When a master browsing your site, your website error messages will give hackers to attack your site information. For example, for the empty operation, the empty controller, you will be exposed to hackers in the background of your website framework, hackers will be based on the framework of the vulnerability of the site to attack your website. Therefore, we need to deal with the empty controller, empty operation, do not leave any clues to the hacker.
1. Empty operation processing
First look at the effect:
For me in IndexController.class.php this file I did not have hello to this method, as if I tried to access this method, will report the following message:
Note: The nature of an empty operation: an object (Controller) Call method that does not exist by itself
For developers who understand thinkphp, it is easy to see that the thinkphp framework is used in the background of this site. So how do we block these problems? That's what we're going to talk about today.
Solution 1, add a __call ($method, $argvs) method to the Controller
This way, when you access the Hello method again, the controller's __call ($method, $args) method is called by default.
But! When we have a lot of controllers, I also want each controller to write a __call ($method, $args) method? Obviously unreasonable! Therefore, we need to write this method into the parent class of the controller, just by inheriting it. We went into the Controller.class.php but found the __call () method, because TP had done it for us, and in his mind, it was to see if we had defined a method called _empty () in the controller. If defined, this method is called
General Controller Parent Class location: thinkphp/library/think/controller.class.php
Workaround 2
Give the name of the empty operation a template with the same name, and the template will be called automatically by the system.
2. Empty controller processing
Because there is no BeijingController.class.php this file, so the error!!
After analyzing the source code of TP Framework, we have the following solutions
So, we need to define an empty controller. When we visit a non-existent controller, we will give us an error according to the errors we specified.
OK, the empty operation, the empty controller is the first to say here O (∩_∩) o~~
When a master browsing your site, your website error messages will give hackers to attack your site information. For example, for the empty operation, the empty controller, you will be exposed to hackers in the background of your website framework, hackers will be based on the framework of the vulnerability of the site to attack your website. Therefore, we need to deal with the empty controller, empty operation, do not leave any clues to the hacker.
1. Empty operation processing
First look at the effect:
For me in IndexController.class.php this file I did not have hello to this method, as if I tried to access this method, will report the following message:
Note: The nature of an empty operation: an object (Controller) Call method that does not exist by itself
For developers who understand thinkphp, it is easy to see that the thinkphp framework is used in the background of this site. So how do we block these problems? That's what we're going to talk about today.
Solution 1, add a __call ($method, $argvs) method to the Controller
This way, when you access the Hello method again, the controller's __call ($method, $args) method is called by default.
But! When we have a lot of controllers, I also want each controller to write a __call ($method, $args) method? Obviously unreasonable! Therefore, we need to write this method into the parent class of the controller, just by inheriting it. We went into the Controller.class.php but found the __call () method, because TP had done it for us, and in his mind, it was to see if we had defined a method called _empty () in the controller. If defined, this method is called
General Controller Parent Class location: thinkphp/library/think/controller.class.php
Workaround 2
Give the name of the empty operation a template with the same name, and the template will be called automatically by the system.
2. Empty controller processing
Because there is no BeijingController.class.php this file, so the error!!
After analyzing the source code of TP Framework, we have the following solutions
So, we need to define an empty controller. When we visit a non-existent controller, we will give us an error according to the errors we specified.