Hidden in plain site – joomla! hidden secrets for code monkeys

Hidden in plain siteJoomla! hidden secrets for code monkeys

Junior Dev Stuff

Input

$app = JFactory::getApplication();$option = $app->input ->getCmd(‘option’);

File uploads with security check

$app = JFactory::getApplication();$option = $app->input->files ->get('file', array());

File uploads without security check

$app = JFactory::getApplication();$option = $app->input->files ->get('file', array(), 'raw');

Date and Time

$dateString = '2015-05-31 12:00:00'; $date = JFactory::getDate($dateString); $format = JText::_('DATE_FORMAT_LC2');echo $date->format($format);

URI manipulation

$uri = JUri::getInstance();$uri->setVar('joomla', 'rocks'); echo $uri->toString();

Serious low-level stuff

$http = JHttpFactory::getHttp();$response = $http->get('http://www.joomla.org/download.html'); $this->out("HTTP Code: " . $response->code); $this->out("Headers:\n" . print_r($response->headers, true));

HTTP Transferswithout the pain of cURL and stream contexts

$stream = new JStream();$stream->open(JPATH_SITE . '/tmp/temp.gz', 'w', false, null, false, false, true); $stream->write($buffer);$stream->chmod();$stream->close();

Stream file I/Owith transparent GZip / BZip2 support

JArchive::extract($archiveName, $targetFolder);

Extract archiveszip, tar, tar.gz / tgz, tar.bz2 / tbz

JStringPunycode::emailToPunycode('üser@êxαmpłe.com'); // üser@xn--xmpe-fpa54cg0l.comJStringPunycode::urlToPunycode('http://www.παράδειγμα.com'); // http://www.xn--hxajbheg2az3al.comJStringPunycode::fromPunycode('http://www.xn--hxajbheg2az3al.com'); // http://www.παράδειγμα.com

UTF-8 Domainsa.k.a. “Punycode” or IDNA conversion

$image = new JImage(__DIR__ . '/image.jpg'); $image->createThumbs([ '640x480', '320x200', '160x100', ‘80x50' ], JImage::SCALE_FILL, __DIR__ . '/thumbs');

Image manipulationThumbnails

$image = new JImage(__DIR__ . '/image.jpg'); $newImage = $image ->filter('grayscale') ->rotate('10', 0xFFFFFF, true) ->resize(320, 200);$newImage->toFile( __DIR__ . ‘/altered.png', IMAGETYPE_PNG );

Image manipulationAlter and convert images

Files and databases

GitHub integration JGithub

$patcher = JFilesystemPatcher::getInstance();$patcher ->reset() ->addFile( __DIR__ . ‘/file1.patch', JPATH_BASE, 1 ); $patcher->apply();

Apply patch filesJFilesystemPatcher

$schemaUpdater = JSchemaChangeset::getInstance( $db, '/path/to/sql/files' );

$errors = $schemaUpdater->check();

$schemaUpdater->fix();

Update the schema or get a list of errors (changes not applied)

$config = [ 'dbinstaller_directory' => '/path/to/xml/files', 'option' => 'com_example'];

$schemaUpdater = new FOFDatabaseInstaller($config);

// Install or update schema$schemaUpdater->updateSchema();

// Remove the schema$schemaUpdater->removeSchema();

XML-based schema updatesusing FOFDatabaseInstaller

$db = JFactory::getDbo();$exporter = $db->getExporter();$xml = $exporter->asXml();

Exporting the database Here Be Dragons!

$db = JFactory::getDbo();$importer = $db->getImporter();$importer->from($xml); // Bug: mergeStructure is protected. Sad panda :(// $importer->mergeStructure();$reflection = new ReflectionObject($importer);$method = $reflection->getMethod('mergeStructure');$method->setAccessible(true); $method->invoke($importer);

Importing the database Here Be Dragons!

Dial the awesome to eleven!

Services Lots of!

JFacebook JLinkedin

JGoogle JTwitter

JMediawiki JOpenstreetmapJOauth1ClientJOauth2Client

Services Lots of!

CryptographyJKeychain & JCrypt

• 3DES

• Blowfish

• Rijndael256 (AES)

• Simple (don’t use)

• mcrypt

// Set up$plugin = JFactory::getApplication()->getParams() ->get('captcha', JFactory::getConfig()->get('captcha'));$captcha = JCaptcha::getInstance($plugin, array( 'namespace' => 'myComponent'));// Showecho $captcha->display('mycaptcha', 'mycaptcha'); // Validate$code = JFactory::getApplication()->input->get('mycaptcha'); if (!$captcha->checkAnswer($code)){ throw new RuntimeException('Bots not welcome', 403); }

CAPTCHAKeep bots away

$less = new JLess();$less->ccompile($lessFile, $cssFile);

Compile LESS to CSSServer-side, cached

$pathway = JFactory::getApplication() ->getPathway();$pathway->addItem('MyItem', $url);

Manipulate breadcrumbsCustom, in-component pathways

MicrodataSchema.org support

https://docs.joomla.org/Microdata

More than a CMSCustom application types

• JApplicationCLI

• JApplicationWeb

• JApplicationDaemon

Photos by Smithsonian Institution, National Museum of American History

May the Core

be with you

The End