+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Prohibit access to get_instance() from a view (/showthread.php?tid=69425)
Pages:
1
2
RE: Prohibit access to get_instance() from a view - rolf - 11-21-2017
(11-21-2017, 10:20 AM)Narf Wrote:(11-21-2017, 09:36 AM)rolf Wrote:(11-21-2017, 03:00 AM)Narf Wrote: Not possible.
I agree. Even when creating an extension for get_instance(), it's still not possible to determine whether a call was being made from the view or from the controller.
It is possible to detect where the call originated from. You can't make an extension of get_instance().
So, how would you do this?
RE: Prohibit access to get_instance() from a view - dave friend - 11-21-2017
Narf will know better and correct me if I am wrong. But get_instance() returns the controller's instance which, in the context of a "view" is also known as $this. That's a bit hard to turn off. I imagine the abstraction provided by twig or other template system might obscure that fact. Still, a savvy developer will likely know it, or figure it out if the decide "I really need that".
RE: Prohibit access to get_instance() from a view - rolf - 11-21-2017
I tried to find a solution to see where the call made to get_instance() originated from, but there doesn't seem to be any difference between a call made from the view or from the controller belonging to that view, as least not in the available set of variables/settings that's available in get_instance().
RE: Prohibit access to get_instance() from a view - ivantcholakov - 11-21-2017
There are things to be considered: get_instace() might be used within (custom or not) helper functions that are to be used within a view. Also, some people use HMVC.
If somehow you trace the stack, then you will need to find the actual file, then check whether it is under a folder named 'views', or a subfolder of 'views' and then block get_instance() on such a condition. Such a detection (if possible) would be tricky, unreliable and slow.
Better stick to Twig since you adopted it and know how to use it. It has enabled by default html escaping, this is even more important than the problem you have pointed.
In production systems enable the caching feature of Twig (cached files contain PHP code, actually). I observed that caching reduced memory consumption a lot. See the attached picture.
RE: Prohibit access to get_instance() from a view - Narf - 11-22-2017
(11-21-2017, 11:51 AM)rolf Wrote:(11-21-2017, 10:20 AM)Narf Wrote:(11-21-2017, 09:36 AM)rolf Wrote:(11-21-2017, 03:00 AM)Narf Wrote: Not possible.
I agree. Even when creating an extension for get_instance(), it's still not possible to determine whether a call was being made from the view or from the controller.
It is possible to detect where the call originated from. You can't make an extension of get_instance().
So, how would you do this?
Do what? As I already said, it's impossible to forbid get_instance() calls, in any context.
RE: Prohibit access to get_instance() from a view - rolf - 11-22-2017
(11-21-2017, 01:12 PM)ivantcholakov Wrote: There are things to be considered: get_instace() might be used within (custom or not) helper functions that are to be used within a view. Also, some people use HMVC.
If somehow you trace the stack, then you will need to find the actual file, then check whether it is under a folder named 'views', or a subfolder of 'views' and then block get_instance() on such a condition. Such a detection (if possible) would be tricky, unreliable and slow.
Better stick to Twig since you adopted it and know how to use it. It has enabled by default html escaping, this is even more important than the problem you have pointed.
In production systems enable the caching feature of Twig (cached files contain PHP code, actually). I observed that caching reduced memory consumption a lot. See the attached picture.
Hi ivantcholakov, thanks for taking the time to reply
RE: Prohibit access to get_instance() from a view - rolf - 11-22-2017
(11-22-2017, 04:31 AM)Narf Wrote:(11-21-2017, 11:51 AM)rolf Wrote:(11-21-2017, 10:20 AM)Narf Wrote:(11-21-2017, 09:36 AM)rolf Wrote:(11-21-2017, 03:00 AM)Narf Wrote: Not possible.
I agree. Even when creating an extension for get_instance(), it's still not possible to determine whether a call was being made from the view or from the controller.
It is possible to detect where the call originated from. You can't make an extension of get_instance().
So, how would you do this?
Do what? As I already said, it's impossible to forbid get_instance() calls, in any context.
You said two things, of which only would be possible according to you. So of course I'm referring to what you said "It is possible to detect where the call originated from." Because I don't see how to easily make a distinction in between calls originating from the view and from the controller.
However, I've decided to continue with Twig, as this seems to work fine for me. The only disadvantage is the need to update over 200 different pages.
RE: Prohibit access to get_instance() from a view - Narf - 11-22-2017
(11-22-2017, 05:40 AM)rolf Wrote:(11-22-2017, 04:31 AM)Narf Wrote:(11-21-2017, 11:51 AM)rolf Wrote:(11-21-2017, 10:20 AM)Narf Wrote: It is possible to detect where the call originated from. You can't make an extension of get_instance().
So, how would you do this?
Do what? As I already said, it's impossible to forbid get_instance() calls, in any context.
You said two things, of which only would be possible according to you. So of course I'm referring to what you said "It is possible to detect where the call originated from." Because I don't see how to easily make a distinction in between calls originating from the view and from the controller.
However, I've decided to continue with Twig, as this seems to work fine for me. The only disadvantage is the need to update over 200 different pages.
Sorry, I'm way too used to people ignoring my previous comments.
https://secure.php.net/debug_backtrace