I've just restructured waiting module. (version 0.9)
Older:
-- plugin
-- -- module
-- -- -- module.php
-- -- -- language.lng.php
-- -- -- language.lng.php
-- -- module
-- -- -- module.php
-- -- -- language.lng.php
-- -- -- language.lng.php
Newer:
-- plugins
-- -- module.php
-- -- module.php
If you make the plugins, update "waiting" to 0.9 first, please.
And use the language constants from plugins.php instead of defining the original constants.
I believe this modification makes waiting lighter and faster
common内に置く共通のSPAWにXSS脆弱性が発見されました。
もしTinyD 2.0以上をお使いでしたら、TinyD 2.15 にバージョンを上げて下さい。
今回のXSS脆弱性は、commonディレクトリ内のみですので、そこだけ上書きいただければ十分です。
A security hole is reported in xoops.org
But, it is just a well-known hole.
JM2 -the real HERO- reported it to dev.xoops.org April 2004.
After the post, I and Catzwolf argued about it.
Since I thought it is a serious hole, myAlbum-P which used XoopsMediaUploader uses MyXoopsMediaUploader (= secure XoopsMediaUploader).
myAlbum-P and ImageManagerIntegration users, set your mind at ease
I've already fixed it as 2.70 in 5th April 2004.
(If you use myAlbum-P <= 2.6x, you should update right now)
Of course, Protector can protect attacks using this hole.
That's because it's a well-known hole.
But I've just found a typo in the code against such attacks.
Protector users, you should update immediately Protector >= 2.37.
With Protector >= 2.37, you can enable custom avatars or imagemanager of the core, I believe.
Protector also protects some combination attacks
-camouflaged mime-type
-.gif extension (or the other image extension)
-CSRF
Don't turn "patch for 2.0.9.2" off as long as you don't use ORETEKI.
There was a great programmer named "minahito" in Japanese XOOPS community.
After he made a lot of great modules, he said good-bye and went to TikiWiki...
Although all of his works are great without exceptions, he made only Japanese language files.
Thus you did not hear his name all of the world but Japan.
It sounds regret.
Therefore, I'll introduce his great works.
The first one is "Comment Anywhere".
This module allows visitors submit comments from main pages seamlessly.
You will be suprised this is not a hack at all!
I've just installed it into this site, and you can find how useful this module is. (It's especially useful with myAlbum-P.)
I'll making his modules as international version.
Just wait.
I've implemented "Tell a friend module".
The link of "mailto:" often makes wrong conversion of charactors in multi-byte-lang environment.
Even in single-byte-lang environment, it is impossible for a visitor without MUA to send "tell a friend".
This module works collaborately with a Smarty plugin modifier.xoops_tellafriend.php (Copy it into the plugin folder of Smarty before use this module)
All you have to do is editing your template set like this:
news_article.html
<a target="_top" href="<{$mail_link|xoops_tellafriend}>">