Search Engine Friendly URL's

Search Engine Friendly URL's

Sunday, 09 November 2003

From Mambo Open Source 4.5 Beta 1.0.3 we decided to start implementing Search Engine Friendly URL's (SEF). We did some initial work and now will need your help with testing and finding bugs.

SEF in Mambo Open Source is for Apache only and all logic is in PHP. There are only 3 lines in .htaccess for mod_rewrite to point server to the right file.

To turn SEF support ON:

You must run Apache
You must have mod_rewrite enabled
Your server must allow .htaccess override
Set $mosConfig_sef= "1" in configuration.php
Rename htaccess.txt to .htaccess

You will notice that sections / content / items have nice URL's like: http://www.site.com/content/view/5/2/ and components have URL's like: http://www.site.com/component/option,com_contact/Itemid,3/

Sections / content / items are SEF enabled already while some of the core components and modules are not completely finnished yet. Here I need your testing and bug reporting.

For you wondering what you have to do in order to SEF enable your CMT's: You must convert all links in CMT's to SEF links. This is done with a function called sefRelToAbs().

Example:

Before you had link or form pointing to: index.php?option=com_contact&Itemid=$Itemid

Now you just do this: echo sefRelToAbs("index.php?option=com_contact&Itemid=$Itemid");

This will transform this relative URL to link like: http://www.domain.com/component/option,com_contact/Itemid,3/

Now mod_rewrite will point Apache to index.php and sef.php will do the back-transforming magic.

Note that SEF is turned OFF by default and no changes in any way are needed if you are running Mambo Open Source the old way, without SEF.

Please make sure that you have right settings before posting in the forums that it doesn't work. We will be deleting all comments from people that haven't checked above 5 steps. So:

check your php-info and make sure you run Apache and mod_rewrite module is loaded
make sure you renamed htaccess.txt to .htaccess and that you turned SEF on in configuration.php.

Search Engine Friendly URLs [SEF] in Mambo 4.5

November 9th, 2003, 21:54

Saka

In Mambo 4.5 we decided to implement Search Engine Friendly URLs.

SEF in Mambo is for Apache only. It is using mod_rewrite for pointing server to the right file whilst all logic is in PHP. There are only 3 lines in .htaccess for mod_rewrite directions.

To turn SEF support ON:
1) You must run Apache
2) You must have mod_rewrite enabled
3) Your server must allow .htaccess override
4) Set $mosConfig_sef= "1" in configuration.php
5) Rename htaccess.txt to .htaccess

You will notice that sections/content/items have nice URLs like:
http://www.site.com/content/view/5/2/
and components have URLs like:
http://www.site.com/component/option...tact/Itemid,3/

Troubleshooting
If you expirience problems with SEF please make sure you tripple checked these troubleshooting steps:
1) You must run Apache
To check this go to Mambo administration > System > System Info. Server type should be listed next to Web Server. SEF will not run on IIS, so don't bother trying.
2) You must have mod_rewrite enabled
To check this go to Mambo administration > System > System Info. Click on PHP Information tab. Scroll down until you find Loaded Modules row. mod_rewrite should be listed here. If it's not ask your web host to activate mod_rewrite.
3) Your server must allow .htaccess override
To check this delete everything from your .htaccess file and write a simple command here, for example:

Code:

Redirect /google.html http://www.google.com

Now point your browser to http://www.yoursite.com/google.html If it redirects you to google.com then you are OK.
4) Set $mosConfig_sef= "1" in configuration.php
You can also activate SEF under Site > Global Configuration.
5) Rename htaccess.txt to .htaccess
This can be done with a FTP program. Note the dot in the beginning! Also note that you can't do this on windows, you must rename it directly on server.

Information for component developers: What you have to do in order to SEF enable your CMTs (Components/Modules/Templates):
You must convert all links in CMTs to SEF links. This is done with a function called sefRelToAbs().
Example:
Before you had link or form pointing to:
index.php?option=com_contact&Itemid=$Itemid
Now you just do this:
echo sefRelToAbs("index.php?option=com_contact&Itemid=$ Itemid");
This will transform this relative URL to link like:
http://www.domain.com/component/opti...tact/Itemid,3/
Now mod_rewrite will point Apache to index.php and sef.php will do the back-transforming magic.
This function will just return the same link if SEF are disabled so it's safe to code your CMTs with it from now on.

Note that SEF is turned OFF by default and no changes in any way are needed if you are running Mambo the old way, without SEF.

Please make sure that you have right settings before posting that it doesn't work. I will be deleting all comments from people that haven't checked above 5 steps. So: check your php-info and make sure you run Apache and mod_rewrite module is loaded. Make sure you renamed htaccess.txt to .htaccess and that you turned SEF on in configuration.php.

If you want to further enhance your site having SEF URLs like:
http://www.site.com/section/category/item/ take a look on SEF advance here:
http://forum.mamboserver.com/showthread.php?t=246

__________________
Emir Sakic
http://www.sakic.net

Last edited by Saka : May 3rd, 2005 at 21:42.

Mambo Open Source 4.5 (1.0.7) released

Tuesday, 06 April 2004

This release fixes a MAJOR security exploit plus a few minor exploits. All sites running Mambo Open Source 4.5 prior to this release need to update immediately.

Failure to update could lead to a hacker gaining administrator access to your site. For information on how to further protect your Mambo Open Source installation download 'Securing Mambo Open Source' from http://mosforge.net/frs/?group_id=131&release_id=293.

When logged in to Mambo Open Source (frontend only) it is possible to exploit a method to maliciously inject field values for objects based on the mosDBTable.

We have added the ability to "ignore" certain fields in the bind method. Therefore, all module and component developers are urged to examine any form submission via the frontend. The following example shows (partially) how we prevent the `gid` and `usertype` fields from being maliciously overwritten when a user updates their password:

Code:

if (!$row->bind( $_POST, "gid usertype" )) {

and for weblinks:

Code:

if (!$row->bind( $_POST, "approved published" )) {

The second argument is a space separated string of the fields that are to be ignored when binding the values in the $_POST array.

You can download Mambo Open Source 4.5 (1.0.7) from http://mosforge.net/frs/?group_id=5

Changelog:

- Fixed mosDBTable exploit
- Fixed return page for logout
- fixed bug #241 - Not authorized access to sections with SPECIAL or REGISTERED access level
- fixed bug #244 - 2nd instance of WysiwygPro isn't working in the frontend
- Fixed bug #166 - security loophole in htmlarea2
- Fixed bug #177 - table width issue in frontpage
- Fixed bug #184 - Unchecked path in com_media
- Fixed bug with paging functionality when limit exceeds total on second page
- Fixed security bug with gaining frontpage admin access on sites with magic quotes turned off
- Patched ACL so superadministrators gain access to special sections
- Fixed bug #83 - Removed date manipulation code for last visit field in admin users list
- Fixed bug #119 - Fixed bug relating to quotes in metakeys
- Fixed bug #156 - Fixed overwrite of publish down time on save
- Fixed bug #163 - Fixed error message stuffing headers when downloading sql dump
- Fixed bug #162 - Typo in menu class suffix - class_suffix -> class_sfx
- Fixed bug #166 - Typo in content.html.php - mossection -> mosSection
- Fixed bug #154 - Problem with long template names

MOS 4.5 (1.0.3) now available

Friday, 27 February 2004

The latest version of Mambo Open Source 4.5 is now available.

For full details on this release please read this. You can download the release from here.

4.5 (1.0.2) now available

Sunday, 01 February 2004

We have released Mambo Open Source 4.5 (1.0.2) the full download is available from http://sf.net/projects/mambo

We can not stress enough how important it is to upgrade to this release due to a recent security exploit.

We have not been able to release a patch for 4.5 (1.0.1) due to problems at SourceForge. We aim to complete this in the next week or so.

In order to patch your version to prevent a remote exploit of your server follow these simple steps:

Find and edit the file modules/mod_mainmenu.php
Insert the line:
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.'
);
before:
require_once( "$mosConfig_absolute_path/modules/mod_mainmenu.class.php" );
Save the file!