|
|
Joomla
|
|
Monday, 06 July 2009 23:45 |
JHTML is a very odd class to work with because most of the time you are only calling JHTML::_()and passing some cryptic string that magically gets interpreted into HTML for you. The first thing you should know is that JHTML is a service class, which actually calls a subclass based on the first parameter. I am not sure why you do not natively just call the direct class you want as opposed to this notation which I find odd, but I have decided that I might as well learn all the weird Joomla styles and use them for greater understanding across the community when they look at my code.
So in order to help you get started with this beast, we will look at how to create a drop-down box, formally known as a select element in a form.
Before we get started, it will be a lot clearer if you check out the API from the actual class that will doing the work, we will then work our way back up. When I approached it this way, it made a whole lot more sense later. The class is so obviously named JHTMLSelect, click the link to see the API. Now, we are going to start with the most basic, yet at the same time most complex method, genericlist. The other methods are just more specific version of this, so if you get can the hang of this you will be pretty well set.
|
|
Click here to read the full article...
|
|
|
Joomla
|
|
Friday, 29 May 2009 06:51 |
|
Think about the most basic kind of web page you can create, static HTML. In this sense, you are not expecting any input (either from the user or via a link) to effect the output. This was the easy life back in the early days of the Internet, and life was good. Today, most websites are dynamic. This is most likely why you are using a CMS like Joomla. Now, you may not include any "interactive" features on your website, but the second you start using Joomla your site truly is interactive, because a dynamic site relies upon dynamic content. In most cases, you may (think that you) control the input, but there is really nothing stopping the user from changing the dynamic instructions you set.
Let's take simple example. You have a muli-page article. On the bottom of page one you have a link with a target like this somesite.com/index.php?page=2. At first glance, this looks innocent enough. But there is nothing stopping the user to changing that value and submitting it to your website. But what's the worst that can happen? They change page=2c to page=3 and they go to page 3. That's one possibility, but if you do not filter and validate your input, they may be able to inject arbitrary code and get your application to do something funny.
This may seem fairly obvious in today's world of XSS, CSRF, and other nasty acronyms. However, if you are writing Joomla components you must take this into account. As Joomla grows in popularity, hackers will be drawn to attack your code. Further compounding this issue is that most Joomla site owners know absolutely nothing about HTML never mind web security or procedures. That is why you must make your code as strict is possible - I know this if often very hard in a loose language such as PHP on which Joomla is built.
|
|
Click here to read the full article...
|
|
|
|
|
|
