Module is not properly cleaning input params

Postdate: March 24 2014
Category: Created Modules
Applies to: all

UPDATE: If your CMSMS-Log is full of "Module is not properly cleaning input params" read further... 


For Module created with CTLMM 2.0.3 it's easy: 

In your_module_name.module.php look for this part:

$this->RestrictUnknownParams(false);

Remove the false and the logmessage goes away.

Note: 

As long as you don't use the modules internal search function you should be safe. Otherwise I won't recommend this fix.

For Module created with CTLMM 1.8.3 and earlier:

In  your_module_name.module.php look for the function SetParameters(). After the last entry saying $this->RegisterRoute... insert: 

$this->RestrictUnknownParams();

The lines below have a lot of entries like this:

$this->CreateParameter("what", "", $this->Lang("phelp_what"));
$this->CreateParameter("alias", "", $this->Lang("phelp_alias"));
...

For each parameter you use in your website you have to specify an additional SetParameterType:

$this->SetParameterType("what",CLEAN_STRING);

Example: 

For the everywhere used parameter what the whole set looks like that:

$this->CreateParameter("what", "", $this->Lang("phelp_what"));
$this->SetParameterType("what",CLEAN_STRING);

Again! You have to do this for all parameter that you use on your website!

There is 1 Exception:

The parameter limit needs CLEAN_INT

$this->SetParameterType("limit",CLEAN_INT);