Page 2 of 4
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 11:38 am
by astridv
If you have loads of sites to patch:
- change globals.php before uploading (so Emulation is off)
- note that the configuration.php has only ONe extra line $mosConfig_mbf_content='0';
Rather than filling out all the config details I added the one line to all config files.
- Overwrite the admin.mambots.php in the package with the changed one.
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 11:59 am
by mporcheron
sgabbio wrote:done from 1.0.10 to 1.0.11 overwriting files with Filezilla FTP client.
at first time polls and some menus in the backend didn't work well.
at second overwriting it works well but:
- JCE comp: if i chose JCE Configuration from the menu an alert says: Restricted Access and i can't access jce config (even if it's still working)
- JACPLUS: doesn't work so i've uninstalled it and now i'm re-installing it.
I know for sure that the JCE config is a mambot and subsequently requires the offical patch for the mambots section. See edition at the end of this post:
http://forum.joomla.org/index.php/topic ... 55967.html.
Upload it to administrator/components/com_mambots
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 12:16 pm
by slyboots
astridv wrote:If you have loads of sites to patch:
- change globals.php before uploading (so Emulation is off)
- note that the configuration.php has only ONe extra line $mosConfig_mbf_content='0';
Rather than filling out all the config details I added the one line to all config files.
- Overwrite the admin.mambots.php in the package with the changed one.
Thanks astridv - your post saved me a lot of time!
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 12:20 pm
by ahmad
Upgraded to 1.0.11 with no problems
I uploaded the file through FTP manually
I noticed a new menu item ( Check Version ) Under ( System )
Nice work guys
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 12:29 pm
by globule
As previous updates, some small bugs sometime appear with the upgrade patch.
Upolading the full package solved them.
What I recommend to do :
- use the file manager from your hoster panel to create a copy of your site in a subdirectory (faster than FTP)
- correct the configuration file, and .htaccess if needed
- upload the upgrade
- test this copy (mysite.com/mycopy) as deep as you can : regiter a new user, submit a new article, create a new section etc...
If it works correctly, apply to the production site.
This prevents from bugs if you hacked something and forgot it!
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 12:58 pm
by infograf768
$mosConfig_mbf_content='0';
What is that one for?
I indeed see it in the dist file.
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 1:05 pm
by RobInk
Hi JM,
From what I can recall, this is for MambelFish, now known as Joom!Fish multilanguage extension...
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 1:17 pm
by chris_t
this is a real pain in the backside. i only finished upgrading to 1.0.10 last week, as i've made dozens of small hacks throughout. to now have to go through that all again is unfortunate to say the least.
can anyone tell me, briefly, how 1.0.10 and 1.0.11 differ? i've already secured register_globals, emulation, magic quotes, my .htaccess etc. why do i still need to upgrade?
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 1:20 pm
by RobInk
Hi chris_t,
Check the full changelog to see whats been changed/fixed:
http://www.joomla.org/content/view/1841/78/As you can see quite a lot of security fixes. My advice would be to upgrade, even if it means fixing/patching your files again.
Regards Robin
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 1:24 pm
by infograf768
RobInk wrote:Hi JM,
From what I can recall, this is for MambelFish, now known as Joom!Fish multilanguage extension...
hmmm.. Wondering... I see it in the dist indeed for ages (saw it in a 1.0.7 at least) but a new install does not populate it.
How is it I have a Joomfish driven site and this config is nowhere to be seen in the admin?
Maybe it is only an artefact of the old mambelfish times and beginning of Joomla.
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 1:29 pm
by RobInk
Maybe it is only an artefact of the old mambelfish times and beginning of Joomla.
Think so too, also implemented several multilanguage sites, never seen it as an option in global config either.
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 1:38 pm
by crash777
While this is nice to know... it does not call out files that were modified. Is there a list that shows which files were modified?
RobInk wrote:Hi chris_t,
Check the full changelog to see whats been changed/fixed:
http://www.joomla.org/content/view/1841/78/As you can see quite a lot of security fixes. My advice would be to upgrade, even if it means fixing/patching your files again.
Regards Robin
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 1:38 pm
by crash777
Fantastico is sensitive and though I never doubted that an upgrade would work, I wonder if it will "break" the link to Fantastico rendering future upgrades in fantastico useless..
Wondering when we can expect an official upgrade through Fantastico or do they only wait for major releases?
Re: 1.0.11 release warning
Posted: Tue Aug 29, 2006 1:47 pm
by micoots
Hi,
infograf768 wrote:WARNING!
------------GLOBAL MOD EDIT: last minute small bug found in admin.mambots.php
While waiting for new package, find file below.
This is an official fix!
I used the latest 1.0.10 to 1.0.11 bz2 patch file from forge.joomla.org with md5sum:
6af7ded3b0cd8c9988e1ee4e8698142c Joomla_1.0.10_to_1.0.11-Stable-Patch_Package.tar.bz2
This md5sum didn't match what was posted on the md5sums link on this site, but I think it's still ok since there was an "original" Joomla_1.0.10_to_1.0.11-Stable-Patch_Package.tar.bz2 file posted first which I believe matched the original md5sum on this site.
Either way, I grabbed the file you announced here and transferred it to my server.
I use JCE so will test and hope all is ok.
Thanks.
Michael.
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 2:24 pm
by RobS
chris_t wrote:this is a real pain in the backside. i only finished upgrading to 1.0.10 last week, as i've made dozens of small hacks throughout. to now have to go through that all again is unfortunate to say the least.
can anyone tell me, briefly, how 1.0.10 and 1.0.11 differ? i've already secured register_globals, emulation, magic quotes, my .htaccess etc. why do i still need to upgrade?
1.0.11 addresses several vulnerability possibilities in Joomla and in PHP itself... the most notable of the PHP vulnerabilities is the Zend_Hash_Key_Del_Or_Index () but that could allow an attacker to potentially feed malicious data to any PHP script via the URL. It also addresses a potential spamming issue that required a pretty extensive fix and some smaller SQL injection and XSS vulnerabilities. Some of those vulnerabilities we rank as critical as they can lead to compromise of the website while most of them are very low risk. For a list of the files that have been changed since 1.0.10, just download one of the 1.0.10 -> 1.0.11 patch packages as that will only contain the files that have been modified but keep in mind there have been several files modified.
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 3:21 pm
by chris_t
i've upgraded again and am making my little hacks again.
EDIT: page title problems sorted - includes/joomla.php was the offending file.
linked titles no longer work in 1.0.11. i notice a discrepancy between the two most recent versions, in content.html.php (line 580):
new:
$row->link_on = sefRelToAbs( 'index.php?option=com_content&task=view&id=' . $row->id . $row->Itemid_link );
old:
$link_on = sefRelToAbs("index.php?option=com_content&task=view&id=".$row->id."&Itemid=".$_Itemid);
the result: now, when linked titles are turned on, the url is my site url, rather than the full content url. help please?
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 3:40 pm
by adewinne
I upgraded from 1.0.10 to 1.0.11 everything seemed fine. I set define( 'RG_EMULATION', 0 ); in globals.php. But this morning I tried to edit a mambot setting and keep getting a 'restricted access' popup. Then it goes back to the list of mambots. The mambot I was trying to edit is now locked. This happens for ALL mambots.
JCE component seems to have the same problem. All other components and modules seem to be fine so far.
Help!
------
http://forum.joomla.org/index.php/topic ... html and upload admin.mambots.php fixes the problem above.
Alex
Bug : non more statistics of printed pages in the administrator back-end
Posted: Tue Aug 29, 2006 3:43 pm
by JacquesL
Bug with 1.0.11 : non more statistics of printed pages in the administrator back-end.
I regret them !
On my site, the hacker installed twice a Cshell and his own folders and programs with CRONs, with the help of pirating the component mambowiki.
I do not know how to set register_globals on OFF. Each time I try to use a .htaccess for that, the only result is to block all access. I am on 1and1.fr.
Can somebody explain me the right steps ? Thank you by advance !
Re: 1.0.11 release warning
Posted: Tue Aug 29, 2006 4:11 pm
by jeepn
infograf768 wrote:WARNING!
------------GLOBAL MOD EDIT: last minute small bug found in admin.mambots.php
While waiting for new package, find file below.
This is an official fix!
So is there going to be a forthcoming 1.0.12 soon? Or is 1.0.11 being re-packaged?
Thanks
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 4:11 pm
by joomlasolutions_JB
from the link on the joomla front site announcement, it says ( SUNBIRD ) but when i followed that link,downloaded and applied the patch from 1.0.10 to 1.0.11 I get (SUNBOW ) on my admin. What does that mean? is it wrong release?
joomla front page announce: Joomla! 1.0.11 [ Sunbird ] is now available as of Monday 28th August 2006 24:00 UTC
admin footer after applying patch to site: Joomla! 1.0.11 Stable [ Sunbow ] 28 August 2006 20:00 UTC
also, when i look in the admin, it tells me:
Your version of Joomla! [ 1.0.11 Stable ] is
2 days old
how 2 days old??
if there is going to be a fixed release of 1.0.11 planned in the next few hours or days, i would VERY much like to know, since I and many others have multiple sites to patch...
tell us
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 4:58 pm
by jtruelson
Thank you, Amy, thank you Websmurf - that fixed it.
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 5:32 pm
by leolam
Thanks to all devs and testers for fixing the next layers of security holes. I would appreciate a clarification please on what this is meant to mean:
------------GLOBAL MOD EDIT: last minute small bug found in admin.mambots.php
While waiting for new package, find file below.
* admin.mambots.php.zip (4.14 KB - downloaded 101 times.)
« Last Edit: August 29, 2006, 08:57:23 PM by infograf768 »
Is this a repack with already identified bugs/additional changes (a sort of 1.0.11a) or is it going to be 1.0.12?
please advise? We are not waiting to upgrade so many customers every two days or so
cheers
Leo
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 6:24 pm
by alibroon
I've got a problem upgrading from 1.0.7 to 1.0.11
Template is out of whack and the login gives me the following
Fatal error: Call to undefined function: josspoofvalue() in /homepages/mysite/modules/mod_login.php on line 91
I can get into control panel but when I go to modules>site modules
my-site/administrator/components/com_modules/admin.modules.php on line 28
It's also telling me that it is still at version 1.0.7
Am I missing something?
What to do
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 6:44 pm
by joomlan
Hi,
I upgraded it to 1.11 ,but I am getting this message now :Restricted access for both Admin & Front end !! What did I do wrong ?
I copied the folders in the patch to the same locations on the server and overwrote them !! How can I fix this ?
What are the steps to upgrade ? What did I miss ?
Thanks
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 7:00 pm
by jeepn
If anyone is having troubles with upgrading... head here:
http://forum.joomla.org/index.php/board,36.0.html
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 8:34 pm
by zuze
jtruelson wrote:It is good to know that security take precedence here. I have 29 or so Joomla sites to patch.
I've done two so far. Problem with Joomlaboard (latest version) encountered.
Selecting an existing topic throws the following:
An invalid post id was requested.
\n
any thoughts on this?
I had that same problem when I updated to Joomla 1.0.10. And I am not the only one. Have not found the answer yet, not on these bords not Joomlaboard forum borads.
Error when trying to install templates, language, components, modules or mambots
Posted: Tue Aug 29, 2006 8:36 pm
by nandoprieto
I upgraded "immediately" from 1.0.10 to Joomla 1.0.11 and when I try to install any template, language, component, module or mambot this is what I have:
Fatal error: Cannot instantiate non-existent class: ftphostaccnt in /vhosts/ecc.univalle.edu.co/administrator/components/com_installer/admin.installer.html.php on line 160
I suspect this is caused because recently I uploaded the SafeMode patch for Joomla 1.0.10 which can be found at
http://developer.joomla.org/sf/frs/do/l ... 4BD54DD761If so, where can I fing the safe mode patch for Joomla 1.0.11?
If not, what did I do wrong?
Thank you very much in advance.
Fernando
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 8:38 pm
by chunkybacon
Is there a way to be notified via email for *only* security updates?
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 8:40 pm
by brad
chunkybacon wrote:Is there a way to be notified via email for *only* security updates?
Please subscribe the the announcement section of this forum. See frontpage of forum, all is explained:
Announcements from the Joomla! Core Team for the attention of all Users. We encourage all Joomla users to subscribe to announcements by Clicking Here.
Re: Discussion about: Upgrade immediately to Joomla! 1.0.11
Posted: Tue Aug 29, 2006 8:42 pm
by RobInk
Hi,
At zuze, about the issue with joomlaboard, check
http://forum.joomla.org/index.php/topic,86525.0.htmlRegister globals emulation = 0 is causing problems with several extensions. You will find a fix in that topic.