The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 11 posts ] 
Author Message
PostPosted: Tue Sep 12, 2006 10:05 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Tue Sep 12, 2006 9:41 pm
Posts: 3
Hi there,

After the 1.011 Joomla upgrade, the Website of my team started to randomly presenting the following error:

Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.

In the admin area of Joomla, the information "PHP register_globals setting is `ON` instead of `OFF`" appears, the problem is that we  can't change the php.ini and the .htacess file does not apply to IIS.

Any solutions?

What could be happening to cause the random failures?

Every help would be appreciated.


Top
 Profile  
 
PostPosted: Tue Sep 12, 2006 11:22 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
Chances are it is being caught in a new check that was implemented for 1.0.11.  It is caused by a numeric variable key (most likely) due to an old session cookie or something of that nature.  What extensions are you using on your site?  Make sure you have all of the latest versions and just tell your team to clear their cookies and things should be okay (assuming the extensions have been fixed to work with the new checks).  For example, a joomla login cookie could contain an all numeric hash but it is unlikely that it is this if you are experiencing for a lot of users.  We made sure to fix the hash creation process to prefix all hashes with a j to make sure they were not purely numeric under any circumstances.  Hopefully that helps.

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Wed Sep 13, 2006 1:41 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Tue Sep 12, 2006 9:41 pm
Posts: 3
robs,

Thanks for the support  :)

We already take some actions and the site is np now.

First, we disabled all the recently added extensions.
Second, we are going to sent an e-mail to all users to clean their cookies.

If the situation starts to be stable (after de cookies cleanup) then we will check the extensions version and start by activating one by one.

I will keep giving feedback. Thanks once more.


Top
 Profile  
 
PostPosted: Thu Sep 14, 2006 2:30 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Sep 13, 2006 10:30 am
Posts: 2
The problem persists.

We use the SMF bridge, we have changed the cookie name but the problem persist.

We have the following extensions in our installation :

AkoBook  -  version 3.42  - Disabled
Events - version 1.2 - Enabled
eWeather - 1.1.0 - Enabled
JCE Admin  -  1.0.4 Enabled
Marketplace - 1.2.1 Enabled
ReMOSitory  - 3.25 Enabled
SMF Bridge - 1.1.6 Enabled
VirtueMart - 1.0.6 Enabled

We have disabled all the extensions (just leave the SMF Bridge).

We are thinking to donwgrade the version to 1.0.8 (the latest version we have installed), what we need to do ? Only copy the files ???

Thenks.


Top
 Profile  
 
PostPosted: Thu Sep 14, 2006 9:58 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Tue Sep 12, 2006 9:41 pm
Posts: 3
We couldn't wait longer...the error was appearing constantly.

We decided to downgrade again to 1.0.8

We copied all the directory content to the joomla root except for the installation dir.

It's seems to be working fine now!


Top
 Profile  
 
PostPosted: Mon Sep 18, 2006 7:56 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Fri Apr 28, 2006 9:58 am
Posts: 1
check if you have forms somewhere that post fields with numeric names. thats illegal from version .11 and can give you this error.

cheers,
Pascal.


Top
 Profile  
 
PostPosted: Fri Sep 22, 2006 12:20 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Thu Sep 15, 2005 1:44 am
Posts: 1
I found the same problem in my joomla. But because i have two webserver for the same site if i visit the www1.mydomain.com and the www2.mydomain.com and its works.

I only have this problem wih the firefox, i clean up the cookies, and start to work again.

I houpe it was helpfull


Top
 Profile  
 
PostPosted: Fri Sep 22, 2006 9:53 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Sep 13, 2006 10:30 am
Posts: 2
Thanks Sergio,

We have asked all the members to clear their cookies but we have a lot of non members visiting the webpage everyday. We have made the downgrade and everything works fine now.

We will wait for a next release ...


Top
 Profile  
 
PostPosted: Fri Sep 22, 2006 11:31 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
This behavior is not a bug but is intended as it prevents the exploitation of a bug in some versions of PHP.  I don't think it will be removed.

If and only if you are running the latest version of PHP (4.4.4 or 5.1.6) you could consider commenting out the line below from globals.php.

line 40 in globals.php:
Code:
$failed |= is_numeric( $key );


change to:
Code:
//$failed |= is_numeric( $key );


That should "fix" the problem by removing the check that is causing the warning and abort to occur.  I repeat, do not remove that line unless you are running the lastest version of PHP as it could open your system up to more serious security threats.

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Tue May 03, 2011 10:03 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Tue May 03, 2011 9:53 pm
Posts: 1
Where do you find globals.php in joomla version 1.5.23.

I'll leave it at that lol
Way to complicated and time consuming to explain... 8 hours invested in this problem :-\ :pop


Top
 Profile  
 
PostPosted: Sat Jan 21, 2012 7:08 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Sat Jan 21, 2012 6:57 pm
Posts: 1
The issue is rooted in the AJAX requests, and specifically in the timestamp appended to the requested url to prevent loading the content from the browser`s cache. And because this is being added not as a key=value pair but just as single value Joomla threats is as url parameter, which indeed is a numeric.

Hacking the Joomla core is not necessary to fix this. The fix is to alter the javascript that does this cache preventing thing by making it to append key=value pair, so the value can still be the timetsmp and the key can be anything you'r mind desire.

I just made it like this *the example is from the com_listbingo "components/com_listbingo/templates/default/js/m11/validation.js" that deals with the add/edit an add form validation which was failing on verifying the captcha because of this issue)

CODE (line ) BEFORE:
var url='index.php?option=com_listbingo&task=addons.captcha.front.verifyCaptcha&cval='+capvalue+'&format=raw&' +new Date();

CODE (line ) AFTER:
var url='index.php?option=com_listbingo&task=addons.captcha.front.verifyCaptcha&cval='+capvalue+'&format=raw&random=' +new Date();


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 



Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group