Hey there all..

I have just finished my update of the first module (an so far only) module I wrote for Xoops.

Previously I called it Culex Dj Rotator, but I renamed it "onair" - my fingers got tired to write the long name.

Still I know I am no expert in programming so my code is probably not worldclass but as far as I can see they work.

Here is the info as I just quick wrote on my website about the module

Quote:

However I havent released it yet as I wanted to see what you'd thought about it, any major mistakes or something else I skipped

Download the zipp here


Keeping my fingers crossed :) :)

Hi culex, thanks for this module.
I downloaded it, I did not installed it but I took a quick look at the code and I noticed some things:

- functions are not prefixed, you should prefix functions with he module name to avoid namespace collisions and consecutive blank pages. Example: function showextinfo($oa_id) should be function onair_showextinfo($oa_id) or even function onair_showExtInfo($oa_id)

- you are using input from users directly into sql statements. This will get any site using this module vulnerable to exploitation with SQL injection.
this is a bad pratice:


Use $xoopsDB->quoteString(), intval() or $myts->addSlashes() to clean/addslashes/quote values used is sql queries





Note: this code boxes above are not displaying correctly \' :(

Ah yes, of course your right... All these number one on my todo list as well as the commenting etc etc..

:)

I have now reprefixed all my functions and sanitized my functions more apropiatly :)

Zip file is updated with the changes + a changelog file