News:

Looking for documentation? Take a look on our wiki

Main Menu

JRequest::checkToken() in model

Started by Nerijus, March 26, 2013, 09:40:26 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Nerijus

March 26, 2013, 09:40:26 AM
Hi,

Do we really need "JRequest::checkToken() or jexit( 'Invalid Token' );" in each model function (like store, move, saveorder)?
Token checking is already done in controller.
Also having token check in ex. store method forbids model reuse on product importing from 3rd party services.

Milbo

#1
April 12, 2013, 21:55:58 PM
No, does not forbid it, you can create a token.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Nerijus

#2
May 07, 2013, 21:12:22 PM
But I have to create it and set in request. that means I can accidently create and set token for actions I was not inteded to or otherwise deny it (for examle if I create any thing in plugin on system event)

Milbo

#3
May 08, 2013, 12:34:02 PM
But this is exactly what we want. You are forced to write more secure.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/
Print
Go Up Pages1
User actions