Welcome Guest, Not a member yet? Register   Sign In
Prohibit access to get_instance() from a view
#1

Hi there,

I’m having a small issue with Codeigniter.
I would like to prohibit access to CI and the get_instance() from a view.

In other words, it should not be possible to access get_instance from a view.

Can anyone help me out here?


Thanks, best regards,

Rolf
Reply
#2

Why? Are you afraid a developer is going to use it in a view?
Reply
Reply
#4

(11-20-2017, 06:07 PM)ciadmin Wrote: https://www.codeigniter.com/user_guide/g..._apps.html

I'm feeling really dumb because I don't understand how that relates to the OP's question.
Reply
#5

Not possible.
Reply
#6

@rolf

If you find a way to abandon using/parsing PHP for views, then it would be possible.
Reply
#7

(11-20-2017, 03:26 PM)dave friend Wrote: Why? Are you afraid a developer is going to use it in a view?

That's the main reason for it indeed. We're working with developers we don't personally know and it's just too easy to print the database password right now. I've already solved the issue by implementing a template engine.

However, for security reasons it would be very recommendable if a new version of CI would have the option to prohibit accessing get_instance from views.
Reply
#8

(11-21-2017, 03:00 AM)Narf Wrote: Not possible.

I agree. Even when creating an extension for get_instance(), it's still not possible to determine whether a call was being made from the view or from the controller.
Reply
#9

(11-21-2017, 05:46 AM)ivantcholakov Wrote: @rolf

If you find a way to abandon using/parsing PHP for views, then it would be possible.

Thanks. Yes, I decided to implement Twig in order to solve this issue. But it would have been much easier if this would be a default setting in a new CI version. It's really unsafe right now and doesn't fit into the MVC logic anyway...

Thanks for all of your replies  Smile
Reply
#10

(This post was last modified: 11-21-2017, 10:21 AM by Narf.)

(11-21-2017, 09:36 AM)rolf Wrote:
(11-21-2017, 03:00 AM)Narf Wrote: Not possible.

I agree. Even when creating an extension for get_instance(), it's still not possible to determine whether a call was being made from the view or from the controller.

It is possible to detect where the call originated from. You can't make an extension of get_instance().
Reply




Theme © iAndrew 2016 - Forum software by © MyBB