-
Notifications
You must be signed in to change notification settings - Fork 18
Tips and tricks
Matt Thomas edited this page May 31, 2013
·
4 revisions
[needs testing and refinement]
From https://groups.google.com/d/msg/joomla-dev-general/4hxxLCNVyGY/X7HskC0cWUMJ
Add <?php echo JHtml::_('form.token'); ?> to your calling extension and then check for it with JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));
Add a random string, such as the date, to the request URL so that it doesn't get cached by the browser.
var randomJunk = new Date().getTime();
url += '&randomJunk='+randomJunk;
Add, and then check for, beginning and end tokens.
Requests may contains warnings or output from other extensions. By checking for a unique beginning and end token and removing the other data you will solve this issue. Nicholas uses this code, I suggest to use different unique characters:
// Protect from unauthorized access
defined('_JEXEC') or die();
@ob_end_clean();
echo '###'.json_encode($this->retarray).'###';
jexit();
In the Javascript this is checked and removed.