If you are a module developper, You should not use or trust codes or files in XOOPS 2.0.x.
- using XoopsMediaUploader
--> import a file upload vulnerability into your module
(Though this is just an old issue)
- using XoopsObject (Criteria)
--> import SQL Injections into your module
This is not only a problem of vulnerabiilties.
- using XoopsErrorHandler
--> All errors will "echo" or "silence". you can't use "log" at all.
- using Ticket class from core
--> Your module losts a compatibility with the other core (xoops.org <=> cube.org)
With xhld, I've made a mistake.
- using Snoopy in the core
--> xhld lost compatibility with some blog servers in 2.0.14-JP core.
I have to release xhld with properly modified Snoopy.
Then I'll make an original class to fetch feeds via HTTP.