Page 2 of 3

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Fri Oct 14, 2005 6:10 pm
by Asphyx
I will post this in the bugtracker as well...

But I thought I should let someone know that the Who's Online module now shows no users online despite the fact the login screen shows me as logged in...
Minor thing really...

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Fri Oct 14, 2005 6:11 pm
by Tonie
cozimek wrote:Tonie,

I completely agree with your point.  Do you think you, or someone here in the community, could do a diff for the average users to say where the security changes are between 4.5.2.3 and this new release?  i know the core dev team here isn't required to do that, but it would be nice for someone who knows how to do it effectively to post up this change so that people that haven't migrated to Joomla (some people get scared with 1.0 anything) can still know where to patch this security issue.

Best,
Ryan


Unfortunately, I'm not a natural coder. I can create a simple component, but you don't want to rely on my coding skills.  ;D. I will ask on the Mambo forum, there is one new core developer communicating at the moment.

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Fri Oct 14, 2005 7:13 pm
by eric
Slight typo in the upgrade instructions:

To update from Joomla! 1.0.3, all you have to do is simply overwrite files from the 1.0.2 to 1.0.3 Patch Package.

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Fri Oct 14, 2005 7:40 pm
by Rick
Where are the upgrade instructions? I have looked in the archive and don't find any there. Do I just over write the files and if so do I need to change any of the permissions?

Thanks

Rick

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Fri Oct 14, 2005 8:13 pm
by frankie777
Patch went fine, no problems, but PLEASE don't do too many updates!

Re: changing the admin user interface for your clients as per a users post earlier - except for the look and feel, which in my view is an improvement, there's not much has changed functionally, and it would be wise to make the move now before there are dramatic differences between the Mambo admin section and Joomla.

Frank. :-[

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Fri Oct 14, 2005 8:43 pm
by SymondSez
Two sites upgraded. No problems noted.
-SymondSez

Re : Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Fri Oct 14, 2005 9:00 pm
by Artie
Thanks for all this work. The upgrade from 1.0.2 works perfectly. May I say it's a good thing for the community to have such a team who work so hard to make Joomla the more secure.  ;)

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Fri Oct 14, 2005 9:37 pm
by Rick
Could not find the instructions but I just over wrote the old files and the upgrade went fine. As to the UI, do what you feel needs to be done, I have total faith in your discretion, Thanks for the great work.

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Fri Oct 14, 2005 10:35 pm
by Markku
Rick wrote:Could not find the instructions but I just over wrote the old files and the upgrade went fine. As to the UI, do what you feel needs to be done, I have total faith in your discretion, Thanks for the great work.

Hi Rick, good that you worked that that out but the instructions can be found in the official announcement here: http://www.joomla.org/content/view/338/52/
Please notice "Upgrade Instructions" and statement "To update from Joomla! 1.0.3, all you have to do is simply overwrite files"

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Fri Oct 14, 2005 11:50 pm
by duvien
Excellent work! upgraded without a problem.

Thanks,

Sunburst

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sat Oct 15, 2005 9:14 am
by Juanjo
Asphyx wrote:I will post this in the bugtracker as well...

But I thought I should let someone know that the Who's Online module now shows no users online despite the fact the login screen shows me as logged in...
Minor thing really...



Maybe is not so minor. I noted the same thing after the upgrade; I had 1.0.1 and then patched to 1.0.2 and 1.0.3 in a row so I cannot say that is a 1.0.3 or 1.0.2 bug. But I tracked the problem a little bit since I tweaked my Who's Online module to show real names and found that for some weird reason the guest field on the sessions tables is set to "2" instead of "0" for logged users.  ???

I though this was a Comunity Builder problem, but found CB calls index?login the same as the standard lgon prompt and all the session stuff is set at the core at joomla.php where there are only 1 and 0 settings for session->guest  :(

So I really don't know what may be causing this, maybe on mosDBTable which is the parent class ?

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sat Oct 15, 2005 9:17 am
by Wil
Thanks for the great skills, support and service  ;D

It is good to see this out the door.

But its a shame the bug in admin panel where the images are all disorganized when viewed in firefox was not fixed for this release


I've have updated several sites, no of them has this issue! Have you tryed another admintemplate?
You could change mambo_admin_blue easely to joomla_admin_blue!

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sat Oct 15, 2005 11:11 am
by nickpledge
Wil wrote:Thanks for the great skills, support and service  ;D

It is good to see this out the door.

But its a shame the bug in admin panel where the images are all disorganized when viewed in firefox was not fixed for this release


I've have updated several sites, no of them has this issue! Have you tryed another admintemplate?
You could change mambo_admin_blue easely to joomla_admin_blue!


Can i ask if this was using Firefox or IE?? As i only have this issue in firefox.

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sat Oct 15, 2005 11:24 am
by Wil
I test all my sites in several browsers, no problems found with the adminpanel in IE and Firefox!

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sat Oct 15, 2005 12:28 pm
by bluesaze
Wil wrote:I test all my sites in several browsers, no problems found with the adminpanel in IE and Firefox!

It happens Very rarely in firefox and a Refresh usually cures it. I think its more of a firefox bug.

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sat Oct 15, 2005 4:28 pm
by electra
Markku wrote:
Rick wrote:Could not find the instructions but I just over wrote the old files and the upgrade went fine. As to the UI, do what you feel needs to be done, I have total faith in your discretion, Thanks for the great work.

Hi Rick, good that you worked that that out but the instructions can be found in the official announcement here: http://www.joomla.org/content/view/338/52/
Please notice "Upgrade Instructions" and statement "To update from Joomla! 1.0.3, all you have to do is simply overwrite files"



Ok, just to put my 2 cents worth in here.  I don't know much, but I did just as the instructions stated.  I overwrote all files.  But, why now do I have a file called "configuration.php-dist" which states inside this file

*" If you are installing Joomla manually i.e. not using the web installer
* then rename this file to configuration.php e.g.
*
* UNIX -> mv configuration.php-dist configuration.php
* Windows -> rename configuration.php-dist configuration.php
*
* Now edit this file and configure the parameters for your site and
* database.

I did not follow the instructions inside the file as stated above, so I checked my global configuration inside Joomla, under server, it still shows http://help.mamboserver.com under help server.  So tell me, is this correct, is there a web installer program for upgrades, what should I believe and what should I not believe? 

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sat Oct 15, 2005 4:31 pm
by Tonie
There is no online upgrade tool. The web installer is the installer most people use to install a new installation. There is also a manual way to do this as well, this is handy for scripters for example.

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sat Oct 15, 2005 4:32 pm
by Rick
Not sure about the official word but all I did was an over write and all worked well. I did miss the instructions originally but they make no mention of the file you are questioning. If the system is working I would not do anything else. I believe that the file in question is for a full install and just slipped into the upgrade package, but I could be wrong.

Rick

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sat Oct 15, 2005 4:47 pm
by Asphyx
I had 1.0.1 and then patched to 1.0.2 and 1.0.3 in a row so I cannot say that is a 1.0.3 or 1.0.2 bug.


Well I can confirm it's definitly a 1.03 issue as it was working fine in 1.02 and 1.01
What I did notice was a vast increase in the number of guests to my site since the upgrade to Joomla, Not sure if that was a real reading or not...

Since posting in the bug tracker I have noticed a lot of people with the same problem posting.

And when I say Minor problem I mean it really doesn't affect the operation of the site...

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sat Oct 15, 2005 9:19 pm
by vavroom
electra wrote: But, why now do I have a file called "configuration.php-dist" which states inside this file


Don't worry about that file.  It's just the file that gets used when you're installing joomla for the first time, using the web install function.  You can, if you want, delete it.

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sat Oct 15, 2005 9:57 pm
by electra
vavroom wrote:
electra wrote: But, why now do I have a file called "configuration.php-dist" which states inside this file


Don't worry about that file.  It's just the file that gets used when you're installing joomla for the first time, using the web install function.  You can, if you want, delete it.


Thanks so much.  I also deleted file "globals.php-off" using the same assumption.  Appreciate the response.  John.

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sun Oct 16, 2005 2:28 am
by stingrey
electra wrote:so I checked my global configuration inside Joomla, under server, it still shows http://help.mamboserver.com under help server.

For those converting from Mambo, you need to manually change the help server url to  http://help.joomla.org

As this setting resides within you configuration.php file, there is no way we can change this during the conversion process.


However, saying that, if you are running Joomla! and your help server url still points to http://help.mamboserver.com, we actually override is and redirect you to  http://help.joomla.org instead automatically.

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sun Oct 16, 2005 4:35 pm
by Juanjo
Asphyx wrote:
I had 1.0.1 and then patched to 1.0.2 and 1.0.3 in a row so I cannot say that is a 1.0.3 or 1.0.2 bug.


Well I can confirm it's definitly a 1.03 issue as it was working fine in 1.02 and 1.01
What I did notice was a vast increase in the number of guests to my site since the upgrade to Joomla, Not sure if that was a real reading or not...

Since posting in the bug tracker I have noticed a lot of people with the same problem posting.

And when I say Minor problem I mean it really doesn't affect the operation of the site...



I mean that maybe it is not so minor since the values for guest field changed so maybe it can modify the behavior of some 3rd party modules :(

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Sun Oct 16, 2005 7:27 pm
by carlosmz
I upgrate from 1.0.2 to 1.0.3 but i'm still having problem's with assign template to some pages. I want assign one template to some pages (in english) and another templates to another pages (in portuguese) but some pages that I assign the portuguese template (that is not the default template) still presenting the default template. I know that there was a bug with 1.0.2, but it seams that was fixed in 1.0.3? ??? 

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Tue Oct 18, 2005 5:18 pm
by mairving
It would be helpful if the changes made to the configuration.php-dist file were listed in the changelog. The reason is that it is pretty simple to cp files over but for the configuration.php it would be much easier and faster to just add, change or subtract the modifications made to the configuration.php file rather than moving the file over, comparing it to the existing one and making the changes.

Thanks

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Tue Oct 18, 2005 9:41 pm
by tormi
How come the version number in Joomla did not change afte the upgrade from 1.0.0. --> 1.0.3???

regards

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Tue Oct 18, 2005 9:50 pm
by benedikt
What do you mean exactly?
When I go to System < System Info, I see

Joomla! 1.0.3 Stable [ Sunlight ] 14-Oct-2005 10:00 UTC

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Tue Oct 18, 2005 10:57 pm
by Markku
Version info is stored in the file includes/version.php

If you have not replaced that file you'll still see old version number.

Dumb New-Guy Question: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Wed Oct 19, 2005 6:09 pm
by jb
Ok.. really dumb New-Guy question about applying this update. "simply overwrite files from the 1.0.1 to 1.0.3 Patch Package," eh? Well, I'm assuming that this means the individual files inside the included directories, and not the full directories.. correct?

But this makes quite a lengthy process out of doing a simple update.. It would really be great if there were a script included with updates to copy (and thereby overwrite) all the new files to their proper locations. Looking at the directories in my 1.0.1 site, on the server, I see that overwriting the directories with these new ones would delete lots of other files which are already there. So I'm a bit confused.. I will wait for clarification here, before I apply the update.

Thanks.
jb

Re: Discussion about: Upgrade to Joomla! 1.0.3 Security Release now!

Posted: Wed Oct 19, 2005 6:13 pm
by mairving
Do you have shell access?

If so, cp -R directory_name/* directory_name/ will overwrite files but not remove existing ones that are not present in the update.

Example: to copy components directory
cp -R /pathto/upgrade_files/components/* /pathto/existing install/components/