[OWASP_PHPSEC] Default Controller and Front Controller

rahul chaudhary rahul300chaudhary400 at gmail.com
Sun Sep 8 14:13:48 UTC 2013

1) What you described, about Handle being abstract, that is another file.
That file is under framework/_core/base/control.php
I am talking about another file, *framework/control/default.php, *which is
a subclass of the above file and has defined the Handle method. So my
question was that in that Handle method, the definition is running the
scanner class to scan itself. I cannot understand why it is doing that ?

2) I will better understand with an example. So lets say that MatchRoutes
matches the wildcard "*". Now that means that the controller selected is
the "default" controller, and it is the same file as above -
*Now in this file, I cannot see any class names, so what will the
"GetClasses" method will find in this class ??

After this I know. Once the classes will be found, appropriate controllers
are fetched and loaded and the start method is called. I just have doubt on
the "default" controller because it does not contains any class names.

On Sun, Sep 8, 2013 at 9:52 AM, Abbas Naderi <abiusx at owasp.org> wrote:

> Hey Rahul,
> 1.
> What do you mean?
> Default controller (aka catch controller) is meant to catch a bunch of
> requests, not just one. That is why the Start method is overridden and the
> Handle method is abstract, which also gets the part of the requests that is
> mapped to the controller.
> Whatever an app puts in the controller code, is application specific and
> everything we did already is just for demonstration and testing.
> 2.
> We first need to see which file is needed to start the controller, that is
> done by MatchRoutes. jframework has strict routes, meaning that request *
> do/something* will be mapped to *control/do/something.php* which might
> not be convenient for some, many frameworks have the concept of routes,
> allowing the developer to map between requests and controllers
> Now that we have the controller file, we need to know what the controller
> class is called, so that we can instantiate it and call its start method!
> Thats why we run GetClasses and see whcih class in there is an instance of
> base controller, then instantiate and call it.
> 3.
> It's called a catch controller, in _japp/model/base/control/catch.php
> -Abbas
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
> On Sep 8, 2013, at 2:19 AM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
> Hello,
> *1) The default controller class inside framework/control/default.php*
> I cannot understand why the Handle method contains code to scan itself.
> *2) The front controller inside framework/_core/front.php*
> In this file as I understand, first the method "MatchRoutes" will run and
> depending on the route, it will load the controller file. So lets suppose
> that it loads framework/control/default.php
> After this, the "StartController" function will run. In this function, I
> see that first the "GetClasses" method is run on
> "framework/control/default.php" which finds classes inside this file.
> However seeing the contents of this file, I cannot find any class names.
> So, how is this working ??
> Also my perception was first that after "MatchRoutes", we get the
> controller. But then again in "StartController" I see that after getting
> class names, it again searches for the appropriate controller.
> So, what is the difference between finding controller in "MatchRoutes" and
> finding controller in "StartController"
> *3) Also can you please tell me the default controller location in
> jFramework ??*
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>  _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130908/2e9b0ab5/attachment-0001.html>

More information about the OWASP_PHP_Security_Project mailing list