Quote:

Yes.

Quote:

To keep XOOPS sites safety. No.


Never use XOOPS 2.0.16 without Mr. Gijoe module protector.

Wait for Mr. Skalpa XOOPS 2.3 release.


(hope the roadmap will be update soon)

Hello farshid,

Quote:

You right. If we check XOOPS code we can see it's not completely object oriented. Part is old nuke, other part is Onokazu OO approach. Part is modules developers code style. Similar to any include of ajax library.

I've also check Wanikoo approach. As he says, XOOPS need a recode. To less vulnerabilities, just use the client dom-fx to improve interaction and user interface.

Until XOOPS 2.3 comes out and fixes the security holes.

Otherwise, great effort. We could apply this in a XOOPS intranet solution.

Hello farshid,

Nice effort but a kind of patchwork that may creates some more security holes in XOOPS 2.0.16

Before you push further your efforts to make this old code alike a web 2.0 application, you should check the last javascript security anouncements.

Before the security holes are patched. Examine the key factors of vulnerabilities

.Ajax calls are scattered all over the browser page and can be invoked by respective events.
.Input and outgoing content validation confusion
.It is also possible to load JavaScript in the browser that forces the browser to make cross-domain calls and opens up security holes. This can be lethal and leveraged by virus and worms.
.Browsers can invoke an Ajax call and perform data serialization. It can fetch JS array, Objects, Feeds, XML files, HTML blocks and JSON. If any of these serialization blocks can be intercepted and manipulated, the browser can be forced to execute malicious scripts.
.Ajax opens up a backend channel and fetches information from the server and passes it to the DOM; (update browser’s page memory by calling customized functions or the eval() function) an insecure call can range from a session compromise to the execution of malicious content.

You'll found out there a lot more issues.
If google, yahoo and many other services using web 2.0 apps are been victims of this new vulnerabilities. Can you imagine... a XOOPS site...

Waiting for a XOOPS patch.

También estoy trabajando y buscando una mejor estructura de e-learning. No me admira que no hay mas interés aqui por parte de auto-proclamados jefes y eso aunque es una vez mas asombroso para xoops. Pero en cualquier caso, el más importante, es que la gente sepa los trabajos de la comunidad.

Los franceses desarrollaron un módulo adaptado de Moodle. Muy interessante! Mikhail de www.xoops.net.br tambien puede ayudar en la promoción , puesto que compiló varios módulos y conoce phpnuke, postnuke y XOOPS desde años.

Tambien penso que usted debe publicarlo quizá en los foros de la comunidad española y de br.brasil.org pues aquí hay una carencia importante y poca voluntad de comunicación inter-comunidades.
Asta la vista