Im using latest Joomla 1.5, im going to contribute with the following hacks:
1. check for request forgeries
2. mootools validation
3. validate-one-required
/components/com_chronocontact/chronocontact.php
We add a check for request forgeries:
We add a token to check for request forgeries:
Cuz im using the mootools validation and mootools is included in head by Joomla 1.5, then im deleting the call to mootols library:
We change all the code around: validate-one-requiredsee this post
1. check for request forgeries
2. mootools validation
3. validate-one-required
/components/com_chronocontact/chronocontact.php
We add a check for request forgeries:
JRequest::checkToken() or jexit( 'Invalid Token' );
...
function uploadandmail()
{
global $mainframe;
$database =& JFactory::getDBO();
// Block SPAM through the submit URL
if ( empty($_POST) ) {
echo "You are not allowed to access this URL directly,
POST array is empty";
return;
}
// Check for request forgeries
JRequest::checkToken() or jexit( 'Invalid Token' );
...We add a token to check for request forgeries:
<?php echo JHTML::_( 'form.token' ); ?>
...
<?php echo JHTML::_( 'form.token' ); ?>
</form>
...Cuz im using the mootools validation and mootools is included in head by Joomla 1.5, then im deleting the call to mootols library:
....
<?php
if( trim($paramsvalues->validatetype) == 'mootools'){
?>
<!-- HERE I DELETE THE CALL TO MOOTOOL LIBRARY -->
<script src="components/com_chronocontact/js/mooValidation.js"
type="text/javascript"></script>
<?php } ?>
...We change all the code around: validate-one-requiredsee this post
['validate-one-required', 'Por favor seleccione al menos una de las opciones anteriores.',
function (v,elm) {
var p = elm.parentNode;
var options = p.getElementsByTagName('INPUT');
for(i=0; i<options.length; i++){
if(options[i].checked == true) {
return true;
}
}
}]