events / bootstrap
Permalink
Hi there,
as the documentation shows, there are several events available in c5 to hook into. I basically want to add security-related functionality and that should be done before any request-parameters have been processed.
Is there an event that is called before any request-parameters have been processed?
If not, can I overwrite or extend the initial bootstrap-process of c5 somehow to implement functionality before any request-parameters have been processed?
best regards,
Steve
as the documentation shows, there are several events available in c5 to hook into. I basically want to add security-related functionality and that should be done before any request-parameters have been processed.
Is there an event that is called before any request-parameters have been processed?
If not, can I overwrite or extend the initial bootstrap-process of c5 somehow to implement functionality before any request-parameters have been processed?
best regards,
Steve
no ideas?
you could use on_before_render. A lot of stuff is already executed there but you can still navigate away depending on your security checks.
It would cause quite some overhead if you show the login page very often due to your security checks, but it should work.
To be clear, parameters have been processed at this point, but why does that cause any issues?
It would cause quite some overhead if you show the login page very often due to your security checks, but it should work.
To be clear, parameters have been processed at this point, but why does that cause any issues?
It is my intention to use phpids (http://php-ids.org ), which is a security-layer for php, with concrete5.
phpids "scans" any request-parameters for malicious values (sql injections, xss, csrf) and can react on the result of this "scan".
However, this should happen before any request-parameters are processed by concrete5 to ensure that malicious code is catched before it can do any harm.
I actually thought about adding a new event called "before_bootstrap" or extending the bootstrap in some way but both options do not seem do exist.
phpids "scans" any request-parameters for malicious values (sql injections, xss, csrf) and can react on the result of this "scan".
However, this should happen before any request-parameters are processed by concrete5 to ensure that malicious code is catched before it can do any harm.
I actually thought about adding a new event called "before_bootstrap" or extending the bootstrap in some way but both options do not seem do exist.
