Public Forums 71,145 posts

[cgc0202 Friend cgc0202Join date: August 2007Posts: 2244Downloads:0Uploads:3 Thanks: 206 Thanked: 262 times in 1 posts]

#266096

<em>@VisiGod 74426 wrote:</em><blockquote>I could state clearly, that there were no call home functions till the moment.</blockquote>

Thanks VisiGod,

For the average user, are there ways to find out any added codes to a huge code files and directories, such as the Joomla-Joomlart template?

Cornelio

[VisiGod Friend VisiGodJoin date: January 2006Posts: 538Downloads:0Uploads:4 Thanks: 76 Thanked: 138 times in 18 posts]

#266097

Cornelio, we can see that in the last template there is a callback as one found above.
However, I couldn’t find if it is run some way.

1 user says Thank You to VisiGod for this useful post

1. cgc0202

[bossep Friend bossepJoin date: April 2008Posts: 262Downloads:0Uploads:3 Thanks: 50 Thanked: 15 times in 3 posts]

#266098

Cornelio,
I use Dreamweaver and the find all thing.

1 user says Thank You to bossep for this useful post

1. cgc0202

[VisiGod Friend VisiGodJoin date: January 2006Posts: 538Downloads:0Uploads:4 Thanks: 76 Thanked: 138 times in 18 posts]

#266100

Well, I use Eclipse, either nothing.
But still … the function is there 🙁

What I am more afraid of is that this file ja_templatetools_1.5.php IS NOT SECURED.

It lacks the defined( ‘_JEXEC’ ) or die( ‘Restricted access’ );
Which means, it is very possible to be run remotely.

1 user says Thank You to VisiGod for this useful post

1. cgc0202

[cgc0202 Friend cgc0202Join date: August 2007Posts: 2244Downloads:0Uploads:3 Thanks: 206 Thanked: 262 times in 1 posts]

#266101

<em>@perdu 74427 wrote:</em><blockquote>Look in template tools in the nagya template

$datas = ‘$J#PRODUCT_KEY$,$J#OWNER$,’.JURI::base();
$req = “datas=$datas”;
$url = ‘/checkversion.php’;
$address = “www3.joomlart.com”;
$port = 80;
$header = “POST $url HTTP/1.0rn”;
$header .= “Host: $addressrn”;
$header .= “Content-Type: application/x-www-form-urlencodedrn”;
$header .= “Content-Length: ” . strlen ($req) . “rnrn”;
$fp = fsockopen($address,80);</blockquote>

Hi perdu,

Which specific file is this?

And, exactly what is the significance?

Cornelio

[VisiGod Friend VisiGodJoin date: January 2006Posts: 538Downloads:0Uploads:4 Thanks: 76 Thanked: 138 times in 18 posts]

#266102

ja_templatetools_1.5.php

The significance is that this function sends data about the admin account to Joomlart

1 user says Thank You to VisiGod for this useful post

1. cgc0202

[ruigato Friend ruigatoJoin date: January 2006Posts: 74Downloads:0Uploads:6 Thanks: 48 Thanked: 1 times in 1 posts]

#266104

<em>@VisiGod 74473 wrote:</em><blockquote>ja_templatetools_1.5.php

The significance is that this function sends data about the admin account to Joomlart</blockquote>

what!?

I agree that comercial templates should have some kind of system to keep an eye on warez. But i think i should be informed if wen instaling something that i payed for i am sending personal information for someplace witch i cant control.

[VisiGod Friend VisiGodJoin date: January 2006Posts: 538Downloads:0Uploads:4 Thanks: 76 Thanked: 138 times in 18 posts]

#266105

Well, there is still no evidence that this function is called (used) and it exists only in the last template.

[cgc0202 Friend cgc0202Join date: August 2007Posts: 2244Downloads:0Uploads:3 Thanks: 206 Thanked: 262 times in 1 posts]

#266106

<em>@ruigato 74475 wrote:</em><blockquote>what!?

I agree that comercial templates should have some kind of system to keep an eye on warez. But i think i should be informed if wen instaling something that i payed for i am sending personal information for someplace witch i cant control.</blockquote>

You have to read the previous responses to understand what is going on ruigato. VisiGod is not advocating for what you fear. In fact, many of the posters here (and the latest postings) are one with you in your concern.

Cornelio

[perdu Friend perduJoin date: June 2007Posts: 227Downloads:0Uploads:26 Thanks: 10 Thanked: 20 times in 1 posts]

#266108

<blockquote>Well, there is still no evidence that this function is called (used) and it exists only in the last template.</blockquote>

It doesn’t really matter whether it’s already in use or not it’s just extremely alarming that this code can access and send data about the admin account to Joomlart.

If that’s what it does then think that this code violates quite a few rights including my privacy – as a member I downloaded and installed this template on my own personal web server without anything anywhere on JA warning me that by doing so the admin account on my web space would be compromised and data from my database sent anonymously back to JA.

I also can’t believe that there is so much concern and discussion over this and not one word of response from JA, it’s a complete disgrace.

[VisiGod Friend VisiGodJoin date: January 2006Posts: 538Downloads:0Uploads:4 Thanks: 76 Thanked: 138 times in 18 posts]

#266109

<em>@perdu 74479 wrote:</em><blockquote>It doesn’t really matter whether it’s already in use or not it’s just extremely alarming that this code can access and send data about the admin account to Joomlart.

If that’s what it does then think that this code violates quite a few rights including my privacy – as a member I downloaded and installed this template on my own personal web server without anything anywhere on JA warning me that by doing so the admin account on my web space would be compromised and data from my database sent anonymously back to JA.

I also can’t believe that there is so much concern and discussion over this and not one word of response from JA, it’s a complete disgrace.</blockquote>

Well, it could be even worse. Imagine that the admin account (default) is not yours 🙂
What scares me more is that this file is not secured with JEXEC

Other file not secured with JEXEC from the latest template is css/ie6.php

[ruigato Friend ruigatoJoin date: January 2006Posts: 74Downloads:0Uploads:6 Thanks: 48 Thanked: 1 times in 1 posts]

#266110

<em>@perdu 74479 wrote:</em><blockquote>
I also can’t believe that there is so much concern and discussion over this and not one word of response from JA, it’s a complete disgrace.</blockquote>

This foruns are closed to members. Try to expose this case in bestofjoomla or Jommla.org public foruns and you will see if you dont get an official answer right away..

Man, dont know if i have been unluky (in 2 years of membership i used Teline II and Larix) but i am getting more unhapy with JA everyday..

[VisiGod Friend VisiGodJoin date: January 2006Posts: 538Downloads:0Uploads:4 Thanks: 76 Thanked: 138 times in 18 posts]

#266111

Well, compared to you in my last months I am mainly fixing bugs rather that doing something with the templates 🙂

[cgc0202 Friend cgc0202Join date: August 2007Posts: 2244Downloads:0Uploads:3 Thanks: 206 Thanked: 262 times in 1 posts]

#266112

To Joomlart Customers,

Joomlart has not been forthcoming in addressing the issue raised here that is of great concern to many customers.

Instead of simply complaining and debating among ourselves, we need a more united action, a more concerted effort — including actual solutions to address this issue.

Call Home function

The concern about the automated registration that leads to “call home” capability has been raised by mj since 20080809:

<em>@mj1256 72686 wrote:</em><blockquote>
…[FONT=”Fixedsys”]I am concerned about the registration of domain process and how that will work, …

Will this be addressed????[/FONT]</blockquote>

[Please visit http://www.joomlart.com/forums/showpost.php?p=72686&postcount=16

Many have raised the same concerns, as evidenced by the subsequent postings.

Unfortunately, as of the date (20080819 of this post — ten (10) days after the issue was first raised — there has been no official response from Joomlart.

Background

What do we know so far:

cgc0202 wrote:

II. Licenses & Domains management.

From September 2008 (or earlier), a new license & domain management system will be introduced. You will not have to add domains to the license system.It will automatically be registered once you install the template.
<blockquote>

[Please visit: Important changes to the JA Templates Club
http://www.joomlart.com/forums/showthread.php?p=72516%5D

Exactly what happens if you violate Joomlart nebulous policy on automated registration?

Hung provided an insight on the undesirable impact of what could happen, if any template use violates what Joomlart considers improper use of their templates:

<em>@Hung Dinh 72618 wrote:</em><blockquote>…The templates will not fully function on unregistered domains…. </blockquote>

[Please visit: http://www.joomlart.com/forums/topic/of-domains/
more specifically:
http://www.joomlart.com/forums/showpost.php?p=72618&postcount=2 ]

I should point out that both the above quoted materials from Hung announced the new policy and what could happen if you violate the policy — not very good for us customers.

However, by not responding to the concerns of customers raised in thread, the available information about the “autoregistration policy” does not address in anyway how the customers ensure that they are in compliance with the nebulous “autoregistration policy”.

The members as evident in the latter postings are left to their own devices to find out how this “autoregistration policy” is being implemented.

More significant, as raised by the later posts, e.g., by VisiGod

<em>@VisiGod 74462 wrote:</em><blockquote>To be honest I don’t see this function called somewhere, which is strange.</blockquote>

<em>@VisiGod 74480 wrote:</em><blockquote>Well, it could be even worse. Imagine that the admin account (default) is not yours 🙂
What scares me more is that this file is not secured with JEXEC

Other file not secured with JEXEC from the latest template is css/ie6.php</blockquote>

Some of these concerns have been stated by earlier posts, but more in general terms.

Ten (10) days is more than enough to give Joomlart a chance to come forward and address the concerns of members. The deafening silence of their “enthusiastic response” is deplorable.

As members we need to find more concrete solutions to protect our own interests. I am prepared to help in anyway I can to those who are willing to volunteer to help toward finding solutions that will protect our interests as customers, but at the same time give Joomlart the right to protect their copyright to their intellectual property.

Cornelio

[bossep Friend bossepJoin date: April 2008Posts: 262Downloads:0Uploads:3 Thanks: 50 Thanked: 15 times in 3 posts]

#266113

templatesja_nagyaIndex.php Line 14 includes
include_once (dirname(__FILE__).DS.’ja_vars_1.5.php’);

ja_vars_1.5.php Line 14 includes
include_once (dirname(__FILE__).DS.’/ja_templatetools_1.5.php’);

But yes VisiGod
No calls for the function (so far)

Bosse

[Author]

Posts