Actions

J2.5 talk

Difference between revisions of "Developing a MVC Component/Adding a view to the site part"

From Joomla! Documentation

(Security issue?!!!)
Line 14: Line 14:
  
 
Please give your opinions and notice me at tomas.telensky (that at sign) gmail (dot) com.
 
Please give your opinions and notice me at tomas.telensky (that at sign) gmail (dot) com.
 +
 +
JRequest::getCmd() filters the 'task' request variable so any bad characters will be removed.  Furthermore, the controller execute() method will only execute methods that are flagged as public in the controller.  How is that insecure? [[User:Chris Davenport|Chris Davenport]] 20:04, 17 March 2011 (UTC)

Revision as of 15:04, 17 March 2011

i got this error message when trying to install the archive here...

Error building Admin Menus

Security issue?!!!

Hello,

it seems to me that calling:

$controller->execute(JRequest::getCmd('task'));

is quite insecure if one does not check the 'task' variable!

Please give your opinions and notice me at tomas.telensky (that at sign) gmail (dot) com.

JRequest::getCmd() filters the 'task' request variable so any bad characters will be removed. Furthermore, the controller execute() method will only execute methods that are flagged as public in the controller. How is that insecure? Chris Davenport 20:04, 17 March 2011 (UTC)