Joomla 错误:'非法变量 _files 或 _env 或 _get 或 _post 或 _cookie 或 _server 或 _session 或传递给脚本的全局变量'

2022-01-06 00:00:00 forms php joomla

我在 Joomla 中遇到此错误:

I am getting this error in Joomla:

Illegal variable `_files` or `_env` or `_get` or `_post` or `_cookie`
or `_server` or `_session` or `globals` passed to script.

我在谷歌上没有得到太多帮助.

I didn't get much help googling.

推荐答案

如果您尝试指定名称仅由数字组成的 URL 参数,例如

You'll see this error if you try to specify a URL parameter whose name consists solely of digits, e.g.

http://www.example.com/?1234567=test

或者如果您尝试使用 joomla 保留的变量,例如

or if you try to use a joomla-reserved variable, e.g.

http://www.example.com/?_files=test

这不是一个很好的错误信息.如果您可以访问 unix 终端,则可以使用一些命令行工具来调试此类问题,例如

It's not a great error message. If you have access to a unix terminal, you can debug these kind of problems with some command-line tools, e.g.

$ find /var/www/html -exec grep -l 'Illegal variable' {} ;
/var/www/html/libraries/joomla/environment/request.php

这是一个虚构的 joomla 安装,假设一个相当标准的 DocumentRoot.结果立即确认这是一个 Joomla 错误,并报告导致它的文件.从该文件中提取:

This is a fictional joomla installation, assuming a fairly standard DocumentRoot. The result immediately confirms this is a Joomla error, and reports which file caused it. Extract from that file:

static $banned = array( '_files', '_env', '_get', '_post', '_cookie', '_server', '_session', 'globals' );

foreach ($array as $key => $value)
{   
    // PHP GLOBALS injection bug 
    $failed = in_array( strtolower( $key ), $banned );

    // PHP Zend_Hash_Del_Key_Or_Index bug 
    $failed |= is_numeric( $key );

    if ($failed) {
        jexit( 'Illegal variable <b>' . implode( '</b> or <b>', $banned ) . '</b> passed to script.' );
    }
    ...
}

请注意,错误消息特别具有误导性,因为,不仅在保留变量名称的情况下抛出,而且在参数名称为数字时也会抛出.

Note that the error message is particularly misleading because, not only is in thrown in the case of a reserved variable name, but also if the parameter name is numeric.

相关文章