Jingga/Developer-Guide
1
0
Fork 0
mirror of https://github.com/Karaka-Management/Developer-Guide.git synced 2026-02-07 08:18:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

remove some getter/setter

Browse Source
This commit is contained in:
Dennis Eichhorn 2020-11-24 17:31:19 +01:00
parent 068a633716
commit fb84c21b76
4 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
basics/dispatching.md
View File

@ -41,11 +41,11 @@ $dispatcher->dispatch(function($para1, $para2) { ... }, $staticToCallPara1, $sta
The dispatcher accepts the results from the `route()` method of the router which is an array of routes. The dispatcher accepts the results from the `route()` method of the router which is an array of routes.
```php ```php
$dispatcher->dispatch($router->route($request->getUri()->getRoute())); $dispatcher->dispatch($router->route($request->uri->getRoute()));
``` ```
Based on the function definition returned by the router it's possible to pass more parameters to the function such e.g. request and response objects. Based on the function definition returned by the router it's possible to pass more parameters to the function such e.g. request and response objects.
```php ```php
$dispatcher->dispatch($router->route($request->getUri()->getRoute()), $request, $response); $dispatcher->dispatch($router->route($request->uri->getRoute()), $request, $response);
``` ```

2
datastorage/cache.md
View File

@ -17,5 +17,5 @@ In order to trigger a re-cache of stylesheets or javascript files make sure to u
Example usage: Example usage:
```php ```php
$head->addAsset(AssetType::JS, $request->getUri()->getBase() . 'Modules/Media/Controller.js?v=' . self::MODULE_VERSION); $head->addAsset(AssetType::JS, $request->uri->getBase() . 'Modules/Media/Controller.js?v=' . self::MODULE_VERSION);
``` ```

12
example_app/app.md
View File

@ -78,7 +78,7 @@ class Application extends ApplicationAbstract
/* get data from url endpoints defined by the routes */ /* get data from url endpoints defined by the routes */
$dispatch = $this->dispatcher->dispatch( $dispatch = $this->dispatcher->dispatch(
$this->router->route( $this->router->route(
$request->getUri()->getRoute(), $request->uri->getRoute(),
$request->getData('CSRF'), // optional: only required if csrf tokens are used otherwise use null $request->getData('CSRF'), // optional: only required if csrf tokens are used otherwise use null
$request->getRouteVerb() // e.g. get, post, put ... $request->getRouteVerb() // e.g. get, post, put ...
), ),
@ -91,7 +91,7 @@ class Application extends ApplicationAbstract
$pageView->addData('dispatch', $dispatch); $pageView->addData('dispatch', $dispatch);
// push the headers (no changes to the header are possible afterwards) // push the headers (no changes to the header are possible afterwards)
$response->getHeader()->push(); $response->header->push();
// renders the content of the response object (depends on the content type, text/html, json, ...) // renders the content of the response object (depends on the content type, text/html, json, ...)
return $response->getBody(); return $response->getBody();
@ -107,10 +107,10 @@ class Application extends ApplicationAbstract
$request->createRequestHashs(0); $request->createRequestHashs(0);
// if your application is located in a web-subfolder for easier handling // if your application is located in a web-subfolder for easier handling
$request->getUri()->setRootPath('/'); $request->uri->setRootPath('/');
// this will allow you to create urls based on request data // this will allow you to create urls based on request data
UriFactory::setupUriBuilder($request->getUri()); UriFactory::setupUriBuilder($request->uri);
return $request; return $request;
} }
@ -121,9 +121,9 @@ class Application extends ApplicationAbstract
$response = new HttpResponse(); $response = new HttpResponse();
// you could use the request content-type in order to define the response content-type // you could use the request content-type in order to define the response content-type
$response->getHeader()->set('content-type', 'text/html; charset=utf-8'); $response->header->set('content-type', 'text/html; charset=utf-8');
$response->getHeader()->set('x-xss-protection', '1; mode=block'); $response->header->set('x-xss-protection', '1; mode=block');
// more CSP can be defined here // more CSP can be defined here
return $response; return $response;

12
security/security_guidelines.md
View File

@ -23,7 +23,7 @@ if($request->getData('CSRF') === null) {
$response->setStatusCode(RequestStatus::R_403); $response->setStatusCode(RequestStatus::R_403);
/* optional */ /* optional */
$response->set($request->getUri()->__toString(), new Notify('Unknown referrer!', NotifyType::INFO)); $response->set($request->uri->__toString(), new Notify('Unknown referrer!', NotifyType::INFO));
return; return;
} }
@ -56,13 +56,13 @@ Scripts and frames must be provided by the own server or google. This is importa
The default CSP looks like the following: The default CSP looks like the following:
```php ```php
$response->getHeader()->set('content-security-policy', 'script-src \'self\'; frame-src \'self\'', true); $response->header->set('content-security-policy', 'script-src \'self\'; frame-src \'self\'', true);
``` ```
In order to whitelist inline javascript you can use the following logic. This however requires you to know the inline script beforehand `$script`. After setting the CSP header they automatically get locked so that further changes are not possible. This is a security measure in order to prevent any malicious adjustments. In order to whitelist inline javascript you can use the following logic. This however requires you to know the inline script beforehand `$script`. After setting the CSP header they automatically get locked so that further changes are not possible. This is a security measure in order to prevent any malicious adjustments.
```php ```php
$response->getHeader()->set('content-security-policy', 'script-src \'self\' \'sha256-' . base64_encode(hash('sha256', $script, true)) . '\'; frame-src \'self\'', true); $response->header->set('content-security-policy', 'script-src \'self\' \'sha256-' . base64_encode(hash('sha256', $script, true)) . '\'; frame-src \'self\'', true);
``` ```
### X-XSS-Protection ### X-XSS-Protection
@ -70,7 +70,7 @@ $response->getHeader()->set('content-security-policy', 'script-src \'self\' \'sh
This header tells the client browser to use local xss protection if available. This header tells the client browser to use local xss protection if available.
```php ```php
$response->getHeader()->set('x-xss-protection', '1; mode=block'); $response->header->set('x-xss-protection', '1; mode=block');
``` ```
### X-Content-Type-Options ### X-Content-Type-Options
@ -78,7 +78,7 @@ $response->getHeader()->set('x-xss-protection', '1; mode=block');
By using this header browsers which support this feature will ignore the content/mime and recognize the file by the provided header only. By using this header browsers which support this feature will ignore the content/mime and recognize the file by the provided header only.
```php ```php
$response->getHeader()->set('x-content-type-options', 'nosniff'); $response->header->set('x-content-type-options', 'nosniff');
``` ```
### X-Frame-Options ### X-Frame-Options
@ -86,7 +86,7 @@ $response->getHeader()->set('x-content-type-options', 'nosniff');
The x-frame-options is providing the same protection for frames as the content-security-policy header. Please only use this header in addition to the content-security-policy if you have to but make sure the rules don't contradict with the content-security-policy. The x-frame-options is providing the same protection for frames as the content-security-policy header. Please only use this header in addition to the content-security-policy if you have to but make sure the rules don't contradict with the content-security-policy.
```php ```php
$response->getHeader()->set('x-frame-options', 'SAMEORIGIN'); $response->header->set('x-frame-options', 'SAMEORIGIN');
``` ```
## Superglobals ## Superglobals