JRequest::get('post') deprecated, now what?
1,817 views
Skip to first unread message
Søren Beck Jensen
Aug 8, 2013, 6:07:44 AM8/8/13
to joomla-de...@googlegroups.com
So, you used to be able to get the "post" or "get" array using
JRequest::get('post') but that is deprecated so what should I do now.
The comment in the deprecated method says
* @deprecated 12.1 User JInput::get
I assume the "user" is a spelling mistake and that it should say "use"
But JInput::get only gets a single var, not an array.
This leads me to believe I am supposed to use JFactory::getApplication()->input->getArray($_POST) which does work, but is that correct?
Thanks,
Soren
Bakual
Aug 8, 2013, 6:31:30 AM8/8/13
to joomla-de...@googlegroups.com
To my knowledge you can't get the whole POST using JInput. It doesn't even make much sense to do so because JInput is meant to only return already filtered data.
To get multiple inputs from POST at once you can use jinput->post->getArray(array('input1' => 'INT', 'input2' => 'STRING', 'input3' => 'CMD');
The array given consists of the name of the input and the filter applied to it.
See http://docs.joomla.org/Retrieving_request_data_using_JInput#Getting_Multiple_Values for a bit more details.
Viper
Aug 8, 2013, 7:31:59 AM8/8/13
to joomla-de...@googlegroups.com
jinput->getArray(array(...), $_POST);
Sergio Manzi
Aug 8, 2013, 7:41:11 AM8/8/13
to joomla-de...@googlegroups.com
... and in case you have a variable number of elements for the received array?
This is the case with an application I developed, where the first array element is an "action verb" and the reset of the array are parameters whose number varies depending on the "action verb"...
This is the case with an application I developed, where the first array element is an "action verb" and the reset of the array are parameters whose number varies depending on the "action verb"...
Bakual
Aug 8, 2013, 8:38:25 AM8/8/13
to joomla-de...@googlegroups.com
Can you first get the action parameter and afterwards get the other ones depeneding on the action?
Or you just get all possible vars. I think JInput will just return null if the variable isn't set.
Sergio Manzi
Aug 8, 2013, 9:15:36 AM8/8/13
to joomla-de...@googlegroups.com
I think this is absolutely possible. It
will complicate the code a little bit, but no big deal...
Actually in my code I don't even use JRequest::get('post'), but I directly access the PHP $_POST associative array and I'm quite confident I correctly parse and sanitize it against possible attacks: what are the negative implications of using this method?
Actually in my code I don't even use JRequest::get('post'), but I directly access the PHP $_POST associative array and I'm quite confident I correctly parse and sanitize it against possible attacks: what are the negative implications of using this method?
On 2013-08-08 14:38, Bakual wrote:
Bakual
Aug 8, 2013, 9:37:08 AM8/8/13
to joomla-de...@googlegroups.com
Does it even still work to access directly $_POST? I thought Joomla prevents that :)
Personally, I rather use an API to sanitize stuff so I don't have to worry about this. If a bug is found in it, I don't have to update my extension. Joomla will take care of it. Maybe I'm just lazy here :-)
Sergio Manzi
Aug 8, 2013, 10:14:32 AM8/8/13
to joomla-de...@googlegroups.com
Hi Bakual,
yes, it works, and quite well, at least with J! 3.1.5.
Maybe I'm a little bit "old school" but my rationale is that if I access $_POST directly, then "I'm in command", I know what I do with it and I don't have to worry about side effects of my "protocol" with the Joomla core.
My concern, anyway, is exactly what you said: is it possible for Joomla! to block (today or tomorrow) access to the $_POST array?
yes, it works, and quite well, at least with J! 3.1.5.
Maybe I'm a little bit "old school" but my rationale is that if I access $_POST directly, then "I'm in command", I know what I do with it and I don't have to worry about side effects of my "protocol" with the Joomla core.
My concern, anyway, is exactly what you said: is it possible for Joomla! to block (today or tomorrow) access to the $_POST array?
Michael Babker
Aug 8, 2013, 10:19:54 AM8/8/13
to joomla-de...@googlegroups.com
We'd have to clear the super globals when loading up JInput. So it's possible, but I doubt it'll happen.
--
- Michael
If you are accessing them directly, in Joomla code, I'd suggest sanitizing through JFilterInput (same class used by JInput by default). Or if you're using a third party library, their sanitization system.
--
You received this message because you are subscribed to the Google Groups "Joomla! General Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-gene...@googlegroups.com.
To post to this group, send an email to joomla-de...@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-general.
For more options, visit https://groups.google.com/groups/opt_out.
--
- Michael
Please pardon any errors, this message was sent from my iPhone.
Sergio Manzi
Aug 8, 2013, 10:33:53 AM8/8/13
to joomla-de...@googlegroups.com
Thanks for your input Michael,
so, even if not a "clear example of Joomla! coding", I can still
consider safe to access the $_POST super global...
I accept your advice and I will give a look at JFilterInput and see if I
can use it instead of (or on conjunction with) my sanitizing function.
Thanks again!
Sergio
so, even if not a "clear example of Joomla! coding", I can still
consider safe to access the $_POST super global...
I accept your advice and I will give a look at JFilterInput and see if I
can use it instead of (or on conjunction with) my sanitizing function.
Thanks again!
Sergio
George Wilson
Aug 8, 2013, 5:08:15 PM8/8/13
to joomla-de...@googlegroups.com
It access the $_POST directly though to answer the question. You can use
$input = JFactory::getApplication->input;
$post = $input->post;
As example 2.1.2 on this page http://developer.joomla.org/manual/chap-Joomla_Platform_Manual-Input.html
Kind Regards,
George
Reply all
Reply to author
Forward
0 new messages