Comments on: Kohana 2.3 routing

By: Dave Stewart

Dave Stewart — Fri, 31 Jul 2009 11:30:18 +0000

One thing I don’t get matt – and that’s the link between the “‘year’ => date(‘Y’)”, and the following regexp.

How are they related? What is date(‘Y’) for? How does the regexp fit in?

By: Matt

Matt — Fri, 05 Dec 2008 09:01:26 +0000

Thanks for all the comments on this.

@john – I actually have something in the works on that front, though it is for what will now be Kohana 3.0, so I’m going to try and focus a little more on the current release in future posts instead

@shadowhand I will take you up on that offer thanks, during the weekend I’ll add a disclaimer to this that it is now outdated and take a look at the new implementation in 3.0 with a view to putting an article together on it

/Matt

By: shadowhand

shadowhand — Fri, 05 Dec 2008 00:45:56 +0000

I’d love to help you update this article based on how 3.0 routing will work, as this article references 2.3, and is no longer entirely accurate.

By: john

john — Thu, 20 Nov 2008 00:44:05 +0000

If you have time, it would be great to see in a future post how to use the Kohana 2.3 routing to achieve RESTful application design.

By: Yehosef

Yehosef — Mon, 17 Nov 2008 09:52:22 +0000

I agree with the last comment

While it’s a very good thing to provide the ability to limit the route should the need arise (which I don’t see) – I think it’s a BadIdea ™ to make the default action something that will often break and force people to go back into their router to clean it up.

For example, if someone is programming their controller and then they decide that they would like to do all the sorting via Url segments or to add all sorts of options to the url, then they will have to go back into the router and change this, if I understand correctly.

As an interesting observation – this is parallel (but opposite) to CI’s disposal of the _GET array – they are deciding what is the right security model and imposing it on you – instead of letting me decide. Of course, there are work around for this, just as you could enable the $_GET array – but to decide for me what’s the right security model, especially when the risk seems non-existent, seems like the wrong approach.

By: EllisGL

EllisGL — Sat, 15 Nov 2008 07:10:46 +0000

This method look great. IMO, it make’s it simple for dealing with SEO stuff, but having it break if it’s out side if it’s longer than expected seems a bit over kill to me.

I can’t think of a scenario where something like this could compromise security. Well actually, I could think of one. I know I wouldn’t write a system that would loop through URI arguments and send them with out filtering to MySQL, EXEC() or anything else you shouldn’t pass unfiltered data to.

Maybe there should be an ‘ignore’ option that not parse pass the point in which you would need? Of course that could be expanded out..

something like: ‘post/:year/:month/:day…ignore’ to just parse up to day and drop the rest.

‘post/:year/:month/:day…logAttempt’ — parse up to day and then log the url and user information has a possible hacking attemp.

Just a thought at 1:10 AM….

By: coolfactor

coolfactor — Mon, 03 Nov 2008 01:46:45 +0000

I was a bit concerned when I first saw the routing syntax, as I saw it replicated what PHP already does natively, but then I saw that it can be used to set some pretty handy defaults [ => date('Y') ] and that Reverse Routing feature is absolutely wicked! This is going places!

By: Zeelot

Zeelot — Sun, 26 Oct 2008 18:56:36 +0000

That was AMAZING!
thanks a lot!! until 2.3 I had been testing SVN with every new commit but 2.3 had scared me too much…
now I’m back to testing every new feature until release!!

By: alle

alle — Sun, 19 Oct 2008 15:09:45 +0000

Matt, thank you very much!

By: fabimc

fabimc — Sun, 19 Oct 2008 01:47:26 +0000

I used to be afraid of the new routing, but not anymore