Security when passing GET and POST in forms

A multipurpose module, plugin and component

Security when passing GET and POST in forms

New postby jroswald » Fri Feb 18, 2011 4:48 pm

I have a general question regarding protecting my scripts from malicious script injections. I understand now that normally one should use the JRequest class since this also contains functionality to clean passed variables of malicious scripts. However, does Jumi do this automatically when I read passed variables using $_GET and $_POST ?

If its doesnt, is there a way of hacking jumi.php before the eval line to prescreen passed variables if they are collected in custom scripts by $_GET and $_POST rather than JRequest? I just wanted to save the effort of going through my numerous scripts and changing all the variable calls to JRequest.
jroswald
 
Posts: 1
Joined: Fri Feb 18, 2011 4:37 pm

Re: Security when passing GET and POST in forms

New postby Edvard » Sun Feb 20, 2011 7:06 pm

Hi,

If you are asking if Jumi processes $_REQUEST (get, post, cookies) to remove malicious injections, the answer is no. If your scripts are programmed in a good manner, they should have all the checks for the variables and there is no need to use JRequest.
Regards,

Edvard Ananyan - 2GLux Team

Please post a review at the Joomla Extensions Directory. It is very important for us!
Edvard
Site Admin
 
Posts: 1836
Joined: Mon Jun 28, 2010 1:54 pm
Location: Yerevan, Armenia

Re: Security when passing GET and POST in forms

New postby [email protected] » Sun Sep 25, 2011 2:33 pm

Hello,
Everyone I having a trouble using $_GET. I am Trying to get the value of item on this link

<?php

if(isset($_GET['item']))
{
echo $_GET['item'];
}

echo "<a href ='index.php?option=com_jumi&view=application&fileid=15removecart.php?item=hello'>CLICK ME!</a>";
?>

please help me. Regards. :(
[email protected]
 
Posts: 1
Joined: Sun Sep 25, 2011 2:21 pm


Return to Jumi

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

cron