Please report any issues you encounter with this release so that we can make XOOPS better for
everyone. If you are registered on GitHub, just open an issue . We will also
monitor the XOOPS forums .
Fixes and Enhancements
Without the contributions of many, this release would not exist. A
big " Thank you! " goes to everyone that has contributed. In alphabetical order, the list includes:
Lots of effort has been put into making XOOPS better cleaner, safer and more compliant with current standards and
best practices.
Security
This release includes fixes for multiple
issues (CSRF, weak password hash, and directory traversal) reported by hyp3rlinx. Also, fixes for a potential privileged information disclosure issue reported
by Cédric MONTUY.
Passwords are now hashed using PHP's
password_hash() function . A library that brings compatibility to users with PHP versions earlier than 5.5 is included.
The new XMF library
(see below) includes support for JWT , which can be very useful in securing AJAX and
REST processing.
Ready for PHP 7 Testing
The world of PHP is in
constant motion. The recent release of PHP 7 brings with it huge improvements, but also compatibility issues. While XOOPS 2.5.8 supports PHP 5.3.7 through the
latest 5.6 release, PHP 7 support should still be considered experimental, and is released for public testing.
MySQL support using the
mysql extension has been deprecated for quite a while, and PHP7 removes it completely. XOOPS 2.5.8 now uses the mysqli exclusively. Any
database access using standard calls to the XoopsDatabase classes will use the newer mysqli extension. Some modules are using direct database calls
through PHP mysql_* functions. These will continue to work under PHP 5, but it is recommended that module developers consider remediation of any such
calls.
Another thing that changes in PHP 7 is " All of the
E_STRICT notices have been reclassified to other levels. " In previous XOOPS versions, E_STRICT warnings have been suppressed when using the debugging
logger. These are no longer suppressed to give developers insight into what may need to be fixed. We've tried to make sure XoopsCore runs clean, but modules may
produce debugging output you have not seen with earlier versions.
Custom administration themes may have issues due to a long existing bug in the
XoopsSystemGui::validate() definition.
XMF Included
XOOPS Module
Framework library, the XMF library , is now included, and is used in the core in several
places. XMF is a library of standard classes useful in module development. It can be very useful in the near future, as all of its classes are forward
compatible with the next generation of XOOPS.
There are database changes
with this version. There are no new requirements for a fresh installation, but for updating an existing system, follow the recommended upgrade process . In a nut shell:
- Make
a full backup of site files and database. (We've done lots of testing, but it is always best to be safe.)
- Copy the contents of the distribution
htdocs directory into your web root directory.
- Copy the contents of htdocs/xoops_lib to your relocated/renamed
xoops_lib as applicable.
- Copy the distribution upgrade directory into your web root directory.
- Point your browser
to http:// your-site-url /upgrade/ and follow the prompts.
- Log in and step through any needed updates.
- At the end, follow
the link to upgrade the system module.
- Also update pm, profile and protector modules if installed.
- Remove the install
and upgrade directories from your web root.