11
vaughan
Re: www.Xoopsaddons.org hacked?
  • 2008/1/5 16:08

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


XOOPS is XOOPS (the software, the core, the modules, & the themes)

if that didn't exist none of the others would either. xoops.org is nothing without it's software. xoops.org is only the official support site, the home of the software. nothing more.

any website that offers support for XOOPS software is supporting the XOOPS SOFTWARE, they are not necessarily supporting xoops.org.

it's all about the software.

and i'm not being destructive, you made the insinuation not me. i'm just giving you the official reason to quench those allegations.

someone asked if xoops.org was hacked, then all these insinuations that were nothing to do with the question came out, from people who were not in a position to make those allegations based on no information.

i have responded to the original question & your allegation, and being as 3 people run xoopsaddons who would know what had actually occured and why etc. myself being 1 of those 3, then I think I am actually qualified to answer that question..



12
vaughan
Re: www.Xoopsaddons.org hacked?
  • 2008/1/5 12:51

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


Quote:

I'm sure they have backups. But since this Website (as well as the xoopswiki) is run by the ImpressCMS people, the question is if they will bother to restore the backup, or will they just go on and restore the backup as Addons at ImpressCMS?


no it will be restored as XOOPS Addons. why can't you people just give it a break? we have said before & I will repeat it yet again.

Just because some of us have moved onto a new project, We still support XOOPS, and we will continue to do so. we just won't be supporting xoops.org. We still have clients who use XOOPS software and not all those will wish to move to impressCMS.

Quote:

The weird story is that Darcy was working on updating the Module Repository on www.xoops.org, and she posted the files listings from SourceFourge she was working on (she was comparing the files stored on SourceForge to the files we have on XOOPS to the files that are on XoopsAddons), on the www.xoops.org wiki which was visible to everybody, and it was a work in progress.

The XoopsAddons was the most up to date repository, so it was important to compare it to them and see what we are missing. Then suddenly day later the whole XoopsAdons Websites goes down. Was it because somebody didn't want XOOPS to have all the latest modules listed on XOOPS? Is there any correlation to what Darcy was doing, or was it just a pure coincidence?


well everybody seems to love replicating others hard work, i'm not even going to bother getting into that argument again with regards to why addons was built for the community and was to be the official XOOPS repository.. blah blah blah.. don't blame us for that.

XOOPS addons will remain as XOOPS addons, a module repository for XOOPS modules. why Darcy removed the link to XOOPS addons is out of pure spite because it was not officially run by any xoops.org staff.. we certainly get the impression that for anything to be considered as an official resource of XOOPS it *HAS* to be owned and controlled by xoops.org.. blah blah blah.

who cares right? it's not us that suffers from the spite of others, it's you the users & community and those many people that just want to build their websites. those same people do not care about politics, they just want to be able to find what they want without receiving multiple amounts of PM messages from Darcy and other people everytime they post a link to XOOPS addons or xoopswiki stating that they should not post links to that repository, and please don't say that this is not happening.

and on the other side of the fence, insinuate about coincidences that XOOPS addons was hacked or closed because darcy was copying it. let me put another version to it. (purely a possibility but certainly not FACT) i'm simply offering another alternative because we seem to always get blamed for things out of our control because something happens here. so here it is.

maybe xoopsaddons & xoopswiki were hacked or removed because xoops.org or admin of xoops.org don't like the fact that someone did a better job of building a repository but refused to hand full control of that project to DJ, so maybe they were the ones sabotaging things and making it look like something else. so that we get blamed for everything and XOOPS gets some sympathy for replicating everyones work (NOTE. I KNOW THAT IS NOT THE CASE, or is it? lol. i'm just showing you that whilst you may make insinuations and guesses yourselves, there is also the other side of the coin where we could make those insinuations aswell so please STOP.)

please Mamba & Darcy stop with your paranoid delusions, and stop trying to pass the blame or read into things that aren't actual FACT. you could easily contact any one of us for explanations without retorting to innaccurate insinuations yet again. But we will not respond to stupid comments in PM's like ones received saying that anyone on the impress team should resign from XOOPS. there is no law saying you can only support 1 software. open source is about collaboration. and that does not mean that you can't be admin on more than 1 project because you consider it a conflict of interest.. if it was a closed source software that is released by purchasing it, then that would be a different matter, but certainly not the same as open-source collaboration.



13
vaughan
Re: Losing formatting in lang-constants after applying 2.2.6RC
  • 2008/1/3 20:34

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


cheers John, at least you're also on the right page as me :)

Quote:
from 2.0.18 release notes:

Added sanitizing to XOOPS form elements to avoid XSS


if adding htmlspecialchars to form elements is classed as sanitizing then i'm stumped.

htmlspecialchars() isn't for sanitizing, it is for preventing user-inputted text from containing HTML markup tags.

note: prevention is not sanitizing.. sanitizing means to clean the text from malicious code etc, not to prevent html from being parsed.

so if you want to prevent html from being inputted by the user then by all means use htmlspecialchars.. but if you actually want to sanitize (clean) the users input of html then do not use htmlspecialchars.. i can't understand the reasoning behind it's use at all in many places on 2.0.18.

sanitize the input properly and there'd be no reason to prevent html in this case with htmlspecialchars.



14
vaughan
Re: Losing formatting in lang-constants after applying 2.2.6RC
  • 2008/1/2 22:17

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


that's because they added htmlspecialchars to the $extra tag in function insertbreak(), which now basicly works opposite to how it should and a few modules will not function correctly including formulize.

either remove the htmlspecialchars from the extra tag or you need to add a html_entity_decode to it.
or better still create an extra tag for insertBreak function which can decide whether to use htmlspecialchars() or not.

the use of htmlspecialchars in insertbreak imo is used incorrectly and can be a nuisance to scripts that use proper sanitation already. and there are times when you may need javascript or other html to be passed through insertbreak, but as it stands now, you're out of luck without either modifying the insertbreak function or asking all the module developers to also change their modules so that they work properly with insertbreak.



15
vaughan
Re: "Forbideen"
  • 2007/12/27 20:18

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


you should be uploading to htdocs/

usually the www folder is a linked folder storing mirrored images of your htdocs folder.

your domain should be pointing to htdocs.



16
vaughan
Re: register only if army.mil
  • 2007/12/24 1:22

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


being as nobody answered.

in XOOPS 2.2 you do exactly the same, except the file to edit is modules/profile/include/functions.php

find >

if (!empty($be) && preg_match("/".$be."/i"$user->getVar('email'))) {
            
$stop .= _PROFILE_MA_INVALIDMAIL.'<br />'.print_r($user->getVar('email'));
            break;


replace with

if (!empty($be) && !preg_match("/".$be."/i"$user->getVar('email'))) {
            
$stop .= _PROFILE_MA_INVALIDMAIL.'<br />'.print_r($user->getVar('email'));
            break;



17
vaughan
Re: [critical] hosting service turning off allow_url_fopen
  • 2007/12/16 19:11

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


it is my understanding that if fopen is disabled in php, XOOPS defaults to using the snoopy.php class instead? or would modification be needed for modules that require fopen to use snoopy.

but either way, it is best to use snoopy instead of enabling fopen.



18
vaughan
Re: Show us the $$$....!
  • 2007/12/13 19:27

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


@Mauricio.

ban from SF? and you risk losing a lot more than a few core devs & community support. but you will lose all the modules that are hosted there.

maybe you're not aware but people have module dev projects there, with CVS access to just their own modules/projects. you ban from SF you stop those people being able to develop and commit changes to their modules. such as what DJ did with marcan by removing his CVS access when he quit the core team.. might i say that there was no need to remove cvs access, only svn access needed removing, and DJ refuses to give back that access. but that doesn't matter anymore though because marcan moved his module development to a new project smartx just so he could update & develop his own modules.

remember those modules are still being developed FOR XOOPS.



19
vaughan
Re: How much money has the xoops foundation earned in 2007?
  • 2007/12/13 18:03

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


exscuse me? but where on earth did i say that?

i said you can create your own ads services & google adsense accounts.

when the foundation is dissolved the reports will be given to XOOPS along with assets. end of.

that does not entitle you to login details.

anyway, that's my last word, read my response in the other thread, and be patient.. no more responses from anybody will be given until the situation has been sorted appropriately with the people concerned.

i have asked for both of my accounts here on x.org to be completely removed, so if the admins are quick, this will be the last response you'll get on the matter.



20
vaughan
Re: How much money has the xoops foundation earned in 2007?
  • 2007/12/13 17:55

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


No. you can create your own accounts for ADS services & google adsense.




TopTop
« 1 (2) 3 4 5 ... 47 »



Login

Who's Online

242 user(s) are online (141 user(s) are browsing Support Forums)


Members: 0


Guests: 242


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits