PEAK XOOPS - Don't use and trust core files

Don't use and trust core files

Date 2006-05-26 04:20:50 | Category: XOOPS

If you are a module developper, You should not use or trust codes or files in XOOPS 2.0.x.

- using XoopsMediaUploader
--> import a file upload vulnerability into your module
(Though this is just an old issue)

- using XoopsObject (Criteria)
--> import SQL Injections into your module

This is not only a problem of vulnerabiilties.

- using XoopsErrorHandler
--> All errors will "echo" or "silence". you can't use "log" at all.

- using Ticket class from core
--> Your module losts a compatibility with the other core (xoops.org <=> cube.org)

With xhld, I've made a mistake.

- using Snoopy in the core
--> xhld lost compatibility with some blog servers in 2.0.14-JP core.

I have to release xhld with properly modified Snoopy.
Then I'll make an original class to fetch feeds via HTTP.

You can read more news at PEAK XOOPS.
http://xoops.peak.ne.jp

The URL for this story is:
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=113