CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Installing CiviCRM »
  • Joomla! Installations (Moderator: Deepak Srivastava) »
  • 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
Pages: [1]

Author Topic: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.  (Read 6273 times)

bryancn

  • I’m new here
  • *
  • Posts: 16
  • Karma: 0
4.5.7 upgrade /administrator/components/com_civicrm a security risk.
March 04, 2015, 04:47:36 pm
After upgrading from Joomla2.5.25/4.5.4 to 4.5.7 I get a warning when I access civicrm:

Security Warning File ".../administrator/components/com_civicrm" presents a security risk and should be deleted.

Is this for real?

Hershel

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4640
  • Karma: 176
    • CiviHosting
  • CiviCRM version: Latest
  • CMS version: Mostly WordPress and Drupal
Re: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
March 08, 2015, 09:49:29 am
No, that appears to be a mistake. Can you upgrade to 4.5.8 and see if that goes away?
CiviHosting and CiviOnline -- The CiviCRM hosting experts, since 2007

See here for the official: What to do if you think you've found a bug.

planetwebb

  • I post occasionally
  • **
  • Posts: 62
  • Karma: 2
  • CiviCRM version: 4.5.8
  • CMS version: Joomla 2.5.28 / Drupal 7.34
  • MySQL version: 5.5.34-cll-lve
  • PHP version: 5.3.22
Re: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
March 08, 2015, 11:41:24 am
I get the message as well on 4.5.8 but the error is truncated, this is the full message:

/home/myhomedir/public_html/administrator/components/com_civicrm/civicrm/packages/dompdf/dompdf.php presents a security risk and should be deleted.

anorthite

  • I’m new here
  • *
  • Posts: 17
  • Karma: 0
  • CiviCRM version: 4.5.8
  • CMS version: Drupal 7.34
  • MySQL version: 5.3.12-MariaDB
  • PHP version: 5.4.20
Re: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
March 08, 2015, 11:47:00 am
4.5.6 to 4.5.8.

Security Warning
File '/drupal/sites/all/modules/civicrm/packages/dompdf/dompdf.php' presents a security risk and should be deleted.
« Last Edit: March 08, 2015, 11:48:31 am by anorthite »

Hershel

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4640
  • Karma: 176
    • CiviHosting
  • CiviCRM version: Latest
  • CMS version: Mostly WordPress and Drupal
Re: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
March 08, 2015, 03:04:00 pm
That file does not exist in CiviCRM 4.5.8. You must:

1. Delete your old CiviCRM code
2. Unpack a fresh copy of the 4.5.8 codebase

to insure a proper, secure upgrade.
CiviHosting and CiviOnline -- The CiviCRM hosting experts, since 2007

See here for the official: What to do if you think you've found a bug.

planetwebb

  • I post occasionally
  • **
  • Posts: 62
  • Karma: 2
  • CiviCRM version: 4.5.8
  • CMS version: Joomla 2.5.28 / Drupal 7.34
  • MySQL version: 5.5.34-cll-lve
  • PHP version: 5.3.22
Re: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
March 08, 2015, 03:39:54 pm
For Drupal, deleting the code base is part of the upgrade process.

For Joomla!, there is no instruction to delete any part of the code base before upgrading.  In checking my packages subdirectory, I see a lot of directories that were not touched by the upgrade so I guess there may be many orphans.

Should the instructions for Joomla! upgrade be changed?

Keith

lcdweb

  • Forum Godess / God
  • I live on this forum
  • *****
  • Posts: 1620
  • Karma: 116
    • www.lcdservices.biz
  • CiviCRM version: many versions...
  • CMS version: Joomla/Drupal
  • MySQL version: 5.1+
  • PHP version: 5.2+
Re: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
March 09, 2015, 03:36:16 am
for Joomla, you can uninstall the extension and then reinstall.
generally it's fine to just install over the existing installation. but if you've been using civicrm for a while, it may mean you have a lot of old files from previous versions that are not cleaned up. so there's benefit in uninstalling/reinstalling.

note that if you do that, you may need to rebuild any menu links to civicrm pages that you created. Joomla doesn't always retain them very well through an uninstall/reinstall.
support CiviCRM through 'make it happen' initiatives!
http://civicrm.org/mih

mark0514

  • I post occasionally
  • **
  • Posts: 68
  • Karma: 1
  • CiviCRM version: 4.5.6
  • CMS version: Joomla 3.3.6
  • MySQL version: 5.5.32
  • PHP version: 5.3.26
Re: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
March 09, 2015, 07:23:41 am
What if you have already installed 4.5.8 over the previous version and are getting the message?

lcdweb

  • Forum Godess / God
  • I live on this forum
  • *****
  • Posts: 1620
  • Karma: 116
    • www.lcdservices.biz
  • CiviCRM version: many versions...
  • CMS version: Joomla/Drupal
  • MySQL version: 5.1+
  • PHP version: 5.2+
Re: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
March 09, 2015, 07:26:18 am
uninstalling should completely remove the administrator/components/com_civicrm directory, which is where the old files exist. you then reinstall 4.5.8, which will install a clean set of files.

of course... you'll want to run backups before you do anything.
support CiviCRM through 'make it happen' initiatives!
http://civicrm.org/mih

mark0514

  • I post occasionally
  • **
  • Posts: 68
  • Karma: 1
  • CiviCRM version: 4.5.6
  • CMS version: Joomla 3.3.6
  • MySQL version: 5.5.32
  • PHP version: 5.3.26
Re: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
March 13, 2015, 07:43:36 pm
Considering that my Joomla installation has over 150 menu links to contribution pages, I may need to do something different. I found and deleted the one file and the message went away..
« Last Edit: March 13, 2015, 08:06:16 pm by mark0514 »

planetwebb

  • I post occasionally
  • **
  • Posts: 62
  • Karma: 2
  • CiviCRM version: 4.5.8
  • CMS version: Joomla 2.5.28 / Drupal 7.34
  • MySQL version: 5.5.34-cll-lve
  • PHP version: 5.3.22
Re: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
March 13, 2015, 08:09:26 pm
Similar situation for me...I decided to delete the one offending directory and the message is gone. At some point I may compare and trim but I'm more likely to move my site to Drupal.

bmw

  • I post occasionally
  • **
  • Posts: 103
  • Karma: 4
    • Alcohol Justice - The Industry Watchdog
  • CiviCRM version: 4.5.8
  • CMS version: Joomla! 3.4.0
  • MySQL version: 5.5.42-cli
  • PHP version: 5.3.27
Re: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
March 17, 2015, 12:52:48 am
I got this error message just after updating from 4.5.6 > 4.5.8.
Make sure you clear CiviCRM cache, your browser cache and both Joomla caches. Goes away.
(I use Cache Status add-on for Firefox)
Bruce Wolfe, M.S.W., CIO
Alcohol Justice, 501(c)3

diegov

  • I post occasionally
  • **
  • Posts: 63
  • Karma: 0
    • dotPro Tecnologia e Comunicação
  • CiviCRM version: 4.3.5
  • CMS version: Joomla! 3.1.x
  • MySQL version: 5.3
  • PHP version: 5.3
Re: 4.5.7 upgrade /administrator/components/com_civicrm a security risk.
April 02, 2015, 11:04:41 am
Looking at files of package 4.5.8 I see that there's no "dompdf" directory anymore. So, maybe it's nice to register that the full folder should be deleted, not only the file "dompdf.php".
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Installing CiviCRM »
  • Joomla! Installations (Moderator: Deepak Srivastava) »
  • 4.5.7 upgrade /administrator/components/com_civicrm a security risk.

This forum was archived on 2017-11-26.