Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.
Categories
Tags
Archives
Calendar
Categories:   All Categories
Suggested keywords
x
Geoffrey Chapman

Dropbox security breech.

dropbox
Dropbox is the latest in a long line of services that has had a security breech. This has led to many of the members receiving unsolicited emails.

The cause is claimed to be a stolen password which was used to access an employee’s accounts allowing a ‘project document’ containing user emails to be accessed and copied.

More details here.

Tags:
security Privacy Information
Geoffrey Chapman

PHP version


We have recently changed our PHP version used on the web site (hosted as you may know on 1&1 Internet), from the default 5.2.17 to PHP 5.4.4 which is the latest released version (14th June 2012).

We were waiting upon PHP version 5.3 but that is not available, despite PHP version 5.2 being long out of support since December 2010.

PHP version 5.3 is recommended for Joomla 2.5 and a number of extensions now recommend version 5.3.

Initial testing seems to indicate that things are still working correctly without any unwanted side effects. If you find any please le us know.

The change was easy and is documented here.

[We did notice a transient problem with using the editor to insert hyperlinks and editing an image to reposition it within this blog entry, but it seems to have resolved itself and may well have been a cache issue.]

Small rider to add here is that one has to remove the .htaccess directive when/if one reloads a backup of the site upon another host that does not recognise the AddHandler directive.

Geoffrey Chapman

Joomla mailing templates and images

We have been testing out Joomla newsletter components and in particular looking at newsletter templates.  There are two main contenders a) AcyMailing and b) JNews.   Both seem competent in performed the required tasks, but a decision as to which we will use will not been made, until we have finished our testing.

The main points to date include:  

Loading of new newsletter templates is reasonably simple into AcyMailing.  All that is required is to create a zip file with a file named index.html containing the template html code, an image thumbnail of the newsletter itself, and a directory named images containing any images that are named by reference to the images folder with the index.html file.   Then the file is simply imported into the Joomla newsletter component.  JNews didn't find index.html in the zip file for some reason.

The handling of animated images is a little problematic.  It seems that animated PNG file support is limited and that it is better to stick with animated GIF files if animation is required.  This is complicated by the particular mail client being used as well, since it is suspected that Outlook 2003 cannot itself handle animated png files.

Support on the forums of both contenders seems very good, with AcyMailer being the busiest, which probably reflects the usage levels.

Initial costs are comparable, though it is noted that JNews is a one time payment where as AcyMailing uses an annual support cost.   

No show stoppers found yet, but testing is continuing.

 

PS.  Found this article on coding html templates very useful.

Tags:
Template newsletters joomla
Geoffrey Chapman

Joomla Development hints and tips

Whilst working on some Joomla component developments I encountered a few problems which, whilst I had encountered them, before didn’t stop me wasting time resolving them again.  So I have decided to post them to the blog in case others have the same sort of problems and it might save them some time.

1.  In a component item list view, the message ‘ Notice: Undefined property: stdClass::$editor in ~administrator/components/com_xxxxx/views/yyyylist/tmpl/default.php on line zzz’ was encountered.  This message was coming from the template file and related to the check of whether the item was checked out or not.   The item is returned directly from the database table but there was no ‘editor’ field in the table.  

What was required is a simple select over the table with the Joomla users table as follows.

        // Join over the users for the checked out user.
        $query->select('uc.name AS editor');
        $query->join('LEFT', '#__users AS uc ON uc.id=a.checked_out');

Where I was wasting time, was thinking that the ‘editor’ was the actual physical editor being used on the item, rather than the ‘person’ who was the ‘editor’ of the item.

2.  In an item view the JToolBarHelper buttons did not appear to be doing anything other than appending a ‘#’ to the end of the URL.    This one had me a little puzzled since the parameters to JToolBarHelper were perfectly correct.    The problem eventually turned out to be related to some coding in a java script incorporated in the default template.   The error was not generating any messages and it was only by a process of elimination that I tracked it down.

So the moral is to check for Javascript errors before assuming a php coding error !!

3.  The third opportunity was to discover why the use of an Editor (such as JCE) persisted in stripping out HTML code from the input.   I found an article on the JCE web site that explains about changing the text filtering options:

(Joomla! 2.5)

    In the Joomla! Global Configuration, click on the Text Filters tab.
    For the Super Users group, or any other trusted user group, set Filter Type to No Filtering. Make sure that you only set this option for user groups that can be trusted as setting the Filter Type to No Filtering will essentially allow the user to include any html in an article.

However checking my settings showed that I already had them set but I was still getting the HTML codes stripped out.

Investigation into the possible filters that can be applied to the editor field in the XML file for the object revealed a solution.    The possible filters that can be applied (which I discovered from code inspection) are as follows:

 

Filter Type Description
RULES A defined rules array
UNSET Do nothing.
RAW No Filter.
SAFEHTML Filter safe HTML
SERVER_UTC Convert a date to UTC based on the server timezone offset.
USER_UTC Convert a date to UTC based on the user timezone offset.
default Checks for a callback filter using either using the callback method or using the callback function.

 

        
   The solution I wanted was to set the filter to ‘RAW’.         

Tags:
Template joomla PHP components
Geoffrey Chapman

Invalid Logging Attempts

We saw a situation of a brute force login attack the other day and thought we would share it with our readers, although we are flattered that anyone thought our site sufficiently important enough to make the effort, their efforts were in vain as they did not get very far.   This particular attack is classed as one of the most common (and least subtle) attacks that can be conducted against Web applications.  The sole aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of a user or a group of users.   It is often carried out by automated tools -- readily available on the Internet – enabling submission of thousands of password attempts in a matter of seconds (or less), trying to make it easy for an attacker to beat a password-based authentication system.

Continue reading
Tags:
Privacy Password Control joomla
Geoffrey Chapman

Lessons to be learnt from RBS debacle?

The recent debacle/fiasco around the RBS banking group has attracted much interest, with various comments made about whether it was preventable and the possible causes.

There have been many suggested causes such as whether this was an ‘accident waiting to happen’, or whether RBS should have retained IT support in-house rather than out-sourcing, a lot of which were by parties with their own self supporting agendas

One thing that did catch our eye was the article that RBS is set to sue the supplier for the problem.  Somehow it would turn our very ironic is the suppliers were insured for liability insurance (which all reputable suppliers are) though an RBS subsidiary.  That really would be something of an own goal, and for a group that is majority owned by the UK tax payer, must raise some interesting questions.

Tags:
Blog components disasters Outsourcing
Geoffrey Chapman

Anti-Spam measures

We received an interesting comment in the site the other day about the anti-spam options that we incorporate into the Issue Tracker component.   The main gist was that Recaptcha was the only anti-spam option that we use.   However we had to reply that there were also other features such as word filtering, IP blocking, checks on the number of links, and the ability to ban specified email addresses and URLs.

We have (and still are) considering other options but do wonder whether it is the best approach to build all of these tools into a specific product such as Issue Tracker.   A typical Joomla site will have a number of components such as a Blog, a forum, a general article commenting system, etc., installed.   Other web sites even if not based on Joomla will have similar constituents.  Is it wise to have all of these parts with their own separate anti-spam measures?  The likelihood is that they will all adopt slightly different approaches with different measures of success, and all requiring updates to keep up with new techniques and methods.

Continue reading
Tags:
SPAM joomla Issue Tracker Blog
Geoffrey Chapman

Thoughts on the EU data protection regulation and Joomla

In January 2012, the European Commission announced two important pieces of legislation affecting the personal data of EU citizens: the EU data protection directive and the EU data protection regulation.  Of the two, the data protection regulation will have the greater effect on most businesses that collect, hold or share data within the EU. 

Continue reading
Tags:
compliance Europe ICO joomla Privacy
Geoffrey Chapman

PECR– Cookies and Joomla Part 4

Several new product announcements to add to my growing list.  The JED now even has a separate section for Cookie Control

8. Cookie Choice is a non-commercial JED entry.  It does not block cookies but informs the user, which is what the current interpretation of the PECR regulations is understood to be required.

9. JE Cookies a commercial JED entry.  Details are a little light but it offers various colour options. 

One I have mentioned earlier 6. Cookie Alert does offer the country determination options, something we have in our own version.  We have tested our own version and it works reasonably well, although the impact on checking the country of origin on each screen refresh is something we are giving serious thought to, and would impact this product offering as well.

Our own home grown version is being tested and is working well.  One thing we have found is a small problem where if a visitor does not accept the cookies, and just leaves the banner displayed, continuing to browse the site, IF a separate modal window is opened, we have observed a situation where the model window is also presented with the cookie banner.  Not every modal window, just some, so we are investigating further. 

Tags:
Privacy PECR joomla Europe cookies cookie
Geoffrey Chapman

The Tor Project

Mentioned the Tor Project in a recent post so decided to expand a little upon the topic. 

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

It is a browser that exists on your machine, but is not installed as such, so can be placed on a USB key and used as a remote app.  Its’ purpose is to anonymise your web communications by bouncing then around a distributed network of relays all around the world:  it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Useful for accessing sites that may be blocked by you ISP for what ever reason.

Tags:
browser Communications Privacy Tools
Go To Top

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries