In this chapter we have discussed common error and security issues that we must address to make our extensions as safe and secure as possible. We have covered error handling, input request data validation, access control, and attack prevention.
Although we may never receive an error message from our extensions, the JError
class gives us all of the necessary tools to ensure that any errors that are encountered can be cleanly dealt with. Using the PHP die()
and exit()
functions can potentially 'break' the current users session; we should always exit cleanly. If JError
isn't up to this task, we should use $mainframe->close()
.
Handling input from a URI query is very easy in Joomla! and the data type casting alone provides us with a massive form of protection against security flaws. We should remember that we can use the JRequest
alias methods to easily cast an input value.
Taking input value preprocessing one step further, we can use REs to ensure that data is the expected format. Remember...