A security flaw has been discovered in Joomla version 3.5.0 through 3.8.5.

It has been assigned [CVE-2018-8045].
The User notes list view is missing a type casting of a variable which can lead to an SQL injection.

This means that somebody can make changes or read out data from your Joomla database without permission.
It can be achieved by simply calling the User notes list view with specially crafted parameters.

The Joomla team considers the severity of the flaw as low.

Please login to your hosting control panel and use our Softaculous installer to update your Joomla.
If you are unsure, please contact your HelpingHost.com support team to help you out.


Why?

I was in the need of professional forms for a Joomla component I’m currently writing. With “professional” I mean the forms have to look professional and also need to be validated in a professional manner. I first went through a lot of Javascript/CSS solutions. However, in the back of my mind I thought I still have to validate all input on the Server level (Within the Joomla component itself) Finally I found an actively maintained Forms Library that after some testing worked great within any Joomla Component.

Here are some basic notes on how I accomplished this:

I’m using a file called loader.php located in the library path in my component Directory. I call it from my main controller file like this:

require_once(JPATH_ROOT.DS.'components'.DS.'com_component'.DS.'library'.DS.'loader.php');

in my loader PHP I have this line:

JLoader::register('Form', JPATH_COMPONENT.'/3rdparty/PFBC/Form.php');

As you can see I just copied the PFBC folder into a folder called 3rdparty within my Joomla component folder. Now you can use PFBC anywhere in your component by creating the object like this and add a field for example:

$form = new Form("testing", 300) ;
$form->addElement(new Element_Textbox("My Textbox:", "MyTextbox"));
$form->addElement(new Element_Button);

Assign it to the View as usual:

Joomla Open Source logo

$this->assignRef('myform', $form);

 

And render it in the tmpl file:

echo $this->myform->render();

Today I needed to render a Custom HTML module within a Joomla Component I’m currently writing.
After some research and testing this seems to be working great for me:
 $mod = &JModuleHelper::getModule('custom', 'Custom HTML'); echo JModuleHelper::renderModule($mod);

I have this piece of code in my default.php file within my views/default/tmpl/ folder. The ‘custom’ refers to the module mod_custom and ‘Custom HTML’ specifies which of the mod_custom modules to call.

Lets say you have a Custom HTML module with the title MODULEA and one with the title MODULEB then you can call and render them this way:
    
$mod = &JModuleHelper::getModule('custom', 'MODULEA');
echo JModuleHelper::renderModule($mod);
$mod = &JModuleHelper::getModule('custom', 'MODULEB');
echo JModuleHelper::renderModule($mod);
 
A couple of important notes:
  • At the time of writing I’m using Joomla 1.7
  • The modules HAS to be published.
  • It needs to be assigned to the pages/menus you want it to display.