Components not working with Register Globals Emulation off

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
User avatar
Beat
Joomla! Guru
Joomla! Guru
Posts: 840
Joined: Thu Aug 18, 2005 8:53 am
Location: Switzerland
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by Beat » Tue Aug 29, 2006 6:48 pm

Please not that PHP setting "register_globals" is different from Joomla! "RG_EMULATION" parameter in file globals.php.

This thread is *only* to list and discuss about components broken/incompatible with "RG_EMULATION" turnded to OFF, and publish fixes, until their authors release a fixed version.

Please keep questions regarding "register_globals" and "RG_EMULATION" in other threads. THANKS for staying ON TOPIC  8)
Beat 8)
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team

 
rejuvinet
I've been banned!
Posts: 132
Joined: Sat Aug 20, 2005 6:35 pm
Location: Montreal, Quebec (Canada)

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by rejuvinet » Tue Aug 29, 2006 8:38 pm

dayworks wrote:

Sanni, you might try adding the following line toward the end of your .htaccess file to see if you can turn register_globals off locally for your sites.

Code: Select all

php_flag register_globals off
This may or may not help, but if it does, then you will most likely be able to see the change reflected in both your Joomla! System Info and Php Info tabs in the Joomla! admin area. In the Php info tab, you will see a column for "Local Value" and a column for "Master Value". The Local value for registers_global should read "Off" while the Master value will still read "On".
Just tried this neat little trick - worked like a charm.  :)

Thanks Dayworks!
Admin Note: User is no longer a member of our community.

User avatar
dayworks
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Thu Aug 25, 2005 2:29 pm
Location: Austin, TX
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by dayworks » Tue Aug 29, 2006 8:50 pm

rejuvinet wrote:
dayworks wrote:

Sanni, you might try adding the following line toward the end of your .htaccess file to see if you can turn register_globals off locally for your sites.

Code: Select all

php_flag register_globals off
This may or may not help, but if it does, then you will most likely be able to see the change reflected in both your Joomla! System Info and Php Info tabs in the Joomla! admin area. In the Php info tab, you will see a column for "Local Value" and a column for "Master Value". The Local value for registers_global should read "Off" while the Master value will still read "On".
Just tried this neat little trick - worked like a charm.  :)

Thanks Dayworks!
Happy, happy, joy, joy!  :) I mean that strictly in the "ON TOPIC" sense of course.  ;)
I used to have a life. Now I have nameservers.

rejuvinet
I've been banned!
Posts: 132
Joined: Sat Aug 20, 2005 6:35 pm
Location: Montreal, Quebec (Canada)

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by rejuvinet » Tue Aug 29, 2006 9:04 pm

Heh - I posted that to you *before* I got to the "stay on topic" post by Beat.  :laugh:

BUT - it is relevant (at least in my eyes) as it *does* work and it compliments the posts regarding the emulator settings.  I've got both warnings "turned off" now and I'm secured (as much as I can be sure of, anyway).

And Beat - THANK YOU for your hard work.  I was worried that my Joomlaboard wouldn't work right if I set things to "off", but your fixes worked like a charm.  My hat's off to you!!!  :)
Admin Note: User is no longer a member of our community.

User avatar
tresan
Joomla! Ace
Joomla! Ace
Posts: 1010
Joined: Thu Feb 09, 2006 3:00 pm
Location: Odense - DK
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!!

Post by tresan » Tue Aug 29, 2006 9:05 pm

Tx for the php_flag register_globals off tip for .htaccess - Worked like a charm!
Ronni K. G. Christiansen (@redwebdk)
http://www.redcomponent.com/ - One big family of Joomla extentions & templates
http://redweb.dk - Joomla Webdesign & Development
redHOST.dk - 100% Joomla Webhotel - Dansk support med Joomla viden!

User avatar
lividcreature
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Tue Aug 29, 2006 9:15 pm
Location: Orange County, CA, USA
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!!

Post by lividcreature » Tue Aug 29, 2006 9:46 pm

Hey all, Noob here...
tresan wrote: Tx for the php_flag register_globals off tip for .htaccess - Worked like a charm!
That fix in .htaccess didn't work for me.. About how close to the end should that be applied to in the text file?

Also, Beat, I read your fix for joomlaboard.. However I am confused. You first posted a fix with all of that code, then numerous other fixes below it... Should I just use the fix thats all bundled in to one, or will I have to search through all of the rest of  that code and do it that way?
Beat wrote: Ok, regarding JoomlaBoard 1.1.2, I didn't do a full analysis, but this quick fix helps quite far:

in begining of components/com_joomlaboard/joomlaboard.php change (actually add 14 lines):

Code: Select all

$catid  = mosGetParam ( $_GET, 'catid' , '' );
$Itemid = mosGetParam ( $_GET, 'Itemid', '' );
$func   = mosGetParam ( $_GET, 'func'  , '' );
//If they're not put in with get requests, try post requests else default to value given
if ($catid  == '' ) $catid  = mosGetParam ( $_POST, 'catid' , '0'      );
if ($Itemid == '' ) $Itemid = mosGetParam ( $_POST, 'Itemid', '1'      );
if ($func   == '' ) $func   = mosGetParam ( $_POST, 'func'  , 'listcat');
to:

Code: Select all

$catid  = mosGetParam ( $_GET, 'catid' , '' );
$Itemid = mosGetParam ( $_GET, 'Itemid', '' );
$func   = mosGetParam ( $_GET, 'func'  , '' );
if (isset($_GET["id"])) $id  = mosGetParam ( $_GET, 'id' , '' );				//BBTEMPFIX
if (isset($_GET["do"])) $do  = mosGetParam ( $_GET, 'do' , '' );				//BBTEMPFIX
if (isset($_GET["replyto"])) $replyto  = mosGetParam ( $_GET, 'replyto' , '' );	//BBTEMPFIX
if (isset($_GET["page"])) $page  = mosGetParam ( $_GET, 'page' , '' );	//BBTEMPFIX
if (isset($_GET["sel"])) $sel  = mosGetParam ( $_GET, 'sel' , '' );	//BBTEMPFIX
if (isset($_GET["userid"])) $userid  = mosGetParam ( $_GET, 'userid' , '' );	//BBTEMPFIX
if (isset($_GET["pid"])) $pid  = mosGetParam ( $_GET, 'pid' , '' );	//BBTEMPFIX
if (isset($_GET["view"])) $view  = mosGetParam ( $_GET, 'view' , '' );	//BBTEMPFIX
//If they're not put in with get requests, try post requests else default to value given
if ($catid  == '' ) $catid  = mosGetParam ( $_POST, 'catid' , '0'      );
if ($Itemid == '' ) $Itemid = mosGetParam ( $_POST, 'Itemid', '1'      );
if ($func   == '' ) $func   = mosGetParam ( $_POST, 'func'  , 'listcat');
if (!isset($id)      		&& isset($_POST["id"]))      		$id      		= mosGetParam ( $_POST, 'id'  , '');		 //BBTEMPFIX
if (!isset($do)      		&& isset($_POST["do"]))      		$do      		= mosGetParam ( $_POST, 'do'  , '');		 //BBTEMPFIX
if (!isset($replyto) 		&& isset($_POST["replyto"])) 		$replyto 		= mosGetParam ( $_POST, 'replyto'  , ''); //BBTEMPFIX
if (!isset($parentid) 		&& isset($_POST["parentid"])) 		$parentid 		= mosGetParam ( $_POST, 'parentid'  , ''); //BBTEMPFIX
if (!isset($action) 		&& isset($_POST["action"])) 		$action 		= mosGetParam ( $_POST, 'action'  , ''); //BBTEMPFIX
if (!isset($contentURL) 	&& isset($_POST["contentURL"])) 	$contentURL 	= mosGetParam ( $_POST, 'contentURL'  , ''); //BBTEMPFIX
if (!isset($sb_authorname) 	&& isset($_POST["sb_authorname"])) 	$sb_authorname 	= mosGetParam ( $_POST, 'sb_authorname'  , ''); //BBTEMPFIX
if (!isset($email) 			&& isset($_POST["email"])) 			$email 			= mosGetParam ( $_POST, 'email'  , ''); //BBTEMPFIX
if (!isset($subject) 		&& isset($_POST["subject"])) 		$subject 		= mosGetParam ( $_POST, 'subject'  , ''); //BBTEMPFIX
if (!isset($topic_emoticon) && isset($_POST["topic_emoticon"])) $topic_emoticon = mosGetParam ( $_POST, 'topic_emoticon'  , ''); //BBTEMPFIX
if (!isset($message) 		&& isset($_POST["message"])) 		$message 		= mosGetParam ( $_POST, 'message'  , ''); //BBTEMPFIX
if (!isset($subscribeMe)	&& isset($_POST["subscribeMe"])) 	$subscribeMe 	= mosGetParam ( $_POST, 'subscribeMe'  , ''); //BBTEMPFIX
if (!isset($attachimage)	&& isset($_FILES['attachimage']))	$attachimage	= mosGetParam ( $_FILES['attachimage'], 'name', ''); //BBTEMPFIX
if (!isset($attachfile)		&& isset($_FILES['attachfile']))	$attachfile		= mosGetParam ( $_FILES['attachfile'], 'name', ''); //BBTEMPFIX
if (!isset($sb_thread)		&& isset($_REQUEST["sb_thread"]))	$sb_thread	 	= mosGetParam ( $_REQUEST, 'sb_thread'  , '');  //BBTEMPFIX
if (!isset($thread)			&& isset($_REQUEST["thread"]))		$thread			= mosGetParam ( $_REQUEST, 'thread'  , '');  //BBTEMPFIX
if (!isset($markaction)		&& isset($_POST["markaction"])) 	$markaction 	= mosGetParam ( $_POST, 'markaction'  , '');  //BBTEMPFIX
This allows to browse from forum to threads list and from threads list to thread, as well as to type and send post reply, as well as edit a post.
I didn't test everything and didn't do a security review of JoomlaBoard itself, but could someone please test and post test-results quickly ?

Bug Artifact created for JoomlaBoard here:
http://forge.joomla.org/sf/tracker/do/v ... s/artf5660

(CB quick fix following in next post)

EDIT: added above for threads page browsing and correct latest posts timeframe selection:
if (isset($_GET["page"])) $page  = mosGetParam ( $_GET, 'page' , '' ); //BBTEMPFIX
if (isset($_GET["sel"])) $sel  = mosGetParam ( $_GET, 'sel' , '' ); //BBTEMPFIX

EDIT added above:
if (!isset($sb_thread) && isset($_REQUEST["sb_thread"])) $sb_thread = mosGetParam ( $_REQUEST, 'sb_thread'  , '');  //BBTEMPFIX
if (!isset($thread) && isset($_REQUEST["thread"])) $thread = mosGetParam ( $_REQUEST, 'thread'  , '');  //BBTEMPFIX

EDIT: added then CHANGED above:
if (!isset($subscribeMe) && isset($_POST["subscribeMe"])) $subscribeMe = mosGetParam ( $_POST, 'subscribeMe'  , ''); //BBTEMPFIX
if (!isset($attachimage) && isset($_FILES['attachimage'])) $attachimage = mosGetParam ( $_FILES['attachimage'], 'name', ''); //BBTEMPFIX
if (!isset($attachfile) && isset($_FILES['attachfile'])) $attachfile = mosGetParam ( $_FILES['attachfile'], 'name', ''); //BBTEMPFIX

EDIT: added above:
if (isset($_GET["userid"])) $userid  = mosGetParam ( $_GET, 'userid' , '' ); //BBTEMPFIX
if (isset($_GET["pid"])) $pid  = mosGetParam ( $_GET, 'pid' , '' ); //BBTEMPFIX
if (!isset($markaction) && isset($_POST["markaction"])) $markaction = mosGetParam ( $_POST, 'markaction'  , '');  //BBTEMPFIX

EDIT: added above:
if (isset($_GET["view"])) $view  = mosGetParam ( $_GET, 'view' , '' ); //BBTEMPFIX

User avatar
dayworks
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Thu Aug 25, 2005 2:29 pm
Location: Austin, TX
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by dayworks » Tue Aug 29, 2006 9:50 pm

tresan wrote: Tx for the php_flag register_globals off tip for .htaccess - Worked like a charm!
Tresan, you are quite welcome as well and I concur with Rejuvinet that Beat deserves our thanks for his efforts with regard to these issues as well and his fine contributions to the CB endeavor. Hey, uhhh... something's going on because I just realized I'm going OFF-TOPIC again SO... I take everything I just now said back and apologize for my disrespectful behavior and the embarrassement I've probably caused everyone that's tracking this thread. WHAT! That's not right either!! My apology was OFF-TOPIC TOO!!! OMG!!!! It seems it seems I've been hijacked and there's now way out of this for me!!!!! No, wait it's... maybe there's a way. Yes... time to rewrite.

CMD Bob:

Code: Select all

php_flag register_globals off
Ok, I'm all better now :)

...and back ON-TOPIC.

Given that, I noticed the new J! seems to have broken v.1.0 of the Graphical UHP component, but I've not investigated it fully just yet so I have no other report than that. It just might be something for anyone using that version of User Home Pages thingy to check for.
I used to have a life. Now I have nameservers.

User avatar
Lipton
Joomla! Apprentice
Joomla! Apprentice
Posts: 29
Joined: Mon Jun 19, 2006 3:32 pm
Location: Germany
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by Lipton » Tue Aug 29, 2006 9:54 pm

As someone who is no expert in those things, what does the addition to the .htaccess file different than not making the "AKOCOMMENT" work again ? Because it still doesn´t works. And as also the latest Joomla 1.0.11 update says, its recommended to turn off the RG stuff in the globals.php.

So, there is nothing to make AKOCOMMENT work again ? Btw, I do have security Images running and get always "Wrong Security Code" since the Update.

Anyone can help me, maybe not the expert way ? Thx. ;)

User avatar
Lipton
Joomla! Apprentice
Joomla! Apprentice
Posts: 29
Joined: Mon Jun 19, 2006 3:32 pm
Location: Germany
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by Lipton » Tue Aug 29, 2006 9:58 pm

Beat wrote:
jazmac wrote: I'll second Joomlaboard (1.1.2) having problems w/RG emulation. I lost the ability to post messages. (Thanks for the heads up MarHaj. I hadn't gotten that far in testing.)

I also have a slight problem with Community Builder (1.0.1). The navigation on the user list (next, 1, 2, 3, etc) will only return the 1st page, even though the link's correct. I posted that issue over at Joomlapolis. All other CB functionality that I'm using seems to work fine.
Confirming CB 1.0.1 (and previous versions) problem with that front-end users-lists pager function. Problem found and fix-proposal ready for your tests (emailed and PMed you on Joomlapolis).

Looking now into the JoomlaBoard problem.
Can you please tell me what I can do to make that work again, with the userlist in CB ?

And one other question, how do I get Akocomment work again after the Update with RG 0 ? It isn´t working anymore, I have security Images running and though I found something in an other thread, it seems not to help. I always get Wrong Security Code. AkoBook doesn´t works at all after the update to 1.0.11 with RG 0. :(

Any tips for that ?

User avatar
Beat
Joomla! Guru
Joomla! Guru
Posts: 840
Joined: Thu Aug 18, 2005 8:53 am
Location: Switzerland
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by Beat » Tue Aug 29, 2006 10:17 pm

Lipton wrote: As someone who is no expert in those things, what does the addition to the .htaccess file different than not making the "AKOCOMMENT" work again ? Because it still doesn´t works. And as also the latest Joomla 1.0.11 update says, its recommended to turn off the RG stuff in the globals.php.

So, there is nothing to make AKOCOMMENT work again ? Btw, I do have security Images running and get always "Wrong Security Code" since the Update.

Anyone can help me, maybe not the expert way ? Thx. ;)
Here we go...  :P

...that's what happens when 2 topics get mixed in the same thread.  ;)

NO  >:( both things have nothing to do with each other (except they are two separate lines of defense on the same front  ;D).

Could a forum moderator please move the posts regarding "PHP register_globals setting" (and only those, not the ones regarding components not working with "RG_EMULATION OFF") to the thread talking about about how to set register_globals to OFF please ? it's this one btw for further posts regarding "PHP register_globals setting":
http://forum.joomla.org/index.php?topic=75990
After that you can please also delete this post as well... :D

@lividcreature: yes, first post contains all fixes as stated....

No more posts in this thread regarding "PHP register_globals setting" below this line please:

***** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed *****_
Beat 8)
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team

Reind
Joomla! Explorer
Joomla! Explorer
Posts: 382
Joined: Sat Aug 27, 2005 1:14 am
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by Reind » Tue Aug 29, 2006 10:49 pm

Does someone know how to fix the problems with the security images solution for akocomment. I used the Dominik Paulus security images protection but when RG_EMULATION is set to 0 the spam protection keeps screaming that an wrong security code is inserted.

I made my version of Akocomment W3C valid and i want to keep it that way, all the other hacked versions do not meet the W3C standards and not with one or 2 errors but with 200 errors so i dont want to install one of those crappy versions. (they also dont work at this moment).

mediawizard
Joomla! Explorer
Joomla! Explorer
Posts: 329
Joined: Fri Aug 19, 2005 3:13 pm
Location: Mumbai, India
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!!

Post by mediawizard » Tue Aug 29, 2006 11:57 pm

Websmurf wrote: List of uncompatible components:


Component
Version
Fix


com_puarcade



arnold wrote: But my real question ...... i have changed everything what was in this topic ....only now my com_puarcade (flash games component) doesn't work anymore.
if somebody want's the puarcade.php he/she can reach me on .......
pe7er wrote: In the past I tested com_puarcade on a server with Register Globals = OFF, and got a lot of errors.
This component needs Register Globals = On, or maybe you can hack the code. (Or inform the author, maybe he/she will improve the code).
puarcade is nothing but a component wrapper for a standard javascript affiliate code provided by zylom games.
And as far as I know the developer site is no longer active.

I just created a simple static page with the following code (no editors to add code) :

Code: Select all

<script src="http://www.zylomgames.com/partnerprogram/gamelist.jsp?pid=1648&l=1"></script>
Note : The pid=1648 is my affiliate code, you can signup for the zylom affiliate program and use your own or even get more diplay options that can be used as javascript.
Last edited by mediawizard on Wed Aug 30, 2006 12:00 am, edited 1 time in total.
Mediawiz.Biz - Pro Web Solutions & Promotion

User avatar
dayworks
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Thu Aug 25, 2005 2:29 pm
Location: Austin, TX
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by dayworks » Wed Aug 30, 2006 1:06 am

Beat wrote:
Lipton wrote: As someone who is no expert in those things, what does the addition to the .htaccess file different than not making the "AKOCOMMENT" work again ? Because it still doesn´t works. And as also the latest Joomla 1.0.11 update says, its recommended to turn off the RG stuff in the globals.php.

So, there is nothing to make AKOCOMMENT work again ? Btw, I do have security Images running and get always "Wrong Security Code" since the Update.

Anyone can help me, maybe not the expert way ? Thx. ;)
Here we go...  :P

...that's what happens when 2 topics get mixed in the same thread.  ;)

NO  >:( both things have nothing to do with each other (except they are two separate lines of defense on the same front  ;D).

Could a forum moderator please move the posts regarding "PHP register_globals setting" (and only those, not the ones regarding components not working with "RG_EMULATION OFF") to the thread talking about about how to set register_globals to OFF please ? it's this one btw for further posts regarding "PHP register_globals setting":
http://forum.joomla.org/index.php?topic=75990
After that you can please also delete this post as well... :D

@lividcreature: yes, first post contains all fixes as stated....

No more posts in this thread regarding "PHP register_globals setting" below this line please:

***** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed ********** Manual signatures are NOT allowed *****_
It sounds good to me Beat. Hey, do you think it would help if the name of this thread was changed to something different from, "Don't forget to turn off register global emulation of Joomla as well !!!"

Perhaps that is why some folks got the idea that this discussion had something to do with globals issues.

Just a thought.
I used to have a life. Now I have nameservers.

User avatar
tyler
Joomla! Intern
Joomla! Intern
Posts: 71
Joined: Thu Jan 26, 2006 11:36 pm
Location: Los Angeles, California, United States
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by tyler » Wed Aug 30, 2006 1:12 am

dayworks wrote:...do you think it would help if the name of this thread was changed to something different from, "Don't forget to turn off register global emulation of Joomla as well !!!"

Perhaps that is why some folks got the idea that this discussion had something to do with globals issues....
register global emulation is the Joomla setting, whereas Register Globals (w/o the emulation) is the php.ini server settings.

Just thought I'd clarify for those who don't know the difference :)  even though Adam's thread title says: "register global emulation of Joomla"
Last edited by tyler on Wed Aug 30, 2006 1:15 am, edited 1 time in total.
-Tyler D.
Web Developer & Integrator: http://www.LasVegasExtremes.com

User avatar
yorokobi
Joomla! Apprentice
Joomla! Apprentice
Posts: 20
Joined: Sat Jul 01, 2006 3:54 pm
Location: Earth
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!!

Post by yorokobi » Wed Aug 30, 2006 5:08 am

Anyone know how to fix MgMediaBot ?  Seems that turning off emulation broke it...   :( :'(

EDIT: Maybe this is related?  I just clicked "Site Mambots" in the backend, and when I click on ANY mambot in the list where I used to go to a page with some config items I now get a popup box that says "Restricted Access"....  Did I break somthing or what?
Last edited by yorokobi on Wed Aug 30, 2006 5:14 am, edited 1 time in total.
You were expecting something witty?

aachleon
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Oct 21, 2005 3:30 am

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by aachleon » Wed Aug 30, 2006 5:52 am

Like yorokobi, I am now also now receiving the "Restricted Access" popup when clicking on any mambot link in Mambot Manager.

Ideas?

User avatar
Lipton
Joomla! Apprentice
Joomla! Apprentice
Posts: 29
Joined: Mon Jun 19, 2006 3:32 pm
Location: Germany
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by Lipton » Wed Aug 30, 2006 5:55 am

aachleon wrote: Like yorokobi, I am now also now receiving the "Restricted Access" popup when clicking on any mambot link in Mambot Manager.

Ideas?
I put the fix admin.mambots.php in my /administrator/components/com_mambots/ Folder, replaced the old one, and it worked again with the Mambots in the Admin Backend.

User avatar
davemgood
Joomla! Apprentice
Joomla! Apprentice
Posts: 41
Joined: Wed Dec 28, 2005 11:17 pm

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by davemgood » Wed Aug 30, 2006 6:28 am

Lipton wrote:
aachleon wrote: Like yorokobi, I am now also now receiving the "Restricted Access" popup when clicking on any mambot link in Mambot Manager.

Ideas?
I put the fix admin.mambots.php in my /administrator/components/com_mambots/ Folder, replaced the old one, and it worked again with the Mambots in the Admin Backend.
I hate to appear ignorant. This thread jumps around so much.

But, which 'fix' goes into the 'admin.mambots.php' file?

Thanks much!

dave  :)

User avatar
Lipton
Joomla! Apprentice
Joomla! Apprentice
Posts: 29
Joined: Mon Jun 19, 2006 3:32 pm
Location: Germany
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by Lipton » Wed Aug 30, 2006 6:38 am

The attached file at this Post --> http://forum.joomla.org/index.php/topic,89865.0.html

AmyStephen

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!!

Post by AmyStephen » Wed Aug 30, 2006 7:06 am

MODERATOR:

#1 - can we have this as a STICKIE during upgrades?

#2 - can we have this renamed Broken Extensions due to RG_EMULATION OFF (Good idea, Dayworks!)

#3 - will you help with Beat's request to split out the mixed in topics? Our title and the complexity of the work made it hard to keep things split.


THANKS SO MUCH!
Amy :)

PS - BTW - Beat, who has worked tirelessly for over a week, now, on this security release, whimped out and went to sleep at 3am this morning! We will have to pay him a bit more for his efforts! I say DOUBLE his salary! Ah, what the heck, TRIPLE IT! :)

AmyStephen

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!!

Post by AmyStephen » Wed Aug 30, 2006 7:24 am

Websmurf and Beat -

Does it seem like Jon's problem might be related to the RG_EMULATION OFF?
jtruelson wrote: We are running myPMS II integrated with Community Builder 1.0.1.
Post 1.0.11 upgrade PMS will display list of private messages, but will not open them.
Author's site http://www.taher-zadeh.com&nbsp; appears to be offline.  CB connections tab icon tooltips no longer display (pm, email, view profle)
If emulate globals is returned to on in globals.php, PMS comes back to life.


Also running Xe-VideoGalleryV1 XL
Back end category management no longer permits unpublish or delete.



SMO Ajax Shoutbox won't send messages.

I remain confident that these issues will be resolved as they're identified.

User avatar
Websmurf
Joomla! Hero
Joomla! Hero
Posts: 2230
Joined: Fri Aug 19, 2005 2:23 pm
Location: The Netherlands
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!!

Post by Websmurf » Wed Aug 30, 2006 7:30 am

Yeah, if switching that variable in globals.php makes it work again, that's the problem.
Adam van Dongen - Developer

- Blocklist, ODT Indexer, EasyFAQ, Easy Guestbook, Easy Gallery, YaNC & Redirect -
http://www.joomla-addons.org - http://www.bandhosting.nl

AmyStephen

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!!

Post by AmyStephen » Wed Aug 30, 2006 8:04 am

Hey Websmurf! Welcome back ;-)  (If you are a moderator ? can you help with the stickie and splitting out the topics for Beat?)

I left a note for rccummings that I was going to copy this likely suspect here, too.
rccummings wrote: can someone help me out in translating this message i received when changing global emulation to "0"... i got this thing

An error has occured: 
Could not generate a temporary file.

Go back or Go to the login page


Technical information for developers:

The error occured in file /usr/local/ndn/web/webftp/includes/filesystem.inc.php on line 1618.

function acceptfiles (/usr/local/ndn/web/webftp/modules/upload/upload.inc.php on line 242)
function net2ftp_module_printbody (/usr/local/ndn/web/webftp/main.inc.php on line 288)
function net2ftp (/usr/local/ndn/web/webftp/index.php on line 54) 

what's it all mean?

User avatar
Beat
Joomla! Guru
Joomla! Guru
Posts: 840
Joined: Thu Aug 18, 2005 8:53 am
Location: Switzerland
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!!

Post by Beat » Wed Aug 30, 2006 8:23 am

AmyStephen wrote: Hey Websmurf! Welcome back ;-)  (If you are a moderator ? can you help with the stickie and splitting out the topics for Beat?)

I left a note for rccummings that I was going to copy this likely suspect here, too.
rccummings wrote: can someone help me out in translating this message i received when changing global emulation to "0"... i got this thing

An error has occured: 
Could not generate a temporary file.

Go back or Go to the login page


Technical information for developers:

The error occured in file /usr/local/ndn/web/webftp/includes/filesystem.inc.php on line 1618.

function acceptfiles (/usr/local/ndn/web/webftp/modules/upload/upload.inc.php on line 242)
function net2ftp_module_printbody (/usr/local/ndn/web/webftp/main.inc.php on line 288)
function net2ftp (/usr/local/ndn/web/webftp/index.php on line 54) 

what's it all mean?
1. Looking at file-paths: this isn't related to a component broken by RG_EMULATION 0FF (0)
2. Looking at the very short description: it's "not being able to change the file global.php"
So (one more slightly "off-topic" ;) ) : belongs to the support area of the hoster and in "updates" sub-forum and not here, unless I misunderstood "2." ;)
Beat 8)
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team

AmyStephen

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!!

Post by AmyStephen » Wed Aug 30, 2006 8:29 am

Well, it's now 3am for me, so, my thinking is getting worse.

But - here's how I took all of this.

1. It's all webftp? I don't know what that is, I guess. I thought it was an extension.?
2. I took it that he was saying the global emulation was changed to "0" / THEN the problems occurred.

He has another thread that we can just keep rolling! Your call!
Amy :)

User avatar
Beat
Joomla! Guru
Joomla! Guru
Posts: 840
Joined: Thu Aug 18, 2005 8:53 am
Location: Switzerland
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!!

Post by Beat » Wed Aug 30, 2006 8:40 am

AmyStephen wrote: Well, it's now 3am for me, so, my thinking is getting worse.

But - here's how I took all of this.

1. It's all webftp? I don't know what that is, I guess. I thought it was an extension.?
2. I took it that he was saying the global emulation was changed to "0" / THEN the problems occurred.

He has another thread that we can just keep rolling! Your call!
Amy :)
No worry, Amy, I should have realized there was a link to the other thread embedded in the quote...my fault ;)
You can recognize a joomla component when it has at least something like /components/ in its filepath. :)
And i didn't say in bold off-topic, but only *slightly* ;)

Thanks for your restless help in these updates (and don't forget to sleep :D ).
Beat 8)
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team

User avatar
syan
Joomla! Explorer
Joomla! Explorer
Posts: 417
Joined: Fri Dec 23, 2005 10:48 am
Location: Paris / Oléron (F)
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by syan » Wed Aug 30, 2006 9:36 am

Information
List of uncompatible components :
- RSGallery2 1.11.6 (zip upload, rename file,..)
- DatsoGallery 1.3.6 (zip upload)

register globals off AND RG_Emulation 1 = O.K.
register globals off AND RG_Emulation 0 = Not O.K.
Yann Sallou
WebAgency | http://www.utopiart.com

annemari
Joomla! Apprentice
Joomla! Apprentice
Posts: 27
Joined: Mon Jul 03, 2006 10:08 am

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by annemari » Wed Aug 30, 2006 10:12 am

AkoForms fix, maybe.

I didn't find a fix for AkoForms, so here's my try, if some pro person could maybe check this through?

add to file components/akoforms.php, before  defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );


$func = mosGetParam( $_REQUEST, 'func', null );
$task = mosGetParam( $_REQUEST, 'task', null );
$formid = mosGetParam( $_REQUEST, 'formid', null );

administrator/components/admin.akoforms.php

before  defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

$task = mosGetParam( $_REQUEST, 'task', null );
$cid = mosGetParam( $_REQUEST, 'cid', array( 0 ) );
$uid = mosGetParam( $_REQUEST, 'uid', array( 0 ) );
if (!is_array( $cid )) {
$ocid=$cid;
$cid = array ();
$cid[]=$ocid;
mosArrayToInts($cid);
}

Something might still be missing, I'm just testing  :o

User avatar
Websmurf
Joomla! Hero
Joomla! Hero
Posts: 2230
Joined: Fri Aug 19, 2005 2:23 pm
Location: The Netherlands
Contact:

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!

Post by Websmurf » Wed Aug 30, 2006 10:14 am

syan wrote: Information
List of uncompatible components :
- RSGallery2 1.11.6 (zip upload, rename file,..)
- DatsoGallery 1.3.6 (zip upload)

register globals off AND RG_Emulation 1 = O.K.
register globals off AND RG_Emulation 0 = Not O.K.
Added those to the list as well :)
Adam van Dongen - Developer

- Blocklist, ODT Indexer, EasyFAQ, Easy Guestbook, Easy Gallery, YaNC & Redirect -
http://www.joomla-addons.org - http://www.bandhosting.nl

mwep
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Wed Mar 01, 2006 9:05 pm

Re: !!! Don't forget to turn off register global emulation of Joomla as well !!!!

Post by mwep » Wed Aug 30, 2006 12:45 pm

We used beats fix to patch JB and CB but it appears as though a6MamboHelpDesk Version 1.2 - active6.com is also having issues.

Does anyone else use this component, and if so, is it working with register global emulation off ?

Thanks!

 

Locked

Return to “Security - 1.0.x”