Actions

J2.5 talk

Developing a MVC Component/Adding a view to the site part

From Joomla! Documentation

(Redirected from J2.5 talk:Developing a Model-View-Controller Component/Adding a view to the site part)

i got this error message when trying to install the archive here...

Error building Admin Menus

Contents

Security issue?!!!

Hello,

it seems to me that calling:

$controller->execute(JRequest::getCmd('task'));

is quite insecure if one does not check the 'task' variable!

Please give your opinions and notice me at tomas.telensky (that at sign) gmail (dot) com.

JRequest::getCmd() filters the 'task' request variable so any bad characters will be removed. Furthermore, the controller execute() method will only execute methods that are flagged as public in the controller. How is that insecure? Chris Davenport 20:04, 17 March 2011 (UTC)


Installer problem

When I try to install helloworld component I see this message:

JInstaller: :Install: Cannot find XML setup file JInstaller: :Install: Cannot find XML setup file Copy failed

XML Installation Problem

To get the installation to work in the XML file, replace <name>Hello World!</name> with <name>com_helloworld</name>. This seems to work.

general comments in code are dublication

e.g.


// import joomla controller library

jimport('joomla.application.component.controller');

// Perform the Request task

$input = JFactory::getApplication()->input;

$controller->execute($input->getCmd('task'));

// Redirect if set by the controller

$controller->redirect();

this is no help at all, when i am reading a hello world tutorial you cannot expect me to know what perform request task means. I can see it anyways that you are executing something having to do with a task in the code. It would be really cool if people could start giving explanations as to 'why' someone is doing something instead of duplicating the code with a comment. Just look at the other two. I can see there is a bloody import and that we try to redirect. I am assuming at this point, one has to always to try to redirect at this point, because that is how it works. If yes, write it in the comment, if not, write maybe as well why we dont always want to redirect.