Text only | Text with Images

VirtueMart Forum

VirtueMart 2 + 3 + 4 => Virtuemart Development and bug reports => Development & Testing => Topic started by: Nerijus on March 26, 2013, 09:40:26 AM

Title: JRequest::checkToken() in model
Post by: Nerijus on March 26, 2013, 09:40:26 AM
Hi,

Do we really need "JRequest::checkToken() or jexit( 'Invalid Token' );" in each model function (like store, move, saveorder)?
Token checking is already done in controller.
Also having token check in ex. store method forbids model reuse on product importing from 3rd party services.
Title: Re: JRequest::checkToken() in model
Post by: Milbo on April 12, 2013, 21:55:58 PM
No, does not forbid it, you can create a token.
Title: Re: JRequest::checkToken() in model
Post by: Nerijus on May 07, 2013, 21:12:22 PM
But I have to create it and set in request. that means I can accidently create and set token for actions I was not inteded to or otherwise deny it (for examle if I create any thing in plugin on system event)
Title: Re: JRequest::checkToken() in model
Post by: Milbo on May 08, 2013, 12:34:02 PM
But this is exactly what we want. You are forced to write more secure.
Text only | Text with Images