[OWASP_PHPSEC] Default Controller and Front Controller

Abbas Naderi abiusx at owasp.org
Sun Sep 8 13:52:48 UTC 2013

Hey Rahul,
What do you mean?
Default controller (aka catch controller) is meant to catch a bunch of requests, not just one. That is why the Start method is overridden and the Handle method is abstract, which also gets the part of the requests that is mapped to the controller.

Whatever an app puts in the controller code, is application specific and everything we did already is just for demonstration and testing.

We first need to see which file is needed to start the controller, that is done by MatchRoutes. jframework has strict routes, meaning that request do/something will be mapped to control/do/something.php which might not be convenient for some, many frameworks have the concept of routes, allowing the developer to map between requests and controllers

Now that we have the controller file, we need to know what the controller class is called, so that we can instantiate it and call its start method! Thats why we run GetClasses and see whcih class in there is an instance of base controller, then instantiate and call it.

It's called a catch controller, in _japp/model/base/control/catch.php

Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Sep 8, 2013, at 2:19 AM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> Hello,
> 1) The default controller class inside framework/control/default.php
> I cannot understand why the Handle method contains code to scan itself.
> 2) The front controller inside framework/_core/front.php
> In this file as I understand, first the method "MatchRoutes" will run and depending on the route, it will load the controller file. So lets suppose that it loads framework/control/default.php
> After this, the "StartController" function will run. In this function, I see that first the "GetClasses" method is run on "framework/control/default.php" which finds classes inside this file. However seeing the contents of this file, I cannot find any class names. So, how is this working ??
> Also my perception was first that after "MatchRoutes", we get the controller. But then again in "StartController" I see that after getting class names, it again searches for the appropriate controller.
> So, what is the difference between finding controller in "MatchRoutes" and finding controller in "StartController"
> 3) Also can you please tell me the default controller location in jFramework ??
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130908/23000b0e/attachment.html>

More information about the OWASP_PHP_Security_Project mailing list