Class HttpViewController
Class HttpViewController
This class contains some helper methods for handling view requests. Be careful always when outputting raw user data to HTML or when handling POST requests because insufficient protection will lead to XSS and CSRF vulnerabilities.
- HttpViewController implements HttpViewControllerInterface
Direct known subclasses
AdminHttpViewController,
CartController,
FilterController,
ImageRequestController,
JsConfigurationController,
JsTranslationsController,
LiveSearchController,
ParcelshopfinderController,
PayPalController,
ProductMediaContentController,
ProductQuestionController,
SharedShoppingCartConfigurationController,
CartDropdownController,
SharedShoppingCartController,
ShipcloudWebhookController,
StyleEdit3AuthenticationController,
WishListController,
ZonesController,
CartShippingCostsController,
CheckQuantityController,
CheckStatusController,
CookieBarController,
CreateGuestController,
CreateRegistreeController,
ExtraContentController
Indirect known subclasses
AbstractModuleCenterModuleController,
AdminAccessAjaxController,
ContentManagerElementsAjaxController,
ContentManagerElementsController,
ContentManagerPagesAjaxController,
ContentManagerPagesController,
ContentManagerProductContentsAjaxController,
ContentManagerProductContentsController,
CustomerGroupAjaxController,
CustomerGroupController,
CustomerLoginController,
DashboardController,
AdminAccessController,
DynamicShopMessagesController,
EkomiModuleCenterModuleController,
EmailsController,
EmbeddedModuleController,
FileManagerController,
FindologicModuleCenterModuleController,
GeschaeftskundenversandController,
GeschaeftskundenversandModuleCenterModuleController,
GoogleAdwordConversionModuleCenterModuleController,
GXModuleCenterModuleButtonActionsAjaxController,
AdminFavoritesAjaxController,
GXModuleCenterModuleController,
HeidelpayModuleCenterModuleController,
HermesModuleCenterModuleController,
IloxxModuleCenterModuleController,
ImageProcessingController,
IntrashipModuleCenterModuleController,
InvoicesModalsAjaxController,
InvoicesOverviewAjaxController,
InvoicesOverviewController,
ItRechtModuleCenterModuleController,
AdminInfoBoxAjaxController,
JanolawModuleCenterModuleController,
JSWidgetsAjaxController,
LawsController,
LettrModuleCenterModuleController,
MagnalisterModuleCenterModuleController,
MailbeezModuleCenterModuleController,
ManufacturerAjaxController,
ManufacturerController,
MaxFileSizeController,
MediafinanzModuleCenterModuleController,
AfterbuyAjaxController,
ModuleCenterController,
NewAttributesController,
NewsletterLinkModuleCenterModuleController,
OrdersModalsAjaxController,
OrdersOverviewAjaxController,
OrdersOverviewController,
OrderStatusAjaxController,
OrderTooltipController,
PackedDownloadController,
ParcelshopfinderModuleCenterModuleController,
AfterbuyModuleCenterModuleController,
PayOneModuleCenterModuleController,
PayPalConfigurationController,
PersonalDataController,
PostfinderModuleCenterModuleController,
ProductAttributesModuleCenterModuleController,
ProtectedShopsModuleCenterModuleController,
QuantityUnitAjaxController,
QuantityUnitController,
QuickEditOverviewAjaxController,
QuickEditOverviewController,
AmazonPayConfigurationController,
QuickEditProductPropertiesAjaxController,
QuickEditSpecialPricesAjaxController,
ResponsiveFilemanagerController,
ResponsiveFileManagerModuleCenterModuleController,
SessionTimeoutAjaxController,
SharedShoppingCartModuleCenterModuleController,
ShipcloudController,
ShipcloudModuleCenterModuleController,
ShippingPaymentMatrixAjaxController,
ShopKeyController,
BrickfoxModuleCenterModuleController,
SlidersDetailsAjaxController,
SlidersDetailsController,
SlidersOverviewAjaxController,
SlidersOverviewController,
StaticSeoUrlAjaxController,
StaticSeoUrlController,
TemplateConfigurationController,
TrustedShopsModuleCenterModuleController,
UserConfigurationController,
VersionInfoController,
CatalogSelectWidgetAjaxController,
VPEAjaxController,
VPEController,
YategoModuleCenterModuleController,
YoochooseModuleCenterModuleController
Category: System
Link: http://en.wikipedia.org/wiki/Cross-site_scripting
Link: http://en.wikipedia.org/wiki/Cross-site_request_forgery
Implements: HttpViewControllerInterface
Located at Services/System/Http/HttpViewController.inc.php
Methods summary
public
__construct( HttpContextReaderInterface $httpContextReader, HttpResponseProcessorInterface $httpResponseProcessor, ContentViewInterface $defaultContentView )
public
proceed( HttpContextInterface $httpContext )
Processes a http response object which is get by invoking an action method. The action method is determined by the http context reader instance and the current request context. Re-implement this method in child classes to enable XSS and CSRF protection on demand.
public
actionDefault( void )
: HttpControllerResponseInterface
Default action method. Every controller child class requires at least the default action method, which is invoked when the ::_getQueryParameterData('do') value is not separated by a trailing slash.
protected
_callActionMethod( string $actionName )
: HttpControllerResponseInterface
Invokes an action method by the given action name.
protected
_render( string $templateFile, array $contentArray )
: string
Renders and returns a template file.
protected
_getQueryParametersCollection( void )
: KeyValueCollection
Creates and returns a key value collection which represent the global $_GET array.
protected
_getPostDataCollection( void )
: KeyValueCollection
Creates and returns a key value collection which represent the global $_POST array.
protected
_getQueryParameter( string $keyName )
: mixed|null
Returns the expected $_GET value by the given key name. This method is the object oriented layer for $_GET[$keyName].
protected
_getPostData( string $keyName )
: string|null
Returns the expected $_POST value by the given key name. This method is the object oriented layer for $_POST[$keyName].
protected
_getServerData( string $keyName )
: string|null
Returns the expected $_SERVER value by the given key name. This method is the object oriented layer for $_SERVER[$keyName].
protected
_validatePageToken( string $customExceptionMessage = null )
Check if the $_POST['pageToken'] or $_GET['pageToken'] variable is provided and if it's valid.
protected
getTemplateFile( string $templateFile )
: ExistingFile
Searches the GXModules directory and admin/html directory for a template file, wich can be useed inside the AdminLayoutHttpControllerResponse object for the template parameter.
Properties summary
protected
$assets
: AssetCollectionInterface
Contain the assets needed to be included in the view HTML.