- Posts: 2
COMMUNITY FORUM
Email Button does not work on items
- turrikan
-
- Offline
- New Member
Less
More
13 years 3 months ago #76955
by turrikan
Replied by turrikan on topic Email Button does not work on items
Hi guys, i've a simple solution!
You have to upload controller.php from 1.5.10 Joomla! version and change this line:
Locate the following line of code (approximately line 57):if($timeout == 0 || time() - $timeout < 20) {Change the line to the following:if($timeout == 0 || time() - $timeout > 20) {
Now it wotks. Bye bye
PS. The correct file is uploaded in this message.
You have to upload controller.php from 1.5.10 Joomla! version and change this line:
Locate the following line of code (approximately line 57):if($timeout == 0 || time() - $timeout < 20) {Change the line to the following:if($timeout == 0 || time() - $timeout > 20) {
Now it wotks. Bye bye
PS. The correct file is uploaded in this message.
Please Log in or Create an account to join the conversation.
- jeffreyd00
-
- Offline
- New Member
Less
More
- Posts: 12
13 years 3 months ago #76956
by jeffreyd00
Replied by jeffreyd00 on topic Email Button does not work on items
Turrikan,
I think it might be unwise to upload older file. Joomla coders obviously changed the controller.php file for a reason, maybe security issues.
I think it might be unwise to upload older file. Joomla coders obviously changed the controller.php file for a reason, maybe security issues.
Please Log in or Create an account to join the conversation.
- Adam
-
- Offline
- New Member
Less
More
- Posts: 3
13 years 3 months ago #76957
by Adam
Replied by Adam on topic Email Button does not work on items
Thanks Turrikan!
But may be we should have a look at changes between those two files
But may be we should have a look at changes between those two files
Please Log in or Create an account to join the conversation.
- matthew turner
-
- Offline
- Senior Member
Less
More
- Posts: 66
13 years 3 months ago #76958
by matthew turner
Replied by matthew turner on topic Email Button does not work on items
Hi,
Joomla 1.5.23
edit components/com_mailto/controller.php
Line20
define('MAILTO_TIMEOUT', 20);
change to a lower timeout :
define('MAILTO_TIMEOUT', 5);
I don't like editing core files but this does work.
Joomla 1.5.23
edit components/com_mailto/controller.php
Line20
define('MAILTO_TIMEOUT', 20);
change to a lower timeout :
define('MAILTO_TIMEOUT', 5);
I don't like editing core files but this does work.
Please Log in or Create an account to join the conversation.
- BNR Investment Group
-
- Offline
- Senior Member
Less
More
- Posts: 47
13 years 3 months ago #76959
by BNR Investment Group
Replied by BNR Investment Group on topic Email Button does not work on items
Ok, after messing with this for quite some time, I have everything working. Here is what I found -
First, the Joomla error messages are not very helpful. I changed the time out error message to indicate the form was being sent too fast. I also changed the local link error message to reflect that the link being sent was not correct. Once you know what the actual problem breaking the send is, it's a lot easier to fix the problem.
The timeout it not a bad idea, but 20 seconds is way too long. Too many people have forms autofilled by their browser or plugins so 10 seconds or even 5 seconds seems more reasonable. A bot will take much less than 5 seconds so you should still be good there. As Mat mentioned, in components/com_mailto/controller.php on line 20, adjust the defined minimum time before sending -
define('MAILTO_TIMEOUT', 20);
The other problem comes in the local link test. Many people seem to think this has something to do with the domain of the sender email, but it's actually it is testing the URL being sent. The problem is that Joomla encodes the URL being sent as a security measure. This is a great as many hosts won't allow URLs in a form parameter to begin with. The problem is that when they started encoding the URL, they do not decode it before testing if the link being sent is a link from within the site or not. Again, this is a very important check, otherwise it would be trivial to send malicious links through your form. The fix is easy. Again in components/com_mailto/controller.php at line 74 look for
$link = MailtoHelper::validateHash(JRequest::getString('link', '', 'post'));
and change it to
$link = base64_decode(JRequest::getString('link', '', 'post'));
Your send email should now work properly without opening up a huge security hole in you site.
First, the Joomla error messages are not very helpful. I changed the time out error message to indicate the form was being sent too fast. I also changed the local link error message to reflect that the link being sent was not correct. Once you know what the actual problem breaking the send is, it's a lot easier to fix the problem.
The timeout it not a bad idea, but 20 seconds is way too long. Too many people have forms autofilled by their browser or plugins so 10 seconds or even 5 seconds seems more reasonable. A bot will take much less than 5 seconds so you should still be good there. As Mat mentioned, in components/com_mailto/controller.php on line 20, adjust the defined minimum time before sending -
define('MAILTO_TIMEOUT', 20);
The other problem comes in the local link test. Many people seem to think this has something to do with the domain of the sender email, but it's actually it is testing the URL being sent. The problem is that Joomla encodes the URL being sent as a security measure. This is a great as many hosts won't allow URLs in a form parameter to begin with. The problem is that when they started encoding the URL, they do not decode it before testing if the link being sent is a link from within the site or not. Again, this is a very important check, otherwise it would be trivial to send malicious links through your form. The fix is easy. Again in components/com_mailto/controller.php at line 74 look for
$link = MailtoHelper::validateHash(JRequest::getString('link', '', 'post'));
and change it to
$link = base64_decode(JRequest::getString('link', '', 'post'));
Your send email should now work properly without opening up a huge security hole in you site.
Please Log in or Create an account to join the conversation.
- Adam
-
- Offline
- New Member
Less
More
- Posts: 3
13 years 3 months ago #76960
by Adam
Replied by Adam on topic Email Button does not work on items
Great job Brent Friar! It works for me!
Thanks!
Brent Friar said:
Ok, after messing with this for quite some time, I have everything working. Here is what I found -
First, the Joomla error messages are not very helpful. I changed the time out error message to indicate the form was being sent too fast. I also changed the local link error message to reflect that the link being sent was not correct. Once you know what the actual problem breaking the send is, it's a lot easier to fix the problem.
The timeout it not a bad idea, but 20 seconds is way too long. Too many people have forms autofilled by their browser or plugins so 10 seconds or even 5 seconds seems more reasonable. A bot will take much less than 5 seconds so you should still be good there. As Mat mentioned, in components/com_mailto/controller.php on line 20, adjust the defined minimum time before sending -
define('MAILTO_TIMEOUT', 20);
The other problem comes in the local link test. Many people seem to think this has something to do with the domain of the sender email, but it's actually it is testing the URL being sent. The problem is that Joomla encodes the URL being sent as a security measure. This is a great as many hosts won't allow URLs in a form parameter to begin with. The problem is that when they started encoding the URL, they do not decode it before testing if the link being sent is a link from within the site or not. Again, this is a very important check, otherwise it would be trivial to send malicious links through your form. The fix is easy. Again in components/com_mailto/controller.php at line 74 look for
$link = MailtoHelper::validateHash(JRequest::getString('link', '', 'post'));
and change it to
$link = base64_decode(JRequest::getString('link', '', 'post'));
Your send email should now work properly without opening up a huge security hole in you site.
Thanks!
Brent Friar said:
Ok, after messing with this for quite some time, I have everything working. Here is what I found -
First, the Joomla error messages are not very helpful. I changed the time out error message to indicate the form was being sent too fast. I also changed the local link error message to reflect that the link being sent was not correct. Once you know what the actual problem breaking the send is, it's a lot easier to fix the problem.
The timeout it not a bad idea, but 20 seconds is way too long. Too many people have forms autofilled by their browser or plugins so 10 seconds or even 5 seconds seems more reasonable. A bot will take much less than 5 seconds so you should still be good there. As Mat mentioned, in components/com_mailto/controller.php on line 20, adjust the defined minimum time before sending -
define('MAILTO_TIMEOUT', 20);
The other problem comes in the local link test. Many people seem to think this has something to do with the domain of the sender email, but it's actually it is testing the URL being sent. The problem is that Joomla encodes the URL being sent as a security measure. This is a great as many hosts won't allow URLs in a form parameter to begin with. The problem is that when they started encoding the URL, they do not decode it before testing if the link being sent is a link from within the site or not. Again, this is a very important check, otherwise it would be trivial to send malicious links through your form. The fix is easy. Again in components/com_mailto/controller.php at line 74 look for
$link = MailtoHelper::validateHash(JRequest::getString('link', '', 'post'));
and change it to
$link = base64_decode(JRequest::getString('link', '', 'post'));
Your send email should now work properly without opening up a huge security hole in you site.
Please Log in or Create an account to join the conversation.