Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Prohibit access to get_instance() from a view
Prohibit access to get_instance() from a view
  • Offline rolf
    Junior Member
  • **
  • Posts: 12
    Threads: 4
    Joined: Dec 2015
    Reputation: 0
#1
11-20-2017, 08:53 AM

Hi there,

I’m having a small issue with Codeigniter.
I would like to prohibit access to CI and the get_instance() from a view.

In other words, it should not be possible to access get_instance from a view.

Can anyone help me out here?


Thanks, best regards,

Rolf
Reply
  • Offline dave friend
    Posting Freak
  • *****
  • Posts: 1,015
    Threads: 15
    Joined: Jun 2015
    Reputation: 50
#2
11-20-2017, 03:26 PM

Why? Are you afraid a developer is going to use it in a view?
Reply
  • Offline ciadmin
    Cat Herder
  • *******
  • Posts: 1,319
    Threads: 21
    Joined: Jan 2014
    Reputation: 71
Reply
  • Offline dave friend
    Posting Freak
  • *****
  • Posts: 1,015
    Threads: 15
    Joined: Jun 2015
    Reputation: 50
#4
11-20-2017, 06:32 PM

(11-20-2017, 06:07 PM)ciadmin Wrote: https://www.codeigniter.com/user_guide/g..._apps.html

I'm feeling really dumb because I don't understand how that relates to the OP's question.
Reply
  • Offline Narf
    Me
  • *******
  • Posts: 1,589
    Threads: 1
    Joined: Oct 2014
    Reputation: 121
#5
11-21-2017, 03:00 AM

Not possible.
Reply
  • Offline ivantcholakov
    Senior Member
  • ****
  • Posts: 668
    Threads: 17
    Joined: Oct 2014
    Reputation: 37
#6
11-21-2017, 05:46 AM

@rolf

If you find a way to abandon using/parsing PHP for views, then it would be possible.
Reply
  • Offline rolf
    Junior Member
  • **
  • Posts: 12
    Threads: 4
    Joined: Dec 2015
    Reputation: 0
#7
11-21-2017, 09:34 AM

(11-20-2017, 03:26 PM)dave friend Wrote: Why? Are you afraid a developer is going to use it in a view?

That's the main reason for it indeed. We're working with developers we don't personally know and it's just too easy to print the database password right now. I've already solved the issue by implementing a template engine.

However, for security reasons it would be very recommendable if a new version of CI would have the option to prohibit accessing get_instance from views.
Reply
  • Offline rolf
    Junior Member
  • **
  • Posts: 12
    Threads: 4
    Joined: Dec 2015
    Reputation: 0
#8
11-21-2017, 09:36 AM

(11-21-2017, 03:00 AM)Narf Wrote: Not possible.

I agree. Even when creating an extension for get_instance(), it's still not possible to determine whether a call was being made from the view or from the controller.
Reply
  • Offline rolf
    Junior Member
  • **
  • Posts: 12
    Threads: 4
    Joined: Dec 2015
    Reputation: 0
#9
11-21-2017, 09:39 AM

(11-21-2017, 05:46 AM)ivantcholakov Wrote: @rolf

If you find a way to abandon using/parsing PHP for views, then it would be possible.

Thanks. Yes, I decided to implement Twig in order to solve this issue. But it would have been much easier if this would be a default setting in a new CI version. It's really unsafe right now and doesn't fit into the MVC logic anyway...

Thanks for all of your replies  Smile
Reply
  • Offline Narf
    Me
  • *******
  • Posts: 1,589
    Threads: 1
    Joined: Oct 2014
    Reputation: 121
#10
11-21-2017, 10:20 AM
(This post was last modified: 11-21-2017, 10:21 AM by Narf.)

(11-21-2017, 09:36 AM)rolf Wrote:
(11-21-2017, 03:00 AM)Narf Wrote: Not possible.

I agree. Even when creating an extension for get_instance(), it's still not possible to determine whether a call was being made from the view or from the controller.

It is possible to detect where the call originated from. You can't make an extension of get_instance().
Reply




Theme © iAndrew 2016 - Forum software by © MyBB