Commit 7ae5fd4c by Qiang Xue

doc fix.

parent 91be6e9e
...@@ -8,8 +8,8 @@ Most often a controller takes HTTP request data and returns HTML, JSON or XML as ...@@ -8,8 +8,8 @@ Most often a controller takes HTTP request data and returns HTML, JSON or XML as
Basics Basics
------ ------
Controller resides in application's `controllers` directory is named like `SiteController.php` where `Site` Controller resides in application's `controllers` directory and is named like `SiteController.php`,
part could be anything describing a set of actions it contains. where the `Site` part could be anything describing a set of actions it contains.
The basic web controller is a class that extends [[\yii\web\Controller]] and could be very simple: The basic web controller is a class that extends [[\yii\web\Controller]] and could be very simple:
...@@ -35,9 +35,9 @@ class SiteController extends Controller ...@@ -35,9 +35,9 @@ class SiteController extends Controller
``` ```
As you can see, typical controller contains actions that are public class methods named as `actionSomething`. As you can see, typical controller contains actions that are public class methods named as `actionSomething`.
The output of an action is what the method returns, it could be rendered result or it can be instance of ```yii\web\Response```, for [example](#custom-response-class). The output of an action is what the method returns: it could be a string or an instance of `yii\web\Response`, [for example](#custom-response-class).
The return value will be handled by the `response` application The return value will be handled by the `response` application
component which can convert the output to differnet formats such as JSON for example. The default behavior component which can convert the output to different formats such as JSON for example. The default behavior
is to output the value unchanged though. is to output the value unchanged though.
You also can disable CSRF validation per controller and/or action, by setting its property: You also can disable CSRF validation per controller and/or action, by setting its property:
...@@ -49,7 +49,6 @@ use yii\web\Controller; ...@@ -49,7 +49,6 @@ use yii\web\Controller;
class SiteController extends Controller class SiteController extends Controller
{ {
public $enableCsrfValidation = false; public $enableCsrfValidation = false;
public function actionIndex() public function actionIndex()
......
...@@ -32,6 +32,17 @@ The view for the action above would be `views/site/index.php` and can be somethi ...@@ -32,6 +32,17 @@ The view for the action above would be `views/site/index.php` and can be somethi
Any data type can be passed to the view, including arrays or objects. Any data type can be passed to the view, including arrays or objects.
Besides the above `render()` method, the [[yii\web\Controller]] class also provides several other rendering methods.
Below is a summary of these methods:
* `render()`: renders a view and applies the layout to the rendering result. This is most commonly used to render a complete page.
* `renderPartial()`: renders a view without applying any layout. This is often used to render a fragment of a page.
* `renderAjax()`: renders a view without applying any layout, and injects all registered JS/CSS scripts and files.
It is most commonly used to render an HTML output to respond to an AJAX request.
* `renderFile()`: renders a view file. This is similar to `renderPartial()` except that it takes the file path
of the view instead of the view name.
Widgets Widgets
------- -------
...@@ -43,7 +54,7 @@ Widgets are self-contained building blocks for your views, a way to combine comp ...@@ -43,7 +54,7 @@ Widgets are self-contained building blocks for your views, a way to combine comp
* Returns HTML to be shown within the context of the view * Returns HTML to be shown within the context of the view
There are a good number of widgets bundled with Yii, such as [active form](form.md), There are a good number of widgets bundled with Yii, such as [active form](form.md),
breadcrumbs, dmenu, and [wrappers around bootstrap component framework](bootstrap-widgets.md). Additionally there are breadcrumbs, menu, and [wrappers around bootstrap component framework](bootstrap-widgets.md). Additionally there are
extensions that provide more widgets, such as the official widget for [jQueryUI](http://www.jqueryui.com) components. extensions that provide more widgets, such as the official widget for [jQueryUI](http://www.jqueryui.com) components.
In order to use a widget, your view file would do the following: In order to use a widget, your view file would do the following:
...@@ -72,7 +83,7 @@ One of the main security principles is to always escape output. If violated it l ...@@ -72,7 +83,7 @@ One of the main security principles is to always escape output. If violated it l
most probably, to cross-site scripting known as XSS leading to leaking of admin passwords, making a user to automatically most probably, to cross-site scripting known as XSS leading to leaking of admin passwords, making a user to automatically
perform actions etc. perform actions etc.
Yii provides a good toolset in order help you escaping your output. The very basic thing to escape is a text without any Yii provides a good tool set in order to help you escape your output. The very basic thing to escape is a text without any
markup. You can deal with it like the following: markup. You can deal with it like the following:
```php ```php
...@@ -86,15 +97,7 @@ use yii\helpers\Html; ...@@ -86,15 +97,7 @@ use yii\helpers\Html;
``` ```
When you want to render HTML it becomes complex so we're delegating the task to excellent When you want to render HTML it becomes complex so we're delegating the task to excellent
[HTMLPurifier](http://htmlpurifier.org/) library. In order to use it you need to modify your `composer.json` first by [HTMLPurifier](http://htmlpurifier.org/) library which is wrapped in Yii as a helper [[yii\helpers\HtmlPurifier]]:
adding the following to `require`:
```javascript
"ezyang/htmlpurifier": "v4.6.0"
```
After it's done run `php composer.phar install --prefer-dist` and wait till package is downloaded. Now everything is prepared to use
Yii's HtmlPurifier helper:
```php ```php
<?php <?php
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment