I've been working on a custom Joomla component for a client at work, and needed to validate that certain aspects of the admin form. I could have recreated the wheel and written my own validation routine, but I really wanted to use Joomla's core validation behavior. What follows is how I managed to validate a form when submitted using the core Joomla toolbar buttons.
|
Monday, 03 August 2009 16:42
As I reported earlier, I was interviewed in the not too recent past concerning XSS security and Joomla. I am proud to say that the interview has been posted on CMSWire, with a prominent back link to yours truly in the first paragraph!
The whole interview can be read here.
Saturday, 01 August 2009 00:00
The Joomla component Joo!BB 0.9.1 suffers from multiple persistent XSS vulnerabilities in its BBCode implementation, as well as Blind SQL Injection in its search feature.
These vulnerabilities have been patched and users are strongly urged to update to 0.9.1 Patch 1
Timeline
Last Updated on Thursday, 30 September 2010 17:39
Thursday, 16 July 2009 12:04
The Joomla component Agora 3.0.0 RC1 Rev.4 suffers from a Persistent XSS vulnerability. This can be exploited by uploading a malicious SWF file as an attachment then embedding it using the [swf] BBCode tag from the local server, thus bypassing any crossdomain policy.
Last Updated on Thursday, 30 September 2010 17:41
Saturday, 11 July 2009 23:37
Well, another XSS vulnerable BBCode implementation, this time on JTag Ticketing System. This is the exact same vulnerability I posted about earlier concerning WebAmoeba. |
Latest Articles
Most Popular
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Joomla!


