ILIAS  trunk Revision v11.0_alpha-1744-gb0451eebef4
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Public Member Functions
ilCtrlSecurityInterface Interface Reference

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V. More...

+ Inheritance diagram for ilCtrlSecurityInterface:
+ Collaboration diagram for ilCtrlSecurityInterface:

Public Member Functions

 getUnsafeGetCommands ()
 This method must return a list of unsafe GET commands. More...
 
 getSafePostCommands ()
 This method must return a list of safe POST commands. More...
 

Detailed Description

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V.

ILIAS is licensed with the GPL-3.0, see https://www.gnu.org/licenses/gpl-3.0.en.html You should have received a copy of said license along with the source code, too.

If this is not the case or you just want to try ILIAS, you'll find us at: https://www.ilias.de https://github.com/ILIAS-eLearning Interface ilCtrlSecurityInterface provides ilCtrl security information.

Author
Thibeau Fuhrer thf@s.nosp@m.tude.nosp@m.r-rai.nosp@m.mann.nosp@m..ch

Information gathered by this interface is stored in an artifact as well. Currently, the only purpose is to gather a list of safe commands which determines whether a CSRF-protection is necessary.

Definition at line 29 of file interface.ilCtrlSecurityInterface.php.

Member Function Documentation

◆ getSafePostCommands()

ilCtrlSecurityInterface::getSafePostCommands ( )

This method must return a list of safe POST commands.

Safe post commands returned by this method will no longer be CSRF protected and will NOT be appended by an ilCtrlToken.

Returns
string[]

Implemented in ilObjForumGUI, ilLMPresentationGUI, ilStartUpGUI, ilPasswordAssistanceGUI, ilObjChatroomGUI, ilObjComponentSettingsGUI, and ilCtrlCommandClass1TestGUI.

◆ getUnsafeGetCommands()

ilCtrlSecurityInterface::getUnsafeGetCommands ( )

This method must return a list of unsafe GET commands.

Unsafe get commands returned by this method will now be CSRF protected, which means an ilCtrlToken is appended each time a link-target is generated to the class implementing this interface with a command from that list.

Tokens will be validated in

See also
ilCtrlInterface::getCmd(), whereas the fallback command will be used if the CSRF validation fails.
Returns
string[]

Implemented in ilObjForumGUI, ilLMPresentationGUI, ilStartUpGUI, ilPasswordAssistanceGUI, ilObjChatroomGUI, ilObjComponentSettingsGUI, and ilCtrlCommandClass1TestGUI.

The documentation for this interface was generated from the following file: