in the /administrator directory.
Maybe that works for you too....
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
-
- Joomla! Intern
- Posts: 62
- Joined: Tue Nov 14, 2006 9:52 pm
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
I just put a file called '.htaccess' in the root folder with this line in it: php_flag register_globals off
But alas - it didn't work
should the file have any extentions? or could there be some sort of time relay between upload and execution?
By the way: the debate on security states that you simply change the name on the file htaccess.txt to .htaccess - is this true and can it be done without risk...
But alas - it didn't work
should the file have any extentions? or could there be some sort of time relay between upload and execution?
By the way: the debate on security states that you simply change the name on the file htaccess.txt to .htaccess - is this true and can it be done without risk...
- pe7er
- Joomla! Master
- Posts: 24985
- Joined: Thu Aug 18, 2005 8:55 pm
- Location: Nijmegen, Netherlands
- Contact:
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
No, just plain .htaccessmartinus wrote:should the file have any extentions? or could there be some sort of time relay between upload and execution?
I don't think that there should be any delay: after changing .htaccess it should work immediatelly.
(though any changes in the PHP configuration file "php.ini" probably need a restart of PHP)
Yes, but a faulty configured .htaccess will result in an error on the website.By the way: the debate on security states that you simply change the name on the file htaccess.txt to .htaccess - is this true and can it be done without risk..
htaccess.txt is a text file, .htaccess is a (hidden) system file for the Apache webserver. btw: what server OS / webserver software do you use? .htaccess does not work on Microsoft IIS.
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
-
- Joomla! Intern
- Posts: 62
- Joined: Tue Nov 14, 2006 9:52 pm
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
Actually I think my hosting is on a windows platform server....
It doesn't work then?
But then I can get the support on the hosting site to turn it off...
Thanks again
It doesn't work then?
But then I can get the support on the hosting site to turn it off...
Thanks again
- pe7er
- Joomla! Master
- Posts: 24985
- Joined: Thu Aug 18, 2005 8:55 pm
- Location: Nijmegen, Netherlands
- Contact:
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
It can work on Microsoft NT server OS with Apache webserver,martinus wrote:Actually I think my hosting is on a windows platform server....
It doesn't work then?
But then I can get the support on the hosting site to turn it off...
but not with Microsoft IIS webserver, that does not support .htaccess
I would indeed ask the host to turn Register Globals OFF (but I am not sure if they are willing, as it's probably a server wide setting which could affect other sites on shared hosting).
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
-
- Joomla! Apprentice
- Posts: 16
- Joined: Sun Mar 12, 2006 12:18 pm
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
i have the same problem with joomla 1.012
in admin area I have the Security recommendation :
* PHP register_globals setting is `ON` instead of `OFF`
i am on linux server in on host company(shared server),
I tried to use php_flag register_globals off on .haccess but this messege :
i have joomla in : http://www.domain.com/joomla
my .haccess is :
I contact my host company about the php.ini and they told me :
The register_globals can not be changed to "off", due to our shared hosting environment.
what shell I do, ??
thanks
in admin area I have the Security recommendation :
* PHP register_globals setting is `ON` instead of `OFF`
i am on linux server in on host company(shared server),
I tried to use php_flag register_globals off on .haccess but this messege :
Code: Select all
[b]Internal Server Error 500[/b]
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
i have joomla in : http://www.domain.com/joomla
my .haccess is :
Code: Select all
##
# @version $Id: htaccess.txt 2368 2006-02-14 17:40:02Z stingrey $
# @package Joomla
# @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##
php_flag register_globals off
#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
# Only use one of the two SEF sections that follow. Lines that can be uncommented
# (and thus used) have only one #. Lines with two #'s should not be uncommented
# In the section that you don't use, all lines should start with #
#
# For Standard SEF, use the standard SEF section. You can comment out
# all of the RewriteCond lines and reduce your server's load if you
# don't have directories in your root named 'component' or 'content'
#
# If you are using a 3rd Party SEF or the Core SEF solution
# uncomment all of the lines in the '3rd Party or Core SEF' section
#
#####################################################
##### SOLVING PROBLEMS WITH COMPONENT URL's that don't work #####
# SPECIAL NOTE FOR SMF USERS WHEN SMF IS INTEGRATED AND BRIDGED
# OR ANY SITUATION WHERE A COMPONENT's URL's AREN't WORKING
#
# In both the 'Standard SEF', and '3rd Party or Core SEF' sections the line:
# RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes##
# May need to be uncommented. If you are running your Joomla! from
# a subdirectory the name of the subdirectory will need to be inserted into this
# line. For example, if your Joomla! is in a subdirectory called '/test/',
# change this:
# RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes##
# to this:
# RewriteCond %{REQUEST_URI} ^(/test/component/option,com) [NC,OR] ##optional - see notes##
#
#####################################################
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
#
# mod_rewrite in use
RewriteEngine On
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root)
RewriteBase /joomla/
########## Begin Standard SEF Section
## ALL (RewriteCond) lines in this section are only required if you actually
## have directories named 'content' or 'component' on your server
## If you do not have directories with these names, comment them out.
#
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes##
#RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC]
RewriteRule ^(content/|component/) index.php
#
########## End Standard SEF Section
########## Begin 3rd Party or Core SEF Section
#
RewriteCond %{REQUEST_URI} ^(/jommla/component/option,com) [NC,OR] ##optional - see notes##
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php
#
########## End 3rd Party or Core SEF Section
I contact my host company about the php.ini and they told me :
The register_globals can not be changed to "off", due to our shared hosting environment.
what shell I do, ??
thanks
- pe7er
- Joomla! Master
- Posts: 24985
- Joined: Thu Aug 18, 2005 8:55 pm
- Location: Nijmegen, Netherlands
- Contact:
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
create a new empty .htaccess with only:
php_flag register_globals off
If it works ok, you can start adding other settings in the .htaccess
php_flag register_globals off
If it works ok, you can start adding other settings in the .htaccess
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
-
- Joomla! Apprentice
- Posts: 16
- Joined: Sun Mar 12, 2006 12:18 pm
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
I did as pe7er said
and still not working,
My host is networksolution, and I am not happy @all with their hosting services:
No CRONTAB, NO-functions (like cpanel) poor ftp access, but anyway....
how can I solve this issue with my joomla,
the error 500 make me crazy :::
and how can turn of the PHP register_globals??
thanks
and still not working,
My host is networksolution, and I am not happy @all with their hosting services:
No CRONTAB, NO-functions (like cpanel) poor ftp access, but anyway....
how can I solve this issue with my joomla,
the error 500 make me crazy :::
and how can turn of the PHP register_globals??
thanks
Last edited by galaxyboss on Wed Jan 10, 2007 4:40 pm, edited 1 time in total.
-
- Joomla! Apprentice
- Posts: 34
- Joined: Tue Nov 29, 2005 11:01 am
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
What did to solve this was to include in the main .htaccess this in main folder
##########Beging register_globals section
#
#php_flag register_globals off
#
##########End register_globals section
Then create a new .htaccess with a single line quote:
php_flag register_globals off
Then copy in the admin directory and there we go.
BR
keke
##########Beging register_globals section
#
#php_flag register_globals off
#
##########End register_globals section
Then create a new .htaccess with a single line quote:
php_flag register_globals off
Then copy in the admin directory and there we go.
BR
keke
-
- Joomla! Apprentice
- Posts: 16
- Joined: Sun Mar 12, 2006 12:18 pm
Re: Help Me Understand the Low-Level Fix for RG_EMULATION Update
my problem was solve by adding php.ini in cgi-bin folder in root
note here this work for me, beacuse the host company configured their servers to run php setting for each customers.
the php.ini file :
note here this work for me, beacuse the host company configured their servers to run php setting for each customers.
the php.ini file :
Code: Select all
register_globals = Off
upload_tmp_dir = /data/tmp
session.save_path = "/data/tmp"