Actions

J2.5 talk

Difference between revisions of "Developing a MVC Component/Adding a view to the site part"

From Joomla! Documentation

(New page: i got this error message when trying to install the archive here... Error building Admin Menus)
 
(general comments in code are dublication: new section)
 
(10 intermediate revisions by 6 users not shown)
Line 2: Line 2:
  
 
Error building Admin Menus
 
Error building Admin Menus
 +
 +
== Security issue?!!! ==
 +
 +
Hello,
 +
 +
it seems to me that calling:
 +
 +
$controller->execute(JRequest::getCmd('task'));
 +
 +
is quite insecure if one does not check the 'task' variable!
 +
 +
Please give your opinions and notice me at tomas.telensky (that at sign) gmail (dot) com.
 +
 +
JRequest::getCmd() filters the 'task' request variable so any bad characters will be removed.  Furthermore, the controller execute() method will only execute methods that are flagged as public in the controller.  How is that insecure? [[User:Chris Davenport|Chris Davenport]] 20:04, 17 March 2011 (UTC)
 +
 +
 +
== Installer problem ==
 +
 +
When I try to install helloworld component I see this message:
 +
 +
JInstaller: :Install: Cannot find XML setup file
 +
JInstaller: :Install: Cannot find XML setup file
 +
Copy failed
 +
 +
== XML Installation Problem ==
 +
 +
To get the installation to work in the XML file, replace <name>Hello World!</name> with <name>com_helloworld</name>. This seems to work.
 +
 +
== general comments in code are dublication ==
 +
 +
e.g.
 +
 +
 +
// import joomla controller library
 +
 +
jimport('joomla.application.component.controller');
 +
 +
// Perform the Request task
 +
 +
$input = JFactory::getApplication()->input;
 +
 +
$controller->execute($input->getCmd('task'));
 +
 +
// Redirect if set by the controller
 +
 +
$controller->redirect();
 +
 +
this is no help at all, when i am reading a hello world tutorial you cannot expect me to know what perform request task means. I can see it anyways that you are executing something having to do with a task in the code. It would be really cool if people could start giving explanations as to 'why' someone is doing something instead of duplicating the code with a comment. Just look at the other two. I can see there is a bloody import and that we try to redirect. I am assuming at this point, one has to always to try to redirect at this point, because that is how it works. If yes, write it in the comment, if not, write maybe as well why we dont always want to redirect.

Latest revision as of 22:31, 30 December 2013

i got this error message when trying to install the archive here...

Error building Admin Menus

Contents

Security issue?!!!

Hello,

it seems to me that calling:

$controller->execute(JRequest::getCmd('task'));

is quite insecure if one does not check the 'task' variable!

Please give your opinions and notice me at tomas.telensky (that at sign) gmail (dot) com.

JRequest::getCmd() filters the 'task' request variable so any bad characters will be removed. Furthermore, the controller execute() method will only execute methods that are flagged as public in the controller. How is that insecure? Chris Davenport 20:04, 17 March 2011 (UTC)


Installer problem

When I try to install helloworld component I see this message:

JInstaller: :Install: Cannot find XML setup file JInstaller: :Install: Cannot find XML setup file Copy failed

XML Installation Problem

To get the installation to work in the XML file, replace <name>Hello World!</name> with <name>com_helloworld</name>. This seems to work.

general comments in code are dublication

e.g.


// import joomla controller library

jimport('joomla.application.component.controller');

// Perform the Request task

$input = JFactory::getApplication()->input;

$controller->execute($input->getCmd('task'));

// Redirect if set by the controller

$controller->redirect();

this is no help at all, when i am reading a hello world tutorial you cannot expect me to know what perform request task means. I can see it anyways that you are executing something having to do with a task in the code. It would be really cool if people could start giving explanations as to 'why' someone is doing something instead of duplicating the code with a comment. Just look at the other two. I can see there is a bloody import and that we try to redirect. I am assuming at this point, one has to always to try to redirect at this point, because that is how it works. If yes, write it in the comment, if not, write maybe as well why we dont always want to redirect.