I’ve become very accustomed to using Joomla’s JRequest class in custom Components. Since that class is now deprecated, I’m having to find new work-arounds, most involving the JInput class. Pretty much ever form had been using JRequest::checkToken() to guard against CSRF attacks, like:
if (!JRequest::checkToken()) $this->setError('Invalid (or expired) request token.');
To get around using JRequest, I’m now using this:
$app = JFactory::getApplication(); $token = JSession::getFormToken(); if (!$token || !$app->input->get($token, null, 'alnum')) $this->setError('Invalid (or expired) request token.');
…which seems to work in pretty much the same way. In the old JRequest::checkToken() method, it was also redirecting to the login page if no session was detected, which I’m generally skipping.