The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 154 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
PostPosted: Fri Oct 12, 2012 6:34 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Oct 09, 2012 11:32 pm
Posts: 8
It's hardly a core hack!
The code was taken directly from the latest release of Joomla 2.5

Are you saying 2.5 exposes joomla to high security risk?


Top
 Profile  
 
PostPosted: Fri Oct 12, 2012 9:18 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25004
Location: @Webdongle
@3rdlion

And what happens when the Host updates the php version is no longer used ? With no Magic quotes and the code to prevent sql injection has been removed ?

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Sat Oct 13, 2012 12:00 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25004
Location: @Webdongle
3rdlion wrote:
It's hardly a core hack!
The code was taken directly from the latest release of Joomla 2.5

Are you saying 2.5 exposes joomla to high security risk?

Then if you update Joomla you will not need to edit it. And if you use some code from the latest version and don't update Joomla then you will have a mismash of code that was not intended to placed together.

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Sat Oct 13, 2012 12:06 pm 
Joomla! Virtuoso
Joomla! Virtuoso

Joined: Sat Oct 01, 2011 7:06 pm
Posts: 3925
Yes, just like with every other override!


Top
 Profile  
 
PostPosted: Tue Oct 16, 2012 6:16 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Mon Mar 24, 2008 4:04 pm
Posts: 120
duanemitchell wrote:
Can't install without turning magic quotes off in 3.0. I've searched around for a solution and tried a couple without success.

I created a php.ini file in the public_html with the line "magic_quotes_gpc=off", that didn't work.

Gonna open a ticket with Namecheap and see what they say.

I'd be happy to hear any suggestions.


Thank you;

_________________
Fashions http://www.fashionsjamaica.com/


Real Estate http://www.realjamaicaestate.com


Top
 Profile  
 
PostPosted: Tue Oct 16, 2012 8:56 pm 
Joomla! Hero
Joomla! Hero

Joined: Tue Aug 23, 2005 1:56 pm
Posts: 2398
Location: Kent / Sussex / Surrey border UK
I have magic quotes on and managed to install 3 OK but I can not insert images into modules or content,just a row of escaped figures.
EDIT. My host has now turned off magic quotes and I can now insert images.

_________________
http://www.gadsolutions.biz Electrical services
http://www.electrical-testing-safety.co.uk Testing services


Top
 Profile  
 
PostPosted: Wed Oct 17, 2012 4:56 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Oct 17, 2012 4:50 pm
Posts: 1
duanemitchell wrote:
I got a solution with the help of support at Namecheap. I added this line to my .htaccess:
Code:
suPHP_ConfigPath /home/username/public_html

where username is my cPanel login username.

This was AFTER I used the cPanel tool "Tweak php.ini". That created a full featured php.ini file at the top level of public_html. That had magic quotes on, I set them to off. Then the above .htaccess addition worked to apply that php.ini config to the entire directory.

So I guess, for me on Namecheap as a host, my Joomla 3.0 install procedure would be to create the php.ini with magic_quote_gpc off and then add the above line to .htaccess.

If that doesn't work then I'll use the trick mentioned above of adding the 2 line php.ini to the installation folder, run the installation, then do the above 2 steps.


Nice articles duane. Tried it and it works!

Awesome!


Top
 Profile  
 
PostPosted: Fri Oct 19, 2012 11:03 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Oct 09, 2012 11:32 pm
Posts: 8
@Webdongle
Webdongle wrote:
And what happens when the Host updates the php version is no longer used ? With no Magic quotes and the code to prevent sql injection has been removed ?


As I said earlier, this code is designed to only activate IF magic quotes is set to ON.
If magic quotes is off, then Joomla 3.0 will run the code that it was designed to run.

So, it's fool proof! It will allow your host to switch on and off magic quotes with no effect on your site. Isn't that a better option than only catering for one option?

The code to prevent sql injection is up to the individual extension developer. If they have written their code correctly for 2.5 then this is a non-issue. Again, this is just Joomla 2.5 core code running in Joomla 3.0 core and most 2.5 extensions need little tweaking to run in 3.0 (If you're tweaking your extension to remove sql injection measures, YOU'RE DOING IT WRONG!) :eek:


Top
 Profile  
 
PostPosted: Sat Oct 20, 2012 12:00 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25004
Location: @Webdongle
So you are saying that
You are putting code from 2.5.7 into 3.0.1 that allows 3.0.1 that allows it to run with magic_quotes on. Is that it ?

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Sat Oct 20, 2012 9:33 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Wed Aug 17, 2005 10:27 pm
Posts: 14715
Location: Kent, England
3rdlion wrote:
As I said earlier, this code is designed to only activate IF magic quotes is set to ON.
If magic quotes is off, then Joomla 3.0 will run the code that it was designed to run.

So, it's fool proof! It will allow your host to switch on and off magic quotes with no effect on your site. Isn't that a better option than only catering for one option?

The code to prevent sql injection is up to the individual extension developer. If they have written their code correctly for 2.5 then this is a non-issue. Again, this is just Joomla 2.5 core code running in Joomla 3.0 core and most 2.5 extensions need little tweaking to run in 3.0 (If you're tweaking your extension to remove sql injection measures, YOU'RE DOING IT WRONG!) :eek:


If you believe you have a solution to what may be an issue then you should run it past the developers/bug squad.
https://groups.google.com/forum/?fromgroups=&pli=1#!forum/joomlabugsquad That is a far better forum for your "solution" than well this forum ;) Also post a link to the discussion that you do start on there to this thread and vice versa so people can follow the whole thing.


Top
 Profile  
 
PostPosted: Wed Oct 31, 2012 3:22 pm 
User avatar
Joomla! Fledgling
Joomla! Fledgling

Joined: Fri Nov 23, 2007 10:59 am
Posts: 3
Location: North Yorkshire
On or Off, to be or not to be..... I have read all the fantastic advice that people give on these forums, and I just need to go and have lie down, my head is spinning. Having fallen in love with the idea of cms back in the mambo days and enjoyed using it for many years, I am now very close to looking for alternatives.

I have had the option of installing through cpanel installers or uploading direct, Backing up the entire site and dbase and moving hosts or servers, Simple.! Such a brilliant concept. My youth group leaders could log in and update the events, likewise the lady from the church who had be talked through her log in procedure every time ! In other words Joomla was idiot proof.

Suddenly, things have changed, NOW I have to change hosts, ( I use two ) Or tweak my ini or htaccess files. Make hacks to the core .... or not.
Images now display with a series of "\\""\\""\\ or more.

I know there are many Joomla lovers who like me make it the preferred option for web builds, because it was SIMPLE.
It worked out of the box. Joomla 3 seems to have lost that advantage.
I apologise for this being a little rant and in the wrong place, Just a knee jerk reaction. But I wanted to say it.

I know it says I am a Fledgling, possibly because my first post was in Oct 2009, This is my second.
THATS what I mean about simple. !


Top
 Profile  
 
PostPosted: Wed Oct 31, 2012 3:50 pm 
Joomla! Hero
Joomla! Hero

Joined: Tue Aug 23, 2005 1:56 pm
Posts: 2398
Location: Kent / Sussex / Surrey border UK
You just have to get your host to turn off magic quotes and voila you have a cms far superior to what mambo could ever have been. The answer is "to be" If you are on a production site then use 2.5 if not play away with 3. Enjoy....

_________________
http://www.gadsolutions.biz Electrical services
http://www.electrical-testing-safety.co.uk Testing services


Top
 Profile  
 
PostPosted: Sat Nov 03, 2012 2:29 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed May 09, 2012 6:26 pm
Posts: 2
i had to contact my hosting provider and they fix it for me


Top
 Profile  
 
PostPosted: Thu Nov 08, 2012 1:58 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Sep 19, 2012 10:40 am
Posts: 5
silicon_chip wrote:
You my friend might just be in luck , since I just spent 4 hours getting this fixed myself.

I had the Magic Quotes GPC ON and when I fixed THAT problem, I was getting install permission problems.

This was my fix, hope it helps you .

Create php.ini file with the following lines.

magic_quotes_gpc = Off
session.save_path = "/tmp"

Copy to the Installation subfolder of your site.
Let me know if it fixes your problem.


Many thanks, this worked perfectly for me.


Top
 Profile  
 
PostPosted: Fri Nov 23, 2012 2:44 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Fri Dec 08, 2006 10:44 pm
Posts: 238
Location: Norway
silicon_chip wrote:
You my friend might just be in luck , since I just spent 4 hours getting this fixed myself.

I had the Magic Quotes GPC ON and when I fixed THAT problem, I was getting install permission problems.

This was my fix, hope it helps you .

Create php.ini file with the following lines.

magic_quotes_gpc = Off
session.save_path = "/tmp"

Copy to the Installation subfolder of your site.
Let me know if it fixes your problem.


Silicon_chip - you made my day!!!!!
I have been struggeling with several strange issues on my joomla site after updating from 2.5.1 to 2.5.8.
The last issue i could not figure out was that i were not able to install any extentions, and i did not get any error message from joomla.

But setting the session.save_path = "/tmp" in my php.ini did the trick!

It think it was strange that i had to set this, cause according to joomla everything looked ok..... It even said that temp dir was writable (and yes it referred to the correct dir.)

THANKS :)


Top
 Profile  
 
PostPosted: Mon Dec 03, 2012 1:55 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Fri Aug 21, 2009 12:36 pm
Posts: 3
Location: Ottawa, Canada
Hi,

Some great suggestions here. I'd tried them -- the PHP.INI files and the edits to .htaccess, but still no joy.

The following was suggested by my host (Sibername) and worked for me:

So, use the PHP.INI files as described above and in the .htaccess file, in addition to the line "SetEnv PHPRC /home/..." etc., add the following line:

php_flag magic_quotes_gpc Off

This did the trick for me --- I hope it helps others.




- Roy


Top
 Profile  
 
PostPosted: Mon Dec 10, 2012 6:54 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Jan 11, 2012 10:56 pm
Posts: 8
1) create .htaccess
<IfModule mod_suphp.c>
suPHP_ConfigPath /home/google/public_html/ (this is path where is joomla site install)
<Files php.ini>
order allow,deny
deny from all
</Files>
</IfModule>

2) create
php.ini file and paste this
magic_quotes_gpc = Off
extension=pdo.so
extension=pdo_mysql.so

--------------------------------
upload this file where is intall joomla site.


Top
 Profile  
 
PostPosted: Wed Dec 26, 2012 4:21 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Aug 30, 2009 3:11 am
Posts: 14
1) create .htaccess
<IfModule mod_suphp.c>
suPHP_ConfigPath /home/google/public_html/ (this is path where is joomla site install)
<Files php.ini>
order allow,deny
deny from all
</Files>
</IfModule>

2) create
php.ini file and paste this
magic_quotes_gpc = Off
extension=pdo.so
extension=pdo_mysql.so

----------------------------------------------------------------------

Sory, but this does not solve if you use shared server, in my case. :(

No customer is free to change this on the server, only the support of your hosting can change that.

Very bad the team joomla ! Why require this item in the installation? Absurd !
Why complicate it ?

I need to install joomla 3.02, how do I do now ? >:(


Top
 Profile  
 
PostPosted: Wed Dec 26, 2012 1:01 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25004
Location: @Webdongle
ultrabr wrote:
I need to install joomla 3.02, how do I do now ?
By finding a Host that meets the minimum requirements.

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Fri Dec 28, 2012 2:14 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Dec 24, 2012 1:39 pm
Posts: 10
Webdongle wrote:
ultrabr wrote:
I need to install joomla 3.02, how do I do now ?
By finding a Host that meets the minimum requirements.



suggeting changing server?
that would be too much to handle right now :'(

_________________
back knee pain
golf swing tips


Top
 Profile  
 
PostPosted: Mon Jan 14, 2013 7:37 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Sep 08, 2011 10:03 am
Posts: 19
Location: Pretoria, South Africa
Hi
I created the .htacess and php.ini as suggested in this post, and I still cannot install J3.0. I have asked my ISP to help, but will probably only get an answer tomorrow... My J3.0 was the first "stable" version available. Should I download & install the current one?
Or jump back to 2.5.8?

_________________
Sandvelder
Pretoria


Top
 Profile  
 
PostPosted: Tue Jan 22, 2013 8:55 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Jan 22, 2013 8:37 pm
Posts: 16
I have spent the last 2 days reading about how to fix this issue. I am unable to turn off Magic Quotes GPC & Register Globals. Our company uses Network Solutions for hosting. Non of the above suggestions work...I wish they had. Does anyone have any other suggestions? I've opened up a ticket with Network Solutions, but they haven't replied yet. Any help would be great!

I really want to build our new site on the 3.0 platform...


Top
 Profile  
 
PostPosted: Tue Jan 22, 2013 9:29 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25004
Location: @Webdongle
bnoonan wrote:
... Does anyone have any other suggestions?
...
Perhaps use a Host that responds to tickets more efficiently or a Host that meets the specifications ?

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Tue Jan 22, 2013 9:55 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Jan 22, 2013 8:37 pm
Posts: 16
Unfortunately, our company manages 10+ sites. They signed up with Network Solutions before I arrived at the company (I would have chose another provider). But, thats neither here nor there. I obviously could go the simple route, and take a step back to 2.5...but i really wanted to start working on the 3.0 platform.

If switching to another host was an option, I'd do it...but it's not (at the moment). That being said, before I go back to 2.5, is there anything else I can try? Has anyone got this working with Network Solutions? I've tried uploading the php.ini file to cgi-bin, which is what someone else on the internet did -- but that didn't work for me.


Top
 Profile  
 
PostPosted: Tue Jan 22, 2013 9:58 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Sep 08, 2011 10:03 am
Posts: 19
Location: Pretoria, South Africa
sandvelder wrote:
Hi
I created the .htacess and php.ini as suggested in this post, and I still cannot install J3.0. I have asked my ISP to help, but will probably only get an answer tomorrow... My J3.0 was the first "stable" version available. Should I download & install the current one?
Or jump back to 2.5.8?


My new website is already running smoothly on 2.5.8 - don't have time for crap. Hopefully these issues will be sorted soon! :-)

_________________
Sandvelder
Pretoria


Top
 Profile  
 
PostPosted: Tue Jan 22, 2013 10:00 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 8:55 pm
Posts: 19645
Location: Nijmegen, The Netherlands
Sometimes you can override the server settings regarding Magic Quotes GPC by putting
Code:
php_flag magic_quotes_gpc off
in .htaccess

_________________
Kind Regards,
Peter Martin, Global Moderator - Community Leadership Team
http://www.db8.nl - Joomla specialist, Nijmegen, Nederland
Joomla 2.5 multilanguage in 10 steps: http://www.db8.nl/en/joomla-presentatio ... ge-website


Top
 Profile  
 
PostPosted: Tue Jan 22, 2013 10:04 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25004
Location: @Webdongle
bnoonan wrote:
... That being said, before I go back to 2.5, is there anything else I can try? ....
Other than editing the php.ini file, putting the code in a local php.ini file(in /administrator) or putting the code in the .htacces file ... none that I know of.

Some Hosts have in their CP a link to create/edit local php.ini files. Some Hosts call their local file php5.ini.

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Tue Jan 22, 2013 10:07 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 8:55 pm
Posts: 19645
Location: Nijmegen, The Netherlands
sandvelder wrote:
My new website is already running smoothly on 2.5.8

Joomla 2.5.8 is the version I currently use the most because it's the current stable version and because of the availability of 3rd party extensions for 2.5.

Joomla 3.0.2 has some small issues that I can workaround, but I would not like to expose those to my clients. The Joomla Bug Squad is doing a terrific job so I assume that most of those minor issues will be fixed with next update.

If you want to set up a Joomla multilingual website and use "Content Item Association" then Joomla 3.0 is the only choice...
Joomla 2.5.8 doesn't have that... it only supports "Menu Item Association"...

_________________
Kind Regards,
Peter Martin, Global Moderator - Community Leadership Team
http://www.db8.nl - Joomla specialist, Nijmegen, Nederland
Joomla 2.5 multilanguage in 10 steps: http://www.db8.nl/en/joomla-presentatio ... ge-website


Top
 Profile  
 
PostPosted: Tue Jan 22, 2013 10:10 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 8:55 pm
Posts: 19645
Location: Nijmegen, The Netherlands
sandvelder wrote:
I still cannot install J3.0. I have asked my ISP to help, but will probably only get an answer tomorrow...

If installation itself is a problem then you could try the following workaround (not sure it will work though) : install Joomla 3.0 on a local web environment, install Akeeba backup, create a backup and restore it at the remote server...

_________________
Kind Regards,
Peter Martin, Global Moderator - Community Leadership Team
http://www.db8.nl - Joomla specialist, Nijmegen, Nederland
Joomla 2.5 multilanguage in 10 steps: http://www.db8.nl/en/joomla-presentatio ... ge-website


Top
 Profile  
 
PostPosted: Tue Jan 22, 2013 10:13 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Jan 22, 2013 8:37 pm
Posts: 16
im installing 2.5 at the moment. I'm going to wait to test out 3.0...hopefully some of these things get worked out in the future


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 154 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next



Who is online

Users browsing this forum: No registered users and 38 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group