phpclasses.org/browse/package/951.html created
by Leif K-Brooks and released under the PHP License. This class gives us lots of
control; it allows us to define our own BBCode tags, use HTML entity encoded data,
and import and export settings.
When we use BBCode, or a similar parsing mechanism, it is important
that if we intend to allow the data to be editable, we store the data in
its RAW state.
File System Snooping
A common error when working with files is to allow traversal of the file system.
Joomla! provides us with a number of classes for dealing with the file system. This
example imports the joomla.filesystem library and builds a path based on the
value of the CGI request file (the path must not be relative).
jimport('joomla.filesystem');
$path = JPATH_COMPONENT.DS.'files'.DS
.JRequest('file', 'somefile.php', 'GET', 'WORD');
JPath::check($path);
When we use the JPath::check() method, if $path is considered to be snooping,
an error will be raised and the application will be terminated. Snooping paths are
identified as paths that do not start with JPATH_BASE and do not attempt to traverse
the tree using the parent directory indicator .
Pages:
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462