[NOT BUG:1.0.11] checkInputArray() bug in 1.0.11

Locked
thomas^2
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Oct 03, 2006 9:23 am

[NOT BUG:1.0.11] checkInputArray() bug in 1.0.11

Post by thomas^2 » Tue Oct 03, 2006 9:39 am

Hi all

I just tried to install a Joomla 1.0.11 and I got the following error message:

Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.

Since I didn't pass any variable to the script and because older versions of Joomla (such as 1.0.10) worked on my system I tried to search for the issue within the Joomla code. I found out that the error is triggered within checkInputArray() function in globals.php.

I modified the function a bit to see what causes the error:

Code: Select all

        foreach ($array as $key => $value) {
[...]
                if ($failed) {
                       print "$key -> $value <br />";
                        die( 'Illegal variable <b>' . implode( '</b> or <b>', $banned ) . '</b> passed to script.' );
[...]
Then I got the following output:

Code: Select all

0 -> ./run
Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.
Apparently, the error seems to be triggered since my web servers environment has a variable called 0. This is the usual case if Apache is started through daemontools. In 1.0.10 the error wasn't triggered. So I suspect that the new checkInputArray() in globals.php will also trigger an error in case a variable called 0 is in the environment.
Last edited by Robin on Tue Oct 03, 2006 9:43 am, edited 1 time in total.

User avatar
Robin
Joomla! Master
Joomla! Master
Posts: 15753
Joined: Thu Aug 18, 2005 10:41 am

Re: checkInputArray() bug in 1.0.11

Post by Robin » Tue Oct 03, 2006 9:43 am

Hi,

Thanks for the report, we will take this under review.

Regards Robin

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1367
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: [LOW:UNDER REVIEW:1.0.11] checkInputArray() bug in 1.0.11

Post by RobS » Thu Oct 26, 2006 6:49 am

Try clearing your cookies and cache and then try again.  We had to modify this behavior to deal with a vulnerability in the PHP interpreter in the way it handled numerical key indexes.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1367
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: [LOW:UNDER REVIEW:1.0.11] checkInputArray() bug in 1.0.11

Post by RobS » Sat Oct 28, 2006 11:14 pm

Q&T Note; Status> Not Bug.  Moving to appropriate forum.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

thomas^2
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Oct 03, 2006 9:23 am

Re: [LOW:UNDER REVIEW:1.0.11] checkInputArray() bug in 1.0.11

Post by thomas^2 » Mon Oct 30, 2006 8:56 am

RobS wrote: Try clearing your cookies and cache and then try again.  We had to modify this behavior to deal with a vulnerability in the PHP interpreter in the way it handled numerical key indexes.
Actually, I did clear the cookies and cache. This didn't help.

As I wrote in my original post I'm running Apache from within daemontools. This is different from running Apache as a stand-alone daemon as the processes environment is different. For example, there's a environment variable 0, which isn't there while running Apache stand-alone. This exactly triggers the error mentioned initially.

I wasn't able to reproduce the bug while running as a stand-alone daemon. Therefore I guess the problem is closely related to the environment which the Apache processes have while running within daemontools and I suggest to take a closer look at it though.

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1367
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: [NOT BUG:1.0.11] checkInputArray() bug in 1.0.11

Post by RobS » Mon Oct 30, 2006 4:24 pm

We are taking a closer look at this problem and perhaps will be changing it to something more effective for 1.0.12.  However, what you are describing is not a bug, technically, the script is doing exactly what it is supposed to do.  I suggest you figure out which variable is being set to 0 in your environment (accessible by $_ENV) and unset it at the top of the globals.php file.  By doing that you will deal with the problem as well as gaining from the protection that the script provides.  If you are running the latest version of PHP 4.4.4 or 5.1.6 (I think), you can remove the is_numeric check without much trouble as those versions should be fixed.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Locked

Return to “Superseded Issues - Archive”