B2Evolution Bad Request Illegal value received for parameter
I suddenly started getting a very strange error message in my B2Evolution installation after restarting the web server. The error message read:
Bad Request! The parameters of your request are invalid. If you have obtained this error by clicking on a link INSIDE of this site, please report the bad link to the administrator. Go back to home page Additional information about this error: Illegal value received for parameter «p»!The site seemed to display normally but when I clicked on any of the links the message came up. I did a bit of hunting for the Illegal value received for parameter string and found it in the
inc/_core/_param.funcs.php
file. Had a look in the file and thought that the following bit of code was causing the problem so I added a line of debug:
elseif( !empty( $regexp ) && ( !is_scalar($GLOBALS[$var]) || !preg_match( $regexp, $GLOBALS[$var] ) ) )
{ // Value does not match!
echo "var=".$var."|regexp=".$regexp."|GLOBALS=".$GLOBALS[$var]."|";
bad_request_die( sprintf( T_('Illegal value received for parameter «%s»!'), $var ) );
}
Sure enough refreshing the page produced a line of debug:
var=p|regexp=/^(\+|-)?[0-9]+$/|GLOBALS=/path/to/host/web|I recognised the variable
p
as an environment variable I had set during the work I was doing prior to the web server restart. So to correct the problem I stopped the web server, unset the environment variable and restarted the web server.
# /etc/init.d/httpd stop Stopping httpd: [ OK ] # unset p # /etc/init.d/httpd startThis bizarre behaviour had come about with a combination of two
php.ini
configuration options being set. Firstly variables_order
included the “E” option to include environment variables and register_globals
was switched on to put those variables into the global address space. There is a note about this behaviour in the PHP documentation where it talks about variables_order.
It was just a bit of a surprise that it broke my installation. These days register_globals
is switched off by default for security reasons, so it wasn’t a problem to turn it off.No feedback yet
Form is loading...