SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast
    Join Date
    Feb 2009
    Posts
    60
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Illegal variable _files or _env or _get or _post or _cookie or _server or _session or

    I implemented the xTree API from WebFX: http://webfx.eae.net/dhtml/xtree/

    You can see a working example of it in the Joomla! 1.5 API Reference webpage:
    http://api.joomla.org/li_Joomla-Framework.html

    It's the directory tree listed on the left-hand side of the website.

    However, going back to my test website, www.seemyinvestments.com, and you'll find the directory tree on the left-hand side of the website only works for a time.

    Clicking on one of the file icons in the directory tree will normally present that file in the center of the webpage.

    However, continue to click on files listed in the directory tree, and you'll receive the following error:
    'Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.'

    My ISP determined that it was a security issue.

    Suhosin (a protection system for PHP installations) was blocking the requests:

    Jun 9 04:06:11 hp15 suhosin[27337]: ALERT - tried to register forbidden variable '_REQUEST' through GET variables (attacker '62.128.135.52', file '/home/se--33/public_html/index.php')
    Jun 9 04:06:11 hp15 suhosin[27337]: ALERT - tried to register forbidden variable '_REQUEST[option]' through GET variables (attacker '62.128.135.52', file '/home/se--33/public_html/index.php')
    Jun 9 04:06:11 hp15 suhosin[27337]: ALERT - tried to register forbidden variable '_REQUEST[Itemid]' through GET variables (attacker '62.128.135.52', file '/home/se--33/public_html/index.php')
    Jun 9 04:06:11 hp15 suhosin[27337]: ALERT - tried to register forbidden variable 'GLOBALS' through GET variables (attacker '62.128.135.52', file '/home/se--33/public_html/index.php')

    The security fix helped only to a degree.

    The website now works for a time, but again, eventually after clicking on files in the directory tree, the error message returns.

    The ISP Sys admin now believes it's a bug.

    He doesn't see any additional errors in their logs.

    I've googled this problem, and people point to the browser as the culprit.

    'Clear the cache', they say, but this has not been the solution in my opinion.

    In my mind, one or more of these global variables does not have a valid value in them and so the website blows up.

    Any ideas?

    Cheers.

  2. #2
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are you maybe doing something like using a php script to proxy the request? For example, using the filesystem functions, or include etc... on a url?

    The real http request from the browser contains no such variables. So that, combined with how horribly slow your site loads, makes me think you're doing something like that.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •