All existing Joomla! users needs to update to this version, due to several High Level vulnerabilities that affect all previous versions of Joomla!

Read more/Get it here

Thanks Thomas! Gives me something to do tonight!

Thanks Thomas

Thanks Thomas

Just an little addition to this upgrade...

After the upgrade, you may meet the following message in your administration:

What you will need to do (as far as I can tell) is:

1. Download the globals.php from the root of your joomla directory.
2. Open the file and replace the following line

with

3. Upload the file and check in the administration if the message is gone.

Way to go Thomas

Works like a charm! Thanks Thomas!

Did what you said to do with the global file but I still get the following message in Administartion Window after logging into Joomla Admin.

Following PHP Server Settings are not optimal for Security and it is recommended to change them:

PHP register_globals setting is `ON` instead of `OFF`

Any further ideas.

When the setting is set to 1, I get two messages displayed.



Edit starts here



Well after reading several pages of posts, it seems that TCH needs to turn this off for the servers running Joomla. Hopefully that will be addressed. Anyone else getting the above message after doing the Joomla update, or did you only get the one message ?????

You can add this to your .htaccess file. I'm at work at the moment, but when I get home, I'll look at my notes. I found the fix by looking on the joomla site if you want to have a go at it yourself.

If TCH were to turn this off for servers running joomla, they'd have to do it on ALL their servers...and that won't (nor needs to) happen!

Thanks Steve I will wait and see your reply back later on. Your at work, must work the late shift then. It is 10 to 10 am here in Sydney Australia. If you want to PM me with the info that would be great as well.

Naw...work is "supposed" to be a 10-hour day (0700 - 1730), but sometimes things have to run late. Part of working for the Government!

Anyway, edit your .htaccess file and add the following line at the end of the file:
php_flag register_globals off

That did the trick for me.

(Note: PM'd as well, but posted here for others who might be following this thread.)

Thanks for that Steve worked well.

It´s not supposed to be set to 1. It´s supposed to be set to 0.

Thomas is correct and I have also implemented the register_globals in my .htaccess. You have to be aware though that some scripts won't like that bit being turned off, e.g. Gallery 2 for server uploads no longer functions when register_globals is turned off. This is not TCH fault but more the gallery's programmers fault for correctley defining them. Also some Joomla extentions also stop working, again thats the programmers fault and Joomla's website does warn you of this. Just be aware thats all

JimE

If you have a look in the Joomla forums for this specific problem there are patches being posted to get other scripts and extentions to work again with the current release. A bit fiddly but better than not having things working.

I wonder why they have done this, surely there must be a better way to handle it than just turning it off and breaking things.

Given the rash of website hacks, I'd rather have my site secured and deal with a few other relatively "minor" problems.

Since this seems to be a hive of Joomla expertise maybe i can get some help with my Joomla timezone problem? My site just isn't adjusting the timezone when i change the global config. I don't know if it's a permission problem or something more sinister but i seem to be the only person on the planet with this problem. I've tried everything else even reinstalled like 5 times

You might want to TEMPORARILY (key word here is "TEMPORARILY") turn register_globals on and see what that does. It might point you in the right direction. Just remember to re-secure your site once you're done "experimenting".

Hi Thomas, I wonder if you can help me.

I have to Joomla installs here @ TCH (separate servers, separate sites). One is in a folder. The other is in the root.

I just updated both to 1.0.12.

One of them has the "PHP register_globals setting is `ON` instead of `OFF`" warning. The other does not.

The misbehaving site has globals.php properly configured as above, AND the .htaccess file with



entered on its own line, not commented out.

Yet, the warnings persist on that site. No warnings at all on the other.

The one with the warning is the install in the root. The one without the warning is in a folder.

I've verified the files in question are identical and exist in the proper locations in both sites.

Any idea what I am doing wrong?

Thanks in advance,

-kj-

Sorry, I don´t know why this happens. I would check with the joomla forum and see if they have a solution.

One thing that comes up in my head are though, you say you have "php_flag register_globals off" in the misbehaving site, and the other site have it set to "on". What happens if you set the misbehaving to "on" too? Note: I don´t know if this is good or bad to do, so be careful.

I am officially an idiot.

I uploaded htaccess.txt and never renamed it as .htaccess - fixed that and all warnings are gone.

Damn! Been a while since I goofed up that badly.

All warnings are gone, but, there have been a disturbing round of Joomla 1.0.12 hacks recently, I'll post a link to the support form thread in another message here.

Thanks!

-kj-

I´m glad it´s working.