Discussion about: Upgrade to Joomla! 1.0.10 Security Release

[Tonie]

@woozle. What kind of components are you using? Any 3rd party login component?

[Asphyx]

and that had ZERO to do with the SQL insertion problem that this update fixed.

Keep in mind this patch isn't just for and totally created just to fix that one injection issue...

the Q&A team works on bug fixes almost from the time they release a patch as new issue are discovered...
the SQL issue may have moved up the release date on the fixes they were working on at the time but that was more than just the SQL injection stuff!

[AmyStephen]

Hey guys, I just did an upgrade from 1.0.9 > 1.0.10 by applying the patch (tar xzvf patch.1.0.10.tar.gz in webroot). After upgrade I logged into administrator and did a System > Clean all Cache

Im having an issue with the Who's Online module...its counting everytime I hit refresh in my browser...if I click refish 100 times it tells me there is 100 users online Does anyone know whats going on this is My Website http://www.vellypooh.com if you want to check it out and see for yourself.

@kspades - beautiful pictures - but, the refresh is NOT adding users for me. You okay, now? Amy

[woozle]

@woozle. What kind of components are you using? Any 3rd party login component?

No login component but I had installed extCalender (uninstalled now). 

[AmyStephen]

@Bigjohn  8)

I get this error on one site:
Warning: Missing argument 2 for initsessionadmin() in /home/xxxxxxxxx/public_html/xxxxxxxx/includes/joomla.php on line 742

anyone else see this error?

And @Kili  8)

I get this error on one site:
Warning: Missing argument 2 for initsessionadmin() in /home/xxxxxxxxx/public_html/xxxxxxxx/includes/joomla.php on line 742

anyone else see this error?

Yes I get this error. Posted a coulpe of times but have not been able to get an answer

Kili

And @Manoxtra    8)

Any thoughts about this, or should we just ignore it?

Error after upgrading >>> After I login in the backend this message appeares in the top of my screen:

Code: Select all

Warning: Missing argument 2 for initsessionadmin() in /home/manonet/public_html/aob/includes/joomla.php on line 742

Did you guys see THIS post? 

I have upgraded from 1.0.9 to 1.0.10, and I got this error in my admin panel
Warning: Missing argument 2 for mosMainFrame::initSessionAdmin(), called in /path/to/joomla/administrator/index2.php on line 38 and defined in /path/to/joomla/includes/joomla.php on line 742

I have downloaded a full version, and copied index2.htm into the administrator folder, and it seem quite OK. Yet I believe that it`s best to include the new file in the upgrade patch. Might save some problems

Have a great day
Yair

It was IMMEDIATELY above Bigjohn's nit picky post: 

Just a nit to pick, but can we NOT include footer.php in every single upgrade?  I mean, what changed in Footer.PHP??  Except to over-write my custom ones....

ARRGH.

John

See if that helps -- if it does, please post back so people know you have been taken care of...Amy 

[Manoxtra]

I have upgraded from 1.0.9 to 1.0.10, and I got this error in my admin panel
Warning: Missing argument 2 for mosMainFrame::initSessionAdmin(), called in /path/to/joomla/administrator/index2.php on line 38 and defined in /path/to/joomla/includes/joomla.php on line 742

I have downloaded a full version, and copied index2.htm into the administrator folder, and it seem quite OK. Yet I believe that it`s best to include the new file in the upgrade patch. Might save some problems

Have a great day
Yair

Wow that solved my problems... Thx! 

[AmyStephen]

Wow that solved my problems... Thx!  :)

Good job, Yair!  :-*

--> Daniel Tulp, BigJohn, and Manoxtra are all okay, now. The only one we have not heard from is Kili. Looks like Yair's solution works.

[TomT]

I get "You are not authorized to view this resource" when trying to log in to the front end.  After upgrade from 1.0.9 to 1.0.10

Several others have reported this - anyone come up with a fix for it yet?

I hadn't noticed it before, but yes I have this issue.Tonie's reply gave me the solution. I use the userextend component and their login module. Now I switched to the default Joomla! login module and changed the path to the Joomla registation componennt into the userextended component.

That solved it for me. People can login again and still registrate using userextended.

[Daniel Tulp]

I have upgraded from 1.0.9 to 1.0.10, and I got this error in my admin panel
Warning: Missing argument 2 for mosMainFrame::initSessionAdmin(), called in /path/to/joomla/administrator/index2.php on line 38 and defined in /path/to/joomla/includes/joomla.php on line 742

I have downloaded a full version, and copied index2.htm into the administrator folder, and it seem quite OK. Yet I believe that it`s best to include the new file in the upgrade patch. Might save some problems

Have a great day
Yair

Wow that solved my problems... Thx! 

yep for me too, but I think he means index2.php and not html

[aesator]

For those not getting a page or an empty page....

It is very important that you take the site offline before you attempt to FTP the patch to the server!

You should never try to patch a site while it is currently live!

This advice worked for me! I did the upgrade one more time, this time I did it right. Thank you, Asphyx

[Daniel Tulp]

I always update while being live, why should this be a problem, never had problem with it

[Jorgenb]

Hey guys, I just did an upgrade from 1.0.9 > 1.0.10 by applying the patch (tar xzvf patch.1.0.10.tar.gz in webroot). After upgrade I logged into administrator and did a System > Clean all Cache

Im having an issue with the Who's Online module...its counting everytime I hit refresh in my browser...if I click refish 100 times it tells me there is 100 users online Does anyone know whats going on this is My Website http://www.vellypooh.com if you want to check it out and see for yourself.

Something happen to the forum?
I've received the Topic reply by e-mail but can't find kspades post anymore...

Anyway..
From mail received
"Im a MS hater...I dont think they make worthy -FINAL much less risking a beta. Im usuing regular IE6. Im home and Im using firefox on linux  and the site still lines up vertically...can anyone else confirm its not just me? And no...Im not just trying to drive website traffic."

kspades, I am not having any issues what so ever with you site
Photo album lines up perfectly (btw lovely photos), reloading the site causes no impact on number of guests, only list 1 guest regardless of how many times I reload the site.

Linux wise I am using slackware current and Firefox 1.5.0.4

/JB

[AmyStephen]

@JorgenB -

Rey split off KSpades problem and all related responses into their own thread: < http://forum.joomla.org/index.php/topic ... #msg378682 >

Moderators -

There are still a few posts here related to KSpades Gallery issue.

Can Reply #147 from this thread be moved to the first post in the other thread?
Then Reply #152.
< all the posts that are there, now >
Then Reply #161.

Thanks!
Amy

--> Then, please delete this one. Thanks, again!

[AmyStephen]

I always update while being live, why should this be a problem, never had problem with it

I have, too. I am glad you asked this -- I use a Windows Server; I happen to know Ashpyx uses Linux. Perhaps that is the difference?

[Daniel Tulp]

i have sites running on linux, apache and xshttpd, and no problems, so I guess that's not the reason

[puma1824]

Upgraded 2 sites from 1.0.7 to 1.0.10.  Overall no problems BUT do have a problem with the Poll feature.  After voting and trying to vote again the pay displaying you already voted cannot be found.  Using OpenSEF...I think that's where the problem resides.

Do have a question about the .htaccess file.  Notice one post stating 1.0.8 and .9 to .10 no need to update the .htaccess....how about with 1.0.7???

Thanks in advance,
Puma

[Bigjohn]

Upgraded 2 sites from 1.0.7 to 1.0.10.  Overall no problems BUT do have a problem with the Poll feature.  After voting and trying to vote again the pay displaying you already voted cannot be found.  Using OpenSEF...I think that's where the problem resides.

Do have a question about the .htaccess file.  Notice one post stating 1.0.8 and .9 to .10 no need to update the .htaccess....how about with 1.0.7???

Thanks in advance,
Puma

Just compare them.  The issue is that they've made some big changes to the HTACCESS file to support 404sef and opensef.

[Asphyx]

I always update while being live, why should this be a problem, never had problem with it

If you don't have a very active server it won't be a problem!
If you have lots of users on a daily basis it is easy for someone to access a file, have the server lock it and deny FTP the ability to overwirte...
This happens in both Linux and MS systems.

90% of the time it will work.
But if someone happens to try and access a file as the FTP is trying to overwrite it in most cases the FTP program will lose because it is faster to read a file than it is to transfer it!

By taking the site offline you ensure no one can request any of the files you are trying to upload!

[gnirre]

I find the upgrading instructions unclear on one point: on *how* to copy the new files in the patch to their right places.

Is it implied I should do it one-by-one? That's tiresome and also error prone.

Anyway. I have a better idea -- at least for Unix hosted joomla: extract the archive in the old directory's place. The files will be thrown to their correct places in the file tree to replace. Nothing else will be touched.

I works in Unix, by this command

% cd /var/www  # ... absolute path
% tar xzf joom1.0.5_to1.0.10.tar.gz

REFERENCE:
http://www.gnu.org/software/tar/manual/ ... xtract-dir

[Tonie]

This is a small upgrade guide: http://forum.joomla.org/index.php/topic,33226.0.html.

[gnirre]

This text has no meaning in a unix text shell context:

"Select all files and folders in the patch, and copy them over the root directory of your local installation. This is the location where your configuration.php is available. After the copying is finished, the patch is finished."

Does the above maybe refer to a drag-and-drop operation for a Linux GUI or Windows user? Or maybe thru some ftp program? Drag and drop like that would not work in the OS X Finder.

And I guess a lot of folks using web hotels will be ssh:ing and curl:ing down the upgrade. So I suggest you complement the installation instructions for unix shell users, with my suggestion:

% cd /var/www  # ... or your own absolute path
% tar xzf joom1.0.5_to1.0.10.tar.gz  # .. or the patch file you use

[AmyStephen]

By taking the site offline you ensure no one can request any of the files you are trying to upload!

Makes sense, thanks, Mike.

[infograf768]

on OSX, another solution is to use a synchronize app  (like synchronize pro).
By twisting some parameters (date, delete or not what is in copy vs original, permissions, etc.) you may easily get the upgrade done.
It is specially handy when using SVN. SVN remains untouched and you work on a synchro (a global one this time).

On a remote host, ftp is definitely the way to go if you can't unzip remotely.

[Wilbkr1]

Hello,

I am trying to do a fresh install of 1.0.10 . I am doing the install on an IIS server with PHP 4.1.  I get the notification that I was successful and to remove the install folder, which I do.  Go to the domain and it takes me back to http://www.mydomain.com/installation/index.php.&nbsp;It will not direct me to the index.php file. I have several installs of joomla and never seen this problem with any of the other versions.  I upgraded 1 site from 1.0.09 with no problems.  Any help?

[stanman1]

For those not getting a page or an empty page....

It is very important that you take the site offline before you attempt to FTP the patch to the server!

You should never try to patch a site while it is currently live!

If someone should go to your site while you are in the middle of FTPing files some file you are trying to overwrite could get locked by the server and not get overwritten during the FTP proccess..

All it takes is one file to not get updated to effect the entire site. (especially something like index.php or the Joomla.php.

So try again with the following.

1 - Go into backend and take the site offline. Wait 5 mins or so to be sure all potential locked files are released.
2 - FTP the patch as per the instructions.
3 -  When done check the permissions of all files to make sure they are public readable as some FTP accounts set permissions to be not readable to the public by default
3a - You can usually do this by going into the backend system info and clicking on the permissions tab.
4 - Turn the site back to online and test.
5 - If you have problems still check your FTP log (if you have one) and see if there were any errors during the transfer. If so reupload those files (it happens FTP isn't perfect)

OK... I swear I followed all of your instructions to the T but I'm STILL getting a white page. I downloaded the patch directly to my server and after over-writing the updated files I tried to log into the backend... I saw the login page but after pressing submit I saw nothing but the blank white page.

A peek at my Apache error log for the Joomla site revealed the following:
/var/www/sandbox.meridianschools.org/.htaccess: Options not allowed here

I had made some modifications to the htaccess file based on advice I read in an article by Netshine Software about Securing your Joomla Website (http://www.netshinesoftware.com/joomla-security.html). After seeing this error, however, I tested my theory that the modified htaccess was the source of the problem... I renamed it with a .txt extension and instead used the standard htaccess included in the 1.0.10 patch, then restarted Apache and tried again. No change.

I didn't had this problem when I upgraded from 1.0.8 to 1.0.9; what's going ON??!? 

-Stan

[fredarin]

Unpacked Joomla_1.0.7_to_1.0.10-Stable-Patch_Package.tar.gz on my server.



Everything works - it seems

Except one thing:

It seems a section HAS TO be linked to a meny item. If not a login is needed to see the content associated with that section - even if the section and its content its Public.

--------------------------------
obsolete notes below
--------------------------------

Everything works - it seems

Except one thing:

To see the Newsflashes a login is needed - although they are Public. Same thing if I create a new Newsflash. Will only show if logged in.

I do not have this issue with other content. Only the Newsflashes.

If I change section and category to some other no login is required.

Very strange

EDIT: If I create a new section and category - the content created beloning to the new section/category can never be accessed from the frontpage, but if I associate it to an already existing section and category I can see it without logging in.

[jpschwartz]

I've upgraded from 1.0.9 to 1.0.10, and now when I use the frontend login module to log in as an administrator and attempt to submit a new news item (in the frontend of the news section), the Save and Apply buttons don't do anything. I have to go through the backend to post a new news item. Any advice?

Jim

[Tonie]

This announcement thread is turning into a big support thread. It is not perfect to ask/answer questions in one big thread. If there are any problems or questions about the 1.0.10 upgrade, please post them here.

For a new installation, please post here. When you asked a question here, and it is not solved yet, please open a new thread in one of the above forums.

This thread is now going to be closed. I want to thank everybody for their interest in Joomla!, I hope it is as useful to you as it is to me.

[stingrey]

If you are using the Patch Packages it is very important that you USE THE CORRECT PATCH PACKAGE.

This means that you need to determine your sites correct version number and use the correct patch package to upgrade to 1.0.10



For example if your site is using version 1.0.7, you MUST use either:
* Joomla_1.0.7_to_1.0.10-Stable-Patch_Package
or
* Joomla_1.0.10-Stable-Full_Package



If you use the incorrect package number you will get problems like the one here:
Warning: Missing argument 2 for initsessionadmin() after 1.0.10 upgrade
http://forum.joomla.org/index.php/topic ... #msg379240

[hostactiva]

Hello,

Today I upgraded my Joomla  site 1.0.3 to 1.0.10 using the Joomla_1.0.10-Stable-Full_Package. Everything went ok but then realized that I got some funny characters. I chat to the hosting support and this is what they told me:

"Please contact the script vendor and let us know the proper character set for the scipt."|

" I mean the database charset is not appropriate"

"Since UTF* is not supported here, There is no spanish charset In the server"

"In our server mysql 4.0 is running and won't support UTF* / UTF8

" That will come with the server database"

"But only mysql 4.1 is having spanish charset Unfortunately"

My site is http://www.intensa.com/ and it uses both english and spanish written articles.

Can anyone explain me a little more about this issue, I think i am a little lost about this! Is there any solutions here? Am I missing something?

Thanx in advanced!