Joomla! Discussion Forums

On a local testing site, one can live with extraneous files not overwritten by RC2.
But on a live site?
As some vulnerabilities have been solved in RC2, it is useful to let users know if any of these extraneous files are vulnerable, and if any, list them for users to delete by ftp.

It would be trivially easy to remove those files that have a last modified date prior to the upgrade date (except configuration.php, .htaccess, etc., of course).  That would be much more certain than any statement from the developers (which might even be wrong!).

Regards,
Chris.

Trivially easy? Not a fun thing to do on shared hosting where most people are. I would personally do a reinstall, copy over template and configuration.php, and point to old database.

I was asking the question because I already was asked about this matter and the Announcement suggested to forget about this until final release.

I do think indeed that it is easier and safer to reinstall and point to the old db, after importing the dif.sql
Easier but not easy for all though as some users have also installed legacy or 1.5 extensions.

A user would not only have to keep configuration.php and custom templates but also keep a copy of all 3pd extensions files installed when in RC1 and then ftp them back. As some extensions have files in various folders, that may become a painful task.

Is it possible though that someone makes a diff between RC1 and RC2 to get a list of files who do not exist in the later?
I suppose we would get the path too in the diff. It would then be easy for all to delete these through ftp.
I would be happy to do that if someone tells me what soft I could use on Mac.

It is always bad to have old files in the directorys. In 98% of all cases this ist not really a security problem. But it is possible. Hence it is a wise decision to remove this files.

I will tell you the way I do this. I am using a synchronizer. You can synchronize your local folder with the remote host. There are tools which deletes all files on the server which do not exist locally. Of course you have to be careful. Some folders, like images contains uploaded stuff. So you have to update it local or leave it out. This is no problem.

FTP synchronizing is a little bit difficult because the file dates may be different. A better way is to use WebDAV. With Directory Opus you can synchronize all files within 15 minutes. Just klick one button and the program will do the rest. 

I know how do to this personally as I use CaptainFTP on the Mac and Sync is a very useful feature. 

Problem is that most users would not have/know how to do that.
Therefore a file list posted here could do the trick IMO.

Take RC1 and RC2, use Beyond Compare and create a file list with two mouse clicks. 

As I said, I am on Mac...
Beyond compare is windows only.

Found an app for Mac.

There are 302 141 files to delete... 
(Thanks for correction, Chris)
List attached underneath.

Your file lists only 141 files of which:-

88 are in the installer which should be deleted after use anyway.
5 are folder names which appear to have been listed redundantly.
5 are empty index.html files which merely act to prevent directory listings.
15 are images
6 are CSS files
12 are JavaScript files

That leaves just 10 files.  You might like to check your list though if you think that were 302 files to delete.

Regards,
Chris.

Thanks Chris, for checking...
Obviously my shareware demo diff program did not present things correctly.

Maybe you could help all by just listing the 10 files?

EDIT: I figured the 302 figure. It was counting unique items in both folders, i.e. 141 in RC1 and 181 in RC2. 

Is that list correct then?

Err, I didn't keep the list as I figured it was probably wrong given that you started with 302. 

However, from memory it looks right.

Regards,
Chris.

Can this one be closed down ?

I don't mind locking it but don't you think it would be useful to let users know in a more proeminent place than "1.5 upgrading" about this possible issue and quite easy solution?
Adding a link to the Upgrading post in the main site announcement for example.

Bumping and moving to documentation forum.

Are you saying that every time you update with a nightly build you REINSTALL?!
Isn't that time consuming?  But probably much cleaner and the install doesn't require that much extra time, right?

Everything I will need is in these three:
  Database
  Templates folder
  configuration.php file
?

This sounds a lot more like what I would prefer to do... but I am nervous about making a mistake.


So, here are the steps I think I should follow, would someone inform me if I am accurate?
  1) download the most recent release candidate for Joomla 1.5
  2) upload
  3) run the install, inputting all the necessary data related to the database
  4) replace Templates folder and configuration.php on the newly installed version

Is there any danger in two joomla configurations pointing to the SAME database?  I mean can I simultaneously run two configurations for the same database before abandoning one?




Please advise,
bam

Ok, I was able to get this fully uploaded.  But I am still getting an error when any user attempts to upload a new image through the Article Submission interface.  I get this error: Upload failed (403) :: as mentioned here: http://forum.joomla.org/index.php/topic ... msg1095811

Additionally, I still have a text wrapping issue with some of the articles that are submitted.  I have been unable to locate any difference in the code of each article, here is the page in question: http://www.sourceforwellbeing.com/sandb ... 9429017660
:: again mentioned here: http://forum.joomla.org/index.php/topic ... msg1095799


It would be lovely if I could get answers to these issues.  Thank you.