extensions.Siliana.com

sh404SEF version 1.3 RC - Release notes - November 17, 2007

This version has many changes, not possible to list them all. Here are the key points :
 

1 - added security layer to sh404SEF.

As every URL goes through it, it will reject suspicious ones. The checks are as follow:
- presence of a mosConfig_xxx variable
- presence of a <scrip> command
- presence of base64_encode command
- presence of txt files associated with jpg or similar files
- check that variables are numeric only (the variable list is set in backend, comes with a predefined list)
- check that variables are alpha-numeric only (the variable list is set in backend, comes with a predefined list)
- check that variables do not contain http:// or ftp:// (the variable list is set in backend, comes with a predefined list)
- check incoming IP (white list/ black list set in backend, can have wildcards like 80.89.90.*)
- check incoming UserAgent string ((white list/black list set in backend)
- anti-flooding system : check number of requests from same IP in a given time period (count and period set in backend, applied on all requests,or only on requests with POST data - ie : forms : protect against spam robots
- optional checkup of incoming IP with Project Honey Pot (a free, real-time database of known spammers and attackers IP address)

This protection is applied on SEF URL, Joomla SEF URL and Joomla standard URL. Attacks are logged, and kept for a user set number of month. Failure to one of this test results in a 403 page being displayed. On some tests, the 403 page has a javascript link embedded so that false positive (ie - humans) can still access the requested page. This is useful for Project Honey Pot, which may have false positive (I think).
 
I am no security specialist, but I have tried to include the basic tests and a bit more. Feedback is very much welcomed on this part, which is the newest. The idea comes from the fact that many people are now using sh404SEF without .htaccess, and they can't take advantage of the basic security features Joomla team included in their .htaccess in recent versions of Joomla. That, plus IP control, anti-flooding should help. I am very happy also with Project Honey Pot, which seems not to slow down sites when checking IP, and I believe can be of great help.
 

2 - SEO improvements

ShCustomtags has been improved. In addition to managing page title and meta tags as it already does, it will now :
- add "nofollow" tags to PDF and Print links generated by Joomla, in order to avoid duplicate content penalties
- insert article titles in Read more.. links (they'll be like "Read more ...[How to make a plugin for Joomla in 3 minutes]"). A title attribute is also added to the <a> tag
- multiple h1 tags are now avoided : if set to insert h1 tags around article titles, the module will check if there is more than one. if so, each tags will be turned into a h2 tag instead
This being done by the module, it does not require any hacking of Joomla files of course
 
3 - Multi-lingual sites :
- moved all language related params under one unique tab
- whether url should be translated and/or language code added is now set on a per language basis. Adding a language code is now allowed also for default language, so that sites in non-latin characters languages can work properly
- pagination text is now language dependent (Page-2.html in English, Pagina-2.html in Spanish for instance) 

4 - Other:

- control panel has now two-levels : default display shows only main parameters, extended display shows full set of params. One can switch from simple to extended with a link on the main control panel - added possibility to manually set a component prefix, if you want to have all links to a given components to start with /my_prefix/... , you can do it now for all components installed. Useful for backward compatibility coming from SEFADvanced/Open SEF which need a prefix to identify components. Preferred option with sh404SEF is still not to use any prefix
- added (rough) possibility to have a simple html 404 page. If a html file called 404-Not-Found.tpl.html exists in /components/com_sef, it will be used instead of loading the full Joomla template, etc. I provide a sample html file. You can insert %sh404SEF_404_URL%, %sh404SEF_404_SITE_URL% and %sh404SEF_404_SITE_NAME% tags in this file, they will be replaced by the missing page URL, the site root URL and the site name respectively, before the 404 page is displayed. Some people with heavily loaded servers requested this, as a mean to reduce server load.
- worked on mambo 4.6.2 compatibility. Seems to work pretty well, except for multi-lingual capability, where nokkaew seems at the moment not to allow all that Joomfish can do in terms of translating URL. It means that translating URL should not work properly, but simply inserting a language code should allow multi-lingual operation.
- Russian language file is now encoded to CP-1251, and Hungarian files are now ISO-8859-2. Of course, all mambo files are UTF-8
- many bug fixes of course

5 - IMPORTANT : using JOOMFISH 1.8.x

Joomfish has changed the way it uses database fields. From version 1.8, it has now a "short code" for each language, and sh404SEF, to maintain backward compatibility with version 1.7 of Joomfish, will use this field. So you MUST check Joomfish config as follow :
- go to Joomfish menu, Languages sub-menu
- Look at the "Short code" column, and make sure there is a value for each language you will use. What you enter here will be used in sh404SEF. For instance, you should put there en for English, es for Spanish, etc 

Comments

epro - Excellent 18-11-2007 09:32 This new version seems like a big leap for sh404SEF. Haven't tried all new features yet but just want to say "THANK YOU" for such a great component!!

Alex - Awesome work 19-11-2007 00:37 Dear Yannick, This is an awesome piece of development work. Thank's a lot. I'll test the release in details and will try to write a complete guide using Joom!Fish and sh404SEF. I think this is a perfect solution Kind regards Alex

Emagin - Joomfish - Short Code en de et 19-11-2007 08:15 Hi there, I had some trouble with the shortcodes with W2 or W3 version, so I changed them from full language name to the 2 letter name: en it de fr etc. and this worked. Not sure if this stays same in 1.3 but I thought I'd pass it along for your documentation

shumisha - Please post technical info in 19-11-2007 08:25 Hi, Comments here are just for comments. Please post technical information such as above IN THE FORUM. When posted in comments, few people can see them... As for language code, please see documentation and FAQ. This is required now if you are using Joomfish 1.8.1 Regards

Magno - No joomfish selection language 19-11-2007 09:42 Hi, i am installing the laster RC version and not have a module of selection of language for joomfish, and joomfish not work correctly. Thanks for all.

PlayGod - Thanks! 19-11-2007 21:24 Seems to be working well on the several sites I've upgraded. Multi-page documents with custom page names are now displaying properly. I found that I needed to clear Joomla caches and eAccellerator php caches after upgrade... after that it's working well.

godyn - superbe 20-11-2007 07:36 wow Yannick Your work is much worth to me. I'll try it out and give you my results.

englishchrissy - Installs ok but does not work 21-11-2007 03:55 Hi, Installation on fresh Joomla 1.0.13 went ok but when I try to configure I just get a blank page. Have posted on the forum:- http://extensions.siliana.net/Forum/sh404SEF-support/4829-Cant-Configure-Just-Get-Blank-Page.html but so far no replies. Maybe I should try the older version but where can I get it? Please help this SEF urls are very important for me. Thanks.

Michael - NIce work 21-11-2007 08:08 Have just updated to the 1.3 RC and all seems to be going well so far. The new security features are a nice additon too. What happened to the option to make all urls lowercase though. ? I just went through and changed all urls manually back to lowercase on my site after the upgrade as they were now being generated like -http://mysite.com/News/ etc Thanks for the great work so far though :D, I like this much better than opensef.

Michael - Nevermind 21-11-2007 08:18 Sorry just noticed the option for lowercase.. there's no title for it, so didn't quite notice it even though it was still in the same spot as previous version.. lol. Merry christmas.

Kurt - Congratulations 14-12-2007 03:55 Very Good job, we use your component since start and this version with security is very good, som small idea from spain, the links to archive months of standard joomla content are stil not sef, probaly nobody see it? best regards and merry christmas from Spain

DoubleFx - And for Joomla 1.5 ? 14-12-2007 07:30 I'm new in Joomla, I downloaded Joomla 1.5RC and tryed to install that componant on it, it refused, is that normal ?

Kelly - to englishchrissy - i'm having 14-12-2007 09:55 I'm having the same problem. Installation went ok but when I try to configure I just get a blank page. Anyone know what's going on?

DoubleFx - RE: And for Joomla 1.5 ? 14-12-2007 10:35 Finaly, I my .htaccess was wrong and didn't gave me the possibility to use mod_rewrite feature, but I fixed it and works.

nenesio - problem with %u2122 26-12-2007 21:47 Hi, the component does not ignore the symbol %u2122

nenesio - Apology double post 26-12-2007 21:50 is the symbol tm = traded mark

Octavian - problems with include pages 29-12-2007 01:51 This is by far the best component I have used when it comes to sef and seo. Only 1 problem, I have a page which requires to include another one, using either addphp module or just a custom module. On both instances, when I turn on sh404, it loads just the page mentioned in the php include code, and doesn't load the site anymore. As soon as I turn the 404sef off, it works. It loads the page in the site normally. Maybe you have a suggestion .My address is octav@grafician.com

joomla_XTC - Very nice 14-01-2008 09:05 Thanks for this component http://www.suchmaschinen-optimierung-templates.de/

karoshi - blank page 14-01-2008 22:50 same here - blank page when I want to config. Works locally, though. any help very much appreciated

Anonymous 24-01-2008 05:58 Hey, Is this component compatible with joomla 1.5?!

moe - bug? 27-01-2008 17:21 couldn't access your forum. So it goes here. When the security function is activated, front-end editors can't save/apply pages when the word "script" is written in the page. This includes words like, "Description" or "Subcription". I get the FORBIDDEN ACCESS (tag in post) response when save/apply. Page locks out and I have to do a global check-in to release the page.

shumisha - Forum is up 28-01-2008 01:07 Hi all, Again, please don't use comments for support request. I can't track them, and you won't get notified of any answer. Use forum (which may be down sometimes, but it never lasts very long), or even the contact form... See you on the forum

sandeep - hi.................... 23-02-2008 13:42 what drew me hear... once again... after a long break was... cause i read that the component is 1.5 ready.... but i did not see that happen post install... :( also... that factor is not mentioned here!!! hope the security features work atleast... they are too good!!! and integration of project honeypot!!! Wow!! You are way to good buddy!

shumisha - About J! 1.5 23-02-2008 13:47 Please read announcement in the forum. THere is a 1.5 specific version, you can't just use the current J1.0.x build on 1.5 Additionnally, it requires legacy plugin. Again, read first beta announcement on forum Regards

Vinh - You totally rock! 13-03-2008 12:00 I love you. What should I say. I just love you! =D

Magh - Best SEF component ever!! 03-04-2008 21:10 I have been using sh404sef a few months now. What can I say!! This component is awesome. With this, I was able to configure the CRL with hellenic polytonic (not your standard greek - heh) and it worked perfectly!! Impressive! My only question is: Is there some update procedure, or one has to uninstall the older version first to get the newer one?

David Berkham - sh404SEF AND JREVIEWS 07-04-2008 05:25 Hi, I wish I could use your component but it's not compatible with jreviews. My site has over 1900 reviews set up in jreviews and just can't get sh404SEF to work with it. Wish you and Alejandro could put your heads together and come up with a solution. Cheers, D Berkham dvdcorner.net

Liz - lowercase 01-08-2008 13:25 I have joomla 1.5 running sh404SEF perfectly. Great product. Question though, I want all lowercase urls, is there an option for that? Can I tweak the code somewhere if it's not a configuration? Any hints would be greatly appreciated. Also, would love to remove the "index.php" in my urls. Any ideas? Thank you in advance! Liz

Johan - SEF 16-08-2008 15:44 I just want to find out if there is someone that can help me? I need the person to have a look at my SEF in Joomla and to tell me if i have set up everything correctly. Kind Regards Johan Watson johan@obros.co.za

Daniel - Reply to Moe about bug 10-11-2008 21:54 If you're getting the "403 Forbidden: Script tag in POST" message, you can disable the security functions in sh404sef as a quick fix / hack: http://mundy.com.au/Joomla-1.5/403-forbidden-script-tag-in-post

Read on or write comment
Name:
Title:
	Please type in the input box the security code displayed in the image at the far right, then press Send button.