Joomla 1.5 quirk in [20151206] – Core – Session Hardening patch

Posted on by

The Joomla 1.5 (EOL) patch to the session.php file has a quirk in it that raises a warning notice. The advisory is

[20151206] – Core – Session Hardening

but if you blindly copy that file to your system then you will end up with a web site that raises many error messages,

Notice: Only variable references should be returned by reference in /libraries/joomla/session/session.php on line 343

I thought there would be a fix for this but when I googled for that message I found thousands of hits to broken Joomla web sites. Yes, hundreds of web sites are busted in that they have lots of error messages ! The fix I have done is easy, edit the NEW session.php file you have downloaded and edit this as follows to pass a variable back,

--- /home/admin/Downloads/JOOMLASESSEIONHARDENFIX/sessionNEWSESSIONHARDEN.php
 +++ /home/admin/Downloads/JOOMLASESSEIONHARDENFIX/sessionNEWBORKEDEDITED.php
 @@ -339,8 +339,13 @@
 $error = null;
 return $error;
 }
 -
 - return $this->data->getValue($namespace . '.' . $name, $default);
 +
 +// removed this next line as it generates a Notice: Only variable references should be returned by reference error
 +// return $this->data->getValue($namespace . '.' . $name, $default);
 +// and define a variable with the data to be returned....
 +
 + $getnamespacenamedata = $this->data->getValue($namespace . '.' . $name, $default);
 + return $getnamespacenamedata;
 }

/**

If you don’t know what to do with this change to get rid of that error message then you are going to have to find someone who has some PHP/Joomla experience to edit the files for you.