CodeIgniter Forums

Full Version: calling controller constructor via url ...
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]druid100[/eluser]
hi,

i just noticed that it is possible to call the constructor of a controller via url.

i.e. if there is is a controller called Users you could navigate to http://localhost/users/User ... and get a blank page.

i assumed calling this should give a page 404 not found.

any thoughts?

cheers.

El Forum

[eluser]Michael Wales[/eluser]
Use PHP5. Smile

In all seriousness, you could always use Routes to direct that URL to the index method of the controller.

El Forum

[eluser]druid100[/eluser]
[quote author="Michael Wales" date="1204751066"]Use PHP5. Smile

In all seriousness, you could always use Routes to direct that URL to the index method of the controller.[/quote]

... i'm pretty sure i do use php5 Big Grin

of course i could add routes for all controllers, but however i assumed ci would disallow calling the controller constructor exernally - it aussume nobody wants his constructors called in such a way. most of the time it should not cause problems but besides a potential bad user experience it may cause problems.

i hoped that there is some kind of config setting to disallow this ... Sad

El Forum

[eluser]Negligence[/eluser]
Use __construct() instead of the class name for the constructor.

El Forum

[eluser]Michael Wales[/eluser]
Quote:Use __construct() instead of the class name for the constructor.

That's what I was referring to, in using PHP5.

El Forum

[eluser]druid100[/eluser]
that's great guys! Big Grin

El Forum

[eluser]Seppo[/eluser]
I think this may be consider as a bug... I think CI should not allow calling constructors...

Something like this?
Code:
if ( ! class_exists($class)
    OR $method == 'controller'
    OR substr($method, 0, 1) == '_'
    OR in_array($method, get_class_methods('Controller'), TRUE
    OR strtolower($method) == strtolower($class))
    )
{
    show_404("{$class}/{$method}");
}