J2.5 talk

Developing a MVC Component/Adding a view to the site part

From Joomla! Documentation

Revision as of 15:04, 17 March 2011 by Chris Davenport (Talk | contribs)

i got this error message when trying to install the archive here...

Error building Admin Menus

Security issue?!!!


it seems to me that calling:


is quite insecure if one does not check the 'task' variable!

Please give your opinions and notice me at tomas.telensky (that at sign) gmail (dot) com.

JRequest::getCmd() filters the 'task' request variable so any bad characters will be removed. Furthermore, the controller execute() method will only execute methods that are flagged as public in the controller. How is that insecure? Chris Davenport 20:04, 17 March 2011 (UTC)