We got a call this afternoon from a very large company that outsource development work on its Joomla website to us. Everything works fine on their website, except for K2 attachments: a 404 error is display when someone clicks on any link to a K2 attachment.
A quick research on the topic blamed one or all of the following:
- Joomla’s SEF
- sh404
- Cache
As tempting as it is to blame any of the above (especially Joomla’s SEF, which is the root of nearly half of the problems on Joomla), we couldn’t find how they were related to the problem. First, the website wasn’t using SEF and didn’t even have sh404 installed. Second, we disabled caching and cleared the cache as well, but still the problem was still there!
Unfortunately, all the solutions that we found in our research did not work for us (although some people claimed to have successfully implemented these solutions), and so we did our own debugging of the problem, and we discovered that the issue really lied in the file called item.php which is located under the /administrator/components/com_k2/models directory. The problem lied specifically in the following piece of code (line 933 to line 941 of the aforementioned file):
if ($mainframe->isSite())
{
$token = JRequest::getVar('id');
$check = JString::substr($token, JString::strpos($token, '_') + 1);
if ($check != JUtility::getHash($id))
{
JError::raiseError(404, JText::_('K2_NOT_FOUND'));
}
}
If you’re a programmer, you will understand that the above code expects a specific hash in the URL (based on the ID of the attachment). If that hash doesn’t exist, or is not as expected, then Joomla is instructed to throw a 404 error page. We think that this is highly misleading, especially because the K2_NOT_FOUND error does not state that the hash is incorrect or does not exist – it just displays a standard “404 – Not found” error.
So, how can the problem be fixed easily?
To easily fix the problem, all that one needs to do is to comment the above code (by adding “/*” at the beginning of the code and “*/” at its end) in the file item.php and upload it back to the /administrator/components/com_k2/models directory. So the code will be:
/* if ($mainframe->isSite())
{
$token = JRequest::getVar('id');
$check = JString::substr($token, JString::strpos($token, '_') + 1);
if ($check != JUtility::getHash($id))
{
JError::raiseError(404, JText::_('K2_NOT_FOUND'));
}
} */
This will fix the problem in a split second!
But, is there another way to fix the problem without modifying K2’s core?
Yes – there is. All that you need to do is to add the hash in the generated URL. So, if your generated URL is like this:
http://www.yourjoomlawebsite/index.php?option=com_k2&view=item&task=download&id=[id]
Then you should change it to the following:
http://www.yourjoomlawebsite/index.php?option=com_k2&view=item&task=download&id=[id]_[hash] (notice the presence of the underscore)
Where [hash] is the return value of the function JUtility::getHash() when [id] is passed as a parameter. (note that your URL should not contain the brackets, the brakcets are there just to highlight these variables)
Why did we mention the core hack first?
Usually, we recommend against modifying the core – but in this situation, we think that modifying the core is the lesser of two evils, because we believe that K2’s core is wrong. Why? Well, K2 now requests the presence of a hash in the URL (it’s not even an option not to include it), which creates several problems, especially SEF problems, and, in all fairness, the hash has no reason to be there in the first place. Additionally, if you have that download link in several places, then fixing it can be annoying, tedious, and, of course, error prone!
But what if you need help fixing this problem?
If you’re facing the same problem (where K2 attachments are returning a 404 error) then fear not – we’re just either an email or a phone call away! Just contact us and we’ll fix the problem for you as soon as possible. Our fees are affordable, our work is professional, and our we’re very, very fast!
Thanks for your investigative work, this resolved the same issue for me. Appreciate you taking the time to publish the fix. FYI, the issue arose from an upgrade from Joomla 1.5 to Joomla 3.6.