Actions

J2.5 talk

Difference between revisions of "Developing a MVC Component/Adding a view to the site part"

From Joomla! Documentation

(Security issue?!!!: new section)
(8 intermediate revisions by 6 users not shown)
Line 13: Line 13:
 
is quite insecure if one does not check the 'task' variable!
 
is quite insecure if one does not check the 'task' variable!
  
Thanks for opinions.
+
Please give your opinions and notice me at tomas.telensky (that at sign) gmail (dot) com.
 +
 
 +
JRequest::getCmd() filters the 'task' request variable so any bad characters will be removed.  Furthermore, the controller execute() method will only execute methods that are flagged as public in the controller.  How is that insecure? [[User:Chris Davenport|Chris Davenport]] 20:04, 17 March 2011 (UTC)
 +
 
 +
 
 +
== Installer problem ==
 +
 
 +
When I try to install helloworld component I see this message:
 +
 
 +
JInstaller: :Install: Cannot find XML setup file
 +
JInstaller: :Install: Cannot find XML setup file
 +
Copy failed
 +
 
 +
== XML Installation Problem ==
 +
 
 +
To get the installation to work in the XML file, replace <name>Hello World!</name> with <name>com_helloworld</name>. This seems to work.

Revision as of 14:46, 3 May 2013

i got this error message when trying to install the archive here...

Error building Admin Menus

Security issue?!!!

Hello,

it seems to me that calling:

$controller->execute(JRequest::getCmd('task'));

is quite insecure if one does not check the 'task' variable!

Please give your opinions and notice me at tomas.telensky (that at sign) gmail (dot) com.

JRequest::getCmd() filters the 'task' request variable so any bad characters will be removed. Furthermore, the controller execute() method will only execute methods that are flagged as public in the controller. How is that insecure? Chris Davenport 20:04, 17 March 2011 (UTC)


Installer problem

When I try to install helloworld component I see this message:

JInstaller: :Install: Cannot find XML setup file JInstaller: :Install: Cannot find XML setup file Copy failed

XML Installation Problem

To get the installation to work in the XML file, replace <name>Hello World!</name> with <name>com_helloworld</name>. This seems to work.