StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POfilter methods in a controller
primarykey
Id
9797633
data
AcceptedAnswerId
0
AnswerCount
4
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2012-03-21T01:56:19.697
FavoriteCount
0
LastActivityDate
2014-02-28T01:24:21.297
LastEditDate
2012-03-22T02:40:22.850
LastEditorUserId
860947
OwnerUserId
860947
ParentId
0
PostTypeId
1
Score
2
ViewCount
713
LastEditorDisplayName
text
Body
I want to create a filter for my add, update, and delete actions in my controllers to automatically check if they <ol> <li>were called in a POST, as opposed to GET or some other method</li> <li>and have the pageInstanceIDs which I set in the forms on my views <ul> <li>protects against xss</li> <li>protects against double submission of a form <ul> <li>from submit button double click</li> <li>from back button pressed after a submision</li> <li>from a url being saved or bookmarked </li> </ul></li> </ul></li> </ol> Currently I extended \lithium\action\Controller using an AppController and have my add, update, and delete actions defined in there. I also have a boolean function in my AppController that checks if the appropriate pageInstanceIDs are in session or not. Below is my code: <pre><code>public function isNotPostBack() { // pull in the session $pageInstanceIDs = Session::read('pageInstanceIDs'); $pageInstanceID = uniqid('', true); $this->set(compact('pageInstanceID')); $pageInstanceIDs[] = $pageInstanceID; Session::write('pageInstanceIDs', $pageInstanceIDs); // checks if this is a save operation if ($this->request->data){ $pageInstanceIDs = Session::read('pageInstanceIDs'); $pageIDIndex = array_search($this->request->data['pageInstanceID'], $pageInstanceIDs); if ($pageIDIndex !== false) { // remove the key unset($pageInstanceIDs[$pageIDIndex]); Session::write('pageInstanceIDs', $pageInstanceIDs); return true; } else return false; } else { return true; } } public function add() { if (!$this->request->is('post') && exist($this->request->data())) { $msg = "Add can only be called with http:post."; throw new DispatchException($msg); } } </code></pre> Then in my controllers I inherit from AppController and implement the action like so: <pre><code>public function add() { parent::add(); if (parent::isNotPostBack()){ //do work } return $this->render(array('layout' => false)); } </code></pre> which will ensure that the form used a POST and was not double submitted (back button or click happy users). This also helps protect against XSS. I'm aware there is a plugin for this, but I want to implement this as a filter so that my controller methods are cleaner. Implented this way, the only code in my actions are the //do work portion and the return statement.
Tags
<php><aop><lithium>
Title
filter methods in a controller
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USton.yeung
UserOwnerUserId
1. USton.yeung
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POfilter methods in a controller
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COI think you forgot the question...
 singulars
 PostPostId
 POfilter methods in a controller
 UserUserId
 USjeroen
2. CO@jeroen The question is in the first sentence, i guess its more of a statement of desire? I want to know how to create a filter on controller methods.
 singulars
 PostPostId
 POfilter methods in a controller
 UserUserId
 USton.yeung

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.