API Documentation
Back to top  

HttpViewController

Implements \HttpViewControllerInterface

Class HttpViewController

This class contains some helper methods for handling view requests. Be careful always when outputting raw user data to HTML or when handling POST requests because insufficient protection will lead to XSS and CSRF vulnerabilities.

link

http://en.wikipedia.org/wiki/Cross-site_scripting
link

http://en.wikipedia.org/wiki/Cross-site_request_forgery
category

System
package

Http
implements

HttpViewControllerInterface

Methods

__construct

__construct(\HttpContextReaderInterface $httpContextReader, \HttpResponseProcessorInterface $httpResponseProcessor, \ContentViewInterface $defaultContentView)

Arguments

$httpContextReader

\HttpContextReaderInterface

$httpResponseProcessor

\HttpResponseProcessorInterface

$defaultContentView

\ContentViewInterface

Invokes an action method by the given action name.

_callActionMethod(string $actionName) : \HttpControllerResponseInterface
Throws
\LogicException

If no action method of the given name exists.

Arguments

$actionName

string

Name of action method to call, without 'action'-Suffix.

Response

\HttpControllerResponseInterface

Response message.

Returns the expected $_POST value by the given key name.

_getPostData(string $keyName) : string|null

This method is the object oriented layer for $_POST[$keyName].

Arguments

$keyName

string

Expected key of post parameter.

Response

string|null

Either the expected value or null, of not found.

Creates and returns a key value collection which represent the global $_POST array.

_getPostDataCollection() : \KeyValueCollection

Response

\KeyValueCollection

Returns the expected $_GET value by the given key name.

_getQueryParameter(string $keyName) : mixed|null

This method is the object oriented layer for $_GET[$keyName].

Arguments

$keyName

string

Expected key of query parameter.

Response

mixed|null

Either the expected value or null, of not found.

Creates and returns a key value collection which represent the global $_GET array.

_getQueryParametersCollection() : \KeyValueCollection

Response

\KeyValueCollection

Returns the expected $_SERVER value by the given key name.

_getServerData(string $keyName) : string|null

This method is the object oriented layer for $_SERVER[$keyName].

Arguments

$keyName

string

Expected key of server parameter.

Response

string|null

Either the expected value or null, of not found.

Renders and returns a template file.

_render(string $templateFile, array $contentArray) : string

Arguments

$templateFile

string

Template file to render.

$contentArray

array

Content array which represent the variables of the template.

Response

string

Rendered template.

Check if the $_POST['pageToken'] or $_GET['pageToken'] variable is provided and if it's valid.

_validatePageToken(string $customExceptionMessage = null)

Example: public function proceed(HttpContextInterface $httpContext) { parent::proceed($httpContext); // proceed http context from parent class if($_SERVER['REQUEST_METHOD'] === 'POST') { $this->_validatePageToken(); // CSRF Protection } }

Throws
\Exception

If the validation fails.

Arguments

$customExceptionMessage

string

(optional) You can specify a custom exception message.

Default action method.

actionDefault() : \HttpControllerResponseInterface

Every controller child class requires at least the default action method, which is invoked when the ::_getQueryParameterData('do') value is not separated by a trailing slash.

Every action method have to return an instance which implements the http controller response interface.

Response

\HttpControllerResponseInterface

Searches the GXModules directory and admin/html directory for a template file, wich can be useed inside the AdminLayoutHttpControllerResponse object for the template parameter.

getTemplateFile(string $templateFile) : \ExistingFile
Throws
\Exception

if the path or file is not found

Arguments

$templateFile

string

The relative path and filename to search for

Response

\ExistingFile

containing absolute file path to the given template file

Processes a http response object which is get by invoking an action method.

proceed(\HttpContextInterface $httpContext)

The action method is determined by the http context reader instance and the current request context. Re-implement this method in child classes to enable XSS and CSRF protection on demand.

see \HttpContextReaderInterface::getActionName \HttpResponseProcessorInterface::proceed
Throws
\LogicException

When no action method is found by the http context reader.

Arguments

$httpContext

\HttpContextInterface

Http context object which hold the request variables.

Properties

httpContextReader

httpContextReader : \HttpContextReaderInterface
var

Type(s)

\HttpContextReaderInterface

httpResponseProcessor

httpResponseProcessor : \HttpResponseProcessorInterface
var

Type(s)

\HttpResponseProcessorInterface

contentView

contentView : \ContentViewInterface
var

Type(s)

\ContentViewInterface

queryParametersArray

queryParametersArray : array
var

Type(s)

array

postDataArray

postDataArray : array
var

Type(s)

array

Contain the assets needed to be included in the view HTML.

assets : \AssetCollectionInterface
var

Contain the assets needed to be included in the view HTML.

Type(s)

\AssetCollectionInterface

Server data.

serverDataArray : array
var

Server data.

Type(s)

array