发表新帖
发表新帖

how to build a good router for php mvc

前端 未结
关注
4 1404
灰色年华
灰色年华 2021-02-03 14:55

I\'m experimenting with php mvc and I\'m stucked with the following issue. My request and router classes are really simple and I would like to extend theme to can handle contro

相关标签:
4条回答
  • 天涯浪人
    2021-02-03 15:38

    Since your Request class uses a URI segments approach for identifying controller, action and arguments, global variables such as $_GET or $_REQUEST are not taken into account from within your Request.

    What you need to do is to make some additions to your Request code. Specifically:

    Remove the line:

    $this->_args = (isset($parts[0])) ? $parts : array();

    And add the following:

    $all_parts = (isset($parts[0])) ? $parts : array();
$all_parts['get'] = $_GET;
$this->_args = $all_parts;

    This way, $_GET (ie variables passed via the url) variables will be available in the actions called, as they will be in $args (they will be available as $args['get'] actually, which is the array that holds the $_GET vars, so you will be able to have access to domain=example by using $args['get']['domain']).

    Ofcourse, you can add one more method in your Request class (e.g. query) that might look like that:

    public function query($var = null)
{
    if ($var === null)
    {
        return $_GET;
    }
    if ( ! isset($_GET[$var]) )
    {
        return FALSE;
    }
    return $_GET[$var];
}

    This way, you can get a single variable from the url (e.g. $request->query('domain')) or the whole $_GET array ($request->query()).

    0 讨论(0)
  • 孤街浪徒
    2021-02-03 15:39

    Choose any popular MVC to see how they implement it under the hood. In addition, spl_autoload_register and namespace are your friends.

    0 讨论(0)
  • 小鲜肉
    2021-02-03 15:42

    That's because php will put "?mod_title=..." in the $_GET array automatically. Your getArgs() function should check for $_GET, $_POST or $_REQUEST.

    If you're trying for a minimal MVC approach, have a look at rasmus' example: http://toys.lerdorf.com/archives/38-The-no-framework-PHP-MVC-framework.html

    If your use case is going to get more complex, have a look at how Zend (http://framework.zend.com/manual/en/zend.controller.html) or Symfony (https://github.com/symfony/symfony/tree/master/src/Symfony/Component/Routing) do their stuff.

    0 讨论(0)
  • 花落未央
    2021-02-03 15:52

    Your code contains what is known as an LFI vulnerability and is dangerous in its current state.
    You should whitelist your what can be used as your $controller, as otherwise an attacker could try to specify something using NUL bytes and possibly going up a directory to include files that SHOULD NOT be ever included, such as /etc/passwd, a config file, whatever.

    Your router is not safe for use; beware!

    edit: example on whitelisting

    $safe = array(
    'ajax',
    'somecontroller',
    'foo',
    'bar',
);
if(!in_array($this->_controller, $safe))
{
    throw new Exception(); // replace me with your own error 404 stuff
}
    0 讨论(0)
 看不清?
提交回复
热议问题