Posts tagged with joomla 1.5
Advising to NOT upgrade to Joomla 1.5.16/1.5.17
We are officially advising all our users and customers to NOT upgrade to Joomla 1.5.16/1.5.17. The new Joomla release includes a auto-plugin disable feature which can lead to a site experiencing unexpected behavior or worst case the site could go down.
The auto-plugin disable feature was introduced to quote :
I’d like to try to write a patch to Joomla core so it doesn’t die with fatal error when it can’t include a plugin file (in other words: plugin exists in DB but filesystem entry is deleted).
Source : Graceful handling of missing plugins
The introduced solution for this problem is that Joomla 1.5.16 and 1.5.17 now disables any plugin that triggers an error during initialisation.
The behavior assumes that a plugin would always throw an error, being a missing file, however the error could be conditional and only thrown under certain circumstances. Depending on how the plugin works the conditions could be rare. Instead of throwing an error the plugin is disabled and prevented from executing under normal conditions. This can lead to a site visitor experiencing unexpected behavior or worse the site could go down.
We have requested the change in 1.5.17 to be rolled-back.(See Tracker #19859).
In the mean time we strongly advise you to not upgrade to Joomla 1.5.16/1.5.17.
If you are using 1.5.16/1.5.17 and you are experiencing problem with plugins magically disabling themselves please let us know.
DOCman 1.5.1 maintenance update released
One week after the release of DOCman 1.5, we are thrilled to announce the 1.5.1 maintenance update. This version fixes a number of medium and low level bugs that were discovered after the release.
For me, it’s been the most fun release process I’ve ever had, thanks to an amazing team: with Krisstoffer and Shayne covering support on the forum, Tom and I had our hands free to work on fixing issues and preparing the update. This great new workflow turned out to be very smooth, resulting in our fastest release cycle ever. All software has bugs, but we believe quality shows in how they are handled.
Best DOCman ever
If you have been waiting to buy DOCman, now’s a great time: the wrinkles have been smoothed, and it’s better than ever! Not only do you get one of the best Joomla extensions, you’re also supporting open source development. And all that for the price of a lunch and a coffee.
Already bought DOCman 1.5? You don’t have to pay again for the update. Check your email for info on how to update.
More information:
DOCman 1.5 Stable is now available!
Today we are very excited to announce the release of DOCman v1.5, which you can buy in the new Joomlatools store!
Conceived in 2003, and sporting thousands of downloads each month, DOCman has established itself as the premiere document management tool for Joomla. The new release is the culmination in years of experience in security. Keeping your documents safe has always been the primary concern — one we will never take lightly. Marc Alen, Adjunct Secretary of the Belgian Police Force agrees:
“We run 140 DOCman installations, one for each police zone’s public website, and even more installations on our intranets. Security is imperative — and for years, DOCman is delivering that for us.”
Native Joomla 1.5
We’ve been collecting user feedback for a while, and we’ve implemented the most demanded feature: being able to run DOCman in Joomla 1.5 without legacy mode.
The primary focus for this release has been stability, performance and security. Not only did we squeeze out another 10% in performance improvement, and 20% in memory usage; thanks to our extensive testing, you can rest assured this is the safest way to store and distribute your documents using Joomla. DOClink, the search plugin and the modules are now installed automatically along with DOCman. And as an added bonus, the new DOCman release was given a brand new front end theme.
GPL freedom
You can buy the new DOCman 1.5 for €20 in the Joomlatools store. Charging a little for DOCman will help us invest in development and better support. Does this change anything? No, DOCman is still Free Software (as in Freedom) released under the GPL, just like Joomla. You still get the freedom to use DOCman as you wish. By buying DOCman, you support open source development. For everybody else, DOCman 1.4 is still available and will always be free of charge.
We’d like to thank everybody who had a hand in making this possible. We’re looking forward to hear your feedback on this great new release, and with your support, DOCman can keep going on this amazing journey!
DOCman 1.5 RC1 released to testers & translators
Although DOCman has been around for six years (yes, longer than Joomla), it’s only since March 2007 that we are keeping track of downloads. The number is impressive nonetheless: We’re nearing 1.5 million downloads! That makes DOCman one of the most popular extensions on the forge. Soon you’ll be able to get your hands on the stable release.
So it is with great pride that we can announce that DOCman 1.5 RC1 is released to our tester’s group. The new DOCman is fully compatible with Joomla 1.5 in native mode. Our main focus for this Release Candidate — apart from the usual care that goes into making sure your data is secure — was the languages. There are about 30 languages available for DOCman, and a lot of effort went into cleaning them up and converting them to UTF-8. For the non-techies: getting them to display correctly, no matter what character set or language you use.
Don’t compete, collaborate!
Even with all the combined knowledge of the whole Joomlatools team, we still only speak about 5 languages, so we’ll need your help testing the translations. If you have translated DOCman before, or you are an avid DOCman user, you can join in. Send us an email, with some info about your native language, and how experienced you are with DOCman and software testing in general. Update: we are not accepting new testers at the moment, only translators.
We believe DOCman is still the most reliable and secure document solution for Joomla. All the help we’ve been getting from community members proves that in open source, collaboration will beat blind competition any day.
Finally, I’d like to take this opportunity to thank one such contributor. Harri (aka Tassu on the forum) has spend a lot of his time helping people as a moderator, on the DOCman forum as well as on various forums for Joomla and extensions. Due to professional circumstances, Harri is taking it a notch down, but he will still be around in the Joomlasphere.
Johan Janssens recognised as CMS “Most Valued Person”
I’m sure Packt Publishing needs no introduction. They published nine books on Joomla so far,
donate portions of their sales back to Joomla, and organize yearly open source awards. Joomla has taken home a bunch of these awards in the past (is anyone keeping track?). This week the 2008 winners will be announced.
Joomla 1.5′s Lead Architect
This year, a new category was added: “Open Source CMS Most Valued Person“. I’m pleased to announce that our own Johan Janssens was selected for his work on Joomla by his community peers. Johan is one of the co-founders of Joomla, and has led the development of Joomla 1.5. Thanks to his efforts, Joomla has moved away from the spaghetti code it inherited from Mambo, and now has a super-flexible, object-oriented framework.
With almost 3500 commits (aka code changes or additions in the code repository), Johan has written more Joomla than anyone else, and it’s gonna take a while before anyone catches up. He’s also a top 10 poster in the official Joomla forums, spoke at numerous events, helped set up structures like the working groups and OSM, and led the development working group
That’s why I’m extremely proud to be working alongside Johan on Nooku. He always has great ideas, knows more about software architecture than anyone I’ve ever met, and he’s always happy to share his knowledge.
It’s just the beginning
What can you expect from Johan in the future? Let me just say this: if you paid close attention, you already figured out that Nooku is not going to be ‘just’ a multilingual extension for Joomla, and it’s even going to be very useful for mono-lingual sites. You’ve come to expect great things from Johan, and we’re not settling for anything less. Stick around for some surprises about the upcoming Nooku 0.6.
High level security vulnerability in Joomla 1.5.7
During the Joomla Security Bootcamp, in my presentation on cross site scripting, we discovered a serious vulnerability in Joomla 1.5.2 up to 1.5.7. This issue allows an attacker to inject malicious javascript into a Joomla site. Joomlatools reported this issue to the Joomla Security Strike Team on October 4. Later on the issue was also reported on the bug trackerbut, it was removed without explanation. So far no official patch was released, so we have decided to make our own. Normally the Joomla project acts very fast when issues are discovered. It is our hope that a new patched version will be released with this patch as soon as possible.
How to fix your Joomla installations
All Joomla 1.5.x installations are vulnerable.
- Update to Joomla 1.5.7 first
- Overwrite with the files from joomla_1.5.7_xssfix_changed_files.zip
>
Update: My patch was a bit too extreme: it filtered out perfectly legal html as well. The link above now points to the updated version.
Optional Security?
In Joomla 1.5.2, a new set of options was added to the article parameters (see screenshot). These options allow you to set less strict filtering rules for different user groups, allowing for example managers to insert iframes in articles. However, in a default Joomla installation, no user groups are selected by default, meaning that submitted articles are not filtered at all, leaving them open for cross scripting attacks. Proper testing could have avoided this issue. Especially when messing with security, one has to be extra careful. My patch completely removes this feature, for a number of reasons:
- New features should never go in 1.5.x releases, they should go in 1.6. It’s called a development cycle, and although everybody agrees on its importance, some people still choose to ignore it and slip in new features in 1.5.x. If you want to solve particular problems for your or your customer’s sites, put it in a plugin, not in the core.
- Security should never be optional. Having settings to lessen security measures is like a big red button labeled “Don’t touch”: it’s asking for trouble.
- The new settings are way too complex. Developers can be expected to understand what filter groups, blacklists etc are all about, but most users can’t. Keep devspeak out of the user interface. Joomla is easy to use, and we should never loose this focus. We need less buttons, not more.
Update: If you do not wish to apply to the patch, you can get the same level of protection by changing some settings.
- In the backend, go to Content -> Article Manager
- Click the Parameters button
- In the popup window, scroll down to the bottom
- Select all the user groups, and select the option ‘Blacklist’ (screenshot)
- Scroll back up and click save
Common Joomla! misconceptions
Below are some myths and misconceptions about Joomla! you often read while browsing forums.
Joomla! is only for small sites
There are a lot of large Joomla! sites out there. In fact, some of the customers we do consultancy for, are building Joomla! sites for some well known multinational brands. Often these sites are customized beyond recognition, so there’s no way of telling from the outside which software was used. There’s also a good reason for keeping it that way: the less a potential hacker knows about your system, the better. So for critical sites, the developers go out of their way to hide the underlying technologies from their visitors. Finally, these developers are usually to busy to hang around in the forums.
Legacy mode is bad for your site
The legacy plugin is just a thin layer. It fools legacy extensions into thinking that they are running on Joomla! 1.0.x. Apart from that, it doesn’t affect you system or other extensions, and hardly decreases memory use or performance at all. Some third party extension developers however use the fact that their extensions are 1.5 native as a marketing feature, creating the image that legacy mode is bad. This in turn has led some 3PD’s to make fake-native extensions: these are in fact 1.0 extensions that don’t require legacy mode, but include a copy of the legacy library in their own packages.
That being said, there are definitely benefits to using native extensions. But I’ll use a mature, performant and secure legacy extension over a shabby native one any day of the week.
Joomla! has insufficient SEO
A site’s SEO is what you make it, and no tool will do it for you. Search engine optimization is not black magic. Google and others try to find pages like a human would, so they also try to look at a site the way a human does. When you look at web page quickly, you will notice things like page titles, the URL, headings, … When these contains words that describe the text, you’ll already have a good idea of what it’s about, without actually reading it. So well structured content will give you better page ranks than any tool ever will.
Again there’s marketing involved: companies trying to sell you tools or services that will magically boost your ranking. For instance, the SEF URL’s that Joomla! generates are more than adequate, as long as you pick your aliases sensibly (though admitted, they are less pretty than the ones some other tools generate).
Joomla! is for end users, not developers
When you’re a web developer building a site for a customer, you’ll be working on the project for a couple of months max. After that, end users will be maintaining the content for years to come. So a CMS’s user friendliness should be your first concern. Just think of all the phone calls you’ll get when your customer has trouble working with the system.
It’s a history thing: Joomla 1.0 had a lot of messy code and often required hacks to get something done. And Joomla! has always had an active end user community, whereas projects like Drupal have attracted more developers early on, which has helped shape the whole notion of Drupal being more developer friendly.
In Joomla! 1.5 however, a lot — everything! — has changed for developers. Anyone who claims different clearly hasn’t looked under the hood, ar at least not long enough to realize it’s full potential. The new framework is very powerful and flexible, and allows you to build proper object oriented applications.
Leveraging feeds in Joomla! 1.5
I’m a big fan of using feed aggregators, more specifically Google Reader. If you’ve never tried it, you really should. Instead of keeping a list of bookmarks to favourite sites and checking them regularly for new content, I add them to the reader. It also allows me to manage what I’ve read, what I want to tag for later, what I want to share… I hardly browse the web anymore. When I visit a site I find interesting, or a product I want to be informed about, I just use the feed. When it doesn’t have one, or it’s not working, I don’t bother. So before reading on, check if you’re site has proper feeds — you could be losing part of your audience!
Easy feeds in Joomla!
It’s even more frustrating when I see a Joomla! 1.5 site that doesn’t have proper feeds. J!1.5 makes it so easy, and still some people manage to mess it up. By default, when you make a new menu item to a category, a section or a frontpage, the ‘Show a feed link’ option in the Advanced parameters box is turned on. The new page you created will have a feed icon in the address bar in most modern browsers. By clicking that, you get a choice of RSS and Atom feeds to subscribe to.
It gets better: When you turn on ‘Search Engine Friendly URLs’ in the global configuration, as well as ‘Add Suffix to URLs’, a URL to a section or category view will look something like this: http://example.com/my_alias.html (or http://example.com/index.php/my_alias.html if you’re not using mod_rewrite). Now change the .html suffix to .feed, as in http://example.com/my_alias.feed.
Instant gratification! (The same principle applies to articles, try changing the .html suffix of an article view URL to .pdf).
Doing more with feeds
The next step is to use some of the web services out there to add some extra power to your feeds. RSS and Atom, the most popular feed file formats, allow for great flexibility. One cool service is Feedburner. It allows you to optimize your feed, publish it to other services, track the usage, … Another one I can definitely recommend is Yahoo Pipes. It has a graphical interface that lets you mash up, sort, filter, and even translate your feeds.
What these and other services have in common, is that they generate a new url for the resulting feed. Your users will need to use that feed, else they’re bypassing all the cool features you added. A simple solution (though arguably not very flexible) is to insert the new feed link in the <head> tag of your Joomla! template. This will make the same link appear on every page. Of course you also need to turn of the ‘Show Feed Links’ option I mentioned earlier.
Nooku.org: a case study
All of this might sound a little abstract, so I drew up a little schema of how we do it on nooku.org. Hopefully this gives you some ideas to start exploring.
Nooku First Look Video
We’ve had a massive response to Nooku over the past weeks. Hardly surprising given that multi-lingual support in Joomla! is considered one of the top five “must-haves” by the community and business users.
I took the opportunity to do a small demonstration of Nooku in action with Joomla! 1.5 in the form of a videocast. Don’t mind the facial hair (I was trying to grow a beard but failed miserably).
One outcome of this exercise, particularly in a marketing sense is that the viral nature of the web proved its worth, yet again. Although the video was put out well below the radar, only initially available on iTunes : it’s been picked up in a variety of newsfeeds and most recently republished on YouTube.
We plan to do several more videocasts / screencasts as Nooku and related products emerge from our coding laboratories. Click here for the high-resolution (Quicktime version).
Roll your own migrator plugins
The migrator component makes moving data from your old Joomla! 1.0 site to a shiny new 1.5 site very easy. You can even make it migrate data from third party components, using the so called ETL plugins (for Extract, Transform, Load). But what if the components you’re using don’t supply ETL plugins? Roll your own! You don’t have to be an expert developer — just follow these easy steps.
- Find out which database tables the component uses. You can usually find these by looking at phpMyAdmin, or by looking for files in the component’s /table folder.
- For each of these table, make a new file and give it the name of the table. Eg. if the table is called #__guestbook, make a file called guestbook.php. Keep in mind that come components might depend on tables from other components or the core, such as the user table. You’ll need to make sure you migrate those tables as well.
- Inside the file make a class with the name of the table, like this:
class Guestbook_ETL extends ETLPlugin
- First we tell the migrator what our plugin is called:
public function getName() { return 'My Guestbook Migrator Plugin'; } - Next, we need to tell the migrator what table we migrate from:
public function getAssociatedTable() { return 'guestbook'; // no prefix needed } - Finally, we need the CREATE statement. You can get that by using SHOW CREATE TABLE jos_guestbook in your MySQL client, or by looking at the component’s XML file.
public function getSQLPrologue(){ return 'CREATE TABLE #__guestbook (`id` int(11) NOT NULL auto_increment, .....'; } - Install the migrator component on your old site, and use it’s upload feature to add the plugins. Activate the migration and continue as usual.
- Enable Legacy mode and install the component. Make sure to check the XML file, some components have a DROP TABLE statement in there. It’s also good practice to use CREATE TABLE IF NOT EXISTS statements.
This approach should work for most of the components out there. Still, this is only the tip of the iceberg. Migrator plugins are a lot more powerful than that. They allow you to rewrite the tables and the data in them, eg. for when the 1.0 and the 1.5 version of the component have a different database schema. If you want to learn more about that, you should take a look at the actual ETLPlugin class, as well as the core plugins that come with the com_migrator package.
Resources
