Book Image

Mastering Mambo : E-Commerce, Templates, Module Development, SEO, Security, and Performance

By : Christian Wenz, Tobias Hauser
Book Image

Mastering Mambo : E-Commerce, Templates, Module Development, SEO, Security, and Performance

By: Christian Wenz, Tobias Hauser

Overview of this book

<p>Mambo is a PHP-based Open Source CMS. Mambo is both easy to use at the entry level for creating basic websites, while having the power and flexibility to support complex web applications. <br /> <br /> Mambo implements the core requirements of a full featured CMS. It has a powerful and extensible templating system with the ability to upload and manage many different data types. User access control, content approval, rich administrative control, content display scheduling are all built-in. New features and extensions are constantly added to the core system, with many more being available and supported by the community.<br /> <br /> Most of the Mambo development team now works on a fork of Mambo known as Joomla. Mastering Mambo is fully compatible with Joomla's 1.0 release.</p>

Related Content you might be interested in

Current Title:

Small book image
Mastering Mambo : E-Commerce, Templates, Module Development, SEO, Security, and Performance
Christian Wenz | Tobias Hauser
Dec, 2005 | 304 pages
No titles found
Table of Contents (18 chapters)
Mastering Mambo
Mastering Mambo
Credits
Credits
About the Authors
About the Authors
Preface
Preface
Free Chapter
1
Basic Mambo Principles and Terms
Basic Mambo Principles and Terms
Front-End Configuration
Administration Interface
Summary
2
Designing Your Own Templates
Designing Your Own Templates
Template Manager
Your Own Template
Administrator Templates
Useful Stuff
Summary
3
Extensions: Modules, Mambots, and Components
Extensions: Modules, Mambots, and Components
Modules
Mambots
Components
Included Stuff
Summary
4
Internationalization
Internationalization
Languages and Language Packs
Mambel Fish
Summary
5
E-Commerce
E-Commerce
Installation
Functions
Administration of Products
Configuration
Customize and Extend
Summary
6
Forum
Forum
Alternatives
Installation
Configuration
Customizing and Extending
Summary
7
Document Administration with DOCMan
Document Administration with DOCMan
Installation
Administration of Documents
Configuration
Customization
Extensions
Summary
8
Even More Extensions
Even More Extensions
MosForms: Forms with Mambo
Community Builder
Calendar: Events
Picture Gallery: zOOm Gallery
Picture Gallery: RSGallery
Chat: MOS-Chat and Others
Some More Extensions
Summary
9
Your Own Modules, Mambots, and Components
Your Own Modules, Mambots, and Components
Your Own Modules
Your Own Mambots
Your Own Components
Summary
10
Search Engine Optimization
Search Engine Optimization
Google PageRank
Problems and Solutions
Specific Modules for Optimization
Summary
11
Mambo and Security
Mambo and Security
Security and CMS
Cross Site Scripting (XSS)
SQL Injection
Unexpected User Data
"Best Practices" for Secure Programming
Deployment on the Intranet, Extranet, or with Shared Hosts
Keeping Mambo Up to Date
Keeping the System Up to Date
Summary
12
Performance and Caching
Performance and Caching
Performance Fundamentals
Caching
High Performance Programming
High Performance Administration
Performance Tests
Summary
13
Accessibility
Accessibility
The Web Content Accessibility Guidelines
Tools for Developers
Tips for Editors
Summary
Index
Index

Cross Site Scripting (XSS)

XSS stands for Cross-Site Scripting. The correct abbreviation would naturally have been CSS, but that term is already assigned. But what does XSS mean? As the name says, script code is inserted from another site (Cross-Site) and it works like this: An attacker succeeds in inserting harmful JavaScript code into a page. Since it concerns client-side technology, this code is run on the client, thus on the respective website visitor's computer.

The main reason for the success of this type of an attack lies in the fact that data coming from the user is passed without checking. Here is an excerpt from the /html/ content.php file of Mambo 4.5 Stable 1.0.3, from the editContent() function: 

$Returnid = mosGetParam( $_REQUEST, 'Returnid', 0 );

So far there is nothing unusual. The Returnid value is read from the superglobal $_Request array and stored in the $Returnid variable. You can see the mosGetParam() function from the classes/mambo.php file as evidence: 

/**
* Utility...
Previous Section
End of Section 3
Next Section