In the previous essay we already know the TP framework of four ways to access, then when the address bar to enter the non-existent operation method, the controller will be what?
First look at the definition:
Null operation: An object (Controller) Call method that does not exist by itself
NULL controller: The specified class was not found when instantiating the Controller object
First, create a new Ceshi module under the application file and follow the home module under the Ceshi module to create the same folder, such as:
1) Create a new login controller under the Controller folder:
12345678910 |
<?php
namespace
Ceshi\Controller;
use
Think\Controller;
class LoginController
extends
Controller
{
public
function
login()
{
echo
"欢迎登陆!"
;
}
}
|
2) Address bar input access address: Http://localhost/wamp/thinkphp/index.php/Ceshi/Login/login
First, the address bar to access the non-existent method, what happens?
Http://localhost/wamp/thinkphp/index.php/Ceshi/Login/loginSSS
From this page, we can know:
(1) This interface exposes the code we use to write the tool and exposes the thinkphp version number, which can be exploited if the hacker finds a bug in the version number.
(2) Second, this interface is very unfriendly, for users, they do not understand and do not know what is wrong.
How to give a more secure, more friendly hint?
There is a method in the parent class that we can do with this:
The first method: Make an empty template
1) Create a Ceshi folder under the View folder with the following path:
Loginsss.html
12345678910111213 |
<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
>
"http://www.w3.org/1999/xhtml"
>
<meta http-equiv=
"Content-Type"
content=
"text/html; charset=utf-8"
/>
<title>无标题文档</title>
<style type=
"text/css"
>
*{ margin:0px auto; padding:0px}
</style>
<body>
<div>您访问的操作方法有误!</div>
</body>
|
2) Visit Http://localhost/wamp/thinkphp/index.php/Ceshi/Login/loginsss again
This is much more friendly than just the code, but it is not possible to make a template every time we enter a non-existent method, which is impractical, and we don't know what the user will be typing next, so this method is not feasible.
The second method: Do an empty method: _empty () method
12345678910111213 |
<?php
namespace
Ceshi\Controller;
use
Think\Controller;
class
LoginController
extends
Controller
{
public
function
login()
{
echo
"欢迎登陆!"
;
}
public
function
_empty(){
echo
"您访问的操作方法不存在!"
;
}
}
|
This way, no matter what kind of empty method you access, you will see "The action method you accessed does not exist!" ”
http://localhost/wamp/thinkphp/index.php/Ceshi/Login/Logins
Http://localhost/wamp/thinkphp/index.php/Ceshi/Login/aaa
Second, in the address bar to access the non-existent controller, what happens? The same error occurred
Workaround:
Create a new empty controller:
EmptyController.class.php
123456789 |
<?php namespace ceshi\controller; use think\controller; class emptycontroller extends controller { &NBSP;&NBSP;&NBSP;&NBSP; public function _empty () { &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP; echo "the controller you are accessing is wrong" &NBSP;&NBSP;&NBSP;&NBSP; } } |
Re-visit http://localhost/wamp/thinkphp/index.php/Ceshi/Main/login
Change a http://localhost/wamp/thinkphp/index.php/Ceshi/mmmn/login
This will solve the problem of NULL controller and empty operation ~.~.~
URL and basic attribute status of TP