There’s been a lot of discussion recently about a critical Joomla security bug that allows “hackers” to upload malicious PHP script files to Joomla sites, then run them. This would allow hackers to use your site to send spam, or to replace any file on your Web site.
Although our customers running Joomla should always upgrade to the latest versions when available, we’ve also put rules in place to protect against this vulnerability.
Read the rest of this entry »
After upgrading our systems to PHP 5.2.6, we received reports of an incompatibility with Joomla. Some URLs do not work when Joomla is configured to use “Search Engine Friendly URLs”, but to not have “Use Apache mod_rewrite” turned on.
We’ve investigated this, and it’s caused by Joomla assuming that PHP has a bug that makes it work incorrectly, when in fact it’s supposed to work differently (and is clearly documented to work differently). Older versions of PHP had this bug, but the new version doesn’t.
To help our customers work around this, we’ve “patched” PHP to intentionally reintroduce the old bug for now, thus keeping it “compatible” with Joomla. If you were having trouble with Joomla’s “Search Engine Friendly URLs”, it should be fixed.
We’ll provide more technical details (and a more robust long-term solution) in the near future.
Update: We’ve also reported this problem to the Joomla developers and suggested a solution.