-
- 788 Posts
And for those more wise than me, which is most people, is there anything I should be watching for in Quantity and Amount input fields, security wise? I already validate that it is numeric and a positive number.
Jesse R.
Consider trying something new and extraordinary.
Illinois Wine
Have you considered donating to MODx lately?
Donate now. Every contribution helps.
-
- 1,611 Posts
Well, since you’ll be using Google Checkout for the actual processing I expect that they already have a lot of validation on their end, so I wouldn’t worry about it too much. Forcing the value to be numeric will rule out any code being inserted in there, and making sure that it’s positive should eliminate errors when processing. The only other thing that I can think of that you might consider is chopping the length of the data to whatever your expected maxlength values might be on the server side (to eliminate the very remote possibility of an overflow attack of some sort).
-
- 788 Posts
Thanks Zap. I will trim the input just to be on the safe side. I just implemented the maxlength attribute in the input field.
Jesse R.
Consider trying something new and extraordinary.
Illinois Wine
Have you considered donating to MODx lately?
Donate now. Every contribution helps.
-
- 1,611 Posts
Quote from: Jesse at Dec 12, 2007, 10:38 PM
Thanks Zap. I will trim the input just to be on the safe side. I just implemented the maxlength attribute in the input field.
I think that the possibility of doing something nasty this way is extremely remote. However, if there is some way to do this then a hacker can easily bypass maxlength limits in the HTML. So if you really want to eliminate this possibility you should trim the input to a substring on the server side just in case...
-
- 788 Posts
Made them substrings. Thanks for the heads up. Even if it is extremely remote, might as well code it in since it is so easy to do.
Jesse R.
Consider trying something new and extraordinary.
Illinois Wine
Have you considered donating to MODx lately?
Donate now. Every contribution helps.
-
- 4,205 Posts
Jesse R.: that is looking great. Very well done with the interface, at first I didi not know where to expect the cart info to show but it was obvious when it flashed at me.
-
- 1,611 Posts
And if you stick to a standard naming convention you could just upload your product images with the correct names and you wouldn’t need to insert them in each document. Sometimes I just put the images into the template, sometimes I make a snippet that verifies that the file (named in an image TV) exists before attempting to display it, and sometimes I use MaxiGallery to allow for easy uploading of multiple images by the clients (and thumbnail creation). MODx gives you a dozen ways to do just about anything.
-
- 788 Posts
Quote from: dev_cw at Dec 13, 2007, 12:17 PM
Jesse R.: that is looking great. Very well done with the interface, at first I didi not know where to expect the cart info to show but it was obvious when it flashed at me.
Thanks. I wanted it to be as intuitive as possible. I like have the cart persist on the side the entire time. I detest being taken to a checkout page, when I intend to continue shopping. I think most carts do this because all the processing logic takes place on that page, whereas here, the logic is handled in a plugin. I have started working on the Wiki Article. Once I get that somewhat finished, I am releasing the 0.1 release. I am more of a hobbyist than a serious coder, so I hope that as a community we can solidify the work that I have done and continually improve upon it. My biggest effort once I release the initial code will be to have rock solid documentation so people can get this integrated and start playing around with it.
@Zap. That is how I am doing the images, via a standard naming scheme. The I utilize the pages alias for the image, and the pagetitle for the alternate and title tags.
Jesse R.
Consider trying something new and extraordinary.
Illinois Wine
Have you considered donating to MODx lately?
Donate now. Every contribution helps.