Difference between revisions of "Developing a MVC Component/Adding verifications"
From Joomla! Documentation
< Archived:Developing a MVC Component
(New page: {{underconstruction}} {{future|1.6}} == Articles in this series == * Developing a Basic Component * [[Devel...) |
|||
Line 23: | Line 23: | ||
== Preventing CSRF attacks == | == Preventing CSRF attacks == | ||
− | A way to prevent [http://en.wikipedia.org/wiki/Cross-site_request_forgery CSRF attacks] | + | A way to prevent [http://en.wikipedia.org/wiki/Cross-site_request_forgery CSRF attacks] is to use tokens in the forms. Joomla!1.6 provides a function to generate tokens and function to check them. |
+ | |||
+ | In the ''admin/views/helloworldlist/tmpl/default.php'' file put these lines | ||
+ | |||
+ | <span id="admin/views/helloworldlist/tmpl/default.php"> | ||
+ | ''admin/views/helloworldlist/tmpl/default.php'' | ||
+ | <source lang="php"> | ||
+ | <?php | ||
+ | // No direct access to this file | ||
+ | defined('_JEXEC') or die('Restricted Access'); | ||
+ | // load tooltip behavior | ||
+ | JHtml::_('behavior.tooltip'); | ||
+ | ?> | ||
+ | <form action="<?php echo JRoute::_('index.php?option=com_helloworld'); ?>" method="post" name="adminForm"> | ||
+ | |||
+ | <table class="adminlist"> | ||
+ | |||
+ | <thead><?php echo $this->loadTemplate('head');?></thead> | ||
+ | |||
+ | <tfoot><?php echo $this->loadTemplate('foot');?></tfoot> | ||
+ | <tbody><?php echo $this->loadTemplate('body');?></tbody> | ||
+ | |||
+ | </table> | ||
+ | |||
+ | <input type="hidden" name="task" value="" /> | ||
+ | |||
+ | <input type="hidden" name="boxchecked" value="0" /> | ||
+ | |||
+ | <?php echo JHtml::_('form.token'); ?> | ||
+ | </form> | ||
+ | </source> | ||
+ | </span> | ||
+ | |||
+ | The ''echo JHtml::_('form.token');'' generates the token | ||
== Packaging the component == | == Packaging the component == |
Revision as of 08:10, 13 November 2009
This page has been archived. This page contains information for an unsupported Joomla! version or is no longer relevant. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.
This article or section is in the process of an expansion or major restructuring. You are welcome to assist in its construction by editing it as well. If this article or section has not been edited in several days, please remove this template.
This article was last edited by Cdemko (talk| contribs) 14 years ago. (Purge)
Articles in this series[edit]
- Developing a Basic Component
- Adding a view to the site part
- Adding a menu type to the backend part
- Adding a model to the site part
- Adding a variable request in the menu type
- Using the database
- Basic backend
- Adding language management
- Adding backend actions
- Adding decorations to the backend
- Adding verifications
- Adding categories
- Adding configuration
- Adding ACL
- Adding an update server
Indroduction[edit]
This tutorial is part of the Developing a Model-View-Controller (MVC) Component for Joomla!1.6 tutorial. You are encouraged to read the previous parts of the tutorial before reading this.
Preventing CSRF attacks[edit]
A way to prevent CSRF attacks is to use tokens in the forms. Joomla!1.6 provides a function to generate tokens and function to check them.
In the admin/views/helloworldlist/tmpl/default.php file put these lines
admin/views/helloworldlist/tmpl/default.php
<?php
// No direct access to this file
defined('_JEXEC') or die('Restricted Access');
// load tooltip behavior
JHtml::_('behavior.tooltip');
?>
<form action="<?php echo JRoute::_('index.php?option=com_helloworld'); ?>" method="post" name="adminForm">
<table class="adminlist">
<thead><?php echo $this->loadTemplate('head');?></thead>
<tfoot><?php echo $this->loadTemplate('foot');?></tfoot>
<tbody><?php echo $this->loadTemplate('body');?></tbody>
</table>
<input type="hidden" name="task" value="" />
<input type="hidden" name="boxchecked" value="0" />
<?php echo JHtml::_('form.token'); ?>
</form>
The echo JHtml::_('form.token'); generates the token
Packaging the component[edit]
Content of your code directory
- helloworld.xml
- site/index.html
- site/helloworld.php
- site/views/index.html
- site/views/helloworld/index.html
- site/views/helloworld/view.html.php
- site/views/helloworld/tmpl/index.html
- site/views/helloworld/tmpl/default.xml
- site/models/index.html
- site/models/helloworld.php
- site/views/helloworld/tmpl/default.php
- site/language/index.html
- site/language/en-GB/index.html
- site/language/en-GB/en-GB.com_helloworld.ini
- admin/index.html
- admin/helloworld.php
- admin/controller.php
- admin/sql/index.html
- admin/sql/install.mysql.utf8.sql
- admin/sql/uninstall.mysql.utf8.sql
- admin/sql/update.mysql.utf8.sql
- admin/models/index.html
- admin/models/fields/index.html
- admin/models/fields/helloworld.php
- admin/models/forms/index.html
- admin/models/forms/helloworld.xml
- admin/models/helloworld.php
- admin/models/helloworldlist.php
- admin/views/index.html
- admin/views/helloworldlist/index.html
- admin/views/helloworldlist/view.html.php
- admin/views/helloworldlist/tmpl/index.html
- admin/views/helloworldlist/tmpl/default.php
- admin/views/helloworldlist/tmpl/default_head.php
- admin/views/helloworldlist/tmpl/default_body.php
- admin/views/helloworldlist/tmpl/default_foot.php
- admin/views/helloworldlist/index.html
- admin/views/helloworld/view.html.php
- admin/views/helloworld/tmpl/index.html
- admin/views/helloworld/tmpl/default.php
- admin/tables/index.html
- admin/tables/helloworld.php
- admin/language/en-GB/en-GB.com_helloworld.ini
- admin/language/en-GB/en-GB.com_helloworld.menu.ini
- admin/controllers/index.html
- admin/controllers/helloworld.php
- admin/controllers/helloworldlist.php
- language/en-GB/en-GB.ini
- media/index.html
- media/images/index.html
- media/images/tux-16x16.png
- media/images/tux-48x48.png
Create a compressed file of this directory or directly download the archive and install it using the extension manager of Joomla!1.6. You can add a menu item of this component using the menu manager in the backend.
helloworld.xml
<?xml version="1.0" encoding="utf-8"?>
<extension type="component" version="1.6.0" method="upgrade">
<name>Hello World!</name>
<creationDate>November 2009</creationDate>
<author>John Doe</author>
<authorEmail>john.doe@example.org</authorEmail>
<authorUrl>http://www.example.org</authorUrl>
<copyright>Copyright Info</copyright>
<license>License Info</license>
<version>0.0.10</version>
<description>com_helloworld_Description</description>
<install> <!-- Runs on install -->
<sql>
<file driver="mysql" charset="utf8">sql/install.mysql.utf8.sql</file>
</sql>
</install>
<uninstall> <!-- Runs on uninstall -->
<sql>
<file driver="mysql" charset="utf8">sql/uninstall.mysql.utf8.sql</file>
</sql>
</uninstall>
<update> <!-- Runs on update -->
<sql>
<file driver="mysql" charset="utf8">sql/update.mysql.utf8.sql</file>
</sql>
</update>
<files folder="site">
<filename>index.html</filename>
<filename>helloworld.php</filename>
<filename>controller.php</filename>
<folder>views</folder>
<folder>models</folder>
<folder>language</folder>
</files>
<media destination="com_helloworld" folder="media">
<filename>index.html</filename>
<folder>images</folder>
</media>
<administration>
<menu img="../media/com_helloworld/images/tux-16x16.png">Hello World!</menu>
<files folder="admin">
<filename>index.html</filename>
<filename>helloworld.php</filename>
<filename>controller.php</filename>
<folder>sql</folder>
<folder>tables</folder>
<folder>models</folder>
<folder>views</folder>
<folder>controllers</folder>
</files>
<languages folder="admin">
<language tag="en-GB">language/en-GB/en-GB.com_helloworld.ini</language>
<language tag="en-GB">language/en-GB/en-GB.com_helloworld.menu.ini</language>
</languages>
</administration>
</extension>