We will explore how we should access CGI request data and how we can
process that data to ensure that it does not pose a security risk.
We use access control to restrict, and allow, the tasks that users can perform. We will
investigate the Joomla! access control mechanisms and how we can implement them
in our extensions.
The final subject that we will look at is attacks. Attacks are malicious attempts to
break a system. There are many ways in which an attacker can go about this; we will
stick to the most common methods.
??? ??? ??? ???
Error Handling and Security
[ 312 ]
Errors, Warnings, and Notices
When we encounter errors it is important that we take some counter action. Joomla!
provides a common error handling mechanism, which we access using the static
JError class. JError takes advantage of the phpTemplate library, in particular the
patError and patErrorManager classes. A complete description of the JError class
and all of its methods is available in the Appendix.
Error Level Error Type Class Method
1 (E_ERROR) Error JError::raiseError()
2 (E_WARNING) Warning JError::raiseWarning()
8 (E_NOTICE) Notice JError::raiseNotice()
Level E_ERROR errors get an error document (JDocumentError), set the error, and
render the document, sending the response and terminating the application.
Pages:
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427