A client called us yesterday morning and told us that they were having issues trying to update their Joomla website. They didn’t give us any details, they just told us that they were seeing an error and that they wanted our help. As usual, we gratefully and immediately obliged…
We logged in to the backend of their Joomla website and we clicked on the Update Now button, and then we clicked on the Install the Update button on the Joomla Update page. On the next screen, the one with the progress bar, the following error popped up:
ERROR: JSON.parse: unexpected character at line 1 column 1 of the JSON data
The popup also had a lot of gibberish as you can see from the below image:
Thinking that this was a JavaScript issue, we checked the FireFox console by pressing F12 and then clicking on the Console tab. We saw the following error:
XML Parsing Error: unclosed token
Location: https://www.[ourclientjoomlawebsite].com/administrator/components/com_joomlaupdate/restore.php
Line Number 1, Column 1:
The restore.php mention in the above line immediately reminded us of the Ajax Loading Error: Category not found issue that we addressed some time ago, so, we checked whether the main .htaccess file had any rules blocking the execution of PHP scripts with the exception of the index.php file, and it had none.
We then thought, maybe this is just a FireFox issue, so we tried to do the update on Google Chrome (which is now the dominant browser), but we saw a similar error:
ERROR: Unexpected token in JSON at position 0
Again, the popup had a lot of gibberish following the above error message. The console, however, did not show any errors. Weird…
We knew we could just do the update manually, but we didn’t want to do that, we wanted to know what the problem was, even if it’s at the cost of our own sanity. Luckily, we didn’t have to suffer for long, as we accidentally saw an .htaccess file under the administrator/components folder with the following line:
RemoveType .php
This meant that any PHP file, in the administrator/components directory gets displayed instead of being executed, hence the gibberish that we were seeing as the response to the ajax update request (it was the whole restore.php file). So, we removed that line, and we tried the update again, and this time it worked. Hooray!
So, what’s with the “RemoveType” .htaccess line?
A long time ago, we recommended the use of the RemoveType line in the images folder, to prevent execution of malicious file that were uploaded to the website through an exploit. However, using this .htaccess line anywhere else is not recommended, as it compromises the security of the website by exposing the actual content of all the PHP files. If you are sure that PHP files under a specific folder should never be accessed directly, then you should have the following line in your .htaccess file (the .htaccess file inside the aforementioned folder, that is):
<Files *.php>
Order Allow,Deny
Deny from all
</Files>
The above code denies direct access to all the PHP files under that folder. To add an exception for a PHP file, such as the restore.php file, then all you need to do is just add the following to the .htaccess file that you have just created:
<Files restore.php>
Order Allow,Deny
Allow from all
</Files>
We hope that you found this post useful. If you are trying to update your Joomla website but you are having issues, then please contact us. Our rates are affordable, our work is clean, and we are always eager to serve new (and old) clients!