Hidden in plain site – joomla! hidden secrets for code monkeys
Post on 30-Jul-2015
475 Views
Preview:
Transcript
Hidden in plain siteJoomla! hidden secrets for code monkeys
Junior Dev Stuff
Input
$app = JFactory::getApplication();$option = $app->input ->getCmd(‘option’);
File uploads with security check
$app = JFactory::getApplication();$option = $app->input->files ->get('file', array());
File uploads without security check
$app = JFactory::getApplication();$option = $app->input->files ->get('file', array(), 'raw');
Date and Time
$dateString = '2015-05-31 12:00:00'; $date = JFactory::getDate($dateString); $format = JText::_('DATE_FORMAT_LC2');echo $date->format($format);
URI manipulation
$uri = JUri::getInstance();$uri->setVar('joomla', 'rocks'); echo $uri->toString();
Serious low-level stuff
$http = JHttpFactory::getHttp();$response = $http->get('http://www.joomla.org/download.html'); $this->out("HTTP Code: " . $response->code); $this->out("Headers:\n" . print_r($response->headers, true));
HTTP Transferswithout the pain of cURL and stream contexts
$stream = new JStream();$stream->open(JPATH_SITE . '/tmp/temp.gz', 'w', false, null, false, false, true); $stream->write($buffer);$stream->chmod();$stream->close();
Stream file I/Owith transparent GZip / BZip2 support
JArchive::extract($archiveName, $targetFolder);
Extract archiveszip, tar, tar.gz / tgz, tar.bz2 / tbz
JStringPunycode::emailToPunycode('üser@êxαmpłe.com'); // üser@xn--xmpe-fpa54cg0l.comJStringPunycode::urlToPunycode('http://www.παράδειγμα.com'); // http://www.xn--hxajbheg2az3al.comJStringPunycode::fromPunycode('http://www.xn--hxajbheg2az3al.com'); // http://www.παράδειγμα.com
UTF-8 Domainsa.k.a. “Punycode” or IDNA conversion
$image = new JImage(__DIR__ . '/image.jpg'); $image->createThumbs([ '640x480', '320x200', '160x100', ‘80x50' ], JImage::SCALE_FILL, __DIR__ . '/thumbs');
Image manipulationThumbnails
$image = new JImage(__DIR__ . '/image.jpg'); $newImage = $image ->filter('grayscale') ->rotate('10', 0xFFFFFF, true) ->resize(320, 200);$newImage->toFile( __DIR__ . ‘/altered.png', IMAGETYPE_PNG );
Image manipulationAlter and convert images
Files and databases
GitHub integration JGithub
$patcher = JFilesystemPatcher::getInstance();$patcher ->reset() ->addFile( __DIR__ . ‘/file1.patch', JPATH_BASE, 1 ); $patcher->apply();
Apply patch filesJFilesystemPatcher
$schemaUpdater = JSchemaChangeset::getInstance( $db, '/path/to/sql/files' );
$errors = $schemaUpdater->check();
$schemaUpdater->fix();
Update the schema or get a list of errors (changes not applied)
$config = [ 'dbinstaller_directory' => '/path/to/xml/files', 'option' => 'com_example'];
$schemaUpdater = new FOFDatabaseInstaller($config);
// Install or update schema$schemaUpdater->updateSchema();
// Remove the schema$schemaUpdater->removeSchema();
XML-based schema updatesusing FOFDatabaseInstaller
$db = JFactory::getDbo();$exporter = $db->getExporter();$xml = $exporter->asXml();
Exporting the database Here Be Dragons!
$db = JFactory::getDbo();$importer = $db->getImporter();$importer->from($xml); // Bug: mergeStructure is protected. Sad panda :(// $importer->mergeStructure();$reflection = new ReflectionObject($importer);$method = $reflection->getMethod('mergeStructure');$method->setAccessible(true); $method->invoke($importer);
Importing the database Here Be Dragons!
Dial the awesome to eleven!
Services Lots of!
JFacebook JLinkedin
JGoogle JTwitter
JMediawiki JOpenstreetmapJOauth1ClientJOauth2Client
Services Lots of!
CryptographyJKeychain & JCrypt
• 3DES
• Blowfish
• Rijndael256 (AES)
• Simple (don’t use)
• mcrypt
// Set up$plugin = JFactory::getApplication()->getParams() ->get('captcha', JFactory::getConfig()->get('captcha'));$captcha = JCaptcha::getInstance($plugin, array( 'namespace' => 'myComponent'));// Showecho $captcha->display('mycaptcha', 'mycaptcha'); // Validate$code = JFactory::getApplication()->input->get('mycaptcha'); if (!$captcha->checkAnswer($code)){ throw new RuntimeException('Bots not welcome', 403); }
CAPTCHAKeep bots away
$less = new JLess();$less->ccompile($lessFile, $cssFile);
Compile LESS to CSSServer-side, cached
$pathway = JFactory::getApplication() ->getPathway();$pathway->addItem('MyItem', $url);
Manipulate breadcrumbsCustom, in-component pathways
More than a CMSCustom application types
• JApplicationCLI
• JApplicationWeb
• JApplicationDaemon
Photos by Smithsonian Institution, National Museum of American History
May the Core
be with you
The End
top related