Joomla组件开发(版本3.3.3)
[英]Joomla component development (version 3.3.3)
问题描述
I have a component that I'm building in joomla that I want to render information from ONLY when the component is the calling agent. 
我有一个要在joomla中构建的组件,仅当该组件是调用代理时,我才希望从该组件呈现信息。
Example: I have a url http://domain.com/index.php?option=com_mycomp&view=myaccount from within there I want to have a pop/overlay that renders the url: http://domain.com/index.php?option=com_mycomp&view=mykey&user_id=123 示例:我从那里有一个URL http://domain.com/index.php?option=com_mycomp&view=myaccount我想要一个呈现该URL的弹出/覆盖图: http : //domain.com/index.php ?选项= com_mycomp&查看=&的myKey USER_ID = 123
I know there has to be a way to only let the "mykey" view render when called from itself and not allow direct access. 我知道必须有一种方法只能让“ mykey”视图从自身调用时呈现,并且不允许直接访问。 I've looked into the login module and using JHtml::_('form.token'). 我已经研究了登录模块,并使用了JHtml :: _('form.token')。 Not sure if this is the "best practice" way to achieve this or if that would even work. 不知道这是否是实现此目标的“最佳实践”方法,或者是否可行。
Any help is greatly appreciated. 任何帮助是极大的赞赏。
Joomla version: 3.3.3 Joomla版本:3.3.3
1 个解决方案
解决方案1
0 2014-08-27 05:01:46
Using SSL, login validation for user session and validating the session each request I would consider a best practices. 使用SSL,用于用户会话的登录验证以及验证会话的每个请求,我认为都是最佳做法。 Joomla provides a mechanism to display a form token field: Joomla提供了一种显示表单令牌字段的机制:
echo JHtml::_('form.token');
If you need to attach the token to a URL. 如果需要将令牌附加到URL。 The tmpl=componen parameter is important when wanting to render HTML snippets. 当想要呈现HTML代码段时,tmpl = componen参数很重要。 This flags Joomla to render only the components view, otherwise you would get your entire website; 这会将Joomla标记为仅呈现组件视图,否则您将获得整个网站; menus, modules and all back: 菜单,模块和所有背面:
echo JRoute::(JUri::root() . '?option=com_mycomponent&view=userscreen&tmpl=component&' . JUtility::getToken() . '=1');
And on the other end of the request server side, using the above path as an example, could be received with the controller: 在请求服务器端的另一端,以上述路径为例,可以与控制器一起接收:
class MineControllerUserScreen extends JControllerLegacy
{
public function display($cachable = false, $urlparams = array())
{
// Validate the session is valid, die if isn't
JRequest::checkToken() or die( JText::_( 'Invalid Token' ) );
// Load the current user object for the active session if needed
$user = JFactory::getUser();
// Load the Session object for further validation if needed
$session = JFactory::getSession();
// Load sanitized items from POST and GET
$jinput = JFactory::getApplication()->input;
$answer = $jinput->get('user_answer', null, 'string');
// You are satisfied this person is allowed to get this
parent::display($cachable, $urlparams);
}
}
This use case should be handled within the controller. 该用例应在控制器内处理。 The above example lists many possible options for getting secure data from Joomla you could use; 上面的示例列出了许多可能的选项,这些选项可用于从Joomla获取安全数据; but for your case I think incorporating your existing question/answer as a POST variable request, which passes both token and user validation should do the trick. 但是对于您的情况,我认为将现有问题/答案合并为POST变量请求(通过令牌和用户验证)应该可以解决问题。
Here's a general Joomla document on secure coding guidelines. 这是有关安全编码准则的一般Joomla文档。
http://docs.joomla.org/Secure_coding_guidelines http://docs.joomla.org/Secure_coding_guidelines
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.