This patches a number of security vulnerabilities & bugs found in Mambo 4.6.2 and updates your site to Mambo 4.6.5. If you are not running Mambo 4.6.2 then you should patch up to this version prior to applying this new patch. 1) Take your site offline: Site->Global Configuration->Site Offline (YES). 2) This patch includes a complete update for the MOStlyCE editor to the release 3.0. To make sure those update goes smoothly follow these steps: * If you have made customizations to your exitising MOStlyCE install (ex) icon changes, enabling/disabling plugins, etc then first make a local backup copy of your MOStlyCE configuration file. You can find it at the following location mambots/editors/mostlyce/jscripts/tiny_mce/mostlyce_config.php. * Next remove these three items (they will be replaced by the patch and we don't want to leave old artifacts around): a) mambots/editors/mostlyce (the entire directory) b) mambots/editors/mostlyce.php c) mambots/editors/mostlyce.xml d) administrator/components/com_mostlyce/mostlyce.xml 3) I you have created a custom english language package (you know that if you have a folder /language/en), then first make a local backup copy of your folder. 4) Extract the patch into your existing Mambo 4.6.2 installation and let the files overwrite the existing files with the same names. The patch mirrors the existing Mambo 4.6.5 file/folder structure so the files will go into the correct locations when extracted. 5) Open you configuration.php file. a) Now verify and/or change the following variable so that they match what is shown below: * $mosConfig_lang = 'english'; * $mosConfig_locale = 'en'; b) Add the following line: * $mosConfig_charset = 'utf-8'; 6) Run the SQL statements in the file called 463_to_464_upgrade.sql in the upgrades folder via your normal database interface (ie) phpMyAdmin, MySQL commandline, etc. You will need to replace all instances of "#_" with whatever your table prefix is. By default the Mambo table prefix is set at "mos_". Example: #__components would change to mos_components if your table prefix was mos_ (that is a single underscore). 7) Remove the upgrade folder 8) If you are using the MOStlyCE editor then you need to do the following to finish off the editor update: * If you made a backup of your mostlyce_config.php file in step 2 you should now put that back in place (mambots/editors/mostlyce/jscripts/tiny_mce/mostlyce_config.php). * Verify your mostlyce_config.php file is writeable (mambots/editors/mostlyce/jscripts/tiny_mce/mostlyce_config.php). * Toggle the editor off and then back on to re-register it within your installation. You can do this via the first tab inside the global configuration interface. Note: Failure to follow the steps above could cause the editor to load improperly and just display as a plain white textarea after the patch. If you experience any issues with the editor after follow these steps please see the following thread (http://forum.mambo-foundation.org/showthread.php?t=3001). 9) If you did a backup of your "en" language folder, restore it. 10) If your default language isn't english, set it as default again: Site->Language Manager, click on default icon front your language. 11) Bring your site back online: Site->Global Configuration->Site Offline (NO). That's it. Patch Complete. Some important Mambo links; Mambo News - http://mambo-news.org/ The Mambo Foundation - http://mambo-foundation.org/ The Forums - http://forum.mambo-foundation.org/ Documentation - http://mambo-support.org/ Developer site - http://mambo-developer.org/ Software Forge - http://mambo-code.org/ Bug Tracker - http://mambo-developer.org/tracker/