Best practices
On top of every classes there should be:
defined( '_JEXEC' ) or die( 'Restricted access' );
If not, php files can be called externally and code injects are possible.
On top of every classes there should be:
defined( '_JEXEC' ) or die( 'Restricted access' );
If not, php files can be called externally and code injects are possible.