控制器中的过滤方法

I want to create a filter for my add, update, and delete actions in my controllers to automatically check if they

were called in a POST, as opposed to GET or some other method
and have the pageInstanceIDs which I set in the forms on my views
- protects against xss
- protects against double submission of a form
  - from submit button double click
  - from back button pressed after a submision
  - from a url being saved or bookmarked

Currently I extended \lithium\action\Controller using an AppController and have my add, update, and delete actions defined in there. I also have a boolean function in my AppController that checks if the appropriate pageInstanceIDs are in session or not.

Below is my code:

public function isNotPostBack() {

    // pull in the session
    $pageInstanceIDs = Session::read('pageInstanceIDs');
    $pageInstanceID = uniqid('', true);
    $this->set(compact('pageInstanceID'));
    $pageInstanceIDs[] = $pageInstanceID;
    Session::write('pageInstanceIDs', $pageInstanceIDs);

    // checks if this is a save operation
    if ($this->request->data){

        $pageInstanceIDs = Session::read('pageInstanceIDs');
        $pageIDIndex = array_search($this->request->data['pageInstanceID'], $pageInstanceIDs);

        if ($pageIDIndex !== false) {
            // remove the key
            unset($pageInstanceIDs[$pageIDIndex]);
            Session::write('pageInstanceIDs', $pageInstanceIDs);

            return true;

        }
        else
            return false;

    } else {
        return true;
    }

}

public function add() {
    if (!$this->request->is('post') && exist($this->request->data())) {
        $msg = "Add can only be called with http:post.";
        throw new DispatchException($msg);
    }

}

Then in my controllers I inherit from AppController and implement the action like so:

public function add() {
    parent::add();
    if (parent::isNotPostBack()){
        //do work

    }
    return $this->render(array('layout' => false));

}

which will ensure that the form used a POST and was not double submitted (back button or click happy users). This also helps protect against XSS.

I'm aware there is a plugin for this, but I want to implement this as a filter so that my controller methods are cleaner. Implented this way, the only code in my actions are the //do work portion and the return statement.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

4条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dtjpnd7517 2012-03-21 02:21
关注
You should probably start with a filter on lithium\action\Dispatcher::run() here is some pseudo code. Can't help too much without seeing your parent::isNotPostBack() method but this should get you on the right track.

<?php use lithium\action\Dispatcher; Dispatcher::applyFilter('run', function($self, $params, $chain) { $request = $params['request']; // Request method is in $request->method // Post data is in $request->data if($not_your_conditions) { return new Response(); // set up your custom response } return $chain->next($self, $params, $chain); // to continue on the path of execution });
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

Symfony基本控制器与前后过滤器 php symfony
2018-06-01 19:28

回答 1 已采纳 Before and After should better then BaseController model, here is why: suppose, you write 10 Cont
springboot中过滤器执行顺序 gateway java spring
2022-08-11 23:34

回答 9 已采纳你说的WebFilter是指实现了原生servlet filter的过滤器吗？如果是的话，应该是没办法。请求的执行过程，应该是先经过servlet容器中的filter，然后是spring的servle
PHP多维数组过滤器 php
2018-01-29 00:25

回答 1 已采纳 Try this: array_filter( $unique, // Array to filter function($elem){ // Closure p
PHP的Yii框架中过滤器相关的使用总结
2020-12-19 16:11

无论哪种过滤器，都必须在控制器中重写控制器的public function filters()方法，设置哪个过滤器对哪个动作起作用。基于方法的过滤器编写基于方法的过滤器，要经过三步：在控制器中编写动作（Act
在php中过滤数组中的特定列 php
2017-08-07 09:13

回答 3 已采纳 You need to flip the arguments to strpos(): if (strpos($event['categories'], 'meeting') === fals
javaweb 中过滤器的问题？ java 后端
2021-08-29 03:38

回答 1 已采纳一般不用，不过要注意执行顺序的问题
PHP Codeigniter高级搜索过滤器 mysql php sql
2017-05-23 11:29

回答 1 已采纳 Try this if (!empty($location)) { $this->db->group_start(); foreach ($l
thinkPHP框架实现类似java过滤器的简单方法示例
2020-12-20 06:25

写java web代码的时候，可以定义过滤器，对控制器进行过滤，可以实现权限验证等等在thinkphp中也可以通过继承父类的方法，实现类似的需求父类代码 <?php /** * Created by PhpStorm. * User: xieyicheng * ...
PHP中的数组过滤 php
2014-06-29 23:43

回答 1 已采纳 Try array_diff() Compares array1 against one or more other arrays and returns the values in ar
java中拦截器和过滤器的应用场景 java
2022-06-20 09:43

回答 3 已采纳 https://blog.csdn.net/liu59412/article/details/122208904https://cloud.tencent.com/developer/article/
如何在Laravel中向控制器添加过滤器参数？ laravel php
2012-11-02 01:32

回答 1 已采纳 For anyone else, it's quite simple.. Controller $this->filter('before','test',array('value'))
php获取控制器名字,thinkphp获取所有控制器的名称和方法
2021-04-12 23:48

穆迪老师的博客我们知道获取当前控制器的名称和方便在thinkphp中提高相应的函数，tp5中：$c = request()->...先说一下我的应用场景，我的mobadmin项目中RBAC权限中对于节点的管理，就需要获取所有的控制器和方法...
在PHP中过滤字符串 php
2016-05-15 15:43

回答 2 已采纳 find images value and explode it to receive array $str = '[vc_gallery type="flexslider_fade" inte
java 什么是过滤器_java中的过滤器是什么
2021-02-27 22:05

知乎圈子的博客 java中的过滤器是指：在java中起到过滤作用的一个方法，它可以降低代码的冗余程度。过滤器的分类：1、用户授权的filter；2、给予过滤判断日志的filter；3、记录轨迹负责解码的filter。java过滤器，顾名思义，就是在...
Django 模板HTML中变量过滤器标签的使用方法
2018-08-15 09:45

IT界的小小小学生的博客 5.django中30个内建的过滤器 (1)add 使用形式为：{{ value | add: “2”}} 意义：将value的值增加2 (2)addslashes 使用形式为：{{ value | addslashes }} 意义：在value中的引号前增加反斜线 ...
没有解决我的问题, 去提问

悬赏问题

¥15 DIFY API Endpoint 问题。
¥20 sub地址DHCP问题
¥15 delta降尺度计算的一些细节，有偿
¥15 Arduino红外遥控代码有问题
¥15 数值计算离散正交多项式
¥30 数值计算均差系数编程
¥15 redis-full-check比较两个集群的数据出错
¥15 Matlab编程问题
¥15 训练的多模态特征融合模型准确度很低怎么办
¥15 kylin启动报错log4j类冲突

控制器中的过滤方法

4条回答 默认 最新

悬赏问题

4条回答默认最新