Components not working with Register Globals Emulation off

[Beat]

Please not that PHP setting "register_globals" is different from Joomla! "RG_EMULATION" parameter in file globals.php.

This thread is *only* to list and discuss about components broken/incompatible with "RG_EMULATION" turnded to OFF, and publish fixes, until their authors release a fixed version.

Please keep questions regarding "register_globals" and "RG_EMULATION" in other threads. THANKS for staying ON TOPIC 

[rejuvinet]

Sanni, you might try adding the following line toward the end of your .htaccess file to see if you can turn register_globals off locally for your sites.

Code: Select all

php_flag register_globals off

This may or may not help, but if it does, then you will most likely be able to see the change reflected in both your Joomla! System Info and Php Info tabs in the Joomla! admin area. In the Php info tab, you will see a column for "Local Value" and a column for "Master Value". The Local value for registers_global should read "Off" while the Master value will still read "On".

Just tried this neat little trick - worked like a charm. 

Thanks Dayworks!

[dayworks]

Sanni, you might try adding the following line toward the end of your .htaccess file to see if you can turn register_globals off locally for your sites.

Code: Select all

php_flag register_globals off

This may or may not help, but if it does, then you will most likely be able to see the change reflected in both your Joomla! System Info and Php Info tabs in the Joomla! admin area. In the Php info tab, you will see a column for "Local Value" and a column for "Master Value". The Local value for registers_global should read "Off" while the Master value will still read "On".

Just tried this neat little trick - worked like a charm. 

Thanks Dayworks!

Happy, happy, joy, joy!  I mean that strictly in the "ON TOPIC" sense of course. 

[rejuvinet]

Heh - I posted that to you *before* I got to the "stay on topic" post by Beat. 

BUT - it is relevant (at least in my eyes) as it *does* work and it compliments the posts regarding the emulator settings.  I've got both warnings "turned off" now and I'm secured (as much as I can be sure of, anyway).

And Beat - THANK YOU for your hard work.  I was worried that my Joomlaboard wouldn't work right if I set things to "off", but your fixes worked like a charm.  My hat's off to you!!! 

[tresan]

Tx for the php_flag register_globals off tip for .htaccess - Worked like a charm!

[lividcreature]

Hey all, Noob here...

Tx for the php_flag register_globals off tip for .htaccess - Worked like a charm!

That fix in .htaccess didn't work for me.. About how close to the end should that be applied to in the text file?

Also, Beat, I read your fix for joomlaboard.. However I am confused. You first posted a fix with all of that code, then numerous other fixes below it... Should I just use the fix thats all bundled in to one, or will I have to search through all of the rest of  that code and do it that way?

Ok, regarding JoomlaBoard 1.1.2, I didn't do a full analysis, but this quick fix helps quite far:

in begining of components/com_joomlaboard/joomlaboard.php change (actually add 14 lines):

Code: Select all

$catid  = mosGetParam ( $_GET, 'catid' , '' );
$Itemid = mosGetParam ( $_GET, 'Itemid', '' );
$func   = mosGetParam ( $_GET, 'func'  , '' );
//If they're not put in with get requests, try post requests else default to value given
if ($catid  == '' ) $catid  = mosGetParam ( $_POST, 'catid' , '0'      );
if ($Itemid == '' ) $Itemid = mosGetParam ( $_POST, 'Itemid', '1'      );
if ($func   == '' ) $func   = mosGetParam ( $_POST, 'func'  , 'listcat');

to:

Code: Select all

$catid  = mosGetParam ( $_GET, 'catid' , '' );
$Itemid = mosGetParam ( $_GET, 'Itemid', '' );
$func   = mosGetParam ( $_GET, 'func'  , '' );
if (isset($_GET["id"])) $id  = mosGetParam ( $_GET, 'id' , '' );				//BBTEMPFIX
if (isset($_GET["do"])) $do  = mosGetParam ( $_GET, 'do' , '' );				//BBTEMPFIX
if (isset($_GET["replyto"])) $replyto  = mosGetParam ( $_GET, 'replyto' , '' );	//BBTEMPFIX
if (isset($_GET["page"])) $page  = mosGetParam ( $_GET, 'page' , '' );	//BBTEMPFIX
if (isset($_GET["sel"])) $sel  = mosGetParam ( $_GET, 'sel' , '' );	//BBTEMPFIX
if (isset($_GET["userid"])) $userid  = mosGetParam ( $_GET, 'userid' , '' );	//BBTEMPFIX
if (isset($_GET["pid"])) $pid  = mosGetParam ( $_GET, 'pid' , '' );	//BBTEMPFIX
if (isset($_GET["view"])) $view  = mosGetParam ( $_GET, 'view' , '' );	//BBTEMPFIX
//If they're not put in with get requests, try post requests else default to value given
if ($catid  == '' ) $catid  = mosGetParam ( $_POST, 'catid' , '0'      );
if ($Itemid == '' ) $Itemid = mosGetParam ( $_POST, 'Itemid', '1'      );
if ($func   == '' ) $func   = mosGetParam ( $_POST, 'func'  , 'listcat');
if (!isset($id)      		&& isset($_POST["id"]))      		$id      		= mosGetParam ( $_POST, 'id'  , '');		 //BBTEMPFIX
if (!isset($do)      		&& isset($_POST["do"]))      		$do      		= mosGetParam ( $_POST, 'do'  , '');		 //BBTEMPFIX
if (!isset($replyto) 		&& isset($_POST["replyto"])) 		$replyto 		= mosGetParam ( $_POST, 'replyto'  , ''); //BBTEMPFIX
if (!isset($parentid) 		&& isset($_POST["parentid"])) 		$parentid 		= mosGetParam ( $_POST, 'parentid'  , ''); //BBTEMPFIX
if (!isset($action) 		&& isset($_POST["action"])) 		$action 		= mosGetParam ( $_POST, 'action'  , ''); //BBTEMPFIX
if (!isset($contentURL) 	&& isset($_POST["contentURL"])) 	$contentURL 	= mosGetParam ( $_POST, 'contentURL'  , ''); //BBTEMPFIX
if (!isset($sb_authorname) 	&& isset($_POST["sb_authorname"])) 	$sb_authorname 	= mosGetParam ( $_POST, 'sb_authorname'  , ''); //BBTEMPFIX
if (!isset($email) 			&& isset($_POST["email"])) 			$email 			= mosGetParam ( $_POST, 'email'  , ''); //BBTEMPFIX
if (!isset($subject) 		&& isset($_POST["subject"])) 		$subject 		= mosGetParam ( $_POST, 'subject'  , ''); //BBTEMPFIX
if (!isset($topic_emoticon) && isset($_POST["topic_emoticon"])) $topic_emoticon = mosGetParam ( $_POST, 'topic_emoticon'  , ''); //BBTEMPFIX
if (!isset($message) 		&& isset($_POST["message"])) 		$message 		= mosGetParam ( $_POST, 'message'  , ''); //BBTEMPFIX
if (!isset($subscribeMe)	&& isset($_POST["subscribeMe"])) 	$subscribeMe 	= mosGetParam ( $_POST, 'subscribeMe'  , ''); //BBTEMPFIX
if (!isset($attachimage)	&& isset($_FILES['attachimage']))	$attachimage	= mosGetParam ( $_FILES['attachimage'], 'name', ''); //BBTEMPFIX
if (!isset($attachfile)		&& isset($_FILES['attachfile']))	$attachfile		= mosGetParam ( $_FILES['attachfile'], 'name', ''); //BBTEMPFIX
if (!isset($sb_thread)		&& isset($_REQUEST["sb_thread"]))	$sb_thread	 	= mosGetParam ( $_REQUEST, 'sb_thread'  , '');  //BBTEMPFIX
if (!isset($thread)			&& isset($_REQUEST["thread"]))		$thread			= mosGetParam ( $_REQUEST, 'thread'  , '');  //BBTEMPFIX
if (!isset($markaction)		&& isset($_POST["markaction"])) 	$markaction 	= mosGetParam ( $_POST, 'markaction'  , '');  //BBTEMPFIX

This allows to browse from forum to threads list and from threads list to thread, as well as to type and send post reply, as well as edit a post.
I didn't test everything and didn't do a security review of JoomlaBoard itself, but could someone please test and post test-results quickly ?

Bug Artifact created for JoomlaBoard here:
http://forge.joomla.org/sf/tracker/do/v ... s/artf5660

(CB quick fix following in next post)

EDIT: added above for threads page browsing and correct latest posts timeframe selection:
if (isset($_GET["page"])) $page  = mosGetParam ( $_GET, 'page' , '' ); //BBTEMPFIX
if (isset($_GET["sel"])) $sel  = mosGetParam ( $_GET, 'sel' , '' ); //BBTEMPFIX

EDIT added above:
if (!isset($sb_thread) && isset($_REQUEST["sb_thread"])) $sb_thread = mosGetParam ( $_REQUEST, 'sb_thread'  , '');  //BBTEMPFIX
if (!isset($thread) && isset($_REQUEST["thread"])) $thread = mosGetParam ( $_REQUEST, 'thread'  , '');  //BBTEMPFIX

EDIT: added then CHANGED above:
if (!isset($subscribeMe) && isset($_POST["subscribeMe"])) $subscribeMe = mosGetParam ( $_POST, 'subscribeMe'  , ''); //BBTEMPFIX
if (!isset($attachimage) && isset($_FILES['attachimage'])) $attachimage = mosGetParam ( $_FILES['attachimage'], 'name', ''); //BBTEMPFIX
if (!isset($attachfile) && isset($_FILES['attachfile'])) $attachfile = mosGetParam ( $_FILES['attachfile'], 'name', ''); //BBTEMPFIX

EDIT: added above:
if (isset($_GET["userid"])) $userid  = mosGetParam ( $_GET, 'userid' , '' ); //BBTEMPFIX
if (isset($_GET["pid"])) $pid  = mosGetParam ( $_GET, 'pid' , '' ); //BBTEMPFIX
if (!isset($markaction) && isset($_POST["markaction"])) $markaction = mosGetParam ( $_POST, 'markaction'  , '');  //BBTEMPFIX

EDIT: added above:
if (isset($_GET["view"])) $view  = mosGetParam ( $_GET, 'view' , '' ); //BBTEMPFIX

[dayworks]

Tx for the php_flag register_globals off tip for .htaccess - Worked like a charm!

Tresan, you are quite welcome as well and I concur with Rejuvinet that Beat deserves our thanks for his efforts with regard to these issues as well and his fine contributions to the CB endeavor. Hey, uhhh... something's going on because I just realized I'm going OFF-TOPIC again SO... I take everything I just now said back and apologize for my disrespectful behavior and the embarrassement I've probably caused everyone that's tracking this thread. WHAT! That's not right either!! My apology was OFF-TOPIC TOO!!! OMG!!!! It seems it seems I've been hijacked and there's now way out of this for me!!!!! No, wait it's... maybe there's a way. Yes... time to rewrite.

CMD Bob:

Code: Select all

php_flag register_globals off

Ok, I'm all better now

...and back ON-TOPIC.

Given that, I noticed the new J! seems to have broken v.1.0 of the Graphical UHP component, but I've not investigated it fully just yet so I have no other report than that. It just might be something for anyone using that version of User Home Pages thingy to check for.

[Lipton]

As someone who is no expert in those things, what does the addition to the .htaccess file different than not making the "AKOCOMMENT" work again ? Because it still doesn´t works. And as also the latest Joomla 1.0.11 update says, its recommended to turn off the RG stuff in the globals.php.

So, there is nothing to make AKOCOMMENT work again ? Btw, I do have security Images running and get always "Wrong Security Code" since the Update.

Anyone can help me, maybe not the expert way ? Thx.

[Lipton]

I'll second Joomlaboard (1.1.2) having problems w/RG emulation. I lost the ability to post messages. (Thanks for the heads up MarHaj. I hadn't gotten that far in testing.)

I also have a slight problem with Community Builder (1.0.1). The navigation on the user list (next, 1, 2, 3, etc) will only return the 1st page, even though the link's correct. I posted that issue over at Joomlapolis. All other CB functionality that I'm using seems to work fine.

Confirming CB 1.0.1 (and previous versions) problem with that front-end users-lists pager function. Problem found and fix-proposal ready for your tests (emailed and PMed you on Joomlapolis).

Looking now into the JoomlaBoard problem.

Can you please tell me what I can do to make that work again, with the userlist in CB ?

And one other question, how do I get Akocomment work again after the Update with RG 0 ? It isn´t working anymore, I have security Images running and though I found something in an other thread, it seems not to help. I always get Wrong Security Code. AkoBook doesn´t works at all after the update to 1.0.11 with RG 0.

Any tips for that ?

[Beat]

As someone who is no expert in those things, what does the addition to the .htaccess file different than not making the "AKOCOMMENT" work again ? Because it still doesn´t works. And as also the latest Joomla 1.0.11 update says, its recommended to turn off the RG stuff in the globals.php.

So, there is nothing to make AKOCOMMENT work again ? Btw, I do have security Images running and get always "Wrong Security Code" since the Update.

Anyone can help me, maybe not the expert way ? Thx.

Here we go...  :P

...that's what happens when 2 topics get mixed in the same thread. 

NO  both things have nothing to do with each other (except they are two separate lines of defense on the same front  ).

Could a forum moderator please move the posts regarding "PHP register_globals setting" (and only those, not the ones regarding components not working with "RG_EMULATION OFF") to the thread talking about about how to set register_globals to OFF please ? it's this one btw for further posts regarding "PHP register_globals setting":
http://forum.joomla.org/index.php?topic=75990
After that you can please also delete this post as well...

@lividcreature: yes, first post contains all fixes as stated....

No more posts in this thread regarding "PHP register_globals setting" below this line please:

***** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed *****_

[Reind]

Does someone know how to fix the problems with the security images solution for akocomment. I used the Dominik Paulus security images protection but when RG_EMULATION is set to 0 the spam protection keeps screaming that an wrong security code is inserted.

I made my version of Akocomment W3C valid and i want to keep it that way, all the other hacked versions do not meet the W3C standards and not with one or 2 errors but with 200 errors so i dont want to install one of those crappy versions. (they also dont work at this moment).

[mediawizard]

List of uncompatible components:


Component
Version
Fix


com_puarcade

But my real question ...... i have changed everything what was in this topic ....only now my com_puarcade (flash games component) doesn't work anymore.
if somebody want's the puarcade.php he/she can reach me on .......

In the past I tested com_puarcade on a server with Register Globals = OFF, and got a lot of errors.
This component needs Register Globals = On, or maybe you can hack the code. (Or inform the author, maybe he/she will improve the code).

puarcade is nothing but a component wrapper for a standard javascript affiliate code provided by zylom games.
And as far as I know the developer site is no longer active.

I just created a simple static page with the following code (no editors to add code) :

Code: Select all

<script src="http://www.zylomgames.com/partnerprogram/gamelist.jsp?pid=1648&l=1"></script>

Note : The pid=1648 is my affiliate code, you can signup for the zylom affiliate program and use your own or even get more diplay options that can be used as javascript.

[dayworks]

As someone who is no expert in those things, what does the addition to the .htaccess file different than not making the "AKOCOMMENT" work again ? Because it still doesn´t works. And as also the latest Joomla 1.0.11 update says, its recommended to turn off the RG stuff in the globals.php.

So, there is nothing to make AKOCOMMENT work again ? Btw, I do have security Images running and get always "Wrong Security Code" since the Update.

Anyone can help me, maybe not the expert way ? Thx.

Here we go...  :P

...that's what happens when 2 topics get mixed in the same thread. 

NO  both things have nothing to do with each other (except they are two separate lines of defense on the same front  ).

Could a forum moderator please move the posts regarding "PHP register_globals setting" (and only those, not the ones regarding components not working with "RG_EMULATION OFF") to the thread talking about about how to set register_globals to OFF please ? it's this one btw for further posts regarding "PHP register_globals setting":
http://forum.joomla.org/index.php?topic=75990
After that you can please also delete this post as well...

@lividcreature: yes, first post contains all fixes as stated....

No more posts in this thread regarding "PHP register_globals setting" below this line please:

***** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed *****_

It sounds good to me Beat. Hey, do you think it would help if the name of this thread was changed to something different from, "Don't forget to turn off register global emulation of Joomla as well !!!"

Perhaps that is why some folks got the idea that this discussion had something to do with globals issues.

Just a thought.

[tyler]

...do you think it would help if the name of this thread was changed to something different from, "Don't forget to turn off register global emulation of Joomla as well !!!"

Perhaps that is why some folks got the idea that this discussion had something to do with globals issues....

register global emulation is the Joomla setting, whereas Register Globals (w/o the emulation) is the php.ini server settings.

Just thought I'd clarify for those who don't know the difference   even though Adam's thread title says: "register global emulation of Joomla"

[yorokobi]

Anyone know how to fix MgMediaBot ?  Seems that turning off emulation broke it...   :(

EDIT: Maybe this is related?  I just clicked "Site Mambots" in the backend, and when I click on ANY mambot in the list where I used to go to a page with some config items I now get a popup box that says "Restricted Access"....  Did I break somthing or what?

[aachleon]

Like yorokobi, I am now also now receiving the "Restricted Access" popup when clicking on any mambot link in Mambot Manager.

Ideas?

[Lipton]

Like yorokobi, I am now also now receiving the "Restricted Access" popup when clicking on any mambot link in Mambot Manager.

Ideas?

I put the fix admin.mambots.php in my /administrator/components/com_mambots/ Folder, replaced the old one, and it worked again with the Mambots in the Admin Backend.

[davemgood]

Like yorokobi, I am now also now receiving the "Restricted Access" popup when clicking on any mambot link in Mambot Manager.

Ideas?

I put the fix admin.mambots.php in my /administrator/components/com_mambots/ Folder, replaced the old one, and it worked again with the Mambots in the Admin Backend.

I hate to appear ignorant. This thread jumps around so much.

But, which 'fix' goes into the 'admin.mambots.php' file?

Thanks much!

dave 

[Lipton]

The attached file at this Post --> http://forum.joomla.org/index.php/topic,89865.0.html

[AmyStephen]

MODERATOR:

#1 - can we have this as a STICKIE during upgrades?

#2 - can we have this renamed Broken Extensions due to RG_EMULATION OFF (Good idea, Dayworks!)

#3 - will you help with Beat's request to split out the mixed in topics? Our title and the complexity of the work made it hard to keep things split.


THANKS SO MUCH!
Amy

PS - BTW - Beat, who has worked tirelessly for over a week, now, on this security release, whimped out and went to sleep at 3am this morning! We will have to pay him a bit more for his efforts! I say DOUBLE his salary! Ah, what the heck, TRIPLE IT!

[AmyStephen]

Websmurf and Beat -

Does it seem like Jon's problem might be related to the RG_EMULATION OFF?

We are running myPMS II integrated with Community Builder 1.0.1.
Post 1.0.11 upgrade PMS will display list of private messages, but will not open them.
Author's site http://www.taher-zadeh.com  appears to be offline.  CB connections tab icon tooltips no longer display (pm, email, view profle)
If emulate globals is returned to on in globals.php, PMS comes back to life.


Also running Xe-VideoGalleryV1 XL
Back end category management no longer permits unpublish or delete.



SMO Ajax Shoutbox won't send messages.

I remain confident that these issues will be resolved as they're identified.

[Websmurf]

Yeah, if switching that variable in globals.php makes it work again, that's the problem.

[AmyStephen]

Hey Websmurf! Welcome back ;-)  (If you are a moderator ? can you help with the stickie and splitting out the topics for Beat?)

I left a note for rccummings that I was going to copy this likely suspect here, too.

can someone help me out in translating this message i received when changing global emulation to "0"... i got this thing

An error has occured: 
Could not generate a temporary file.

Go back or Go to the login page


Technical information for developers:

The error occured in file /usr/local/ndn/web/webftp/includes/filesystem.inc.php on line 1618.

function acceptfiles (/usr/local/ndn/web/webftp/modules/upload/upload.inc.php on line 242)
function net2ftp_module_printbody (/usr/local/ndn/web/webftp/main.inc.php on line 288)
function net2ftp (/usr/local/ndn/web/webftp/index.php on line 54) 

what's it all mean?

[Beat]

Hey Websmurf! Welcome back ;-)  (If you are a moderator ? can you help with the stickie and splitting out the topics for Beat?)

I left a note for rccummings that I was going to copy this likely suspect here, too.

can someone help me out in translating this message i received when changing global emulation to "0"... i got this thing

An error has occured: 
Could not generate a temporary file.

Go back or Go to the login page


Technical information for developers:

The error occured in file /usr/local/ndn/web/webftp/includes/filesystem.inc.php on line 1618.

function acceptfiles (/usr/local/ndn/web/webftp/modules/upload/upload.inc.php on line 242)
function net2ftp_module_printbody (/usr/local/ndn/web/webftp/main.inc.php on line 288)
function net2ftp (/usr/local/ndn/web/webftp/index.php on line 54) 

what's it all mean?

1. Looking at file-paths: this isn't related to a component broken by RG_EMULATION 0FF (0)
2. Looking at the very short description: it's "not being able to change the file global.php"
So (one more slightly "off-topic" ) : belongs to the support area of the hoster and in "updates" sub-forum and not here, unless I misunderstood "2."

[AmyStephen]

Well, it's now 3am for me, so, my thinking is getting worse.

But - here's how I took all of this.

1. It's all webftp? I don't know what that is, I guess. I thought it was an extension.?
2. I took it that he was saying the global emulation was changed to "0" / THEN the problems occurred.

He has another thread that we can just keep rolling! Your call!
Amy

[Beat]

Well, it's now 3am for me, so, my thinking is getting worse.

But - here's how I took all of this.

1. It's all webftp? I don't know what that is, I guess. I thought it was an extension.?
2. I took it that he was saying the global emulation was changed to "0" / THEN the problems occurred.

He has another thread that we can just keep rolling! Your call!
Amy

No worry, Amy, I should have realized there was a link to the other thread embedded in the quote...my fault
You can recognize a joomla component when it has at least something like /components/ in its filepath.
And i didn't say in bold off-topic, but only *slightly*

Thanks for your restless help in these updates (and don't forget to sleep ).

[syan]

Information
List of uncompatible components :
- RSGallery2 1.11.6 (zip upload, rename file,..)
- DatsoGallery 1.3.6 (zip upload)

register globals off AND RG_Emulation 1 = O.K.
register globals off AND RG_Emulation 0 = Not O.K.

[annemari]

AkoForms fix, maybe.

I didn't find a fix for AkoForms, so here's my try, if some pro person could maybe check this through?

add to file components/akoforms.php, before  defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );


$func = mosGetParam( $_REQUEST, 'func', null );
$task = mosGetParam( $_REQUEST, 'task', null );
$formid = mosGetParam( $_REQUEST, 'formid', null );

administrator/components/admin.akoforms.php

before  defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

$task = mosGetParam( $_REQUEST, 'task', null );
$cid = mosGetParam( $_REQUEST, 'cid', array( 0 ) );
$uid = mosGetParam( $_REQUEST, 'uid', array( 0 ) );
if (!is_array( $cid )) {
$ocid=$cid;
$cid = array ();
$cid[]=$ocid;
mosArrayToInts($cid);
}

Something might still be missing, I'm just testing 

[Websmurf]

Information
List of uncompatible components :
- RSGallery2 1.11.6 (zip upload, rename file,..)
- DatsoGallery 1.3.6 (zip upload)

register globals off AND RG_Emulation 1 = O.K.
register globals off AND RG_Emulation 0 = Not O.K.

Added those to the list as well

[mwep]

We used beats fix to patch JB and CB but it appears as though a6MamboHelpDesk Version 1.2 - active6.com is also having issues.

Does anyone else use this component, and if so, is it working with register global emulation off ?

Thanks!