This does not sound like a Joomla bug, first try to repair table if it is MyIsam

• for storing extension data the installer will create an instance of JExtension which inherits store from JTable (right?)

JTable->store()   

which will do an INSERT if the COUNT of found rows for the given primary keys is not 1
... maybe it was done on purpose so as to find corrupt tables ?

In phpmyadmin or other mysql tool execute this query (replace PPP with your DB prefix):

 SELECT COUNT(*) from  PPP_extensions WHERE id = 452

[EDIT: correction] column name is: extension_id and not: id
If it returns 2 or more the DB table is invalid state
(don't just try to list records in phpmyadmin, because it will list just one)

Also it maybe relevant:
In phpmyadmin or other mysql tool, check that a record with extension_id: 452, exists in all of them
__extensions
__schemas
__updates
__update_sites_extensions

@ggppdk Γιώργο,
I 've executed the query and I got:

SELECT COUNT() from **_extensions WHERE id = 452 LIMIT 0, 25
Η MySQL επέστρεψε το μήνυμα: Τεκμηρίωση
#1054 - Unknown column 'id' in 'where clause'

?!
Also, I 've searched for the record id 452 and it only exists in plg_system_cp extension

And finally, I 've noticed that, whenever I am updating an extension via Update Sites extension (and not by uploading the file):
a) With PHP5 (my live website), I get a blank page, I refresh the page and the extension is updated with no other problems.
b) With PHP7 (my localhost test site), I get the "An error has occurred. Return to control panel" with no more info, I return to cpanel and everything looks fine again.
I had that issue today with ALF Contact update, again.

I am confused.

SELECT COUNT(*) from  PPP_extensions WHERE extension_id = 452

my mistake, I meant to write "extension_id" that is the name of the column, and not "id"
also replace "PPP" with your DB prefix

1 count. As expected. In plg_system_cp . Nothing else.

Also it maybe relevant:
In phpmyadmin or other mysql tool, check that a record with extension_id: 452, exists in all of them
__extensions
__schemas
__updates
__update_sites_extensions

Also check that the record 452 exists in all the above tables

Yeap. Did that also:
"Also, I 've searched for the record id 452 and it only exists in plg_system_cp extension"

What is plg_system_cp ?

Sorry, I meant 452 exists only in _extensions and it's the id of plg_system_cp.

Sounds to me that whatever plg_system_cp is it has been installed in a non
standard way which is why it is causing issues. No third party extension
should have an id below 10000 if it has been installed by the joomla
installer.

On 28 March 2016 at 09:12, krogias notifications@github.com wrote:

Sorry, I meant 452 exists only in _extensions and it's the id of
plg_system_cp.
[image: sql]
https://cloud.githubusercontent.com/assets/8203277/14073959/f14b1a4c-f4d5-11e5-9aba-87d097fb4339.jpg

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#9578 (comment)

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/

"This plugin provides a variety of system information and assistance for the creation of translation files."
It seems to be a system extension. Isn't' it?

It is not a core extension - if you go to extensions - manage and find it
there then you should see who the author is (assuming they didnt just copy
paste an existing manifest)

It says "Joomla! project"..
I will disable it to see what happens.

It may mean that the site has been compromised

See
http://www.joomlaportal.de/joomla-3-x-installation/310969-gel-st-update-3-2-3-auf-3-3-0-schl-gt-fehl-duplicate-entry-451-gmapfp.html#post1540405

I don't know German. Does this mean that the gmapfp causes the problem? Din't have any issues before 3.5.

It means your site has been hacked ?

• one of the installed hacks is "plg_system_cp" ?

Nice.. Perfect! :(

@krogias so can we close this issue than? If you need help with you hacked site the http://forum.joomla.org can help you :)

Yeap. Closed. I 've cleaned it already. Thanks for the help!

The malicious script is installed with the Gmapfp extension J3.38F, now present in VEL https://vel.joomla.org/live-vel

Thank you @dfrassi ,
I will contact the developer because gmapfp is one of the most important
components in my site.
What does this script do?

Hi,

It isn't a malicious script.
If you check the code you see that is just a plugin for protect the link for the copyright of GMapFP.

I have forget to rename it. I will rename it in the for the new vesrions.

Sorry for the disturbe.

No disturb for me. Just inform them. :)

2016-04-02 13:39 GMT+03:00 fabrice4821 notifications@github.com:

Hi,

It isn't a malicious script.
If you check the code you see that is just a plugin for protect the link
for the copyright of GMapFP.

I have forget to rename it. I will rename it in the for the new vesrions.

Sorry for the disturbe.

—
You are receiving this because you modified the open/close state.
Reply to this email directly or view it on GitHub
#9578 (comment)

if a plugin is installed as a system plugin, for me is malicious because
the joomla 3.5 update fails.

2016-04-02 12:39 GMT+02:00 fabrice4821 notifications@github.com:

Hi,

It isn't a malicious script.
If you check the code you see that is just a plugin for protect the link
for the copyright of GMapFP.

I have forget to rename it. I will rename it in the for the new vesrions.

Sorry for the disturbe.

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#9578 (comment)

The problem was NOT that it was a system plugin - that is perfectly
acceptable

The problem was that it was installed with the wrong ID and had the wrong
creation date and author

On 2 April 2016 at 13:14, David notifications@github.com wrote:

if a plugin is installed as a system plugin, for me is malicious because
the joomla 3.5 update fails.

2016-04-02 12:39 GMT+02:00 fabrice4821 notifications@github.com:

Hi,

It isn't a malicious script.
If you check the code you see that is just a plugin for protect the link
for the copyright of GMapFP.

I have forget to rename it. I will rename it in the for the new vesrions.

Sorry for the disturbe.

—
You are receiving this because you were mentioned.

Reply to this email directly or view it on GitHub
<#9578 (comment)

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#9578 (comment)

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/

Sorry, not a simple system plugin but a protected system plugin. Not
removable. We can remove it only if we update the #_extensions table.
Il 02/Apr/2016 13:17, "Brian Teeman" notifications@github.com ha scritto:

The problem was NOT that it was a system plugin - that is perfectly
acceptable

The problem was that it was installed with the wrong ID and had the wrong
creation date and author

On 2 April 2016 at 13:14, David notifications@github.com wrote:

if a plugin is installed as a system plugin, for me is malicious because
the joomla 3.5 update fails.

2016-04-02 12:39 GMT+02:00 fabrice4821 notifications@github.com:

Hi,

It isn't a malicious script.
If you check the code you see that is just a plugin for protect the
link
for the copyright of GMapFP.

I have forget to rename it. I will rename it in the for the new
vesrions.

Sorry for the disturbe.

—
You are receiving this because you were mentioned.

Reply to this email directly or view it on GitHub
<
#9578 (comment)

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
<#9578 (comment)

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#9578 (comment)

@dfrassi When we found about it, I deleted it from #_extensions (id 452). Does this mean that this missing extension id number will cause problems with future joomla updates?!
I mean I have 451, gap, 453, 454 etc... Is that a problem for the joomla system?

I don't think so
Il 02/Apr/2016 14:23, "krogias" notifications@github.com ha scritto:

@dfrassi https://github.com/dfrassi When we found about it, I deleted
it from #_extensions (id 453). Does this mean that this missing extension
id number will cause problems with future joomla updates?!
I mean I have 452, gap, 454, 455 etc... Is that a problem for the joomla
system?

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#9578 (comment)

Hi,

In the 3.39F version I rename the plugin. I had built it from a system plugin and I had not renamed.

The code of this plugin is

    if (JFactory::getApplication()->isSite()) {
        $doc = JFactory::getDocument();
        $cacheBuf = $doc->getBuffer('component');

        $find_1 = strpos($cacheBuf, '<div\>');
        $find_2 = strpos($cacheBuf, '<form\>');
        if ($find_1 or $find_2){
            $html = '';
            $html .= '<div style="text-align:center;">';
            $html .= '<a href="http://gmapfp.org" target="_blank">GMapFP</a>';
            $html .= '</div>';
            if ($find_1) $cacheBuf = str_replace('<div\>', $html.'</div>', $cacheBuf);
            if ($find_2) $cacheBuf = str_replace('<form\>', $html.'</form>', $cacheBuf);
            $doc->setBuffer($cacheBuf ,'component');
        }
        return true;
    }

There are nothing malicious !

You can delete this plugin by phpmyadmin and reinstall GMapFP

This plugin is used only for the free version. If you used the Pro version, you can remove it.

@fabrice4821 reinstall FMapFP from the scratch!?

That's better :)
Στις 2 Απρ 2016 20:56, ο χρήστης "fabrice4821" notifications@github.com
έγραψε:

This plugin is used only for the free version. If you used the Pro
version, you can remove it.

—
You are receiving this because you modified the open/close state.
Reply to this email directly or view it on GitHub
#9578 (comment)