ThinkPHP no operation, empty controller processing

When an expert browses your website, the error message of your website will provide hackers with information to attack your website. For example, for empty operations and empty controllers, you will expose the framework used by your website backend to hackers, and hackers will attack your website based on the vulnerabilities of the framework. Therefore, we need to handle empty controllers and empty operations without leaving any clues to hackers.

1. No-operation processing

First look at the effect:
For me, I do not have a hello method in the IndexController.class.php file. If I try When accessing this method, the following information will be reported:
Note: The essence of a no-op: an object (controller) calls a method that does not exist

For developers who understand ThinkPHP, it is easy to see that the backend of this website uses the ThinkPHP framework. So how do we block these problems? That's what we're going to talk about today.

Solution 1, add a __call($method,$argvs) method in the controller

##Like this , when you access the hello method again, the controller's __call($method,$args) method will be called by default.

but! When we have many controllers, do I need to write a __call($method,$args) method for each controller? Obviously unreasonable! Therefore, we need to write this method into the parent class of the controller, just through inheritance. When we go into Controller.class.php, we can find the __call() method, because TP has already done it for us. In his mind, it depends on whether we have defined a method called _empty() in the controller. . If defined, call this method

The location of the common controller parent class: ThinkPHP/Library/Think/Controller.class.php

Solution 2

Create a template with the same name for the name of the empty operation, and the system will automatically call the template.

2. Empty controller processing

Because there is no BeijingController.class.php file, an error is reported! !
After analyzing the source code of the TP framework, we have the following solution

So, we need to define an empty controller. When we access a controller that does not exist, an error will be reported to us according to the error we specified.

Okay, let’s stop talking about empty operations and empty controllers O(∩_∩)O~~

When an expert browses your website, the error message on your website will provide hackers with information to attack your website. For example, for empty operations and empty controllers, you will expose the framework used by your website backend to hackers, and hackers will attack your website based on the vulnerabilities of the framework. Therefore, we need to handle empty controllers and empty operations without leaving any clues to hackers.

1. No operation processing

First look at the effect:

For me, I don’t have hello in the file IndexController.class.php method, if I try to access this method, the following information will be reported:
Note: The essence of a no-op: an object (controller) calls a method that does not exist

For developers who know ThinkPHP, it is easy to see that the backend of this website uses the ThinkPHP framework. So how do we block these problems? That's what we're going to talk about today.

Solution 1, add a __call($method,$argvs) method in the controller

In this way, when you Accessing the hello method again will call the controller's __call($method,$args) method by default.

but! When we have many controllers, do I need to write a __call($method,$args) method for each controller? Obviously unreasonable! Therefore, we need to write this method into the parent class of the controller, just through inheritance. When we go into Controller.class.php, we can find the __call() method, because TP has already done it for us. In his mind, it depends on whether we have defined a method called _empty() in the controller. . If defined, call this method

The location of the common controller parent class: ThinkPHP/Library/Think/Controller.class.php

Solution 2

Create a template with the same name for the name of the empty operation, and the system will automatically call the template.

2. Empty controller processing

Because there is no BeijingController.class.php file, an error is reported! !
After analyzing the source code of the TP framework, we have the following solution

So, we need to define an empty controller. When we access a controller that does not exist, an error will be reported to us according to the error we specified.

For more ThinkPHP empty operations and empty controller processing related articles, please pay attention to the PHP Chinese website!