Joomla 1.7.0 Security fixes (Upgrade)

I have a shopping cart platform with Joomla 1.7.0 and VM2.0.6.Is there any option to update the versions manually (like files and DB tables).I can't upgrade it with normal joomla upgrade bcoz this version is completely customized .So any one can advise how the security issues on joomla 1.7.0 fix ? with manual files updates ?

Any response with valuable recourse will be appreciate.

Thanks in advance.


You need to find the hacked files, and apply the hacks to the new version of Joomla.

The procedure is quite long.

  • Identify the exact Joomla version you are using i.e. 1.7.3
  • Download a new copy
  • Make a backup of the entire Joomla site + its database (you never know)

    tar czf ../JoomCustom17.tgz *

  • Put your project under versioning: either svn or git will do, I'll write an example with git:

    git init git add * git commit -m "Initial"

  • Extract the new copy of Joomla over it:

    tar xzvf ../Joomla_1_7_3.tgz

  • And commit again

    git add * git commit -m "Base 1.7.3"

    Now you have a basic 1.7.3 version with all your extra files added to it. We want to diff it with the original installation, so now create and checkout a branch and name it core17, extract the initial backup over it, and commit again: This will contain the core changes.

    git checkout -b core17 tar xzf ../JoomCustom17.tgz git commit -m "Customised 1.7.3"

Now you have a Standard Joomla 1.7.3 installation with several extra files in the master branch, and your core hacks in the core17 branch.

 > git diff master..core17

and you will be presented with all the core changes.

You might want to use a high level tool to view the diffs quickly. See the link below.

You absolutely need to document all these changes. These are called "core hacks" and are bad practice . You absolutely need to keep a list explaining why they were applied for future reference. This would be a great moment to find out if you can replace some with template overrides (in case they are views); see if you can obtain the same functionality with a plugin or maybe overriding a core class.

Once you have a nice picture of the core changes, you're ready to proceed further. Now it's time to update your Joomla, so switch back to the master branch, update Joomla to the latest version, commit. Now merge with the master, solve any conflicts, and you might have an updated version with all your core hacks.

It's good to keep your core hacks into a separate branch so next time you need to update it will be as easy as 1,1,2,3,5,8,13.

Be sure to make backups and commits as you proceed a wrong command or a right command on the wrong branch and you can start over from scratch.

Document your work as you proceed. Some references for you:

git visual diff between branches

Hope this helps... it's not difficult it's just annoyingly long. But remember: it's all your fault, and this is the price you pay for hacking the core.

Need Your Help

How to setup an Amazon VPC gateway without a Cisco/Juniper router?

amazon-ec2 amazon-web-services vpc amazon-vpc

I would like to setup an Amazon's VPC gateway to my server. I do not have a Cisco or Juniper router, but found the OpenSolaris VPC Gateway, supposedly addressing this use case (see their wiki for