Deprecated: Joomla\Input\Input implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in /homepages/13/d380392445/htdocs/Jlive/libraries/vendor/joomla/input/src/Input.php on line 41

Deprecated: Return type of Joomla\Input\Input::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /homepages/13/d380392445/htdocs/Jlive/libraries/vendor/joomla/input/src/Input.php on line 170
Geoffrey Chapman - Macrotone Blogs - Page 16

Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.
Categories
Tags
Archives
Calendar
Categories:   All Categories
Suggested keywords
x
Geoffrey Chapman
Subscribe to updates from author Unsubscribe to updates from author

An IT professional with a wide experience of IT systems, specialising in Database Management and Security.

Geoffrey Chapman

Windows 7 Updates August 2012 Problems


Having experienced a few problems with the latest set of Windows 7 Updates for August 2012 I thought I would create this post to possibly assist others.

Firstly the problem seems to only impact 64 bit versions of windows, since 32bit seems to work successfully.

The problem manifests itself as a ‘Failure to apply updates’ following the forced reboot, causing it to fall back to the created restore point.

The cause seems to be fix KB2647753 which can be applied upon its own but not in combination with the others.

Up to 12 updates may be required depending upon the system being updated, but the solution appears to be to select KB2647753 and install it on its own, and then following the reboot (which showed a message about updating the registry) to install all of the other updates as one set. This does require a few reboots but all the updates do get applied successfully.

If like me you tend to update several machines at the same time and start off an update on one machine before starting it in another etc., before returning to the first machine, it is easy to miss he failure message which doesn't stay on the screen for very long. The first one notices is when the machines require updates to be applied a second or possibly a third time. Very annoying.

Tags:
Windows 7 updates
Geoffrey Chapman

Amazon and Apple close security hole.


Amazon has closed a security hole discovered following the earlier journalists security hack earlier this week. On Tuesday, Amazon handed down to its customer service department a policy change that no longer allows people to call in and change account settings, such as credit cards or email addresses associated with its user accounts.



Apple has also suspended its policy of allowing over the phone AppleID password resets.


The journalists actual report is here.

Tags:
Privacy security
Geoffrey Chapman

Dangers of having your data in the cloud.

iCloud logo
 This article describes how a US journalist was cut off from his entire digital life by attackers who tricked Apple support into re-setting his iCloud account.

If does illustrate very clearly just how much we trust we place in the cloud provider irrespective of who they are, when we put any of our data into the cloud. There is a lot to be said for the ‘old’ fashioned method running your own systems and ensuring they are backed up securely.

Tags:
social security
Geoffrey Chapman

Dropbox security breech.

dropbox
Dropbox is the latest in a long line of services that has had a security breech. This has led to many of the members receiving unsolicited emails.

The cause is claimed to be a stolen password which was used to access an employee’s accounts allowing a ‘project document’ containing user emails to be accessed and copied.

More details here.

Tags:
security Privacy Information
Geoffrey Chapman

PHP version


We have recently changed our PHP version used on the web site (hosted as you may know on 1&1 Internet), from the default 5.2.17 to PHP 5.4.4 which is the latest released version (14th June 2012).

We were waiting upon PHP version 5.3 but that is not available, despite PHP version 5.2 being long out of support since December 2010.

PHP version 5.3 is recommended for Joomla 2.5 and a number of extensions now recommend version 5.3.

Initial testing seems to indicate that things are still working correctly without any unwanted side effects. If you find any please le us know.

The change was easy and is documented here.

[We did notice a transient problem with using the editor to insert hyperlinks and editing an image to reposition it within this blog entry, but it seems to have resolved itself and may well have been a cache issue.]

Small rider to add here is that one has to remove the .htaccess directive when/if one reloads a backup of the site upon another host that does not recognise the AddHandler directive.

Geoffrey Chapman

Joomla mailing templates and images

We have been testing out Joomla newsletter components and in particular looking at newsletter templates.  There are two main contenders a) AcyMailing and b) JNews.   Both seem competent in performed the required tasks, but a decision as to which we will use will not been made, until we have finished our testing.

The main points to date include:  

Loading of new newsletter templates is reasonably simple into AcyMailing.  All that is required is to create a zip file with a file named index.html containing the template html code, an image thumbnail of the newsletter itself, and a directory named images containing any images that are named by reference to the images folder with the index.html file.   Then the file is simply imported into the Joomla newsletter component.  JNews didn't find index.html in the zip file for some reason.

The handling of animated images is a little problematic.  It seems that animated PNG file support is limited and that it is better to stick with animated GIF files if animation is required.  This is complicated by the particular mail client being used as well, since it is suspected that Outlook 2003 cannot itself handle animated png files.

Support on the forums of both contenders seems very good, with AcyMailer being the busiest, which probably reflects the usage levels.

Initial costs are comparable, though it is noted that JNews is a one time payment where as AcyMailing uses an annual support cost.   

No show stoppers found yet, but testing is continuing.

 

PS.  Found this article on coding html templates very useful.

Tags:
Template newsletters joomla
Geoffrey Chapman

Joomla Development hints and tips

Whilst working on some Joomla component developments I encountered a few problems which, whilst I had encountered them, before didn’t stop me wasting time resolving them again.  So I have decided to post them to the blog in case others have the same sort of problems and it might save them some time.

1.  In a component item list view, the message ‘ Notice: Undefined property: stdClass::$editor in ~administrator/components/com_xxxxx/views/yyyylist/tmpl/default.php on line zzz’ was encountered.  This message was coming from the template file and related to the check of whether the item was checked out or not.   The item is returned directly from the database table but there was no ‘editor’ field in the table.  

What was required is a simple select over the table with the Joomla users table as follows.

        // Join over the users for the checked out user.
        $query->select('uc.name AS editor');
        $query->join('LEFT', '#__users AS uc ON uc.id=a.checked_out');

Where I was wasting time, was thinking that the ‘editor’ was the actual physical editor being used on the item, rather than the ‘person’ who was the ‘editor’ of the item.

2.  In an item view the JToolBarHelper buttons did not appear to be doing anything other than appending a ‘#’ to the end of the URL.    This one had me a little puzzled since the parameters to JToolBarHelper were perfectly correct.    The problem eventually turned out to be related to some coding in a java script incorporated in the default template.   The error was not generating any messages and it was only by a process of elimination that I tracked it down.

So the moral is to check for Javascript errors before assuming a php coding error !!

3.  The third opportunity was to discover why the use of an Editor (such as JCE) persisted in stripping out HTML code from the input.   I found an article on the JCE web site that explains about changing the text filtering options:

(Joomla! 2.5)

    In the Joomla! Global Configuration, click on the Text Filters tab.
    For the Super Users group, or any other trusted user group, set Filter Type to No Filtering. Make sure that you only set this option for user groups that can be trusted as setting the Filter Type to No Filtering will essentially allow the user to include any html in an article.

However checking my settings showed that I already had them set but I was still getting the HTML codes stripped out.

Investigation into the possible filters that can be applied to the editor field in the XML file for the object revealed a solution.    The possible filters that can be applied (which I discovered from code inspection) are as follows:

 

Filter Type Description
RULES A defined rules array
UNSET Do nothing.
RAW No Filter.
SAFEHTML Filter safe HTML
SERVER_UTC Convert a date to UTC based on the server timezone offset.
USER_UTC Convert a date to UTC based on the user timezone offset.
default Checks for a callback filter using either using the callback method or using the callback function.

 

        
   The solution I wanted was to set the filter to ‘RAW’.         

Tags:
Template joomla PHP components
Geoffrey Chapman

Invalid Logging Attempts

We saw a situation of a brute force login attack the other day and thought we would share it with our readers, although we are flattered that anyone thought our site sufficiently important enough to make the effort, their efforts were in vain as they did not get very far.   This particular attack is classed as one of the most common (and least subtle) attacks that can be conducted against Web applications.  The sole aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of a user or a group of users.   It is often carried out by automated tools -- readily available on the Internet – enabling submission of thousands of password attempts in a matter of seconds (or less), trying to make it easy for an attacker to beat a password-based authentication system.

Continue reading
Tags:
Privacy Password Control joomla
Geoffrey Chapman

Lessons to be learnt from RBS debacle?

The recent debacle/fiasco around the RBS banking group has attracted much interest, with various comments made about whether it was preventable and the possible causes.

There have been many suggested causes such as whether this was an ‘accident waiting to happen’, or whether RBS should have retained IT support in-house rather than out-sourcing, a lot of which were by parties with their own self supporting agendas

One thing that did catch our eye was the article that RBS is set to sue the supplier for the problem.  Somehow it would turn our very ironic is the suppliers were insured for liability insurance (which all reputable suppliers are) though an RBS subsidiary.  That really would be something of an own goal, and for a group that is majority owned by the UK tax payer, must raise some interesting questions.

Tags:
Blog components disasters Outsourcing
Geoffrey Chapman

Anti-Spam measures

We received an interesting comment in the site the other day about the anti-spam options that we incorporate into the Issue Tracker component.   The main gist was that Recaptcha was the only anti-spam option that we use.   However we had to reply that there were also other features such as word filtering, IP blocking, checks on the number of links, and the ability to ban specified email addresses and URLs.

We have (and still are) considering other options but do wonder whether it is the best approach to build all of these tools into a specific product such as Issue Tracker.   A typical Joomla site will have a number of components such as a Blog, a forum, a general article commenting system, etc., installed.   Other web sites even if not based on Joomla will have similar constituents.  Is it wise to have all of these parts with their own separate anti-spam measures?  The likelihood is that they will all adopt slightly different approaches with different measures of success, and all requiring updates to keep up with new techniques and methods.

Continue reading
Tags:
SPAM joomla Issue Tracker Blog
Go To Top

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries