Quote:

Seems to be that some people have problems with my attitude or my opinions? I can cope with that. Protector not being part of the core, but shipped with the distribution. Hmm, so Protector is nearly core or half core or optional? Who maintains the module? GIJOE himself? Doubt that.

Protector is not meant to be in public directory? Go tell the people who have no choice. Don't come now with the argument to get a better hoster.

Just my 2 euro cents...

Quote:Protector is a module of GIJoe and he maintains it.
The module is not part of the XOOPS core or necessary to have for operating XOOPS. But its a bad world outside on the internet and Protector offers some valuable functions to harden your site against several attack types. Its like a safety belt in your car: not needed to drive, but somehow indispensable.

Quote:You have always the choice of a better hoster!

Protector is designed to get the additional security by placing the most of the source code outside the document root. If you install it otherwise it will doing more harm then good (When you wear the car belt not in the proper manner, you could get strangled.)
For the people who have the Protector module in the document root (xoops_lib and xoops_data), they should at least rename them with a prefix. Further protection can be made by .htaccess files.

But having a place outside the document root is what qualitative PHP hosters distinguish from HTML hosters, yet being still very affordable.

I addressed this issue in SVN (look on XoopsModules). I've added a registry class and deprecated the use of globals. $mydirname, $mydirpath, $xoopsConfig['language'] are now stored and delivered by this class. Direct file access to this private files will cause an exit. preg_replace() is not needed now. We hope to deliver 2.3.4 in less than 2 weeks.

@Frank: You should not cross your arms and blame others. If you care that much then step on and help us. You're welcome.