Discussion about: Upgrade to Joomla! 1.0.10 Security Release

[Manoxtra]

btw, its this site; aob.manonet.nl and this code in joomla.php

Code: Select all

/*
   * Function used to conduct admin session duties
   * Added as of 1.0.8
   * Deperciated 1.1
   */
   function initSessionAdmin($option, $task) {   
      global $_VERSION, $mosConfig_admin_expired;
      
      // logout check
      if ($option == 'logout') {
         require $GLOBALS['mosConfig_absolute_path'] .'/administrator/logout.php';
         exit();
      }
      
      $site = $GLOBALS['mosConfig_live_site'];

[muse-ic]

just upgraded 1.0.8 --> 1.0.10 and get the following message on the frontend:

Parse error: parse error, unexpected '}' in /home/fhlinux206/r/reavalleyscouts.co.uk/user/htdocs/components/com_content/content.html.php on line 1440


back end is fine...what do i do?

[AmyStephen]

@Bob23 - i'll cancel my request for your description screen shot then! Good ...  Amy

[Jorgenb]

md5sum check not correct?

Just downloaded the tar.gz of 1.0.9 - 1.0.10 patch and checked the md5sum

Should be a6f32246ccad6ebac3e05b6500559d38 according to list here http://www.joomla.org/content/view/1512/95/
But my check gave me this result 4a928bf31f16b7ef54661a09646bd7f0

Which one is correct?

Edit:
Also checked the .zip of same package
should've been 2640510e7a8b91dcf10400f7e472533c
But I get this
6bc28ba0086390d10c1786dc10cda51d
/JB

[TomT]

I upgraded 6 site succefully before i upgraded a site that uses extended menu. Now my menu doen't show up in the frontend. Has anyone else tried to upgrade a site with extended menu?

[ericguttormson]

I upgraded 6 site succefully before i upgraded a site that uses extended menu. Now my menu doen't show up in the frontend. Has anyone else tried to upgrade a site with extended menu?

Do you mean like this? http://www.coloradogirlshockey.com/main/

If so, yes.

[TomT]

Thanks. It's really weird: i upgraded another sit eon th esame server, also with extende menu, and that works fine. And when i downgrade the site with the missing menu the extended menu still keeps missing....

Edit: I was using an old version of ex menu, after upgrading it it works fine.

[PhilTaylor-Prazgod]

It appears that mambots are now fired on module content as well as content items! This was not the case before Joomla 1.0.10 (Or at least it never appeared so). this could effect all mambots

Please read my blog post on the difference and the impact it had on the Tags component (was ok on J 1.0.9 before Joomla 1.0.10, tags mambot never changed)
http://blog.phil-taylor.com/2006/06/26/ ... component/

[PhilTaylor-Prazgod]

Apparently its not just my components! Here is an email from a customer with a free module from someone else:

Hey Phil

It seems that as a result of the upgrade to ver 1.10.0, joomla is now treating the "Creative commons license module" as a comment item - thats why the joomla deliciousbot bot was putting links above (and then below when I changed the bot settings) the CC liscense module in the left sidebar.

So, for now, I just turned off the CC module. I'd like to get this straightened out, but....

....

[eyezberg]

Confirmed, I have bots showing up in a custom user module!
Hoping for a quick fix on this one..?
Rest fine so far, thanks team.

[Asphyx]

Which bots are doing this because I just made a custom module and didn't have this problem...

[grace]

Hi, thank you for the new upgrade! I have problem to sort DocMan files. Even changed the file globals.
May I need change other files?
Regards

[stingrey]

It appears that mambots are now fired on module content as well as content items! This was not the case before Joomla 1.0.10 (Or at least it never appeared so). this could effect all mambots

Short answer is that yes content mambots will now affect custom/new module content as of 1.0.10

It was deemed a shortfall that was addressed in previous versions of 1.0.x and fixed in 1.0.10

[Giller]

I just downloaded the 1.0.8 to 1.0.10 zip patch

It seems to have a large number of files including the Solar Flair II CSS sheet (the original of which I modified and am currently using), the template and a couple of others I thought wouldn't need to be updated...

Is this correct?

[jtruelson]

Updated eighteen sites today some as old as 1.04, not to mention one mambo site (I guess I missed that one).
Updates went without a hitch in all but one.  The cause was JACL plus.  Restored site to 1.08 from backup (you do perform backups, right?) - uninstalled jacl plus, applied 1.0.10 patch and all was well with the world.

Thanks for staying on top of the security issues. 

[seyllek]

ok... I know about the backups and all of that - this seems to be a pretty dumb problem....

I did the patch for 1.0.9, and everything seems to have gone ok, except that I am having trouble with an javascript module I created that was working fine previous to this upgrade... instead of showing the item I created, it is showing the script on the front page of my site which is skewing everything to the right (this module is at the bottom left of my page).  Can anyone help?

Thanks!
umcuucla.com

[seyllek]

ok.... problem solved for me, but heads up to anybody using JCE Editor... if you are having troubles with anything you created (javascript) and you used JCE Editor, try turning of your WYSIWYG editors (you have to do it globally & per user!) and recreate the script.  Should work for you then... don't know if there is a compatibility issue with JCE now or not.... but this isn't the first issue I have had with that component.....

Thanks for the security updates..... for watching our backs!

Kelly

[AmyStephen]

Kelly - I always turn on the "No WYSIWYG" editor for scripting. I love the JCE Editor, but, not for code! Good luck!

[kernelkrash]

Didn't know quite where to post, so here goes...

MD5 difference... Just an FYI...

0226bf4f05a3c58743d56273d917dfbf  Joomla_1.0.10-Stable-Full_Package.tar.gz (from download)
4a928bf31f16b7ef54661a09646bd7f0  ---Joomla_1.0.10-Stable-Full_Package.tar.gz (from post what it's supposed to be.)
Downloaded 2x's and still getting the 0226bf... md5 result.

the MD5's for Joomla_1.0.8_to_1.0.10-Stable-Patch_Package.tar.gz did match

[Giller]

I just downloaded the 1.0.8 to 1.0.10 zip patch

It seems to have a large number of files including the Solar Flair II CSS sheet (the original of which I modified and am currently using), the template and a couple of others I thought wouldn't need to be updated...

Is this correct?

Can someone please clear this up for me?  With the Template and CSS pages in the patch does that mean that I need to do my own template and CSS again?

Thanks in advance

[nmau]

No problem in upgrading here.

I went from 1.0.7 > 1.0.10

Thanks guys

[infograf768]

Template.css

I guess you may safely use your customized solarflare template css.
the file provided with the upgrade is the same as the 1.0.9 release file.

One change compared to 1..0.8

#buttons_inner {
border: 1px solid #cccccc;
height: 21px;
}

becomes

#buttons_inner {
border: 1px solid #cccccc;
height: 21px !important;
height: 23px;
}

[Giller]

Merci Beaucoup 

[PhilTaylor-Prazgod]

It appears that mambots are now fired on module content as well as content items! This was not the case before Joomla 1.0.10 (Or at least it never appeared so). this could effect all mambots

Short answer is that yes content mambots will now affect custom/new module content as of 1.0.10

It was deemed a shortfall that was addressed in previous versions of 1.0.x and fixed in 1.0.10

Thank you for the confirmation.  Now that I know I was not going crazy I can patch all my components as almost all of them are effected :-)

I think this is going to become a FAQ :-)

[ultimate_fish]

I've got a weird problem that I hope someone can help me with.

Since updating this site: http://www.stmichaelsyork.org/cps

If you click on the worship cafe promo half way down the right hand side it doesn't work and gives the not authorized error. Click on the same thing anywhere else in the site and it works fine. It's a custom module and it's the same thing appearing across the site.

I've tried relative and absolute links, and I've tried turning of SEO (SEFadvance) and it still doesn't work.

Anyone got any ideas what's going on?

[Jorgenb]

md5sum check not correct?

Just downloaded the tar.gz of 1.0.9 - 1.0.10 patch and checked the md5sum

Should be a6f32246ccad6ebac3e05b6500559d38 according to list here http://www.joomla.org/content/view/1512/95/
But my check gave me this result 4a928bf31f16b7ef54661a09646bd7f0

Which one is correct?

Edit:
Also checked the .zip of same package
should've been 2640510e7a8b91dcf10400f7e472533c
But I get this
6bc28ba0086390d10c1786dc10cda51d
/JB

Upgraded anyway, using the tar.gz file
So far so good.. no problems what so ever (using CB, JCE, Joomlaboard, + bunch of other modules/mambots ...)

Thanks again Dev Team for a great CMS !!

[ruigato]

several mambots afected before upgrade.

Some content mambots start to show in user modules, maybee a quick fix to make an option in user module to load mambots or not? is this possible?
I'm sure lots of users will start to post problems retated to this in the forum..

upgraded 14 sites with no problems all went smooth, wainting to upgrade one with com_smf (the last time i use components that hack core files)
Anihow, it appears all the rest is 100%



thanks!

[eyezberg]

About the bots, check Phils post in Testing 1.0.X forum

[Jorgenb]

Module which did not work

Ravenswood latest module made left menu end up wider then before the security patch update (in my used template which is not one of the default that came with Joomla!)

Version 0.2 of Ravenswood Latest did not work
Updated to Version 0.3 solved the issue

Link to Ravenswood http://www.ravenswoodit.co.uk/

[tondelo]

Ok, I've done two sites and on both of them I've had problems with Content Sections.

On both sites all of my Content Section pages are blank where the Description is supposed to be. The rest of the page displays correctly but there is no content where the description should be.

If I create a new Content Section the Description displays correctly. It's only on the existing sections that there are errors.

I started with these two sites because they are smaller and this doesn't seem to be as smooth an upgrade as 1.0.9 was. The next ones have a bunch more content sections so hopefully there is a solution other than re-creating all the sections.

Thanks,
Tony