Discuss Joomla! 3.4.7

A place to discuss recent announcements made by the Joomla! Core Team. Let's hear what you have to say.
amob7880
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Feb 03, 2009 3:59 am

Re: Discuss Joomla! 3.4.7

Postby amob7880 » Tue Dec 22, 2015 4:04 pm

Following the upgrade from 3.4.6 to 3.4.7, I have the same issue with logging into the backend. I have tried everything mentioned (that I can find) in the forums. With solutions suggested, I am yet to see anyone report that any of them worked.

    - Cleared all browser history (actually set Chrome back to default) I did this after each step below
    - Went to easttexasnaturalists.com/administrator instead of easttexasnaturalists.com/administrator/index.php
    - Went to database and truncated session entries (Kunena sessions, too)
    - Used computer that I just rebuilt (it had never been to the site)

Nothing worked.

I have not tried all of my other sites, but the few (4 others) that I did check, do not have this issue. The only real difference in this site is that it has Kunena but other users are having the same issue who said Kenena is not installed on their sites.

Would appreciate any other ideas or suggestions. Thank you in advance.

I don't know that it matters in this case but here is my FPA data:

Problem Description :: Forum Post Assistant (v1.2.4) : 22nd December 2015 wrote:Invalid security token in backend only
Log/Error Message :: Forum Post Assistant (v1.2.4) : 22nd December 2015 wrote:request was denied because it contained an invalid security token
Actions Taken To Resolve by Forum Post Assistant (v1.2.4) 22nd December 2015 wrote:Cleared cookies; changed browsers; changed computers to one that had never been to the site; had someone in other location attempt to log in; deleted all session entries in database (main and in Kunena);
Forum Post Assistant (v1.2.4) : 22nd December 2015 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.4.7-Stable (Ember) 21-December-2015
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: easttexasnatural (uid: 1/gid: 1) | Group: easttexasnatural (gid: 1) | Valid For: 3.4
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 2 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-042stab112.15 | Technology: x86_64 | Web Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_bwlimited/1.4 | Encoding: gzip, deflate | Doc Root: /home/easttexasnatural/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.4.44 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: error_log | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 64M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 192M

MySQL Configuration :: Version: 5.6.27 (Client:mysqlnd 5.0.10 - 20111026 - $Id: c85105d7c6f7d70d609bb4c000257868a40840ab $) | Host: --protected-- (--protected--) | Collation: utf8_unicode_ci (Character Set: utf8) | Database Size: 19.65 MiB | #of Tables:  229
Detailed Environment :: wrote:PHP Extensions :: Core (5.4.44) | date (5.4.44) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7) | zlib (2.0) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | intl (1.1.0) | json (1.2.1) | mbstring () | mcrypt () | standard (5.4.44) | mysqlnd (mysqlnd 5.0.10 - 20111026 - $Id: c85105d7c6f7d70d609bb4c000257868a40840ab $) | mysqli (0.1) | mysql (1.0) | Phar (2.0.1) | posix () | pspell () | Reflection ($Id: f6367cdb4e3f392af4a6d441a6641de87c2e50c4 $) | imap () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id: 7f95ff43ea7cc9a2c41a912863ed70069c0e34c5 $) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.4.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (3.0.0) | com_mailto (3.0.0) | WF_ARTICLE_TITLE (2.5.11) | WF_TEXTCASE_TITLE (2.5.11) | WF_FONTSELECT_TITLE (2.5.11) | WF_SOURCE_TITLE (2.5.11) | WF_MEDIA_TITLE (2.5.11) | WF_VISUALCHARS_TITLE (2.5.11) | WF_CHARMAP_TITLE (2.5.11) | WF_LINK_TITLE (2.5.11) | WF_ANCHOR_TITLE (2.5.11) | [Do not buy our kitchens!] (2.5.11) | WF_CLEANUP_TITLE (2.5.11) | WF_HR_TITLE (2.5.11) | WF_FONTCOLOR_TITLE (2.5.11) | WF_VISUALBLOCKS_TITLE (2.5.11) | WF_PRINT_TITLE (2.5.11) | WF_PREVIEW_TITLE (2.5.11) | WF_FORMATSELECT_TITLE (2.5.11) | WF_FULLSCREEN_TITLE (2.5.11) | WF_SEARCHREPLACE_TITLE (2.5.11) | WF_FONTSIZESELECT_TITLE (2.5.11) | WF_CLIPBOARD_TITLE (2.5.11) | WF_CONTEXTMENU_TITLE (2.5.11) | WF_AUTOSAVE_TITLE (2.5.11) | WF_DIRECTIONALITY_TITLE (2.5.11) | WF_XHTMLXTRAS_TITLE (2.5.11) | WF_STYLESELECT_TITLE (2.5.11) | WF_LISTS_TITLE (2.5.11) | WF_BROWSER_TITLE (2.5.11) | WF_INLINEPOPUPS_TITLE (2.5.11) | WF_NONBREAKING_TITLE (2.5.11) | WF_IMGMANAGER_TITLE (2.5.11) | WF_SPELLCHECKER_TITLE (2.5.11) | WF_LAYER_TITLE (2.5.11) | WF_TABLE_TITLE (2.5.11) | WF_STYLE_TITLE (2.5.11) | WF_AGGREGATOR_DAILYMOTION_TITL (2.5.11) | WF_AGGREGATOR_VINE_TITLE (2.5.11) | WF_AGGREGATOR_VIMEO_TITLE (2.5.11) | [youtube] (2.5.11) | WF_LINKS_JOOMLALINKS_TITLE (2.5.11) | WF_FILESYSTEM_JOOMLA_TITLE (2.5.11) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.5.11) | WF_LINK_SEARCH_TITLE (2.5.11) | WF_POPUPS_JCEMEDIABOX_TITLE (2.5.11) | WF_POPUPS_WINDOW_TITLE (2.5.11) | kunena_tmpl_crypsis (4.0.7) | Bubbles (4.0) | Vintage (4.0) | Elegant Green (3.5) | Elegant Blue (4.0) | Wireframe (4.0) | Elegant Yellow (3.5) | Elegant Red (3.5) | Default Theme (3.5) | Nomad (4.0) | Nickel (4.0) | Hako (4.0) | Greenie (3.5) | Bluedream (4.0) | Elegant White (3.5) | Polish (3.5) | Carbon (4.0) | Origami (4.0) | Timeless (4.0) | Simplistic (4.0) | Plain (4.0) | Pinky (3.5) |
Components :: ADMIN :: com_cpanel (3.0.0) | com_plugins (3.0.0) | com_joomlaupdate (3.0.0) | com_cache (3.0.0) | com_users (3.0.0) | com_messages (3.0.0) | com_checkin (3.0.0) | com_admin (3.0.0) | JCE (2.5.11) | Unknown (-) | JEvents (3.4.4) | com_installer (3.0.0) | Dc_pro_counter_analyze (0.5) | com_menus (3.0.0) | com_kunena (4.0.7) | plg_kunena_uddeim (4.0.7) | plg_kunena_community (4.0.7) | plg_kunena_alphauserpoints (4.0.7) | plg_kunena_comprofiler (4.0.7) | plg_kunena_joomla (4.0.7) | plg_kunena_kunena (4.0.7) | plg_kunena_finder (4.0.7) | plg_finder_kunena (4.0.7) | plg_kunena_gravatar (4.0.7) | plg_system_kunena (-) | mod_kunenamenu (4.0.7) | com_categories (3.0.0) | com_templates (3.0.0) | com_newsfeeds (3.0.0) | com_redirect (3.0.0) | com_oziogallery3 (4.4.2) | com_tags (3.1.0) | com_content (3.0.0) | com_phocafavicon (3.0.0) | com_media (3.0.0) | COM_EVENTGALLERY (3.3.3) | com_contenthistory (3.2.0) | com_login (3.0.0) | com_config (3.0.0) | com_easyblog (5.0.30) | com_languages (3.0.0) | RokSprocket (2.1.9) | com_finder (3.0.0) | com_banners (3.0.0) | com_gantry5 (5.2.5) | Akeeba (4.5.0) | com_postinstall (3.2.0) | com_ajax (3.2.0) | com_modules (3.0.0) | com_search (3.0.0) | uddeIM (3.7) | Admintools (3.6.6) |

Modules :: SITE :: JEvents View Switcher (3.4.4) | mod_menu (3.0.0) | EasyBlog - Archive Module (5.0.30) | mod_weather_gk4 (1.7.0) | mod_articles_category (3.0.0) | mod_banners (3.0.0) | EasyBlog - Most Popular Post M (5.0.30) | EasyBlog - Subscribers Listing (5.0.30) | mod_footer (3.0.0) | mod_tags_similar (3.1.0) | EasyBlog - Showcase Module (5.0.30) | EasyBlog - Ticker Module (5.0.30) | EasyBlog - Top Blogs Module (5.0.30) | mod_articles_news (3.0.0) | EasyBlog - Posts List (5.0.30) | mod_tags_popular (3.1.0) | JEvents Latest Events (3.4.4) | JEvents Legend (3.4.4) | EasyBlog - Related Posts Modul (5.0.30) | dehkadeco pro counter analyze (0.5) | EasyBlog - Team Blogs Module (5.0.29) | EasyBlog - Subscribe Module (5.0.30) | mod_articles_categories (3.0.0) | EasyBlog Latest Blogs (3.9.1) | EasyBlog - Latest Comments Mod (5.0.30) | mod_custom (3.0.0) | EasyBlog - Most Commented Post (5.0.30) | JEvents CustomModule (3.4.4) | EasyBlog - Search Blogs Module (5.0.30) | mod_finder (3.0.0) | mod_syndicate (3.0.0) | mod_users_latest (3.0.0) | mod_articles_popular (3.0.0) | EasyBlog - Image Wall Module (5.0.30) | mod_articles_archive (3.0.0) | JEvents Calendar (3.4.4) | EasyBlog - Random Post Module (5.0.30) | mod_stats (3.0.0) | mod_articles_latest (3.0.0) | JEvents Filter (3.4.4) | mod_breadcrumbs (3.0.0) | mod_login (3.0.0) | EasyBlog - Post Meta Module (5.0.29) | RokAjaxSearch (2.0.4) | mod_gantry5_particle (5.2.5) | EasyBlog - Latest Bloggers Mod (5.0.30) | Easyblog - Categories Module (5.0.30) | EasyBlog New Post Module (3.9.1) | EasyBlog - Biography Module (5.0.30) | mod_random_image (3.0.0) | mod_languages (3.0.0) | mod_search (3.0.0) | mod_wrapper (3.0.0) | mod_whosonline (3.0.0) | EasyBlog - Quick Post Module (5.0.30) | EasyBlog - Welcome Module (5.0.30) | EasyBlog - Tag Cloud Module (5.0.30) | EasyBlog - Latest Blogs Module (5.0.30) | EasyBlog - Post Map Module (5.0.30) | mod_feed (3.0.0) | mod_related_items (3.0.0) | EasyBlog - Calendar Module (5.0.30) | RokSprocket Module (2.1.9) |
Modules :: ADMIN :: mod_menu (3.0.0) | mod_version (3.0.0) | mod_toolbar (3.0.0) | mod_latest (3.0.0) | mod_logged (3.0.0) | mod_submenu (3.0.0) | mod_custom (3.0.0) | mod_status (3.0.0) | mod_popular (3.0.0) | mod_stats_admin (3.0.0) | mod_login (3.0.0) | mod_title (3.0.0) | mod_quickicon (3.0.0) | mod_multilangstatus (3.0.0) | mod_feed (3.0.0) |

Plugins :: SITE :: PLG_EVENTGALLERY_SUR_STANDARD (3.3.3) | EVENTGALLERY_FIELDS_CATEGORY (3.3.3) | AllVideos (by JoomlaWorks) (4.7.0) | AllVideos (by JoomlaWorks) (4.7.0) | plg_content_ozio (4.4.0) | plg_content_vote (3.0.0) | plg_content_loadmodule (3.0.0) | Content - RokBox (2.0.11) | plg_content_joomla (3.0.0) | plg_content_emailcloak (3.0.0) | plg_content_finder (3.0.0) | Content - RokInjectModule (1.7) | plg_content_pagenavigation (3.0.0) | Content - Komento (1.0) | JEvents - Core Content Plugin (3.4.4) | Art Color Box (1.9.16) | plg_content_pagebreak (3.0.0) | plg_authentication_joomla (3.0.0) | plg_authentication_ldap (3.0.0) | plg_authentication_cookie (3.0.0) | plg_authentication_gmail (3.0.0) | plg_extension_joomla (3.0.0) | plg_captcha_recaptcha (3.4.0) | plg_system_sef (3.0.0) | plg_system_languagecode (3.0.0) | PLG_SYSTEM_PICASAUPDATER (3.3.3) | plg_system_highlight (3.0.0) | Antispam by CleanTalk (3.7) | plg_system_gantry5 (5.2.5) | System - RokBox (2.0.11) | plg_system_kunena (4.0.7) | plg_system_remember (3.0.0) | plg_system_p3p (3.0.0) | plg_system_gwejson (3.4.4) | plg_system_debug (3.0.0) | plg_system_logout (3.0.0) | plg_system_oziojquery (1.0.1) | plg_system_cache (3.0.0) | System - Komento (1.0) | System - RokCommon (3.2.0) | System - Admin Tools (3.6.6) | PLG_PRO_DC_PRO_COUNTER_ANALYZE (0.5) | plg_system_jce (2.5.11) | plg_system_redirect (3.0.0) | System - RokBooster (1.1.15) | plg_system_log (3.0.0) | System - RokSprocket (2.1.9) | plg_system_languagefilter (3.0.0) | plg_gantry5_preset (5.2.5) | plg_kunena_gravatar (4.0.7) | plg_kunena_community (4.0.7) | plg_kunena_comprofiler (4.0.7) | plg_kunena_kunena (4.0.7) | plg_kunena_joomla (4.0.7) | plg_kunena_uddeim (4.0.7) | plg_kunena_alphauserpoints (4.0.7) | plg_twofactorauth_totp (3.2.0) | plg_twofactorauth_yubikey (3.2.0) | plg_search_content (3.0.0) | plg_search_tags (3.0.0) | Search - Easy Blog (3.7.0) | plg_search_categories (3.0.0) | plg_search_contacts (3.0.0) | Search - JEvents (3.4.4) | plg_search_newsfeeds (3.0.0) | EasyBlog - Auto Article (5.0.1) | plg_finder_content (3.0.0) | plg_finder_tags (3.0.0) | Smart Search - EasyBlog Posts (3.5.0) | plg_finder_categories (3.0.0) | plg_finder_jevents (3.4.4) | plg_finder_contacts (3.0.0) | plg_finder_newsfeeds (3.0.0) | PLG_EVENTGALLERY_PAY_STANDARD (3.3.3) | plg_editors-xtd_article (3.0.0) | plg_editors-xtd_readmore (3.0.0) | Button - RokBox (2.0.11) | plg_editors-xtd_oziogallery (4.2.2) | plg_editors-xtd_pagebreak (3.0.0) | plg_editors-xtd_image (3.0.0) | PLG_EVENTGALLERY_SHIP_STANDARD (3.3.3) | Editor - RokPad (2.1.9) | plg_editors_codemirror (5.6) | plg_editors_tinymce (4.1.7) | plg_editors_jce (2.5.11) | plg_installer_webinstaller (1.0.5) | plg_user_profile (3.0.0) | User - Komento Users (1.0.0) | User - EasyBlog Users (3.0.0) | User - EasyBlog Users (5.0.1) | plg_user_joomla (3.0.0) | plg_user_contactcreator (3.0.0) | plg_quickicon_gantry5 (5.2.5) | plg_quickicon_kunena (4.0.7) | plg_quickicon_extensionupdate (3.0.0) | plg_quickicon_joomlaupdate (3.0.0) | plg_quickicon_jcefilebrowser (2.5.11) |
Templates Discovered :: wrote:Templates :: SITE :: beez3 (3.1.0) | rt_ambrosia (1.0.1) | oziofullscreen (1.0.1) | protostar (1.0) |
Templates :: ADMIN :: isis (1.0) | hathor (3.0.0) |

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4003
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Discuss Joomla! 3.4.7

Postby itoctopus » Tue Dec 22, 2015 4:49 pm

For those of you having the login problem and other related problems on your website, does copying the libraries/joomla/session/session.php from 3.4.6 to 3.4.7 fix your problem?

I personally haven't tried it - but I can see that there are many differences in the new session.php in the way it saves the data - so that might fix it until Joomla comes up with a patch for this.

Note: What I'm offering is not a solution, it is just a suggestion to see whether this will fix the problem or not. The long term solution to this problem would be a patch.

Also keep in mind that reverting back to a previous session.php might re-introduce security issues found in 3.4.6.
Last edited by itoctopus on Tue Dec 22, 2015 4:52 pm, edited 1 time in total.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

sleighd
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Fri Sep 05, 2014 12:25 am

Re: Discuss Joomla! 3.4.7

Postby sleighd » Tue Dec 22, 2015 4:51 pm

This is obviously not a preferable fix but... I replaced the 3.4.7 version of '/libraries/joomla/session/session.php' with a backup version (being 3.4.6). I was immediately able to login, both front-end and back-end, without re-clearing browser and/or truncating session table.

At least the site is accessible until somebody fixes the underlying issue.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18465
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Discuss Joomla! 3.4.7

Postby leolam » Tue Dec 22, 2015 4:54 pm

itoctopus wrote:For those of you having the login problem and other related problems on your website, does copying the libraries/joomla/session/session.php from 3.4.6 to 3.4.7 fix your problem?
That is imho a bad suggestion. What you do with this is partially (!) rolling back a patch and screwing up the system. That is not a solution. THe JBS and the JSST are working hard to resolve the issues posted and we will get a patch shortly.

Never mix versions!

Leo 8)
Celebrating 12-Years of Professional Joomla Support Services
- Joomla Professional Support:https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Member Joomla Bug Squad & J-CMS Release Team

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4003
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Discuss Joomla! 3.4.7

Postby itoctopus » Tue Dec 22, 2015 5:22 pm

I agree that it's a bad suggestion - but the problem is that the code changes in the session.php is causing some serious issues on some Joomla websites out there. I did stress the point that the solution is a Joomla patch and not this method - but, until then, these websites must work properly.

Reverting back to the old session.php also re-introduces the serialize/unserialize PHP security issue on websites powered by older PHP versions (<= 5.4.44), so I do not recommend it, but, if you're running PHP > 5.4.44, then reverting back to the old session.php is the lesser of the 2 evils.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18465
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Discuss Joomla! 3.4.7

Postby leolam » Tue Dec 22, 2015 5:29 pm

As stated the Joomla Security Strike Force are working to resolve these issues in close coordination with the JBS

Leo 8)
Celebrating 12-Years of Professional Joomla Support Services
- Joomla Professional Support:https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Member Joomla Bug Squad & J-CMS Release Team

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 21849
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, The Netherlands
Contact:

Re: Discuss Joomla! 3.4.7

Postby pe7er » Tue Dec 22, 2015 6:26 pm

itoctopus wrote:Also keep in mind that reverting back to a previous session.php might re-introduce security issues found in 3.4.6.

Yes, will re-introduce security issues.
You are running on PHP 5.4.44 which probably is affected by the PHP bug which was the reason for the Joomla 3.4.6/3.4.7 release.

See https://www.joomla.org/announcements/re ... 3-4-7.html
Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13


Ask your hosting company to update PHP to 5.4.45
or a higher PHP version (as PHP 5.4 is End-Of-Life since last september http://php.net/eol.php )
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
Developer of Options Manager Lite https://db8.eu/download/file/options-manager-lite

JEDmin
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Tue Dec 22, 2015 6:19 pm

Re: Discuss Joomla! 3.4.7

Postby JEDmin » Tue Dec 22, 2015 6:33 pm

Hi guys! Since 3.4.6 and 3.4.7 session.php file doesn`t write session.client.browser info in _session mysql table. Its temporaly? Some modules use session.client.browser data for showing who is online, detecting bots. From 3.4.6 they doesn`t work(

kentmorrison
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Sun Jan 18, 2009 8:18 pm

Re: Discuss Joomla! 3.4.7

Postby kentmorrison » Tue Dec 22, 2015 6:55 pm

I have been pulling my hair out in frustration, getting locked out of your own web site JUST SUCKS!
I cannot believe this buggy [censored], really annoying.

> copying the libraries/joomla/session/session.php from 3.4.6 to 3.4.7 fix your problem?

YES! - this is what I had to do to get back into one of my sites.

IF YOU ARE GOING TO RELEASE A SECURITY PATCH THAT NOT EVERYONE NEEDS, WHY CAN'T YOU AT LEAST TEST THE GOD DAMN THING ?

Seriously, VERY unprofessional.
I blew 2.5 hours on this.

THANK YOU itoctopus for the above suggested fix !

jgress-
Joomla! Guru
Joomla! Guru
Posts: 896
Joined: Thu Sep 24, 2009 5:40 pm
Location: Santa Cruz, CA, USA

Re: Discuss Joomla! 3.4.7

Postby jgress- » Tue Dec 22, 2015 7:33 pm

Co-author Using Joomla, Second Edition (migration/upgrade included) http://www.usingjoomlabook.com
Find a Joomla User Group (JUG) near you http://community.joomla.org/user-groups.html

kentmorrison
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Sun Jan 18, 2009 8:18 pm

Re: Discuss Joomla! 3.4.7

Postby kentmorrison » Tue Dec 22, 2015 7:42 pm

Thanks for the reminder jgress
I understand and will comply.
Please remind Ribo as well...

amob7880
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Feb 03, 2009 3:59 am

Re: Discuss Joomla! 3.4.7

Postby amob7880 » Tue Dec 22, 2015 8:39 pm

itoctopus wrote:For those of you having the login problem and other related problems on your website, does copying the libraries/joomla/session/session.php from 3.4.6 to 3.4.7 fix your problem?.


It does fix the problem. At least I can get in and work - then replace the 3.4.6 sessions.php with the 3.4.7 when done so I am secure again. Hopefully only until there is a patch.

I do understand the reasons for not doing this. Right now it is the best of two evils.
Last edited by amob7880 on Tue Dec 22, 2015 8:48 pm, edited 1 time in total.

makotosun
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Tue Sep 11, 2012 5:01 am

Re: Discuss Joomla! 3.4.7

Postby makotosun » Tue Dec 22, 2015 8:44 pm

sleighd wrote:This is obviously not a preferable fix but... I replaced the 3.4.7 version of '/libraries/joomla/session/session.php' with a backup version (being 3.4.6). I was immediately able to login, both front-end and back-end, without re-clearing browser and/or truncating session table.

At least the site is accessible until somebody fixes the underlying issue.


Regardless of the somewhat heated discussion above, the fix listed in the quote works. I was able to replace the above file and all seems to be good again.

For what it is worth, I am running PHP 5.6.15 on my server, so hopefully the security concerns are less?

A HUGE thank you to the person who posted the suggestion. :p I lost about 5 hours playing around in my SQL back end (scary for a neophyte!) and my site was offline for about 12 hours (not good for a user forum) but the fix will save me completely rebuilding the site and missing Christmas with my family.

PLEASE GET US A FIX THAT DOES NOT BREAK SOME SITES!

:D

daduts
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Aug 06, 2009 7:36 pm

Re: Discuss Joomla! 3.4.7...non-critical bug ?

Postby daduts » Tue Dec 22, 2015 10:17 pm

I upgrade a site to 3.4.7 and it's now throwing this error in the backend...

Error
Your host needs to disable magic_quotes_gpc to run this version of Joomla!

Your host needs to disable magic_quotes_gpc to run this version of Joomla!


My host is running PHP 5.3.28 and I double checked my php.ini file included magic_quotes_gpc=off

This is a reasonably complex site (hikashop, roksprocket, gantry4, breezin forms, docman, admin tools, hotspots, ajax search...) and all seems to be functioning well so i'm hoping this is just a nonsense error.

Cheers,

: D

nickwalks
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Tue Sep 14, 2010 2:16 am

Re: Discuss Joomla! 3.4.7

Postby nickwalks » Wed Dec 23, 2015 12:09 am

@leolam: Tried truncating session table, deleted entire browsing history, close and reopen browser, went to yoursite/administrator. Although I "should" be able to login again I am still not able to...

@itoctopus: Tried copying the libraries/joomla/session/session.php from 3.4.6 to 3.4.7 and yes this allows login to the admin site again BUT I agree that although it fixes the problem temporarily it is not a solution. The main thing is that I can access the site again. Also updated PHP version in the server to 5.5 and tried using the 3.4.7 session.php again but it fails

@amob7880: "At least I can get in and work - then replace the 3.4.6 sessions.php with the 3.4.7 when done so I am secure again." This sounds like the best temporary solution, unless anyone has any better ideas?

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 18467
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: Discuss Joomla! 3.4.7...non-critical bug ?

Postby infograf768 » Wed Dec 23, 2015 6:44 am

daduts wrote:I upgrade a site to 3.4.7 and it's now throwing this error in the backend...

Error
Your host needs to disable magic_quotes_gpc to run this version of Joomla!

Your host needs to disable magic_quotes_gpc to run this version of Joomla!


My host is running PHP 5.3.28 and I double checked my php.ini file included magic_quotes_gpc=off

This is a reasonably complex site (hikashop, roksprocket, gantry4, breezin forms, docman, admin tools, hotspots, ajax search...) and all seems to be functioning well so i'm hoping this is just a nonsense error.

Cheers,

: D

See https://docs.joomla.org/How_to_turn_off ... r_Joomla_3
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

User avatar
hefesto
Joomla! Hero
Joomla! Hero
Posts: 2429
Joined: Fri Jan 20, 2006 12:37 am
Location: Seville - Spain
Contact:

Re: Discuss Joomla! 3.4.7

Postby hefesto » Wed Dec 23, 2015 11:58 am

A few more things to check regarding this issue:

-Are these servers using any kind of server side caching? Vagrant maybe? Proxy cache? If so, try disabling them. That error message about the token is one I often see when there's a mismatch between the session I try to load and the one Joomla expects, so could be a caching issue.
-Have you tried restoring a recent copy of your site (the one you took just before upgrading... because you took one, right?) on a local environment and upgrading there? If it works locally, that will point to server related issues, and at least would help narrowing the issue.

Cheers!
Spanish forum local moderator
Comunidad Joomla de España: https://joomlaes.org
Twitter: @isidrobaq || Google Plus: +IsidroBaquero
NO atiendo peticiones privadas de soporte. Por favor, pregunta en los foros.

sabikeuk
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Thu Apr 17, 2008 2:24 pm

Re: Discuss Joomla! 3.4.7

Postby sabikeuk » Wed Dec 23, 2015 2:05 pm

Hello,
after update to the newest Joomla 3.4.7 I have difficulties to add item to cart. When I access my website estilofina.sk for a first time (tried different computers, mobiles), if I want to add a product to cart it doesnt work, I just got a page stating that the card is empty. After that I have repeated the step and I was able to add a product to cart.

Please could someone help ASAP. My site is e-commerce site and live.

J3.4.7
Virtuemart 3.0.8 + VP One page checkout plugin
PHP 5.6

Regards,
Dan

daduts
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Aug 06, 2009 7:36 pm

Re: Discuss Joomla! 3.4.7

Postby daduts » Wed Dec 23, 2015 5:00 pm

Thanks JM,

Adding
magic_quotes_runtime = Off
magic_quotes_sybase = Off

to php.ini did the trick.

: D

kaagee
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Dec 23, 2015 5:07 pm

Re: Discuss Joomla! 3.4.7

Postby kaagee » Wed Dec 23, 2015 5:16 pm

Since i updated to joomla 3.4.7 after pressing install on an extension in Extension manager, and the tab templates of Template manager can't be accessed anymore, all get a 404 page. It is not template specific because all link names of templates in the tab "templates" gives a 404. Can anyone point me in the right direction where to corrrect this. Which files address the extension and template manager? I can't also not upload pictures i just found out.

links that give 404..

.../administrator/index.php?option=com_installer&view=install

/administrator/index.php?option=com_templates&view=template&id=10070&file=aG9tZQ==

Anyone experienced this?

Any help would be much appreciated, because i have been looking for a while to locate the problem.

User avatar
rotor
Joomla! Intern
Joomla! Intern
Posts: 96
Joined: Fri Sep 02, 2005 8:21 am
Location: Australia

Re: Discuss Joomla! 3.4.7

Postby rotor » Wed Dec 23, 2015 10:29 pm

I have three out of three sites that have me locked out of the backend!!!

All sites are located on a "Joomla" promoted host.

I upgraded one site using the Admin backend upgrade feature - locked out
My host upgraded the second site using the auto update from softaculous - locked out
The third site couldn't be upgraded using the auto updater from softaculous so the host reverted to the earlier version - 3.4.6 - locked out
To be humble, is to know your place... to be humiliated, is to be put in your place ...

EvanGR
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 215
Joined: Fri Oct 10, 2008 5:30 pm
Location: Greece

Re: Discuss Joomla! 3.4.7

Postby EvanGR » Thu Dec 24, 2015 11:09 am

According to this page (from an important Joomla developer and contributor):
https://www.akeebabackup.com/home/news/ ... -bugs.html

The Joomla 3.4.7 update is broken in major ways, AND it was preventable.

quoting: "Even though we explicitly warned the Joomla! security team that trying to migrate existing session data would cause problems they chose to ignore us. Guess what? We were right."

Somebody is responsible for releasing this to the public despite the warnings.

Somebody is also responsible for still (as of the time of this post) keeping it available online!

Great way to crap on the holidays of as many users and developers (wasting hours/days in support) as possible.

Well done.

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4003
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Discuss Joomla! 3.4.7

Postby itoctopus » Thu Dec 24, 2015 12:45 pm

3.4.8 Should be released this evening - this release should address all the session/database issues caused by 3.4.7.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

User avatar
JacquesR
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 183
Joined: Tue May 19, 2009 3:00 pm
Location: Cape Town, South Africa
Contact:

Re: Discuss Joomla! 3.4.7

Postby JacquesR » Thu Dec 24, 2015 7:46 pm

Joomla 3.4.8 is now available.
This bug-fix (not security) release should hopefully fix all the recent issues.

More info here:
https://www.joomla.org/announcements/re ... eased.html

If your site does not have immediate issues after the 3.4.7 security update, and if you are supposed to be on holiday (as many are at this time of year), then you may safely let the 3.4.8 update stand over until the new year. :)

A big thank you to all who helped get this release out .
Jacques Rentzke
New Web Consulting
http://www.new-web-consulting.co.za/ -- http://twitter.com/JacquesRentzke
Joomla Community Magazine Co-Lead Editor -- Joomla! Bug Squad

nickwalks
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Tue Sep 14, 2010 2:16 am

Re: Discuss Joomla! 3.4.7

Postby nickwalks » Sun Dec 27, 2015 11:16 pm

Thanks for everyone's patience and continued work on this problem. Just letting you know that the 3.4.8 update doesn't fix the session issue for me. I think/know others may still be having similar problems.

Deleyna
Joomla! Apprentice
Joomla! Apprentice
Posts: 23
Joined: Wed Jul 14, 2010 5:05 am

Re: Discuss Joomla! 3.4.7

Postby Deleyna » Sun Dec 27, 2015 11:32 pm

I have read elsewhere that the session issue is coming from third party plugins. I will try tomorrow, but am told it requires uninstalling and removing the table from the responsible plugin, clearing the last session and the cookies, then upgrading and installing updated plugin. In my case the plugin seems to be clean talk... Which is a fabulous plugin.

sabikeuk
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Thu Apr 17, 2008 2:24 pm

Re: Discuss Joomla! 3.4.7

Postby sabikeuk » Tue Dec 29, 2015 12:14 pm

Problem still persist even with update to J3.4.8. One of the customers just send email he is not able to add product to cart using either PC or mobile. When he tried to add product to cart he got just page saying the cart is empty.

I was able to complete checkout for this customer from my PC.

Any idea ?

User avatar
ribo
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3079
Joined: Sun Jan 03, 2010 8:47 pm
Contact:

Re: Discuss Joomla! 3.4.7

Postby ribo » Tue Dec 29, 2015 12:20 pm

Clear browser cache in this pc that can t add product
chat room spontes : http://www.spontes.com

sabikeuk
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Thu Apr 17, 2008 2:24 pm

Re: Discuss Joomla! 3.4.7

Postby sabikeuk » Tue Dec 29, 2015 12:23 pm

Thank you for quick reply, but it's quire embarrassing to ask every other customer to clear cache in their PC/mobile isn't it?

User avatar
ribo
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3079
Joined: Sun Jan 03, 2010 8:47 pm
Contact:

Re: Discuss Joomla! 3.4.7

Postby ribo » Tue Dec 29, 2015 12:25 pm

The clear cache of browser must be for the people that tryed before that you had the issue.
Last edited by ribo on Tue Dec 29, 2015 1:52 pm, edited 1 time in total.
chat room spontes : http://www.spontes.com


Return to “Announcements Discussions”

Who is online

Users browsing this forum: No registered users and 3 guests