TCH-Thomas Posted August 29, 2006 Posted August 29, 2006 All existing Joomla! users needs to update to this version, due to several High Level vulnerabilities that affect all previous versions of Joomla! Read more/Get it here Quote
stevevan Posted August 29, 2006 Posted August 29, 2006 Thanks Thomas! Gives me something to do tonight! Quote
TCH-Thomas Posted August 29, 2006 Author Posted August 29, 2006 Just an little addition to this upgrade... After the upgrade, you may meet the following message in your administration: Following PHP Server Settings are not optimal for Security and it is recommended to change them: * Joomla! RG_EMULATION setting is `ON` instead of `OFF` in file globals.php `ON` by default for compatibility reasons Please check the Official Joomla! Server Security post for more information. What you will need to do (as far as I can tell) is: 1. Download the globals.php from the root of your joomla directory. 2. Open the file and replace the following line >define( 'RG_EMULATION', 1 ); with >define( 'RG_EMULATION', 0 ); 3. Upload the file and check in the administration if the message is gone. Quote
flashram Posted August 31, 2006 Posted August 31, 2006 (edited) Did what you said to do with the global file but I still get the following message in Administartion Window after logging into Joomla Admin. Following PHP Server Settings are not optimal for Security and it is recommended to change them: PHP register_globals setting is `ON` instead of `OFF` Any further ideas. When the setting is set to 1, I get two messages displayed. Edit starts here Well after reading several pages of posts, it seems that TCH needs to turn this off for the servers running Joomla. Hopefully that will be addressed. Anyone else getting the above message after doing the Joomla update, or did you only get the one message ????? Edited August 31, 2006 by flashram Quote
stevevan Posted August 31, 2006 Posted August 31, 2006 (edited) You can add this to your .htaccess file. I'm at work at the moment, but when I get home, I'll look at my notes. I found the fix by looking on the joomla site if you want to have a go at it yourself. If TCH were to turn this off for servers running joomla, they'd have to do it on ALL their servers...and that won't (nor needs to) happen! Edited August 31, 2006 by stevevan Quote
flashram Posted August 31, 2006 Posted August 31, 2006 Thanks Steve I will wait and see your reply back later on. Your at work, must work the late shift then. It is 10 to 10 am here in Sydney Australia. If you want to PM me with the info that would be great as well. Quote
stevevan Posted September 1, 2006 Posted September 1, 2006 (edited) Naw...work is "supposed" to be a 10-hour day (0700 - 1730), but sometimes things have to run late. Part of working for the Government! Anyway, edit your .htaccess file and add the following line at the end of the file: php_flag register_globals off That did the trick for me. (Note: PM'd as well, but posted here for others who might be following this thread.) Edited September 1, 2006 by stevevan Quote
TCH-Thomas Posted September 1, 2006 Author Posted September 1, 2006 When the setting is set to 1, I get two messages displayed. It´s not supposed to be set to 1. It´s supposed to be set to 0. Quote
TCH-JimE Posted September 1, 2006 Posted September 1, 2006 Thomas is correct and I have also implemented the register_globals in my .htaccess. You have to be aware though that some scripts won't like that bit being turned off, e.g. Gallery 2 for server uploads no longer functions when register_globals is turned off. This is not TCH fault but more the gallery's programmers fault for correctley defining them. Also some Joomla extentions also stop working, again thats the programmers fault and Joomla's website does warn you of this. Just be aware thats all JimE Quote
flashram Posted September 3, 2006 Posted September 3, 2006 If you have a look in the Joomla forums for this specific problem there are patches being posted to get other scripts and extentions to work again with the current release. A bit fiddly but better than not having things working. I wonder why they have done this, surely there must be a better way to handle it than just turning it off and breaking things. Quote
stevevan Posted September 3, 2006 Posted September 3, 2006 Given the rash of website hacks, I'd rather have my site secured and deal with a few other relatively "minor" problems. Quote
djfreq Posted September 7, 2006 Posted September 7, 2006 Since this seems to be a hive of Joomla expertise maybe i can get some help with my Joomla timezone problem? My site just isn't adjusting the timezone when i change the global config. I don't know if it's a permission problem or something more sinister but i seem to be the only person on the planet with this problem. I've tried everything else even reinstalled like 5 times Quote
stevevan Posted September 7, 2006 Posted September 7, 2006 You might want to TEMPORARILY (key word here is "TEMPORARILY") turn register_globals on and see what that does. It might point you in the right direction. Just remember to re-secure your site once you're done "experimenting". Quote
kjarrett Posted January 28, 2007 Posted January 28, 2007 Just an little addition to this upgrade... After the upgrade, you may meet the following message in your administration: What you will need to do (as far as I can tell) is: 1. Download the globals.php from the root of your joomla directory. 2. Open the file and replace the following line >define( 'RG_EMULATION', 1 ); with >define( 'RG_EMULATION', 0 ); 3. Upload the file and check in the administration if the message is gone. Hi Thomas, I wonder if you can help me. I have to Joomla installs here @ TCH (separate servers, separate sites). One is in a folder. The other is in the root. I just updated both to 1.0.12. One of them has the "PHP register_globals setting is `ON` instead of `OFF`" warning. The other does not. The misbehaving site has globals.php properly configured as above, AND the .htaccess file with >php_flag register_globals off entered on its own line, not commented out. Yet, the warnings persist on that site. No warnings at all on the other. The one with the warning is the install in the root. The one without the warning is in a folder. I've verified the files in question are identical and exist in the proper locations in both sites. Any idea what I am doing wrong? Thanks in advance, -kj- Quote
TCH-Thomas Posted January 28, 2007 Author Posted January 28, 2007 Sorry, I don´t know why this happens. I would check with the joomla forum and see if they have a solution. One thing that comes up in my head are though, you say you have "php_flag register_globals off" in the misbehaving site, and the other site have it set to "on". What happens if you set the misbehaving to "on" too? Note: I don´t know if this is good or bad to do, so be careful. Quote
kjarrett Posted January 28, 2007 Posted January 28, 2007 (edited) I am officially an idiot. I uploaded htaccess.txt and never renamed it as .htaccess - fixed that and all warnings are gone. Damn! Been a while since I goofed up that badly. All warnings are gone, but, there have been a disturbing round of Joomla 1.0.12 hacks recently, I'll post a link to the support form thread in another message here. Thanks! -kj- Edited January 28, 2007 by kjarrett Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.