Joomla! Forum - community, help and support

Hi there,

After the 1.011 Joomla upgrade, the Website of my team started to randomly presenting the following error:

Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.

In the admin area of Joomla, the information "PHP register_globals setting is `ON` instead of `OFF`" appears, the problem is that we  can't change the php.ini and the .htacess file does not apply to IIS.

Any solutions?

What could be happening to cause the random failures?

Every help would be appreciated.

Chances are it is being caught in a new check that was implemented for 1.0.11.  It is caused by a numeric variable key (most likely) due to an old session cookie or something of that nature.  What extensions are you using on your site?  Make sure you have all of the latest versions and just tell your team to clear their cookies and things should be okay (assuming the extensions have been fixed to work with the new checks).  For example, a joomla login cookie could contain an all numeric hash but it is unlikely that it is this if you are experiencing for a lot of users.  We made sure to fix the hash creation process to prefix all hashes with a j to make sure they were not purely numeric under any circumstances.  Hopefully that helps.

robs,

Thanks for the support 

We already take some actions and the site is np now.

First, we disabled all the recently added extensions.
Second, we are going to sent an e-mail to all users to clean their cookies.

If the situation starts to be stable (after de cookies cleanup) then we will check the extensions version and start by activating one by one.

I will keep giving feedback. Thanks once more.

The problem persists.

We use the SMF bridge, we have changed the cookie name but the problem persist.

We have the following extensions in our installation :

AkoBook  -  version 3.42  - Disabled
Events - version 1.2 - Enabled
eWeather - 1.1.0 - Enabled
JCE Admin  -  1.0.4 Enabled
Marketplace - 1.2.1 Enabled
ReMOSitory  - 3.25 Enabled
SMF Bridge - 1.1.6 Enabled
VirtueMart - 1.0.6 Enabled

We have disabled all the extensions (just leave the SMF Bridge).

We are thinking to donwgrade the version to 1.0.8 (the latest version we have installed), what we need to do ? Only copy the files

Thenks.

We couldn't wait longer...the error was appearing constantly.

We decided to downgrade again to 1.0.8

We copied all the directory content to the joomla root except for the installation dir.

It's seems to be working fine now!

check if you have forms somewhere that post fields with numeric names. thats illegal from version .11 and can give you this error.

cheers,
Pascal.

I found the same problem in my joomla. But because i have two webserver for the same site if i visit the www1.mydomain.com and the www2.mydomain.com and its works.

I only have this problem wih the firefox, i clean up the cookies, and start to work again.

I houpe it was helpfull

Thanks Sergio,

We have asked all the members to clear their cookies but we have a lot of non members visiting the webpage everyday. We have made the downgrade and everything works fine now.

We will wait for a next release ...

This behavior is not a bug but is intended as it prevents the exploitation of a bug in some versions of PHP.  I don't think it will be removed.

If and only if you are running the latest version of PHP (4.4.4 or 5.1.6) you could consider commenting out the line below from globals.php.

line 40 in globals.php: change to: That should "fix" the problem by removing the check that is causing the warning and abort to occur.  I repeat, do not remove that line unless you are running the lastest version of PHP as it could open your system up to more serious security threats.

Where do you find globals.php in joomla version 1.5.23.

I'll leave it at that lol
Way to complicated and time consuming to explain... 8 hours invested in this problem

The issue is rooted in the AJAX requests, and specifically in the timestamp appended to the requested url to prevent loading the content from the browser`s cache. And because this is being added not as a key=value pair but just as single value Joomla threats is as url parameter, which indeed is a numeric.

Hacking the Joomla core is not necessary to fix this. The fix is to alter the javascript that does this cache preventing thing by making it to append key=value pair, so the value can still be the timetsmp and the key can be anything you'r mind desire.

I just made it like this *the example is from the com_listbingo "components/com_listbingo/templates/default/js/m11/validation.js" that deals with the add/edit an add form validation which was failing on verifying the captcha because of this issue)

CODE (line ) BEFORE:
var url='index.php?option=com_listbingo&task=addons.captcha.front.verifyCaptcha&cval='+capvalue+'&format=raw&' +new Date();

CODE (line ) AFTER:
var url='index.php?option=com_listbingo&task=addons.captcha.front.verifyCaptcha&cval='+capvalue+'&format=raw&random=' +new Date();