The XOOPS Core Development Team brings you a beta version of the next step in XOOPS Development.
XOOPS version 2.0.10 beta is a security-improving release that lessens the use of fopen with URLs and brings a completely new tool for securing modules against CSRF attacks: The XoopsSecurity class.
This is just a beta for now, since the token system still needs some testing, but provided we get enough positive feedback, a final 2.0.10 release should be released within 1-2 weeks.
This release contains files for the core-included versions of News and Newbb (1.1 and 1, respectively). If you use Newbb 2 and/or News 1.2 or later, you should not upload the files in modules/news and modules/newbb as they will mess up these modules.
==== XoopsSecurity ==== The new class for handling security handles some routines including checking the HTTP REFERER and global variable contamination by request parameters.
It also introduces a token system for securing forms against CSRF attacks.