Joomla! 3.4.7 security update released

Joomla! 3.4.7 has just been released to further improve (harden) the security fixes made in Joomla! 3.4.6 released just one week ago. It essentially fixes a session hardening issue and SQL injection.

However, as noted in this article, Joomla 3.4.7 changed the way session variables are being handled (details here). As such, some of your extensions might no longer work after upgrading to Joomla 3.4.7. Would suggest you update to Joomla 3.4.6 first and do some testing to make sure all extensions are working before you update to Joomla 3.4.7.

Will my extensions continue to work?

There are 3 scenarios:

  • Scenario 1 - You're already using JSession: In this case you're perfectly safe because the API of JSession hasn't been changed. The session encoding has been implemented transparently, so no changes to your code are required.
  • Scenario 2 - You're using $_SESSION to read or write your own, extension-specific data: In this case your extension will continue to work. The new code doesn't touch any other data in the global $_SESSION variable.
  • Scenario 3 - You're using $_SESSION to read or write general data shared with Joomla or other extensions: In this case your extension will break because the internal structure of $_SESSION has been changed. An easy fix is to use JSession to replace direct usages of $_SESSION.

In case you get the error: You are not allowed to access this link directly

How to fix: Logging out and back in again will fix this issue.

What is the cause: Joomla changed the session storage mechanism. Some parts of your session data were migrated to ensure the update process was successful. Only the data necessary to finish the update was migrated and some data related to user permissions wasn't migrated successfully.

Comments   

+1 # Lance Bowman 2016-04-07 19:24
Hi kksou! We've updated to Joomla 3.5.1 and are anxious to take advantage of the speed boost when paired with PHP 7+. Your googleMaps doesn't work under 3.5 or PHP 7+. Apparently, there is a library name change that impacts extensions. Do you have an update in the pipeline? If so, when will it be available. We love your googleMaps extensions!
Reply | Reply with quote | Quote
0 # kksou 2016-04-08 10:53
Dear Lance,

Glad you liked the googleMaps plugin! A couple of other people have also messaged me about this.

I've been running this website (kksou.com) since 2005. It started as a hobby to share the PHP-GTK2 codes I've written with others. As my website runs on joomla, I've written some useful plugins and modules which I thought might be useful to others too e.g. DirectPHP, googleMaps, include_content_item plugins, etc. So I started sharing these Joomla plugins on my website too.

However, I can only work on this website everyday after I finished my work and after my kids go to bed. Recently I have some big projects and do not have much time for the website. That's why I haven't had the time yet to test all the plugins with the recent Joomla 3.5 rollout and also PHP 7. This website is now currently running PHP 5, and I need to first set up a site for me to test PHP 7.

In any case, would be great if you, or anyone reading this post, to help me speed up the process. You mentioned that "there is a library name change that impacts extensions". If you know which library is that, which part I need to change, or the URL of articles that describe about these changes, would be great if you could share with me.

I could probably google these from the Internet. But it may take me a while to figure all these out...

Warm Regards,
/kksou
Reply | Reply with quote | Quote
+1 # kksou 2016-04-20 04:19
Dear Lance,

This site (kksou.com) is now running Joomla 3.5.1 on PHP5. All the 3 googleMaps plugins work fine.

I've also tested this plugin on Joomla 3.5.1 running on PHP7. All the 3 plugins tested fine too.

If you find the plugin does not work on your site, can you please turn on error_display in your php.ini and let me know what is the error messages that you see on the screen?

Warm Regards,
/kksou
Reply | Reply with quote | Quote
+1 # Lance Bowman 2016-04-20 19:09
/kksou,
Yes, thank you! The extensions are running properly under Joomla 3.5.1 and PHP 7+.
I am so appreciative of your support and quality tools for Joomla!

Elbowman
Reply | Reply with quote | Quote

Add comment


Security code
Refresh