Development

#2843 (Lesson 17 module API forwarding to error clear variables)

You must first sign up to be able to contribute.

Ticket #2843 (closed defect: wontfix)

Opened 10 months ago

Last modified 7 hours ago

Lesson 17 module API forwarding to error clear variables

Reported by: saitta Assigned to: fabien
Priority: major Milestone:
Component: askeet Version: 1.0.11
Keywords: api variables Cc:
Qualification: Unreviewed

Description

api actions (only relevant code)

public function executeIndex()

{

$user = $this->authenticateUser(); if (!$user) {

$this->error_code = 1; $this->error_message = 'login failed'; $this->logMessage($this->error_code, "info"); $this->logMessage($this->error_message, "info"); $this->forward('api', 'error');

} // do some stuff

}

public function executeError()

{

$this->logMessage($this->error_code, "debug"); $this->logMessage($this->error_message, "debug");

}

Resulting log 

Jan 26 09:36:26 symfony [info] {sfView} initialize view for "api/error"
Jan 26 09:36:26 symfony [info] {sfViewConfig} set component "sidebar" (sidebar/default)
Jan 26 09:36:26 symfony [info] {sfView} render "H:\sym\apps\frontend\modules/api/templates/errorSuccess.php"
Jan 26 09:36:26 symfony [info] {sfFilter} executing filter "myTagFilter"
Jan 26 09:36:26 symfony [info] {sfFilter} render to client
Jan 26 09:36:26 symfony [info] {sfResponse} send status "HTTP/1.0 200 OK"
Jan 26 09:36:26 symfony [info] {sfResponse} send header "Content-Type": "text/xml; charset=utf-8"
Jan 26 09:36:26 symfony [info] {sfResponse} send content (108 o)
Jan 26 09:38:35 symfony [info] {sfContext} initialization
Jan 26 09:38:35 symfony [info] {sfController} initialization
Jan 26 09:38:35 symfony [info] {sfRouting} match route [default] "/:module/:action/*"
Jan 26 09:38:35 symfony [info] {sfRequest} request parameters array (  'module' => 'api',  'action' => 'index',)
Jan 26 09:38:35 symfony [info] {sfController} dispatch request
Jan 26 09:38:35 symfony [info] {sfFilter} executing filter "sfRenderingFilter"
Jan 26 09:38:35 symfony [info] {sfFilter} executing filter "sfCommonFilter"
Jan 26 09:38:35 symfony [info] {sfFilter} executing filter "sfFlashFilter"
Jan 26 09:38:35 symfony [info] {sfFilter} executing filter "sfExecutionFilter"
Jan 26 09:38:35 symfony [info] {sfAction} call "apiActions->executeIndex()"
Jan 26 09:38:35 symfony [info] 1
Jan 26 09:38:35 symfony [info] login failed
Jan 26 09:38:35 symfony [info] {sfAction} forward to action "api/error"
Jan 26 09:38:35 symfony [info] {sfFilter} executing filter "sfRenderingFilter"
Jan 26 09:38:35 symfony [info] {sfFilter} executing filter "sfCommonFilter"
Jan 26 09:38:35 symfony [info] {sfFilter} executing filter "sfFlashFilter"
Jan 26 09:38:35 symfony [info] {sfFilter} executing filter "sfExecutionFilter"
Jan 26 09:38:35 symfony [info] {sfAction} call "apiActions->executeError()"
Jan 26 09:38:35 symfony [debug] 
Jan 26 09:38:35 symfony [debug] 
Jan 26 09:38:35 symfony [info] {sfView} initialize view for "api/error"
Jan 26 09:38:35 symfony [info] {sfViewConfig} set component "sidebar" (sidebar/default)
Jan 26 09:38:35 symfony [info] {sfView} render "H:\sym\apps\frontend\modules/api/templates/errorSuccess.php"
Jan 26 09:38:35 symfony [info] {sfFilter} executing filter "myTagFilter"
Jan 26 09:38:35 symfony [info] {sfFilter} render to client
Jan 26 09:38:35 symfony [info] {sfResponse} send status "HTTP/1.0 200 OK"
Jan 26 09:38:35 symfony [info] {sfResponse} send header "Content-Type": "text/xml; charset=utf-8"
Jan 26 09:38:35 symfony [info] {sfResponse} send content (108 o)

so when the template errorSuccess is called 

<?php echo '<?' ?>xml version="1.0" encoding="utf-8" ?>
<rsp stat="fail" version="1.0">
  <err code="<?php echo $error_code ?>" msg="<?php echo $error_message ?>" />
</rsp>

$error_code $error_message

are empty

Change History

01/26/08 10:39:36 changed by saitta

I have succeeded to pass parameter value to error action.

Here the sample code 

<?php
 
class apiActions extends sfActions
{
  public function preExecute()
  {
    sfConfig::set('sf_web_debug', false);
  }
 
  public function executeIndex()
  {
    $user = $this->authenticateUser();
    if (!$user)
    {
     $this->getRequest()->setParameter('error_code', 1);
     $this->getRequest()->setParameter('error_message', 'login failed');
     $this->forward('api', 'error');
    }
    // do some stuff
  }
 
  private function authenticateUser()
  {
    if (isset($_SERVER['PHP_AUTH_USER']))
    {
      if ($user = UserPeer::getAuthenticatedUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))
      {
        $this->getContext()->getUser()->signIn($user);
 
        return $user;
      }
    }
 
    header('WWW-Authenticate: Basic realm="askeet API"');
    header('HTTP/1.0 401 Unauthorized');
  }
  public function executeQuestion() 
  {
   $user = $this->authenticateUser();
   if (!$user)
   {
     $this->getRequest()->setParameter('error_code', 1);
     $this->getRequest()->setParameter('error_message', 'login failed');
     $this->forward('api', 'error');
   }
 
   if (!$this->getRequestParameter('stripped_title'))
   {
     $this->getRequest()->setParameter('error_code', 2);
     $this->getRequest()->setParameter('error_message', 'The API returns answers to a specific question. Please provide a stripped_title parameter');
     $this->forward('api', 'error');
   }
   else
   {
     // get the question
     $question = QuestionPeer::getQuestionFromTitle($this->getRequestParameter('stripped_title'));
  
     if ($question->getUserId() != $user->getId())
     {
     $this->getRequest()->setParameter('error_code', 3);
     $this->getRequest()->setParameter('error_message', 'You can only use the API for the questions you asked');
     $this->forward('api', 'error');
     }
     else
     {
       // get the answers
       $this->answers  = $question->getAnswers();
       $this->question = $question;
     }
   }
  }
  public function executeError()
  {
   $this->error_code = $this->getRequestParameter('error_code');
   $this->error_message = $this->getRequestParameter('error_message');
  }
}
 
?>

01/26/08 18:28:05 changed by Andrejs.Verza

Imagine this code: 

public function executeVerySecureAction()
{
  if ($this->getRequestParameter('password') == 'imho')
  {
    $this->activated = true;
  }
}

... now, some bad developer in your workgroup could exploit your action like this: 

public function executeParasite()
{
  $this->activated = true;
  $this->forward('module', 'verySecureAction');
}

So, the best approach is, as it is, to pass "inter-modular" variables in the request parameter holder.

01/27/08 08:11:13 changed by saitta

The wrong code is written on lesson 17 of Askeet and doesn't work. The fix is only a suggestion that I found out.

12/03/08 00:09:58 changed by FabianLange

  • status changed from new to closed.
  • resolution set to wontfix.

because this is minor, we will not fix askeet in favor of the new Jobeet Tutorial