1.0.15 IS IT STILL SECURE?

Joomla version 1.0 is end-of-life and are no longer supported. Please use Joomla 3.x instead.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
szonkie
Joomla! Explorer
Joomla! Explorer
Posts: 256
Joined: Thu Jul 05, 2007 10:41 am

1.0.15 IS IT STILL SECURE?

Post by szonkie » Tue Feb 03, 2009 11:50 am

Hi there,

I need to consider moving to the latest Joomla at some point but at the moment its just too much work considering I have Docman and JACL Plus running with a lot of access levels and documentation.
My question is therefore is the current Joomla 1.0.15 still safe enough to leave as is, I have the site over https and on an internal server.

Thanks
sz

 
User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: 1.0.15 IS IT STILL SECURE?

Post by Tonie » Tue Feb 03, 2009 11:55 am

Joomla! 1.0.15 will be supported until 22 july of this year. There are no security issues, and have not been for a long time.

szonkie
Joomla! Explorer
Joomla! Explorer
Posts: 256
Joined: Thu Jul 05, 2007 10:41 am

Re: 1.0.15 IS IT STILL SECURE?

Post by szonkie » Tue Feb 03, 2009 12:14 pm

Okay thanks for that.

deleted user

Re: 1.0.15 IS IT STILL SECURE?

Post by deleted user » Tue Nov 15, 2011 6:49 pm

NO IT IS NOT SECURE!!

At least one vulnerability exists in the core search module as of July 2011:
http://securityvulns.com/Zdocument452.html

User avatar
beededea
Joomla! Hero
Joomla! Hero
Posts: 2809
Joined: Wed Oct 31, 2007 3:48 pm
Location: Victorian England 1885

Re: 1.0.15 IS IT STILL SECURE?

Post by beededea » Wed Nov 16, 2011 10:13 pm

Joomla 1.0.15 is generally secure if your extensions are secure, you run on a secure server and backup regularly. At least that is my experience. With regard to dpk's post, I had previously made these changes to search.php and search.html.php which fixed this vulnerability.

components/com_search/search.php line 119 (approx.)
comment out these lines:

//$ordering = mosGetParam( $_REQUEST, 'ordering', 'newest');
//$ordering = preg_replace( '/[^a-z]/', '', strtolower( $ordering ) );

replaced with these:

$ordering = strtolower( strval( mosGetParam( $_REQUEST, 'ordering', 'newest') ) );
$ordering = preg_replace( '/[^a-z]/', '', strtolower( $ordering ) );
$ordering = preg_replace( '~^(\w+).*$~', '\1', $ordering );
//$ordering = filter_var($ordering, FILTER_SANITIZE_STRING);

and components/com_search/search.html.php: (line 124 approx)

$ordering = strtolower( strval( mosGetParam( $_REQUEST, 'ordering', 'newest' ) ) );

add the new line just after as shown below:

$ordering = strtolower( strval( mosGetParam( $_REQUEST, 'ordering', 'newest' ) ) );
$ordering = preg_replace( '~^(\w+).*$~', '\1', $ordering );
//$ordering = filter_var($ordering, FILTER_SANITIZE_STRING);

I got these from a site somewhere along, long time ago so I take no credit for the changes. I had also previously added :

$ordering = filter_var($ordering, FILTER_SANITIZE_STRING);

but I commented it out as filter_var it was not supported on PHP 5.1 but it might also help if you are on PHP 5.1 + as you probably will be.
Yereverluvinunclebert
Steampunk widgets. Platforms of choice: Joomla 1.0/1.5, Joostina 1.2, OSCommerce
Site aims: Optimisation, Security and Solidity
http://widgets.yahoo.com/widgets/steamp ... k-calendar

User avatar
beededea
Joomla! Hero
Joomla! Hero
Posts: 2809
Joined: Wed Oct 31, 2007 3:48 pm
Location: Victorian England 1885

Re: 1.0.15 IS IT STILL SECURE?

Post by beededea » Wed Nov 16, 2011 11:03 pm

Yereverluvinunclebert
Steampunk widgets. Platforms of choice: Joomla 1.0/1.5, Joostina 1.2, OSCommerce
Site aims: Optimisation, Security and Solidity
http://widgets.yahoo.com/widgets/steamp ... k-calendar

szonkie
Joomla! Explorer
Joomla! Explorer
Posts: 256
Joined: Thu Jul 05, 2007 10:41 am

Re: 1.0.15 IS IT STILL SECURE?

Post by szonkie » Thu Nov 17, 2011 9:35 am

Hey thanks for the advice and feedback, much appreciated. :D

 

Locked

Return to “Installation - 1.0.x”