[OWASP_PHPSEC] Default Controller and Front Controller

Abbas Naderi abiusx at owasp.org
Sun Sep 8 14:17:11 UTC 2013


1. just for test
2. there are class names!
class DefaultController extends phpsec\framework\DefaultController

-A
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Sep 8, 2013, at 10:13 AM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> 1) What you described, about Handle being abstract, that is another file. That file is under framework/_core/base/control.php
> I am talking about another file, framework/control/default.php, which is a subclass of the above file and has defined the Handle method. So my question was that in that Handle method, the definition is running the scanner class to scan itself. I cannot understand why it is doing that ?
> 
> 2) I will better understand with an example. So lets say that MatchRoutes matches the wildcard "*". Now that means that the controller selected is the "default" controller, and it is the same file as above - framework/control/default.php. Now in this file, I cannot see any class names, so what will the "GetClasses" method will find in this class ??
> 
> After this I know. Once the classes will be found, appropriate controllers are fetched and loaded and the start method is called. I just have doubt on the "default" controller because it does not contains any class names.
> 
> 
> On Sun, Sep 8, 2013 at 9:52 AM, Abbas Naderi <abiusx at owasp.org> wrote:
> Hey Rahul,
> 1.
> What do you mean?
> Default controller (aka catch controller) is meant to catch a bunch of requests, not just one. That is why the Start method is overridden and the Handle method is abstract, which also gets the part of the requests that is mapped to the controller.
> 
> Whatever an app puts in the controller code, is application specific and everything we did already is just for demonstration and testing.
> 
> 2. 
> We first need to see which file is needed to start the controller, that is done by MatchRoutes. jframework has strict routes, meaning that request do/something will be mapped to control/do/something.php which might not be convenient for some, many frameworks have the concept of routes, allowing the developer to map between requests and controllers
> 
> Now that we have the controller file, we need to know what the controller class is called, so that we can instantiate it and call its start method! Thats why we run GetClasses and see whcih class in there is an instance of base controller, then instantiate and call it.
> 
> 3. 
> It's called a catch controller, in _japp/model/base/control/catch.php
> 
> -Abbas
> ______________________________________________________________
> Notice: This message is digitally signed, its source and integrity are verifiable.
> If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
> 
> On Sep 8, 2013, at 2:19 AM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> 
>> Hello,
>> 
>> 1) The default controller class inside framework/control/default.php
>> I cannot understand why the Handle method contains code to scan itself.
>> 
>> 2) The front controller inside framework/_core/front.php
>> In this file as I understand, first the method "MatchRoutes" will run and depending on the route, it will load the controller file. So lets suppose that it loads framework/control/default.php
>> 
>> After this, the "StartController" function will run. In this function, I see that first the "GetClasses" method is run on "framework/control/default.php" which finds classes inside this file. However seeing the contents of this file, I cannot find any class names. So, how is this working ??
>> 
>> Also my perception was first that after "MatchRoutes", we get the controller. But then again in "StartController" I see that after getting class names, it again searches for the appropriate controller.
>> 
>> So, what is the difference between finding controller in "MatchRoutes" and finding controller in "StartController"
>> 
>> 
>> 3) Also can you please tell me the default controller location in jFramework ??
>> 
>> -- 
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>> _______________________________________________
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> 
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130908/1b5120d4/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list