A Nonce is used in web forms to prevent “replay attacks” or “Cross Site Request Forgery” where an attacker can submit the same form information repeatedly. To prevent this, we generate a one-time use token that gets embedded into the form and validated upon submission. In our case, you can add this to your forms with minimal effort such as this:
$form = new w2p_Output_HTML_FormHelper($AppUI); ?> <form name="editFrm" action="?m=<?php echo $m; ?>" method="post" accept-charset="utf-8" class="addedit links"> <?php echo $form->addNonce(); ?> <!-- insert the rest of the form --> </form>
This inserts a hidden input with a token generated from a timestamp and the user’s system preferences.
The validation itself is handled via the w2p_Controllers_Base class. As long as you follow our common pattern for the do_module_aed processing, you shouldn’t have to do anything else.