|
…and more. Definitely worth a read for anyone doing open source development, especially all you third-party Joomla component providers.
Unfortunately, bad things happen to good people. When we arrived for our last morning at the Moscone Center, we found that one of the laptops graciously provided to our Joomla booth from Aspiration was stolen. A laptop stolen from the .org Pavillion, a section of the conference only to non-profit projects. Someone’s got some bad karma coming at them!
I mean, look at these smiling faces. A little help to our friend Gunner (on right) and his team at Aspiration can go a long way.
Now, they’ve made it even better.
Now with our upgrade to a package that includes time-tracking for todo tasks, life has been considerably better. For those that need it, we highly recommend the upgrade to a Basecamp package that includes this valuable feature. Now if they could only allow us to track both estimated and actual billing times. That would be the icing on the cake.
1.0.11 contains the following fixes:
Your friends at PICnet highly recommend you upgrade your Joomla sites immediately. The discussion thread that’s ensued since the launch has been vibrant, with lots of good vibes sent to stingrey who put a ton of work in packaging this release and making it happen. So the other day I was looking at a site and it had groupings in a drop down. I had never seen that except for this particular site. My curious nature got the best of me and I checked out the source. It used “optgroup”. I had seen them before because they are autotext by Dreamweaver but never knew what they were used for. They were actually exactly what I wanted for a client that I’m working with right now. There is a nice little explanation on it at http://www.htmldog.com/reference/htmltags/optgroup/. Unfortunately, you can’t remove the italics from the title due to the fact that it the browser that is doing it, even FireFox. So one of clients wanted for the user to be automatically logged in after the user registered with the site. I thought it was going to be a little difficult, doing a form with hidden fields that submitted to the login page. But after a little searching, it turns out that its a 2 lines of editing to the registration component. Add “$mainframe” as one of the globals in line 118 and add to line 213. Happy Coding Ciao Ciao I got forwarded an email yesterday about a vulnerability in the Joomla! component “a6MamboCredits”. The vulnerability was due to three things.
One of our clients had a completely miserable hosting provider (very large provider that shall remain nameless), and trying to get tech support to figure out what was wrong with their database server took an act of God. Then, when you got tech support, they read off a script, and had about 10 different logins for us to tell them. At the end of the day, the client’s hosting has been in disarray for years with this provider, and they needed to cut fast. A quick sign-up with Pair, and a nice email to their sales line (I think they know who we are by now), and we were up and running with a new account in less than 15 minutes, with the full connections we needed (SSH, not just Telnet, and all the databases and disk space the client could use). Pair, if you’re reading this, thanks for 6 years of awesome support! We always recommend them to other organizations looking to find reliable hosting with a friendly, and reliable, support staff. And tech people, their staff are extremely knowledgeable and actually know what they’re talking about (I know, hard to believe, right). So alot of things are changing for Joomla 1.5 and I ran across one of those last night. For redirecting we used “mosRedirect()” in Joomla 1.0. There is a “josRedirect()”, but I was having issues with it last night after I got the latest nightly build. After some research I found “$mainframe->redirect()” which worked flawlessly. Johan confirmed that “$mainframe->redirect()” is the better way to go. Moral of the story “mosRedirect” is now “$mainframe->redirect()”.
I mean, this is PHP hosting 101, right? Unfortunately, one of our great clients had a server that had register_globals turned on, and the hacker took full advantage. Moral of the story, please, please, check to make sure that register_globals is turned off. If your hosting provider has it turned on, turn and run the other way. Now, to take this to the next step, Johannes Ullrich over at the Internet Storm Center wrote his Tip of the Day on PHP security today. Read more for some excerpts of how you can protect your code. |
Take advantage of our free 30-day trial. No credit card required.Sign Up now!
It’s so easy for us in the open source world to get confused about what exactly the 
Close friends and clients of 
Well, actually I guess we made it better for ourselves by upgrading our package that includes 
Since 
Woe is the PHP hosting provider that thinks leaving register_globals on is a good thing. At lunch today, the PICnet gang was chatting about security vulnerabilities that were occuring in many Joomla 3rd party components. The problem is that our wonderful Joomla core was taking flack for not being secure, but at the end of the day all the hacks seemed to be occuring because of poor programming and server hosts leaving on the dreaded “register_globals” on their servers.
.png)
