PEAK XOOPS - Don't use and trust core files in englishin japanese

Archive | RSS |
XOOPS
XOOPS : Don't use and trust core files
Poster : GIJOE on 2006-05-26 04:20:50 (8267 reads)

in englishin japanese
If you are a module developper, You should not use or trust codes or files in XOOPS 2.0.x.

- using XoopsMediaUploader
--> import a file upload vulnerability into your module
(Though this is just an old issue)

- using XoopsObject (Criteria)
--> import SQL Injections into your module

This is not only a problem of vulnerabiilties.

- using XoopsErrorHandler
--> All errors will "echo" or "silence". you can't use "log" at all.

- using Ticket class from core
--> Your module losts a compatibility with the other core (xoops.org <=> cube.org)


With xhld, I've made a mistake.

- using Snoopy in the core
--> xhld lost compatibility with some blog servers in 2.0.14-JP core.

I have to release xhld with properly modified Snoopy.
Then I'll make an original class to fetch feeds via HTTP.

0 comments
Printer friendly page Send this story to a friend

Comments list

View more comments...
Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!