IIS server+PHP - Joomla 1.011 - Error: Illegal variable _files or _env...
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Fledgling
- Posts: 3
- Joined: Tue Sep 12, 2006 9:41 pm
IIS server+PHP - Joomla 1.011 - Error: Illegal variable _files or _env...
Hi there,
After the 1.011 Joomla upgrade, the Website of my team started to randomly presenting the following error:
Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.
In the admin area of Joomla, the information "PHP register_globals setting is `ON` instead of `OFF`" appears, the problem is that we can't change the php.ini and the .htacess file does not apply to IIS.
Any solutions?
What could be happening to cause the random failures?
Every help would be appreciated.
After the 1.011 Joomla upgrade, the Website of my team started to randomly presenting the following error:
Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.
In the admin area of Joomla, the information "PHP register_globals setting is `ON` instead of `OFF`" appears, the problem is that we can't change the php.ini and the .htacess file does not apply to IIS.
Any solutions?
What could be happening to cause the random failures?
Every help would be appreciated.
- RobS
- Joomla! Ace
- Posts: 1366
- Joined: Mon Dec 05, 2005 10:17 am
- Location: New Orleans, LA, USA
- Contact:
Re: IIS server+PHP - Joomla 1.011 - Error: Illegal variable _files or _env...
Chances are it is being caught in a new check that was implemented for 1.0.11. It is caused by a numeric variable key (most likely) due to an old session cookie or something of that nature. What extensions are you using on your site? Make sure you have all of the latest versions and just tell your team to clear their cookies and things should be okay (assuming the extensions have been fixed to work with the new checks). For example, a joomla login cookie could contain an all numeric hash but it is unlikely that it is this if you are experiencing for a lot of users. We made sure to fix the hash creation process to prefix all hashes with a j to make sure they were not purely numeric under any circumstances. Hopefully that helps.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
-
- Joomla! Fledgling
- Posts: 3
- Joined: Tue Sep 12, 2006 9:41 pm
Re: IIS server+PHP - Joomla 1.011 - Error: Illegal variable _files or _env...
robs,
Thanks for the support
We already take some actions and the site is np now.
First, we disabled all the recently added extensions.
Second, we are going to sent an e-mail to all users to clean their cookies.
If the situation starts to be stable (after de cookies cleanup) then we will check the extensions version and start by activating one by one.
I will keep giving feedback. Thanks once more.
Thanks for the support
We already take some actions and the site is np now.
First, we disabled all the recently added extensions.
Second, we are going to sent an e-mail to all users to clean their cookies.
If the situation starts to be stable (after de cookies cleanup) then we will check the extensions version and start by activating one by one.
I will keep giving feedback. Thanks once more.
-
- Joomla! Fledgling
- Posts: 2
- Joined: Wed Sep 13, 2006 10:30 am
Re: IIS server+PHP - Joomla 1.011 - Error: Illegal variable _files or _env...
The problem persists.
We use the SMF bridge, we have changed the cookie name but the problem persist.
We have the following extensions in our installation :
AkoBook - version 3.42 - Disabled
Events - version 1.2 - Enabled
eWeather - 1.1.0 - Enabled
JCE Admin - 1.0.4 Enabled
Marketplace - 1.2.1 Enabled
ReMOSitory - 3.25 Enabled
SMF Bridge - 1.1.6 Enabled
VirtueMart - 1.0.6 Enabled
We have disabled all the extensions (just leave the SMF Bridge).
We are thinking to donwgrade the version to 1.0.8 (the latest version we have installed), what we need to do ? Only copy the files
Thenks.
We use the SMF bridge, we have changed the cookie name but the problem persist.
We have the following extensions in our installation :
AkoBook - version 3.42 - Disabled
Events - version 1.2 - Enabled
eWeather - 1.1.0 - Enabled
JCE Admin - 1.0.4 Enabled
Marketplace - 1.2.1 Enabled
ReMOSitory - 3.25 Enabled
SMF Bridge - 1.1.6 Enabled
VirtueMart - 1.0.6 Enabled
We have disabled all the extensions (just leave the SMF Bridge).
We are thinking to donwgrade the version to 1.0.8 (the latest version we have installed), what we need to do ? Only copy the files
Thenks.
-
- Joomla! Fledgling
- Posts: 3
- Joined: Tue Sep 12, 2006 9:41 pm
Re: IIS server+PHP - Joomla 1.011 - Error: Illegal variable _files or _env...
We couldn't wait longer...the error was appearing constantly.
We decided to downgrade again to 1.0.8
We copied all the directory content to the joomla root except for the installation dir.
It's seems to be working fine now!
We decided to downgrade again to 1.0.8
We copied all the directory content to the joomla root except for the installation dir.
It's seems to be working fine now!
-
- Joomla! Fledgling
- Posts: 1
- Joined: Fri Apr 28, 2006 9:58 am
Re: IIS server+PHP - Joomla 1.011 - Error: Illegal variable _files or _env...
check if you have forms somewhere that post fields with numeric names. thats illegal from version .11 and can give you this error.
cheers,
Pascal.
cheers,
Pascal.
-
- Joomla! Fledgling
- Posts: 1
- Joined: Thu Sep 15, 2005 1:44 am
Re: IIS server+PHP - Joomla 1.011 - Error: Illegal variable _files or _env...
I found the same problem in my joomla. But because i have two webserver for the same site if i visit the www1.mydomain.com and the www2.mydomain.com and its works.
I only have this problem wih the firefox, i clean up the cookies, and start to work again.
I houpe it was helpfull
I only have this problem wih the firefox, i clean up the cookies, and start to work again.
I houpe it was helpfull
-
- Joomla! Fledgling
- Posts: 2
- Joined: Wed Sep 13, 2006 10:30 am
Re: IIS server+PHP - Joomla 1.011 - Error: Illegal variable _files or _env...
Thanks Sergio,
We have asked all the members to clear their cookies but we have a lot of non members visiting the webpage everyday. We have made the downgrade and everything works fine now.
We will wait for a next release ...
We have asked all the members to clear their cookies but we have a lot of non members visiting the webpage everyday. We have made the downgrade and everything works fine now.
We will wait for a next release ...
- RobS
- Joomla! Ace
- Posts: 1366
- Joined: Mon Dec 05, 2005 10:17 am
- Location: New Orleans, LA, USA
- Contact:
Re: IIS server+PHP - Joomla 1.011 - Error: Illegal variable _files or _env...
This behavior is not a bug but is intended as it prevents the exploitation of a bug in some versions of PHP. I don't think it will be removed.
If and only if you are running the latest version of PHP (4.4.4 or 5.1.6) you could consider commenting out the line below from globals.php.
line 40 in globals.php:
change to:
That should "fix" the problem by removing the check that is causing the warning and abort to occur. I repeat, do not remove that line unless you are running the lastest version of PHP as it could open your system up to more serious security threats.
If and only if you are running the latest version of PHP (4.4.4 or 5.1.6) you could consider commenting out the line below from globals.php.
line 40 in globals.php:
Code: Select all
$failed |= is_numeric( $key );
Code: Select all
//$failed |= is_numeric( $key );
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
-
- Joomla! Fledgling
- Posts: 1
- Joined: Tue May 03, 2011 9:53 pm
Re: IIS server+PHP - Joomla 1.011 - Error: Illegal variable
Where do you find globals.php in joomla version 1.5.23.
I'll leave it at that lol
Way to complicated and time consuming to explain... 8 hours invested in this problem
I'll leave it at that lol
Way to complicated and time consuming to explain... 8 hours invested in this problem
-
- Joomla! Fledgling
- Posts: 1
- Joined: Sat Jan 21, 2012 6:57 pm
Re: IIS server+PHP - Joomla 1.011 - Error: Illegal variable
The issue is rooted in the AJAX requests, and specifically in the timestamp appended to the requested url to prevent loading the content from the browser`s cache. And because this is being added not as a key=value pair but just as single value Joomla threats is as url parameter, which indeed is a numeric.
Hacking the Joomla core is not necessary to fix this. The fix is to alter the javascript that does this cache preventing thing by making it to append key=value pair, so the value can still be the timetsmp and the key can be anything you'r mind desire.
I just made it like this *the example is from the com_listbingo "components/com_listbingo/templates/default/js/m11/validation.js" that deals with the add/edit an add form validation which was failing on verifying the captcha because of this issue)
CODE (line ) BEFORE:
var url='index.php?option=com_listbingo&task=addons.captcha.front.verifyCaptcha&cval='+capvalue+'&format=raw&' +new Date();
CODE (line ) AFTER:
var url='index.php?option=com_listbingo&task=addons.captcha.front.verifyCaptcha&cval='+capvalue+'&format=raw&random=' +new Date();
Hacking the Joomla core is not necessary to fix this. The fix is to alter the javascript that does this cache preventing thing by making it to append key=value pair, so the value can still be the timetsmp and the key can be anything you'r mind desire.
I just made it like this *the example is from the com_listbingo "components/com_listbingo/templates/default/js/m11/validation.js" that deals with the add/edit an add form validation which was failing on verifying the captcha because of this issue)
CODE (line ) BEFORE:
var url='index.php?option=com_listbingo&task=addons.captcha.front.verifyCaptcha&cval='+capvalue+'&format=raw&' +new Date();
CODE (line ) AFTER:
var url='index.php?option=com_listbingo&task=addons.captcha.front.verifyCaptcha&cval='+capvalue+'&format=raw&random=' +new Date();