Don't use and trust core files
Date 2006-05-26 04:20:50 | Category: XOOPS
|
If you are a module developper, You should not use or trust codes or files in XOOPS 2.0.x.
- using XoopsMediaUploader --> import a file upload vulnerability into your module (Though this is just an old issue)
- using XoopsObject (Criteria) --> import SQL Injections into your module
This is not only a problem of vulnerabiilties.
- using XoopsErrorHandler --> All errors will "echo" or "silence". you can't use "log" at all.
- using Ticket class from core --> Your module losts a compatibility with the other core (xoops.org <=> cube.org)
With xhld, I've made a mistake.
- using Snoopy in the core --> xhld lost compatibility with some blog servers in 2.0.14-JP core.
I have to release xhld with properly modified Snoopy. Then I'll make an original class to fetch feeds via HTTP.
|
|