1
peterr
2.0.18.1 --> 2.5 update - what modules ?
  • 2011/1/21 6:01

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


I currently use 2.0.18.1 , and

Quote:
Apache version 2.2.13
PHP version 5.2.10
MySQL version 5.0.91-community


The phpinfo() says 'Server API CGI ' , so I assume php runs in CGI mode.

These are the only modules I currently use:

Liaise - 1.26
protector - 3.4
Site Map - 1.30
Smartobject - 0.9
Smartsection - 2.13
Wflinks - 1.03C
Xhld0 - 3.07

I see protector is now in the core 2.5 , so I don't have to be concerned about that.

What about those other modules ? Are they still in use, safe to use with 2.5, safe to upgrade to, or even, should I use a different module (like Smartsection has gone over to ??cube or something).

I have always had to modify XOOPS userinfo.php as follows (lines added between //BEGIN and //END statements)

$xoopsOption['pagetype'] = 'user';

include 
'mainfile.php';

include_once 
XOOPS_ROOT_PATH.'/class/module.textsanitizer.php';
//BEGIN - 20070412.1 - mod to stop guests from viewing registered user profiles

$xoopsUser or redirect_header('index.php'3_NOPERM);

//END - 20070412.1 - mod to stop guests from viewing registered user profiles
include_once XOOPS_ROOT_PATH '/modules/system/constants.php';


This was always added, because I never liked the fact that a guest user could do this:

http://www.example.com/userinfo.php?uid=1

and find out the username of 'admin' ; not real good for security. Hopefully XOOPS has come a bit further now, in that respect, and there would be no need for that mod.

What about the security side of things (apart from installing protector) ? I used to have some php settings like ..

# XOOPS security measures

php_flag session.use_only_cookies on
php_flag session
.use_trans_sid off

# Protector module

php_flag register_globals off
php_flag allow_url_fopen off

# Don't display php errors to terminal, log to an error file

php_value display_errors 0
php_value log_errors 1
php_value error_log 
/home/username/somepathname/somefilename_error.log


but I don't think I can have them like that with php running as CGI

Are they still needed, or need to be different values, or other settings now ?

Thanks,

Pete

2
Mamba
Re: 2.0.18.1 --> 2.5 update - what modules ?
  • 2011/1/21 10:50

  • Mamba

  • Moderator

  • Posts: 11409

  • Since: 2004/4/23


Quote:
Smartobject - 0.9
Smartsection - 2.13

Switch to Publisher
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

3
peterr
Re: 2.0.18.1 --> 2.5 update - what modules ?
  • 2011/1/21 11:32

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Quote:

Mamba wrote:
Switch to Publisher


Thanks, will do. I may be better to do a clean install also, as there may be a need to cleanup files a bit.

Liaise - 1.26 - I may be better to go for one that has a 'captcha', like Contact 1.7 by trabis, or I see XForms has a captcha

Site Map - 1.30 - still seems 'current' and okay.

Wflinks - 1.03C - seems not to have been updated for ages, and weblinks may be better ??

Xhld0 - 3.07 - D3 Pipes may be better, later version

Thanks,

Peter

Login

Who's Online

443 user(s) are online (307 user(s) are browsing Support Forums)


Members: 0


Guests: 443


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits