XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Modules Support forums / 
  3. Module troubleshooting 
  4.  / New FormElement: Any Obvious Security Holes?
Register
1
Brad
New FormElement: Any Obvious Security Holes?

  • 2004/3/24 23:11

  • Brad

  • Not too shy to talk

  • Posts: 150

  • Since: 2003/12/4


<?php
class XoopsFormBreak extends XoopsFormElement {

    /**
     * Constructor
     * 
     * @param    string    $caption    Caption
     * @param    string    $class        Text
     */
    function XoopsFormBreak($caption ''$class''){

        if (!empty($class)) {
            $class "class='$class'";
        }

        $this->setClass($class);
        $this->setCaption($caption);
        $this->setHidden();
    }

    /**
     * Prepare HTML for output
     * 
     * @return    string
     */
    function render(){
        return "<tr><td colspan='2' " $this->getClass() . "/>"$this->getCaption() . "</td></tr>";
    }
}
?>

I desperately wanted to have category breaks in a form I was designing and at the same time, wanted to stay within Xoop's standards. As such, I created a new FormElement that would let me add a break within the form. A visual example is below (note "General Settings" and "Album List View" rows). As I'm relatively new to PHP, I was wondering if there were any inherent security holes in what I've created.

Resized Image

Any help is appreciated, as always. Thanks in advance.

Brad
2
Brad
Re: New FormElement: Any Obvious Security Holes?

  • 2004/3/25 14:36

  • Brad

  • Not too shy to talk

  • Posts: 150

  • Since: 2003/12/4


I'd also like to point out that what would have been better for me, and more Xoopsy, would be if the xoopsGroupPermForm implemented the insertBreak() method of it's parent class.

The xoopsThemeForm tries to implement the insertBreak method but is foiled by xoopsForm which won't allow one to use the addElement function unless you're passing an element object subclassed from xoopsFormElement. xoopsThemeForm is just passing a string, and so it gets denied. Good try xoopsThemeForm.

Brad
[size=xx-small][edit 2004/03/25 red][/size]
3
Mithrandir
Re: New FormElement: Any Obvious Security Holes?

Looks good to me

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

271 user(s) are online (180 user(s) are browsing Support Forums)

Members: 0

Guests: 271

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits