Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Is it possible to call functions in libraries and models from the browser?
Is it possible to call functions in libraries and models from the browser?
  • El Forum
    Unregistered
  •  
#1
06-29-2011, 12:59 PM

[eluser]adityamenon[/eluser]
Hi all,

I recently ran into an issue I never considered before. If any of your functions in the controllers are fully dependent on parameters to execute properly, you must set default value as false and check for it when starting the function. Please disregard if you know this already Smile

Code:
class myClass extends CI_Controller{
  //this function relies on parameters
  function myFunction($parameter1)
  {
   $this->load->model('someModel');
   $derivedValue = $this->someModel->getValue($parameter1);
   //and so on....
  }
}

If I call the above in a browser...

http://mySite.com/myClass/myFunction/myParameter

But a malicious user can call

http://mySite.com/myClass/myFunction

Poor CI doesn't get the variable, and complains:
Code:
A PHP Error was encountered

Severity: Warning

Message: Missing argument 1 for Myclass::myFunction()

Filename: controllers/myclass.php

Line Number: 3
------------------------------------------------------------
A Database Error Occurred
Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY `id` asc LIMIT 1' at line 4

SELECT `whatever` FROM (`wherever`) WHERE `whatever` > ORDER BY `whatever` asc LIMIT 1

Filename: /the/full/path/to/your/home/folder/on/theServer.php

Line Number: 62

Waaah! Your personal nightmare, the cracker from hell, just got to know a lot of stuff about your class, about your server, and about your database. Christ!

So, I just learnt that you MUST do this!!!
Code:
class myClass extends CI_Controller{
  //this function relies on parameters
  //so set the default parameter as false
  function myFunction($parameter1 = false)
  {
   //check if the parameter was passed
   if(!$parameter)
     redirect(base_url()); //run to momma
   $this->load->model('someModel');
   $derivedValue = $this->someModel->getValue($parameter1);
   //and so on....
  }
}

If the parameter you need to pass is boolean, just change the default value to 'empty' or something else that works.

And no, __private() functions are not the answer all the time, some functions just HAVE to be public.

Coming to my question... I now know for sure that this is mandatory for all functions in my Controllers, I also feel apprehensive about Helpers so I'm handling that also. What about the functions in my Libraries and Models? I know that this line protects CI internal functions from getting accessed:
Code:
if ( ! defined('BASEPATH')) exit('No direct script access allowed');

So is it superflous to include parameter checking inside Models and Libraries? Or is it better that I take no risk at all?


Messages In This Thread
Is it possible to call functions in libraries and models from the browser? - by El Forum - 06-29-2011, 12:59 PM



Theme © iAndrew 2016 - Forum software by © MyBB