6019
Quote:
What fooled me, in particular, is that some uninstalled modules, like catads, were visible. It might be worth thinking about why that is. It might suggest a fix.
They were visible, because they were alphabetically before "Protector", so XOOPS loaded them just fine.
It seems like the Protector (or AltSys), breaks the loop to read all available modules, so whatever is after "Protector" won't get any chance to be visible. With AltSys it was a real problem for me, because there were no modules visible, since AltSys was the first one.
What would help if you could install XOOPS 2.0.18, and test in a similar configuration, i.e. few modules, version of Protector that requires XOOPS_TRUST_PATH, and then see if this has the same behavior, i.e. if the Protector cannot access XOOPS_TRUST_PATH, then if it breaks the loop and makes the modules after it invisible. This way we would know if AltSys and Protector are over-sensitive, or if XOOPS 2.3.x made them to behave this way.
Regarding security risk, it is highly recommended that you're able to have the XOOPS_TRUST_PATH outside of Document Root. So talk to your host and explain it to them.