[OWASP_PHPSEC] Default Controller and Front Controller

rahul chaudhary rahul300chaudhary400 at gmail.com
Sun Sep 8 14:23:37 UTC 2013


Yes yes...I get it now... :) Thanks...


On Sun, Sep 8, 2013 at 10:17 AM, Abbas Naderi <abiusx at owasp.org> wrote:

> 1. just for test
> 2. there are class names!
> class DefaultController extends phpsec\framework\DefaultController
>
> -A
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
> On Sep 8, 2013, at 10:13 AM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
> 1) What you described, about Handle being abstract, that is another file.
> That file is under framework/_core/base/control.php
> I am talking about another file, *framework/control/default.php, *which
> is a subclass of the above file and has defined the Handle method. So my
> question was that in that Handle method, the definition is running the
> scanner class to scan itself. I cannot understand why it is doing that ?
>
> 2) I will better understand with an example. So lets say that MatchRoutes
> matches the wildcard "*". Now that means that the controller selected is
> the "default" controller, and it is the same file as above - *framework/control/default.php.
> *Now in this file, I cannot see any class names, so what will the
> "GetClasses" method will find in this class ??
>
> After this I know. Once the classes will be found, appropriate controllers
> are fetched and loaded and the start method is called. I just have doubt on
> the "default" controller because it does not contains any class names.
>
>
> On Sun, Sep 8, 2013 at 9:52 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>
>> Hey Rahul,
>> 1.
>> What do you mean?
>> Default controller (aka catch controller) is meant to catch a bunch of
>> requests, not just one. That is why the Start method is overridden and the
>> Handle method is abstract, which also gets the part of the requests that is
>> mapped to the controller.
>>
>> Whatever an app puts in the controller code, is application specific and
>> everything we did already is just for demonstration and testing.
>>
>> 2.
>> We first need to see which file is needed to start the controller, that
>> is done by MatchRoutes. jframework has strict routes, meaning that request
>> *do/something* will be mapped to *control/do/something.php* which might
>> not be convenient for some, many frameworks have the concept of routes,
>> allowing the developer to map between requests and controllers
>>
>> Now that we have the controller file, we need to know what the controller
>> class is called, so that we can instantiate it and call its start method!
>> Thats why we run GetClasses and see whcih class in there is an instance of
>> base controller, then instantiate and call it.
>>
>> 3.
>> It's called a catch controller, in _japp/model/base/control/catch.php
>>
>> -Abbas
>>      ______________________________________________________________
>> *Notice:** *This message is *digitally signed*, its *source* and *
>> integrity* are verifiable.
>> If you mail client does not support S/MIME verification, it will display
>> a file (smime.p7s), which includes the X.509 certificate and the signature
>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>> AbiusX.com <http://abiusx.com/>
>>
>> On Sep 8, 2013, at 2:19 AM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>>
>> Hello,
>>
>> *1) The default controller class inside framework/control/default.php*
>> I cannot understand why the Handle method contains code to scan itself.
>>
>> *2) The front controller inside framework/_core/front.php*
>> In this file as I understand, first the method "MatchRoutes" will run and
>> depending on the route, it will load the controller file. So lets suppose
>> that it loads framework/control/default.php
>>
>> After this, the "StartController" function will run. In this function, I
>> see that first the "GetClasses" method is run on
>> "framework/control/default.php" which finds classes inside this file.
>> However seeing the contents of this file, I cannot find any class names.
>> So, how is this working ??
>>
>> Also my perception was first that after "MatchRoutes", we get the
>> controller. But then again in "StartController" I see that after getting
>> class names, it again searches for the appropriate controller.
>>
>> So, what is the difference between finding controller in "MatchRoutes"
>> and finding controller in "StartController"
>>
>>
>> *3) Also can you please tell me the default controller location in
>> jFramework ??*
>>
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>  _______________________________________________
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>
>>
>>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130908/07bcbbc5/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list