Class HttpViewController
Class HttpViewController
This class contains some helper methods for handling view requests. Be careful always when outputting raw user data to HTML or when handling POST requests because insufficient protection will lead to XSS and CSRF vulnerabilities.
- HttpViewController implements HttpViewControllerInterface
Direct known subclasses
AdminHttpViewController
,
CartController
,
FilterController
,
ImageRequestController
,
JsConfigurationController
,
JsTranslationsController
,
LiveSearchController
,
PayPalController
,
ProductQuestionController
,
SharedShoppingCartConfigurationController
,
SharedShoppingCartController
,
StyleEdit3AuthenticationController
,
CartDropdownController
,
WishListController
,
CartShippingCostsController
,
CheckQuantityController
,
CheckStatusController
,
CookieBarController
,
CreateGuestController
,
CreateRegistreeController
,
ExtraContentController
Indirect known subclasses
AbstractModuleCenterModuleController
,
AdminFavoritesAjaxController
,
EmailsController
,
EmbeddedModuleController
,
FindologicModuleCenterModuleController
,
GoogleAdwordConversionModuleCenterModuleController
,
HeidelpayModuleCenterModuleController
,
HermesModuleCenterModuleController
,
IloxxModuleCenterModuleController
,
ImageProcessingController
,
IntrashipModuleCenterModuleController
,
InvoicesModalsAjaxController
,
AdminInfoBoxAjaxController
,
InvoicesOverviewAjaxController
,
InvoicesOverviewController
,
ItRechtModuleCenterModuleController
,
JanolawModuleCenterModuleController
,
KlarnaModuleCenterModuleController
,
LawsController
,
LettrModuleCenterModuleController
,
MagnalisterModuleCenterModuleController
,
MailbeezModuleCenterModuleController
,
MaxFileSizeController
,
AfterbuyAjaxController
,
MediafinanzModuleCenterModuleController
,
ModuleCenterController
,
NewAttributesController
,
NewsletterLinkModuleCenterModuleController
,
OldOrderOverviewModuleCenterModuleController
,
OrdersModalsAjaxController
,
OrdersOverviewAjaxController
,
OrdersOverviewController
,
OrderTooltipController
,
PackedDownloadController
,
AfterbuyModuleCenterModuleController
,
PayOneModuleCenterModuleController
,
PayPalConfigurationController
,
PaypalNGModuleCenterModuleController
,
PostfinderModuleCenterModuleController
,
ProductAttributesModuleCenterModuleController
,
ProtectedShopsModuleCenterModuleController
,
SessionTimeoutAjaxController
,
SharedShoppingCartModuleCenterModuleController
,
ShipcloudController
,
ShipcloudModuleCenterModuleController
,
AmazonAdvPaymentsModuleCenterModuleController
,
ShopKeyController
,
SlidersDetailsAjaxController
,
SlidersDetailsController
,
SlidersOverviewAjaxController
,
SlidersOverviewController
,
TemplateConfigurationController
,
TrustedShopsModuleCenterModuleController
,
UserConfigurationController
,
YategoModuleCenterModuleController
,
YoochooseModuleCenterModuleController
,
BrickfoxModuleCenterModuleController
,
DashboardController
,
DynamicShopMessagesController
,
EkomiModuleCenterModuleController
Category: System
Link: http://en.wikipedia.org/wiki/Cross-site_scripting
Link: http://en.wikipedia.org/wiki/Cross-site_request_forgery
Implements: HttpViewControllerInterface
Located at Services/System/Http/HttpViewController.inc.php
Methods summary
public
|
#
__construct(
|
public
|
#
proceed(
Processes a http response object which is get by invoking an action method. The action method is determined by the http context reader instance and the current request context. Re-implement this method in child classes to enable XSS and CSRF protection on demand. |
public
|
#
actionDefault( )
Default action method. Every controller child class requires at least the default action method, which is invoked when the ::_getQueryParameterData('do') value is not separated by a trailing slash. |
protected
|
|
protected
string
|
|
protected
|
#
_getQueryParametersCollection( )
Creates and returns a key value collection which represent the global $_GET array. |
protected
|
#
_getPostDataCollection( )
Creates and returns a key value collection which represent the global $_POST array. |
protected
mixed|null
|
#
_getQueryParameter( string $keyName )
Returns the expected $_GET value by the given key name. This method is the object oriented layer for $_GET[$keyName]. |
protected
string|null
|
#
_getPostData( string $keyName )
Returns the expected $_POST value by the given key name. This method is the object oriented layer for $_POST[$keyName]. |
protected
|
#
_validatePageToken( string $customExceptionMessage = null )
Check if the $_POST['pageToken'] or $_GET['pageToken'] variable is provided and if it's valid. |
Properties summary
protected
|
$httpContextReader
|
|
protected
|
$httpResponseProcessor
|
|
protected
|
$contentView
|
|
protected
array
|
$queryParametersArray
|
|
protected
array
|
$postDataArray
|
|
protected
|
$assets
Contain the assets needed to be included in the view HTML. |