Class HttpViewController

This class contains some helper methods for handling view requests. Be careful always when outputting raw user data to HTML or when handling POST requests because insufficient protection will lead to XSS and CSRF vulnerabilities.

HttpViewController implements HttpViewControllerInterface

Direct known subclasses

AdminHttpViewController

Package: Http
Category: System
Link: http://en.wikipedia.org/wiki/Cross-site_scripting
Link: http://en.wikipedia.org/wiki/Cross-site_request_forgery
Implements: HttpViewControllerInterface
Located at SystemServices/Http/HttpViewController.inc.php

Methods summary

`public`	# `__construct( HttpContextReaderInterface $httpContextReader, HttpResponseProcessorInterface $httpResponseProcessor, ContentViewInterface $defaultContentView )` Parameters `$httpContextReader` `$httpResponseProcessor` `$defaultContentView`
`public`	# `proceed( HttpContextInterface $httpContext )` Processes a http response object which is get by invoking an action method. The action method is determined by the http context reader instance and the current request context. Re-implement this method in child classes to enable XSS and CSRF protection on demand. Processes a http response object which is get by invoking an action method. The action method is determined by the http context reader instance and the current request context. Re-implement this method in child classes to enable XSS and CSRF protection on demand. Parameters `$httpContext` Http context object which hold the request variables. Throws LogicException When no action method is found by the http context reader. See `HttpResponseProcessorInterface::proceed()` `HttpContextReaderInterface::getActionName()` Implementation of `HttpViewControllerInterface::proceed()`
`public HttpControllerResponseInterface`	# `actionDefault( )` Default action method. Every controller child class requires at least the default action method, which is invoked when the ::_getQueryParameterData('do') value is not separated by a trailing slash. Default action method. Every controller child class requires at least the default action method, which is invoked when the ::_getQueryParameterData('do') value is not separated by a trailing slash. Every action method have to return an instance which implements the http controller response interface. Returns `HttpControllerResponseInterface` Implementation of `HttpViewControllerInterface::actionDefault()`
`protected HttpControllerResponseInterface`	# `_callActionMethod( string $actionName )` Invokes an action method by the given action name. Invokes an action method by the given action name. Parameters `$actionName` Name of action method to call, without 'action'-Suffix. Returns `HttpControllerResponseInterface` Response message. Throws LogicException If no action method of the given name exists.
`protected string`	# `_render( string $templateFile, array $contentArray )` Renders and returns a template file. Renders and returns a template file. Parameters `$templateFile` Template file to render. `$contentArray` Content array which represent the variables of the template. Returns string Rendered template.
`protected KeyValueCollection`	# `_getQueryParametersCollection( )` Creates and returns a key value collection which represent the global $_GET array. Creates and returns a key value collection which represent the global $_GET array. Returns `KeyValueCollection`
`protected KeyValueCollection`	# `_getPostDataCollection( )` Creates and returns a key value collection which represent the global $_POST array. Creates and returns a key value collection which represent the global $_POST array. Returns `KeyValueCollection`
`protected string\|null`	# `_getQueryParameter( string $keyName )` Returns the expected $_GET value by the given key name. This method is the object oriented layer for $_GET[$keyName]. Returns the expected $_GET value by the given key name. This method is the object oriented layer for $_GET[$keyName]. Parameters `$keyName` Expected key of query parameter. Returns string\|null Either the expected value or null, of not found.
`protected string\|null`	# `_getPostData( string $keyName )` Returns the expected $_POST value by the given key name. This method is the object oriented layer for $_POST[$keyName]. Returns the expected $_POST value by the given key name. This method is the object oriented layer for $_POST[$keyName]. Parameters `$keyName` Expected key of post parameter. Returns string\|null Either the expected value or null, of not found.
`protected`	# `_validatePageToken( string $customExceptionMessage = null )` Check if the $_POST['pageToken'] or $_GET['pageToken'] variable is provided and if it's valid. Check if the $_POST['pageToken'] or $_GET['pageToken'] variable is provided and if it's valid. Example: public function proceed(HttpContextInterface $httpContext) { parent::proceed($httpContext); // proceed http context from parent class if($_SERVER['REQUEST_METHOD'] === 'POST') { $this->_validatePageToken(); // CSRF Protection } } Parameters `$customExceptionMessage` (optional) You can specify a custom exception message. Throws Exception If the validation fails.

Properties summary

`protected HttpContextReaderInterface`	`$httpContextReader`	#
`protected HttpResponseProcessorInterface`	`$httpResponseProcessor`	#
`protected ContentViewInterface`	`$contentView`	#
`protected array`	`$queryParametersArray`	#
`protected array`	`$postDataArray`	#
`protected AssetCollectionInterface`	`$assets` Contain the assets needed to be included in the view HTML. Contain the assets needed to be included in the view HTML.	#

Packages

Classes

Class HttpViewController

Direct known subclasses

Methods summary

Parameters

Parameters

Throws

See

Implementation of

Returns

Implementation of

Parameters

Returns

Throws

Parameters

Returns

Returns

Returns

Parameters

Returns

Parameters

Returns

Parameters

Throws

Properties summary