The Beast Within
A look inside EE's source code
Rob Sanchez
EECI 2011
October 21, 2011
Hi.
A good composer does not imitate; he steals.
Why is knowing the source important?
- Documentation can only tell you so much
- Lessen your dependency on support
- Know why errors/behaviors occur
- Start building better custom code for your sites
What is EE, really?
- It's CodeIgniter!
- Custom content mgmt. layer (the CP)
application/=expressionengine/- Custom routing via the Template class
- Controllers + Views = Templates
- Models + Libraries = Template tags (addons)
Let's look at a page load
- Browser makes HTTP request
- index.php is loaded, bootstraps CI
- Load
EEcontroller &Corelib - Template library parses the URI to determine what template to serve
- Parse the template: global vars, PHP in, module/plugin tags, PHP out, embeds
- Serve the final output
File Structure
- system/codeigniter/system/core/
- system/codeigniter/system/libraries/
- system/expressionengine/core/
- system/expressionengine/libraries/
- system/expressionengine/models/
- system/expressionengine/modules/
- system/expressionengine/third_party/
Template Tags
{exp:channel:entries channel="users"
search:cf_username="{username}"}
{if no_results}Why?!?{/if}
{title}
{/exp:channel:entries}
system/expressionengine/modules/,
channel/mod.channel.phpentries function
Template Tags
class Channel
{
function entries()
{
var_dump($this->EE->TMPL->tagparams);
...
Template Tags
Error Messages
Example: "Disallowed Key Characters."
http://ee2.local/index.php/site/index/?st.louis,mo=true
Error Messages
Example: "Disallowed Key Characters."
Take a deep breath, open favorite text editor, do a folder search for the offending error message.
system/codeigniter/system/core/Input.php, line 552
function _clean_input_keys($str)
{
if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
{
exit('Disallowed Key Characters.');
}
...
Error Messages
Example: "Disallowed Key Characters."
function _clean_input_keys($str)
{
if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
{
var_dump($str);
exit('Disallowed Key Characters.');
}
...
Error Messages
Example: "Disallowed Key Characters."
Error Messages
Example: "You are not authorized to access this page"
http://ee2.local/admin.php?S=0&D=cp&C=content_edit&M=delete_entries
Error Messages
Example: "You are not authorized to access this page"
Searching for that error message turned up:
system/expressionengine/language/english/cp_lang.php, line 275
'unauthorized_access' => 'You are not authorized to access this page',
Searching for unauthorized_access turns up 385 occurrences. Yikes. Let's narrow that down.
http://ee2.local/admin.php?S=0&D=cp&C=content_edit&M=delete_entries
system/expressionengine/controllers/cp/content_edit.php.
Error Messages
Example: "You are not authorized to access this page"
public function delete_entries()
{
if ( ! $this->cp->allowed_group('can_access_content'))
{
show_error(lang('unauthorized_access'));
}
if ( ! $this->cp->allowed_group('can_delete_self_entries') AND
! $this->cp->allowed_group('can_delete_all_entries'))
{
show_error(lang('unauthorized_access'));
}
Error Messages
Example: "You are not authorized to access this page"
public function delete_entries()
{
if ( ! $this->cp->allowed_group('can_access_content'))
{
show_error(lang('unauthorized_access').' 1st');
}
if ( ! $this->cp->allowed_group('can_delete_self_entries') AND
! $this->cp->allowed_group('can_delete_all_entries'))
{
show_error(lang('unauthorized_access').' 2nd');
}
Error Messages
Example: "You are not authorized to access this page"
Now we know it's related to can_delete_all_entries or can_delete_self_entries
Libraries
Found in system/codeigniter/system/core, system/expressionengine/libraries and system/codeigniter/system/libraries
-
Input
//get POSTed form input, with xss clean echo $this->EE->input->post('form_input', TRUE);//get a query string element /site/index?element=foo echo $this->EE->input->get('element'); -
Session
//get user information, like their member group echo $this->EE->session->userdata('group_id');//get the last page visited by the user echo $this->EE->session->tracker[1];
Libraries
-
URI
Grab the current url (site/stuff)
{if logged_out} {redirect='site/login/<php echo $this->EE->uri->uri_string(); ?>'} {/if}Redirected to site/login/site/stuff. Grab all the segments after 2 and set return login form
<?php $segments = $this->EE->uri->segment_array(); $segments = array_slice($segments, 2); $return = implode('/', $segments); ?> {exp:member:login_form return="<?php echo $return; ?>"}
Models
- Models are PHP classes that interact with the database.
- They're not in the official EE docs, so you should look them up in the source.
$this->EE->load->model('member_model');
There are <?php echo $this->EE->member_model->get_member_count(5); ?> in the Members group.
Final Thoughts
- Hacking/tinkering (+ version control) should be encouraged
- PHP errors include line numbers; look them up!
- var_dump is your friend
- This all applies to addons, too