Jump to content
TCH-Thomas

Joomla! 1.0.11 Released!

Recommended Posts

All existing Joomla! users needs to update to this version, due to several High Level vulnerabilities that affect all previous versions of Joomla!

 

Read more/Get it here

Share this post


Link to post
Share on other sites

Just an little addition to this upgrade...

 

After the upgrade, you may meet the following message in your administration:

Following PHP Server Settings are not optimal for Security and it is recommended to change them:

 

* Joomla! RG_EMULATION setting is `ON` instead of `OFF` in file globals.php

`ON` by default for compatibility reasons

 

Please check the Official Joomla! Server Security post for more information.

What you will need to do (as far as I can tell) is:

 

1. Download the globals.php from the root of your joomla directory.

2. Open the file and replace the following line

>define( 'RG_EMULATION', 1 );

with

>define( 'RG_EMULATION', 0 );

3. Upload the file and check in the administration if the message is gone.

Share this post


Link to post
Share on other sites

Did what you said to do with the global file but I still get the following message in Administartion Window after logging into Joomla Admin.

 

Following PHP Server Settings are not optimal for Security and it is recommended to change them:

 

PHP register_globals setting is `ON` instead of `OFF`

 

Any further ideas.

 

When the setting is set to 1, I get two messages displayed.

 

 

 

Edit starts here

 

 

 

Well after reading several pages of posts, it seems that TCH needs to turn this off for the servers running Joomla. Hopefully that will be addressed. Anyone else getting the above message after doing the Joomla update, or did you only get the one message ?????

Edited by flashram

Share this post


Link to post
Share on other sites

You can add this to your .htaccess file. I'm at work at the moment, but when I get home, I'll look at my notes. I found the fix by looking on the joomla site if you want to have a go at it yourself.

 

If TCH were to turn this off for servers running joomla, they'd have to do it on ALL their servers...and that won't (nor needs to) happen!

Edited by stevevan

Share this post


Link to post
Share on other sites

Thanks Steve I will wait and see your reply back later on. Your at work, must work the late shift then. It is 10 to 10 am here in Sydney Australia. If you want to PM me with the info that would be great as well.

Share this post


Link to post
Share on other sites

Naw...work is "supposed" to be a 10-hour day (0700 - 1730), but sometimes things have to run late. Part of working for the Government!

 

Anyway, edit your .htaccess file and add the following line at the end of the file:

php_flag register_globals off

 

That did the trick for me.

 

(Note: PM'd as well, but posted here for others who might be following this thread.)

Edited by stevevan

Share this post


Link to post
Share on other sites

Thanks for that Steve worked well.

Share this post


Link to post
Share on other sites
When the setting is set to 1, I get two messages displayed.

It´s not supposed to be set to 1. It´s supposed to be set to 0. :clapping:

Share this post


Link to post
Share on other sites

Thomas is correct and I have also implemented the register_globals in my .htaccess. You have to be aware though that some scripts won't like that bit being turned off, e.g. Gallery 2 for server uploads no longer functions when register_globals is turned off. This is not TCH fault but more the gallery's programmers fault for correctley defining them. Also some Joomla extentions also stop working, again thats the programmers fault and Joomla's website does warn you of this. Just be aware thats all :clapping:

 

JimE

Share this post


Link to post
Share on other sites

If you have a look in the Joomla forums for this specific problem there are patches being posted to get other scripts and extentions to work again with the current release. A bit fiddly but better than not having things working.

 

I wonder why they have done this, surely there must be a better way to handle it than just turning it off and breaking things.

Share this post


Link to post
Share on other sites

Given the rash of website hacks, I'd rather have my site secured and deal with a few other relatively "minor" problems.

Share this post


Link to post
Share on other sites

Since this seems to be a hive of Joomla expertise maybe i can get some help with my Joomla timezone problem? My site just isn't adjusting the timezone when i change the global config. I don't know if it's a permission problem or something more sinister but i seem to be the only person on the planet with this problem. I've tried everything else even reinstalled like 5 times

Share this post


Link to post
Share on other sites

You might want to TEMPORARILY (key word here is "TEMPORARILY") turn register_globals on and see what that does. It might point you in the right direction. Just remember to re-secure your site once you're done "experimenting".

Share this post


Link to post
Share on other sites
Just an little addition to this upgrade...

 

After the upgrade, you may meet the following message in your administration:

 

What you will need to do (as far as I can tell) is:

 

1. Download the globals.php from the root of your joomla directory.

2. Open the file and replace the following line

>define( 'RG_EMULATION', 1 );

with

>define( 'RG_EMULATION', 0 );

3. Upload the file and check in the administration if the message is gone.

 

Hi Thomas, I wonder if you can help me.

 

I have to Joomla installs here @ TCH (separate servers, separate sites). One is in a folder. The other is in the root.

 

I just updated both to 1.0.12.

 

One of them has the "PHP register_globals setting is `ON` instead of `OFF`" warning. The other does not.

 

The misbehaving site has globals.php properly configured as above, AND the .htaccess file with

 

>php_flag register_globals off

 

entered on its own line, not commented out.

 

Yet, the warnings persist on that site. No warnings at all on the other.

 

The one with the warning is the install in the root. The one without the warning is in a folder.

 

I've verified the files in question are identical and exist in the proper locations in both sites.

 

Any idea what I am doing wrong?

 

Thanks in advance,

 

-kj-

Share this post


Link to post
Share on other sites

Sorry, I don´t know why this happens. I would check with the joomla forum and see if they have a solution.

 

One thing that comes up in my head are though, you say you have "php_flag register_globals off" in the misbehaving site, and the other site have it set to "on". What happens if you set the misbehaving to "on" too? Note: I don´t know if this is good or bad to do, so be careful.

Share this post


Link to post
Share on other sites

I am officially an idiot.

 

I uploaded htaccess.txt and never renamed it as .htaccess - fixed that and all warnings are gone.

 

Damn! Been a while since I goofed up that badly.

 

All warnings are gone, but, there have been a disturbing round of Joomla 1.0.12 hacks recently, I'll post a link to the support form thread in another message here.

 

Thanks!

 

-kj-

Edited by kjarrett

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...