The Joomla! Forum ™

Download

Demo


Board index » Joomla! Announcements » Announcements » Announcements Discussions

Forum rules


Please click here to view the forum rules



Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 2 of 4
  [ 105 posts ]  Go to page Previous  1, 2, 3, 4  Next
  Print view Previous topic | Next topic 
Author Message
astridv
PostPosted: Tue Aug 29, 2006 11:38 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Aug 29, 2005 12:48 pm
Posts: 25
If you have loads of sites to patch:
- change globals.php before uploading (so Emulation is off)

- note that the configuration.php has only ONe extra line $mosConfig_mbf_content='0';
Rather than filling out all the config details I added the one line to all config files.

- Overwrite the admin.mambots.php in the package with the changed one.
Top
 Profile  
 
mporcheron
PostPosted: Tue Aug 29, 2006 11:59 am 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Mon May 29, 2006 5:45 pm
Posts: 224
Location: UK
sgabbio wrote:
done from 1.0.10 to 1.0.11 overwriting files with Filezilla FTP client.
at first time polls and some menus in the backend didn't work well.
at second overwriting it works well but:
- JCE comp: if i chose JCE Configuration from the menu an alert says: Restricted Access and i can't access jce config (even if it's still working)
- JACPLUS: doesn't work so i've uninstalled it and now i'm re-installing it.



I know for sure that the JCE config is a mambot and subsequently requires the offical patch for the mambots section.  See edition at the end of this post: http://forum.joomla.org/index.php/topic ... 55967.html.

Upload it to administrator/components/com_mambots

_________________
Martin Porcheron - mpwebwizard.com
Top
 Profile  
 
slyboots
PostPosted: Tue Aug 29, 2006 12:16 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Jan 08, 2006 9:01 pm
Posts: 34
astridv wrote:
If you have loads of sites to patch:
- change globals.php before uploading (so Emulation is off)

- note that the configuration.php has only ONe extra line $mosConfig_mbf_content='0';
Rather than filling out all the config details I added the one line to all config files.

- Overwrite the admin.mambots.php in the package with the changed one.


Thanks astridv - your post saved me a lot of time!

_________________
Martin
Top
 Profile  
 
ahmad
PostPosted: Tue Aug 29, 2006 12:20 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Fri Apr 07, 2006 4:02 pm
Posts: 893
Location: Egypt
Upgraded to 1.0.11 with no problems :)
I uploaded the file through FTP manually

I noticed a new menu item ( Check Version ) Under ( System )


Nice work guys :)

_________________
Joomla! Fan
http://www.alfystudio.com
Top
 Profile  
 
globule
PostPosted: Tue Aug 29, 2006 12:29 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Aug 30, 2005 9:11 pm
Posts: 551
Location: Aix-En-Provence, France
As previous updates, some small bugs sometime appear with the upgrade patch.
Upolading the full package solved them.

What I recommend to do :
- use the file manager from your hoster panel to create a copy of your site in a subdirectory (faster than FTP)
- correct the configuration file, and .htaccess if needed
- upload the upgrade
- test this copy (mysite.com/mycopy) as deep as you can : regiter a new user, submit a new article, create a new section etc...

If it works correctly, apply to the production site.
This prevents from bugs if you hacked something and forgot it!

_________________
May the forge be with you!
http://www.joomlation.eu (intl)
http://www.joomlation.org (fr)
Top
 Profile  
 
infograf768
PostPosted: Tue Aug 29, 2006 12:58 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 16641
Location: **Translation Matters**
Quote:
$mosConfig_mbf_content='0';


What is that one for?
I indeed see it in the dist file.

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group
Top
 Profile  
 
Robin
PostPosted: Tue Aug 29, 2006 1:05 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15750
Hi JM,

From what I can recall, this is for MambelFish, now known as Joom!Fish multilanguage extension...

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin
Top
 Profile  
 
chris_t
PostPosted: Tue Aug 29, 2006 1:17 pm 
Joomla! Intern
Joomla! Intern

Joined: Mon Mar 27, 2006 4:31 pm
Posts: 80
this is a real pain in the backside. i only finished upgrading to 1.0.10 last week, as i've made dozens of small hacks throughout. to now have to go through that all again is unfortunate to say the least.

can anyone tell me, briefly, how 1.0.10 and 1.0.11 differ? i've already secured register_globals, emulation, magic quotes, my .htaccess etc. why do i still need to upgrade?
Top
 Profile  
 
Robin
PostPosted: Tue Aug 29, 2006 1:20 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15750
Hi chris_t,

Check the full changelog to see whats been changed/fixed: http://www.joomla.org/content/view/1841/78/
As you can see quite a lot of security fixes. My advice would be to upgrade, even if it means fixing/patching your files again.

Regards Robin

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin
Top
 Profile  
 
infograf768
PostPosted: Tue Aug 29, 2006 1:24 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 16641
Location: **Translation Matters**
RobInk wrote:
Hi JM,

From what I can recall, this is for MambelFish, now known as Joom!Fish multilanguage extension...


hmmm.. Wondering... I see it in the dist indeed for ages (saw it in a 1.0.7 at least) but a new install does not populate it.

How is it I have a Joomfish driven site and this config is nowhere to be seen in the admin?
Maybe it is only an artefact of the old mambelfish times and beginning of Joomla.  ;)

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group
Top
 Profile  
 
Robin
PostPosted: Tue Aug 29, 2006 1:29 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15750
Quote:
Maybe it is only an artefact of the old mambelfish times and beginning of Joomla.


Think so too, also implemented several multilanguage sites, never seen it as an option in global config either.

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin
Top
 Profile  
 
crash777
PostPosted: Tue Aug 29, 2006 1:38 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Sat Sep 03, 2005 1:56 am
Posts: 334
Location: Upstate New York
While this is nice to know... it does not call out files that were modified. Is there a list that shows which files were modified?

RobInk wrote:
Hi chris_t,

Check the full changelog to see whats been changed/fixed: http://www.joomla.org/content/view/1841/78/
As you can see quite a lot of security fixes. My advice would be to upgrade, even if it means fixing/patching your files again.

Regards Robin

_________________
Thanks!
Aaron
Top
 Profile  
 
crash777
PostPosted: Tue Aug 29, 2006 1:38 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Sat Sep 03, 2005 1:56 am
Posts: 334
Location: Upstate New York
webgyrl wrote:
If anyone else is using Fantastico:

I just did the upgrade by FTPing the files using FileZilla to my site. It upgraded fine.
For upgrade instructions go here:
http://forum.joomla.org/index.php/topic,33226.0.html

Fantastico is sensitive and though I never doubted that an upgrade would work, I wonder if it will "break" the link to Fantastico rendering future upgrades in fantastico useless..

Wondering when we can expect an official upgrade through Fantastico or do they only wait for major releases?

_________________
Thanks!
Aaron
Top
 Profile  
 
micoots
PostPosted: Tue Aug 29, 2006 1:47 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Apr 21, 2006 7:38 pm
Posts: 37
Hi,

infograf768 wrote:
WARNING!
------------GLOBAL MOD EDIT: last minute small bug found in admin.mambots.php
While waiting for new package, find file below.

This is an official fix!


I used the latest 1.0.10 to 1.0.11 bz2 patch file from forge.joomla.org with md5sum:

6af7ded3b0cd8c9988e1ee4e8698142c  Joomla_1.0.10_to_1.0.11-Stable-Patch_Package.tar.bz2

This md5sum didn't match what was posted on the md5sums link on this site, but I think it's still ok since there was an "original" Joomla_1.0.10_to_1.0.11-Stable-Patch_Package.tar.bz2 file posted first which I believe matched the original md5sum on this site.

Either way, I grabbed the file you announced here and transferred it to my server.

I use JCE so will test and hope all is ok.

Thanks.

Michael.
Top
 Profile  
 
RobS
PostPosted: Tue Aug 29, 2006 2:24 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
chris_t wrote:
this is a real pain in the backside. i only finished upgrading to 1.0.10 last week, as i've made dozens of small hacks throughout. to now have to go through that all again is unfortunate to say the least.

can anyone tell me, briefly, how 1.0.10 and 1.0.11 differ? i've already secured register_globals, emulation, magic quotes, my .htaccess etc. why do i still need to upgrade?


1.0.11 addresses several vulnerability possibilities in Joomla and in PHP itself... the most notable of the PHP vulnerabilities is the Zend_Hash_Key_Del_Or_Index () but that could allow an attacker to potentially feed malicious data to any PHP script via the URL.  It also addresses a potential spamming issue that required a pretty extensive fix and some smaller SQL injection and XSS vulnerabilities.  Some of those vulnerabilities we rank as critical as they can lead to compromise of the website while most of them are very low risk.  For a list of the files that have been changed since 1.0.10, just download one of the 1.0.10 -> 1.0.11 patch packages as that will only contain the files that have been modified but keep in mind there have been several files modified.

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
Top
 Profile  
 
chris_t
PostPosted: Tue Aug 29, 2006 3:21 pm 
Joomla! Intern
Joomla! Intern

Joined: Mon Mar 27, 2006 4:31 pm
Posts: 80
i've upgraded again and am making my little hacks again.

EDIT: page title problems sorted - includes/joomla.php was the offending file.

linked titles no longer work in 1.0.11. i notice a discrepancy between the two most recent versions, in content.html.php (line 580):

new:

Quote:
$row->link_on = sefRelToAbs( 'index.php?option=com_content&task=view&id=' . $row->id . $row->Itemid_link );


old:

Quote:
$link_on = sefRelToAbs("index.php?option=com_content&task=view&id=".$row->id."&Itemid=".$_Itemid);


the result: now, when linked titles are turned on, the url is my site url, rather than the full content url. help please?


Last edited by chris_t on Tue Aug 29, 2006 4:46 pm, edited 1 time in total.

Top
 Profile  
 
adewinne
PostPosted: Tue Aug 29, 2006 3:40 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Jan 11, 2006 2:05 pm
Posts: 8
I upgraded from 1.0.10 to 1.0.11 everything seemed fine. I set define( 'RG_EMULATION', 0 ); in globals.php. But this morning I tried to edit a mambot setting and keep getting a 'restricted access' popup. Then it goes back to the list of mambots. The mambot I was trying to edit is now locked. This happens for ALL mambots.

JCE component seems to have the same problem. All other components and modules seem to be fine so far.

Help!


------

:) http://forum.joomla.org/index.php/topic ... html  and upload admin.mambots.php fixes the problem above.


Alex


Last edited by adewinne on Tue Aug 29, 2006 3:48 pm, edited 1 time in total.

Top
 Profile  
 
JacquesL
PostPosted: Tue Aug 29, 2006 3:43 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Tue Nov 22, 2005 6:24 am
Posts: 4
Location: Lyon (France)
Bug with 1.0.11 : non more statistics of printed pages in the administrator back-end.
I regret them !

On my site, the hacker installed twice a Cshell and his own folders and programs with CRONs, with the help of pirating the component mambowiki.

I do not know how to set register_globals on OFF. Each time I try to use a .htaccess for that, the only result is to block all access. I am on 1and1.fr.

Can somebody explain me the right steps ? Thank you by advance !
Top
 Profile  
 
jeepn
PostPosted: Tue Aug 29, 2006 4:11 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Wed Jan 04, 2006 4:43 pm
Posts: 105
infograf768 wrote:
WARNING!
------------GLOBAL MOD EDIT: last minute small bug found in admin.mambots.php
While waiting for new package, find file below.

This is an official fix!


So is there going to be a forthcoming 1.0.12 soon?  Or is 1.0.11 being re-packaged?

Thanks
Top
 Profile  
 
joomlasolutions_JB
PostPosted: Tue Aug 29, 2006 4:11 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Wed Aug 17, 2005 11:07 pm
Posts: 355
from the link on the joomla front site announcement, it says ( SUNBIRD )  but when i followed that link,downloaded and applied the patch from 1.0.10 to 1.0.11 I get (SUNBOW ) on my admin. What does that mean? is it wrong release?


joomla front page announce: Joomla! 1.0.11 [ Sunbird ] is now available as of Monday 28th August 2006 24:00 UTC

admin footer after applying patch to site: Joomla! 1.0.11 Stable [ Sunbow ] 28 August 2006 20:00 UTC

also, when i look in the admin, it tells me:

Your version of Joomla! [ 1.0.11 Stable ] is
2 days old


how 2 days old??



if there is going to be a fixed release of 1.0.11 planned in the next few hours or days, i would VERY much like to know, since I and many others have multiple sites to patch...


tell us

_________________
Joomla! Template Shop www.joomlathemes.org

Joomla Template Club
[URL=http://templateclub.mambosolutions.com]templateclub.mambosolutions.com
[/URL]


Last edited by joomlasolutions_JB on Tue Aug 29, 2006 4:22 pm, edited 1 time in total.

Top
 Profile  
 
jtruelson
PostPosted: Tue Aug 29, 2006 4:58 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Aug 19, 2005 1:40 pm
Posts: 18
Quote:
Looks like Websmurf has Joomlaboard listed as one of those extensions fixed due to the RG_EMULATION flag. Check this post for the upgrade: < http://forum.joomla.org/index.php/topic,86525.0.html >.


Thank you, Amy, thank you Websmurf  - that fixed it.  :)

_________________
Jon Truelson
Media Consultant
Top
 Profile  
 
leolam
PostPosted: Tue Aug 29, 2006 5:32 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Aug 29, 2005 10:17 am
Posts: 12025
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Thanks to all devs and testers for fixing the next layers of security holes. I would appreciate a clarification please on what this is meant to mean:

Quote:
------------GLOBAL MOD EDIT: last minute small bug found in admin.mambots.php
While waiting for new package, find file below.
* admin.mambots.php.zip (4.14 KB - downloaded 101 times.)
« Last Edit: August 29, 2006, 08:57:23 PM by infograf768 »


Is this a repack with already identified bugs/additional changes (a sort of 1.0.11a) or is it going to be 1.0.12?

please advise? We are not waiting to upgrade so many customers every two days or so  ;)

cheers
Leo

_________________
--- Joomla Professional Support Services :: http://gws-desk.com ---
--- Joomla Professional and Specialized Hosting :: http://gws-host.com ---
--- Ready to Roll Joomla! Web Sites : 1 - 7 days only! :: @ gws-market.com ---
Top
 Profile  
 
alibroon
PostPosted: Tue Aug 29, 2006 6:24 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Aug 28, 2005 11:00 pm
Posts: 9
I've got a problem upgrading from 1.0.7 to 1.0.11
Template is out of whack and the login gives me the following
Fatal error: Call to undefined function: josspoofvalue() in /homepages/mysite/modules/mod_login.php on line 91


I can get into control panel but when I go to modules>site modules
my-site/administrator/components/com_modules/admin.modules.php on line 28
It's also telling me that it is still at version 1.0.7
Am I missing something?
What to do ???


Last edited by alibroon on Tue Aug 29, 2006 6:57 pm, edited 1 time in total.

Top
 Profile  
 
joomlan
PostPosted: Tue Aug 29, 2006 6:44 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Sun Jul 16, 2006 1:21 pm
Posts: 345
Hi,

I upgraded it to 1.11 ,but I am getting this message now :Restricted access for both Admin & Front end  !! What did I do wrong ?
I copied the folders in the patch to the same locations on the server and overwrote them !! How can I fix this ?
What are the steps to upgrade ? What did I miss ?


Thanks
Top
 Profile  
 
jeepn
PostPosted: Tue Aug 29, 2006 7:00 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Wed Jan 04, 2006 4:43 pm
Posts: 105
If anyone is having troubles with upgrading... head here:

http://forum.joomla.org/index.php/board,36.0.html


;)
Top
 Profile  
 
zuze
PostPosted: Tue Aug 29, 2006 8:34 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Sat Feb 11, 2006 9:43 pm
Posts: 292
Location: Birmingham, USA
jtruelson wrote:
It is good to know that security take precedence here.  I have 29 or so Joomla sites to patch. 
I've done two so far.  Problem with Joomlaboard (latest version) encountered.

Selecting an existing topic throws the following:

An invalid post id was requested.

\n

any thoughts on this?


I had that same problem when I updated to Joomla 1.0.10. And I am not the only one. Have not found the answer yet, not on these bords not Joomlaboard forum borads.

_________________
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org
Top
 Profile  
 
nandoprieto
PostPosted: Tue Aug 29, 2006 8:36 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Thu May 25, 2006 2:48 pm
Posts: 1
I upgraded "immediately" from 1.0.10 to Joomla 1.0.11 and when I try to install any template, language, component, module or mambot this is what I have:

Fatal error: Cannot instantiate non-existent class: ftphostaccnt in /vhosts/ecc.univalle.edu.co/administrator/components/com_installer/admin.installer.html.php on line 160

I suspect this is caused because recently I uploaded the SafeMode patch for Joomla 1.0.10 which can be found at http://developer.joomla.org/sf/frs/do/l ... 4BD54DD761

If so, where can I fing the safe mode patch for Joomla 1.0.11? ???

If not, what did I do wrong? :(

Thank you very much in advance.

Fernando


Last edited by nandoprieto on Tue Aug 29, 2006 10:17 pm, edited 1 time in total.

Top
 Profile  
 
chunkybacon
PostPosted: Tue Aug 29, 2006 8:38 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Mon Jun 26, 2006 4:20 pm
Posts: 1
Is there a way to be notified via email for *only* security updates?
Top
 Profile  
 
brad
PostPosted: Tue Aug 29, 2006 8:40 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 12:38 am
Posts: 13379
Location: Sydney - Australia
chunkybacon wrote:
Is there a way to be notified via email for *only* security updates?

Please subscribe the the announcement section of this forum. See frontpage of forum, all is explained:
Quote:
Announcements from the Joomla! Core Team for the attention of all Users. We encourage all Joomla users to subscribe to announcements by Clicking Here.

_________________
Brad Baker - Follow me on Google+
http://www.rochen.com - Joomla! Hosting, the correct way.
http://www.joomlatutorials.com <-- Joomla Help & Tutorials
^Now with Joomla 2.5 and Joomla 3.0 Tutorials
Top
 Profile  
 
Robin
PostPosted: Tue Aug 29, 2006 8:42 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15750
Hi,

At zuze, about the issue with joomlaboard, check http://forum.joomla.org/index.php/topic,86525.0.html
Register globals emulation = 0 is causing problems with several extensions. You will find a fix in that topic.

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 2 of 4
  [ 105 posts ]  Go to page Previous  1, 2, 3, 4  Next


Board index » Joomla! Announcements » Announcements » Announcements Discussions

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group