Security: Added CMS_VERSION direct access guards to all action files
Security: Added allowed_classes restriction to all unserialize() calls
Security: Replaced deprecated ereg()/split() with preg_match()/explode()
Removed deprecated SetParameterType/CreateParameter/RestrictUnknownParams
Replaced deprecated CreateURL() with create_url()
Replaced deprecated cms_html_entity_decode() with html_entity_decode()
Replaced cge_utils::get_real_ip() with xt_utils::get_real_ip()
Replaced htmlspecialchars Smarty modifier with escape:'html'
Removed print_r() debug output in ratings action
Reduced nesting depth in admin_editcomment
Removed duplicate cookie-setting block
Standardised file headers, removed closing PHP tags
Fixed help template to not require CGExtensions tab plugins
Added doc/LICENSE file