Jump to content

Form validation and security


nbarnum

Recommended Posts

I want to add extra fields to a contact form.  What sort of security/validation does Prestashop have to make inputs such as text, checkbox and radio boxes secure?  I'm developing a custom contact form that allows the customer to choose a product and customize their requested accessories/options for a quote.  A drop down allows them to chose the category from 6 categories then chose options from about 5 questions each.  With all the options for each category there's close to 68 inputs I need to secure.

 

How do I secure inputs in a Prestashop Form?

Link to comment
Share on other sites

Easiest way to see how they do basic input checking for is to look at some screens. Check some files in controllers/front/, and also look at file classes/Validate.php. There you see functions like isString, isBool etc, which checks input and match it with expected input. You can  make them more exotic, like isTrackingNumber, or do some comparisons, like isPercentage. You can write your own pattern of course to match your special purpose input fields using preg_match or other checks etc. Just give this function to the input field definition (again, see controller files) and it will be taken care of

 

I remember reading somewhere that they worked hard to prevent SQL injection, and use functions like pSQL(<your input data var>) promoted to 'box' attempts, but not sure how well they succeeded in preventing it all. (Google prestashop 1.6 sql injection  and you see some pages that insinuate some injection success)

 

Anyone else some more info?

 

 

My 2 cents,

pascal

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...