Difference between revisions of "Developing a MVC Component/Adding a view to the site part"
From Joomla! Documentation
(→general comments in code are dublication: new section) |
|||
| (8 intermediate revisions by 5 users not shown) | |||
| Line 14: | Line 14: | ||
Please give your opinions and notice me at tomas.telensky (that at sign) gmail (dot) com. | Please give your opinions and notice me at tomas.telensky (that at sign) gmail (dot) com. | ||
| + | |||
| + | JRequest::getCmd() filters the 'task' request variable so any bad characters will be removed. Furthermore, the controller execute() method will only execute methods that are flagged as public in the controller. How is that insecure? [[User:Chris Davenport|Chris Davenport]] 20:04, 17 March 2011 (UTC) | ||
| + | |||
| + | |||
| + | == Installer problem == | ||
| + | |||
| + | When I try to install helloworld component I see this message: | ||
| + | |||
| + | JInstaller: :Install: Cannot find XML setup file | ||
| + | JInstaller: :Install: Cannot find XML setup file | ||
| + | Copy failed | ||
| + | |||
| + | == XML Installation Problem == | ||
| + | |||
| + | To get the installation to work in the XML file, replace <name>Hello World!</name> with <name>com_helloworld</name>. This seems to work. | ||
| + | |||
| + | == general comments in code are dublication == | ||
| + | |||
| + | e.g. | ||
| + | |||
| + | |||
| + | // import joomla controller library | ||
| + | |||
| + | jimport('joomla.application.component.controller'); | ||
| + | |||
| + | // Perform the Request task | ||
| + | |||
| + | $input = JFactory::getApplication()->input; | ||
| + | |||
| + | $controller->execute($input->getCmd('task')); | ||
| + | |||
| + | // Redirect if set by the controller | ||
| + | |||
| + | $controller->redirect(); | ||
| + | |||
| + | this is no help at all, when i am reading a hello world tutorial you cannot expect me to know what perform request task means. I can see it anyways that you are executing something having to do with a task in the code. It would be really cool if people could start giving explanations as to 'why' someone is doing something instead of duplicating the code with a comment. Just look at the other two. I can see there is a bloody import and that we try to redirect. I am assuming at this point, one has to always to try to redirect at this point, because that is how it works. If yes, write it in the comment, if not, write maybe as well why we dont always want to redirect. | ||
Revision as of 22:31, 30 December 2013
i got this error message when trying to install the archive here...
Error building Admin Menus
Security issue?!!![edit]
Hello,
it seems to me that calling:
$controller->execute(JRequest::getCmd('task'));
is quite insecure if one does not check the 'task' variable!
Please give your opinions and notice me at tomas.telensky (that at sign) gmail (dot) com.
JRequest::getCmd() filters the 'task' request variable so any bad characters will be removed. Furthermore, the controller execute() method will only execute methods that are flagged as public in the controller. How is that insecure? Chris Davenport 20:04, 17 March 2011 (UTC)
Installer problem[edit]
When I try to install helloworld component I see this message:
JInstaller: :Install: Cannot find XML setup file JInstaller: :Install: Cannot find XML setup file Copy failed
XML Installation Problem[edit]
To get the installation to work in the XML file, replace <name>Hello World!</name> with <name>com_helloworld</name>. This seems to work.
general comments in code are dublication[edit]
e.g.
// import joomla controller library
jimport('joomla.application.component.controller');
// Perform the Request task
$input = JFactory::getApplication()->input;
$controller->execute($input->getCmd('task'));
// Redirect if set by the controller
$controller->redirect();
this is no help at all, when i am reading a hello world tutorial you cannot expect me to know what perform request task means. I can see it anyways that you are executing something having to do with a task in the code. It would be really cool if people could start giving explanations as to 'why' someone is doing something instead of duplicating the code with a comment. Just look at the other two. I can see there is a bloody import and that we try to redirect. I am assuming at this point, one has to always to try to redirect at this point, because that is how it works. If yes, write it in the comment, if not, write maybe as well why we dont always want to redirect.