Support

Hello,

I'd wish to connect to your site to run some tests.  I have made this ticket private so that only you and me can see the information posted here.

Please provide me with the following information:

1. The URL to your site's administrator login page
2. Super User username and password
3. FTP connection information

Please allow up to one business day (GMT+2 timezone) for me to log in to your site and debug this issue. When I'm done I will post back. Once the issue is fixed, you can revoke my access e.g. by changing the Super Administrator and FTP passwords.

IMPORTANT INFORMATION
In order for me to help you fast and accurately, please provide the information by copying the form below, paste it into your reply and fill in the information:

----- Access Information Form -- START -----
Super Administrator access

• URL to site's administrator page (e.g. http://www.example.com/administrator?foobar):
• Super User username:
• Super User password:

FTP connection information

• FTP methods supported (e.g. FTP, FTPS, SFTP):
• FTP Hostname:
• FTP Username:
• FTP Password:
• FTP Port (if other than 21 for FTP and 22 for SFTP, ask your host):

----- Access Information Form -- END -----

Please make sure that you have tested the Super Administrator connection using a different browser or machine than the one you are using daily. Double check that logging in is possible and that the user has Super User privileges, i.e. it's not a regular Administrator. Make sure that your site does not block whole countries or IP ranges which would make it impossible for me to log in / connect by FTP. Finally, please do make sure that the FTP connection works and that logging in to it I have access to your site's files.

Kindly note that your site connection information and your site content is handled in strict confidence. Not only we are a reputable development company, we are also bound by law (EU GDPR) to do so. After you file your reply, the connection information to your site will be stored in an encrypted, hidden storage area on our site and will be automatically deleted when this ticket is closed. Finally keep in mind that the people providing support to you are the same developers who wrote the software you're using on your site.

Thank you for access details. I tried to manually run the backup using wget a command line script.

After we execute the first step, instead of receiving a 302 HTTP code for a redirect, we receive a status of 200 and some output is produced. I can't include it since it's javascript and it would be blocked, but it's a tag to include jQuery 3.3.1.

I suspect there's another plugin that is outputting the extra code or maybe it's CloudFlare. First of all I'd suggest to update all the extensions, then try to disable CloudFlare and run a test. Do you get the same error or is it working?

Regarding CloudFlare, it could be a false positive from the detector I'm using, wappalyzer.

I can do a quick test for you, can you please update all the extensions? Maybe it was a known bug and it has been already fixed. After you updated everything please page me and I'll try again from CLI. 

Running the following command:

wget --max-redirect=10000 "https://www.piperflyer.com/index.php?option=com_akeeba&view=Backup&key=60YGGGbVRcYAAAAAAAAAAZbXD4Hhi6eucKVlpy" -O -

Produces the output in the attachment. As you can see there's something that is injecting the "script" part. This isn't something coming from the core of Joomla and it's breaking the script.

Ok, that works for me. Can you please provide access to the test site?

Am I allowed to update all the extensions there?

No, there's no need to have Watchful working there. I'll use external tools so I can double check that everything is working fine on our end.

Can you please temporary disable it or it would cause too many issues?

Before going all the way down, I had an hunch. I downloaded your latest backup, extracted it and did a quick search for "3.3.1.min", just to double check if there's some plugin manually adding that string.

Turn out, there is one. It's inside plugins/system/settings. Even if it has the Joomla header, this is NOT part of Joomla core (you can double check with a brand new installation of Joomla 3). It appears it is trying to set a cookie and then inject the jQuery string.

That's the source of the error, causing all the troubles. You should double check why there's a plugin directly outputting instead of using Joomla best practices, I suspect this is something related to the template, since it's trying to upgrade the jQuery library only on frontend.

There isn't a file named 3.3.1.min. That's the string I used to search inside the code, that file is directly loaded from jQuery CDN. The file that is injecting the extra string and it's causing issues is the following:

plugins/system/settings/settings.php

Regarding the PHP version, I didn't touch anything, I simply took a backup and downloaded it

I'm not sure if that's related to the template or not. What I can tell you is that such plugin is causing the issue. Since there's no signature in it, it's pretty hard to trace back to who developed it, I ca nonly speculate.

The issue is still there. As previously stated, the problem comes from the plugin Settings. This is not part of the Joomla core and there are no records, comments or anything explaining why it's there.

See attachment.

When I disabled it, the backup works fine.

You have to investigate if it's safe to keep it disabled on your site.

Yes I disabled it and then I enabled it again because I did not want to cause issues.

Ok let me know how it goes.

The settings plugin feels kind of "hacky": it sets a cookie and injects the jQuery script. It feels like it has been deployed just to quick fix some kind of issues.

Regarding the switch of the version, I didn't touch anything, maybe your host reverted the change? Anyway, PHP 8.0 is way more restrictive than PHP 7.4, maybe someone else switched it back because there was some kind of error somewhere?

There is no relationship between the PHP version and the settings plugin.