#JUGL meetings are held on the 3rd Tuesday of each month

NEXT MEETING:

News 

Find Joomla! and Joomla! London related news here.  We show the latest security updates, Joomla! announcements, information about past and upcoming meetings, and anything else we think might be relevant.

I recently migrated a clients site from Joomla1.5 to Joomla2.5 and would like to share with you some of the issues I ran into.  Essentially the migration was a success but only after a lot of extra work trying to recover from poor decisions along the way.

As far as I know there are 4 ways you could migrate your site:

  1. Manually table by table using the process detailed here: link to joomla migrate
  2. Using the new JUpgrade Pro Restful methodology (Sounds great)
  3. Using the older Jupgrade free utility (doesn't sound too bad)
  4. SP Migrate (Another Commercial App)

During my migration, I used 2 and 3 and a bit of 1.

rseventspro.jpgI implemented the popular RSEvents component for a client. Everything went well including setting up the individual paypal payments option which was a specific requirement for my client. This was to be used by franchisees to collect their own payments.

We were 1 hour before go-live(literally) when my client asked "how do we turn off VAT for some owners and not others?"...

If you manage websites and have gone through or about to go update PHP to 5.3, you will almost certainly come accross the following error on your sites as a result. You may not even have know about the upgrade and suddenly start seeing these warnings all over your site:

ereg-is-deprecated in ..

If you upgraded to PHP 5.3, chances are high you’re going to run into a few warnings or deprecated function messages. An example is the ereg family of functions, which are gone for good, as they were slower and felt less familiar than the alternative Perl-compatible preg family.

To migrate ereg():

ereg('\.([^\.]*$)', $this->file_src_name, $extension);

becomes

preg_match('/\.([^\.]*$)/', $this->file_src_name, $extension);

Notice that the pattern (\.([^\.]*$)) is wrapped with / /, which are RegExp delimiters. If you find yourself escaping / too much (for an URL for example), you might want to use the # delimiter instead.

The full article  "Fix `ereg is deprecated` errors in PHP 5.3" can be read on devthought.com

but the above snippets provided me enough to work with and clean up several clients sites after my hoster upgraded PHP.

Joomla! Security

13/4/21
Severity severity
Impact severity
Inadequate filters on module layout settings could lead to an LFI.
13/4/21
Severity severity
Impact severity
Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages.
2/3/21
Severity severity
Impact severity
Missing input validation within the template manager.
2/3/21
Severity severity
Impact severity
Usage of the insecure rand() function within the process of generating the 2FA secret.Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.

Selected Joomla! Videos