v1.2

Docs API Markup UI

Search docs ⌘K

Backend
- Behaviors
  - FormController
  - ImportExportController
    - TranscodeFilter
  - ListController
  - RelationController
  - ReorderController
  - UserPreferencesModel
- Classes
- Console
- Controllers
  - AccessLogs
  - Auth
  - Files
  - Index
  - Media
  - Preferences
  - UserGroups
  - UserRoles
  - Users
- Facades
- FormWidgets
  - CodeEditor
  - ColorPicker
  - DataTable
  - DatePicker
  - FileUpload
  - IconPicker
  - MarkdownEditor
  - MediaFinder
  - NestedForm
  - PermissionEditor
  - RecordFinder
  - Relation
  - RelationManager
  - Repeater
  - RichEditor
  - Sensitive
  - TagList
- Helpers
  - Backend
  - Exception
    - DecompileException
- Models
  - AccessLog
  - BrandSetting
  - EditorSetting
  - ExportModel
  - ImportModel
  - Preference
  - User
  - UserGroup
  - UserPreference
  - UserRole
  - UserThrottle
- ReportWidgets
  - Welcome
- Skins
  - Standard
- Traits
- Widgets
  - Filter
  - Form
  - Lists
  - MediaManager
  - ReportContainer
  - Search
  - Table
  - Toolbar
Cms
- Classes
- Components
- Console
- Contracts
  - CmsObject
- Controllers
  - Index
  - Media
  - ThemeLogs
  - ThemeOptions
  - Themes
- Facades
  - Cms
- FormWidgets
  - Components
  - MediaFinder
- Helpers
  - Cms
  - File
- Models
- ReportWidgets
  - ActiveTheme
- Traits
  - UrlMaker
- Twig
- Widgets
System
- Behaviors
  - SettingsModel
- Classes
- Console
  - Asset
    - AssetCompile
    - AssetCreate
    - AssetInstall
    - AssetList
    - Mix
      - MixCompile
      - MixCreate
      - MixInstall
      - MixList
      - MixWatch
    - NpmRun
    - NpmUpdate
    - Vite
  - BaseScaffoldCommand
  - CreateCommand
  - CreateJob
  - CreateMigration
  - CreateModel
  - CreatePlugin
  - CreateSettings
  - CreateTest
  - PluginDisable
  - PluginEnable
  - PluginInstall
  - PluginList
  - PluginRefresh
  - PluginRemove
  - PluginRollback
  - Traits
    - HasPluginArgument
  - WinterDown
  - WinterEnv
  - WinterFresh
  - WinterInstall
  - WinterManifest
  - WinterMirror
  - WinterTest
  - WinterUp
  - WinterUpdate
  - WinterUtil
  - WinterVersion
- Controllers
- Helpers
  - Cache
  - DateTime
  - View
- Models
  - EventLog
  - File
  - LogSetting
  - MailBrandSetting
  - MailLayout
  - MailPartial
  - MailSetting
  - MailTemplate
  - Parameter
  - PluginVersion
  - RequestLog
  - Revision
- ReportWidgets
  - Status
- Traits
- Twig
- console
  - asset
    - vite
      - ViteList
Winter
- Storm
  - Argon
    - Argon
    - ArgonServiceProvider
  - Auth
    - AuthenticationException
    - AuthorizationException
    - Manager
    - Models
      - Group
      - Preferences
      - Role
      - Throttle
      - User
  - Config
    - ConfigServiceProvider
    - ConfigWriter
    - FileLoader
    - LoaderInterface
    - Repository
  - Console
    - Command
    - Traits
  - Cookie
    - Middleware
      - EncryptCookies
  - Database
    - Attach
      - BrokenImage
      - File
      - FileException
      - Resizer
    - Behaviors
      - Encryptable
      - Purgeable
      - Sortable
    - Builder
    - Capsule
      - Manager
    - Collection
    - Concerns
      - GuardsAttributes
      - HasRelationships
      - HidesAttributes
    - Connections
      - Connection
      - MySqlConnection
      - PostgresConnection
      - SQLiteConnection
      - SqlServerConnection
    - Connectors
      - ConnectionFactory
    - DataFeed
    - DatabaseServiceProvider
    - Dongle
    - MemoryCache
    - MigrationServiceProvider
    - Model
    - ModelBehavior
    - ModelException
    - ModelInterface
    - Models
      - DeferredBinding
      - Revision
    - MorphPivot
    - NestedTreeScope
    - Pivot
    - Query
      - Grammars
        
        Concerns
        
        SelectConcatenations
        
        MySqlGrammar
        
        PostgresGrammar
        
        SQLiteGrammar
        
        SqlServerGrammar
    - QueryBuilder
    - Relations
      - AttachMany
      - AttachOne
      - BelongsTo
      - BelongsToMany
      - Concerns
        
        AttachOneOrMany
        
        BelongsOrMorphsTo
        
        BelongsOrMorphsToMany
        
        DeferOneOrMany
        
        DefinedConstraints
        
        HasOneOrMany
        
        MorphOneOrMany
      - HasMany
      - HasManyThrough
      - HasOne
      - HasOneThrough
      - MorphMany
      - MorphOne
      - MorphTo
      - MorphToMany
      - Relation
    - Schema
      - Blueprint
    - SortableScope
    - Traits
      - ArraySource
      - DeferredBinding
      - Encryptable
      - HasSortableRelations
      - Hashable
      - NestedTree
      - Nullable
      - Purgeable
      - Revisionable
      - SimpleTree
      - Sluggable
      - SoftDelete
      - SoftDeleting
      - Sortable
      - Validation
    - TreeCollection
    - Updater
    - Updates
      - Migration
      - Seeder
  - Events
    - CallQueuedHandler
    - Dispatcher
    - EventServiceProvider
  - Exception
    - AjaxException
    - ApplicationException
    - ErrorHandler
    - ExceptionBase
    - SystemException
    - ValidationException
  - Extension
    - Extendable
    - ExtendableTrait
    - ExtensionBase
    - ExtensionTrait
  - Filesystem
    - Definitions
    - Filesystem
    - FilesystemManager
    - FilesystemServiceProvider
    - PathResolver
    - Zip
  - Flash
    - FlashBag
    - FlashServiceProvider
  - Foundation
    - Application
    - Bootstrap
    - Console
    - Exception
      - Handler
    - Http
      - Kernel
      - Middleware
        
        CheckForMaintenanceMode
        
        CheckForTrustedHost
        
        CheckForTrustedProxies
    - ProviderRepository
    - Providers
  - Halcyon
    - Builder
    - Collection
    - Datasource
    - Exception
    - HalcyonServiceProvider
    - MemoryCacheManager
    - MemoryRepository
    - Model
    - ModelInterface
    - Processors
      - Processor
      - SectionParser
    - Traits
      - Validation
  - Html
    - BlockBuilder
    - FormBuilder
    - Helper
    - HtmlBuilder
    - HtmlServiceProvider
    - UrlServiceProvider
  - Http
    - Middleware
      - TrustHosts
  - Mail
    - MailManager
    - MailParser
    - MailServiceProvider
    - Mailable
    - Mailer
  - Network
    - Http
    - NetworkServiceProvider
  - Parse
    - Assetic
      - Cache
        
        FilesystemCache
      - Filter
        
        JavascriptImporter
        
        LessCompiler
        
        ScssCompiler
    - Bracket
    - Contracts
      - DataFileInterface
    - EnvFile
    - Ini
    - Markdown
    - MarkdownData
    - PHP
    - ParseServiceProvider
    - Processor
      - Contracts
        
        YamlProcessor
      - Symfony3Processor
      - YamlProcessor
    - Syntax
    - Twig
    - Yaml
  - Redis
    - RedisServiceProvider
  - Router
    - CoreRouter
    - Helper
    - Router
    - RoutingServiceProvider
    - Rule
    - UrlGenerator
  - Scaffold
    - GeneratorCommand
  - Support
    - Arr
    - ClassLoader
    - Collection
    - Facade
    - Facades
      - Block
      - Config
      - DB
      - DbDongle
      - Event
      - File
      - Flash
      - Form
      - Html
      - Http
      - Ini
      - Input
      - Mail
      - Markdown
      - Schema
      - Svg
      - Twig
      - Url
      - Validator
      - Yaml
    - ModuleServiceProvider
    - Serialization
    - ServiceProvider
    - Singleton
    - Str
    - Svg
    - Testing
      - Fakes
        
        EventFake
        
        MailFake
      - MocksClassLoader
    - Traits
  - Translation
    - FileLoader
    - TranslationServiceProvider
    - Translator
  - Validation
    - Concerns
      - FormatsMessages
      - ValidatesEmail
    - Factory
    - Rule
    - Rules
      - Slug
    - ValidationServiceProvider
    - Validator
Events
- backend
  - ajax
    - beforeRunHandler
  - beforeRoute
  - filter
  - form
  - formwidgets
    - fileupload
      - onUpload
  - list
  - menu
    - extendItems
  - page
    - beforeDisplay
  - richeditor
    - getTypeInfo
    - listTypes
  - route
  - user
    - login
  - widgets
    - uploadable
      - onUpload
- cms
  - ajax
    - beforeRunHandler
  - beforeRoute
  - block
    - render
  - combiner
    - beforePrepare
    - getCacheKey
  - component
    - beforeRunAjaxHandler
    - runAjaxHandler
  - object
    - listInTheme
  - page
  - route
  - router
    - beforeRoute
  - template
  - theme
- exception
  - report
- halcyon
  - datasource
    - db
- mailer
- media
  - file
    - delete
    - move
    - rename
    - upload
  - folder
    - create
    - delete
    - move
    - rename
- model
  - afterBoot
  - afterCreate
  - afterDelete
  - afterFetch
  - afterRestore
  - afterSave
  - afterUpdate
  - afterValidate
  - auth
    - afterImpersonate
    - beforeImpersonate
  - beforeCreate
  - beforeDelete
  - beforeFetch
  - beforeGetAttribute
  - beforeRestore
  - beforeSave
  - beforeSetAttribute
  - beforeUpdate
  - beforeValidate
  - form
    - filterFields
  - getAttribute
  - getValidationAttributes
  - relation
    - afterAdd
    - afterAssociate
    - afterAttach
    - afterDetach
    - afterDissociate
    - afterRemove
    - beforeAdd
    - beforeAssociate
    - beforeAttach
    - beforeDetach
    - beforeDissociate
    - beforeRemove
  - saveInternal
  - setAttribute
- system
  - assets
    - beforeAddAsset
  - beforeRoute
  - console
    - mirror
      - extendPaths
    - theme
      - sync
        
        getAvailableModelClasses
  - extendConfigFile
  - reportwidgets
    - extendItems
  - resizer
  - route
  - settings
    - extendItems

SecurityController
Security Controller Trait Adds cross-site scripting protection methods to a controller based class

 trait System\Traits\SecurityController

Methods

protected makeXsrfCookie () : Symfony\Component\HttpFoundation\Cookie

Adds anti-CSRF cookie.

Adds a cookie with a token for CSRF checks to the response.

Returns

Symfony\Component\HttpFoundation\Cookie

protected verifyCsrfToken () : bool

Checks the request data / headers for a valid CSRF token.

Returns

bool

Returns false if a valid token is not found or cms.enableCsrfProtection is set to false

protected verifyForceSecure () : bool

Checks if the back-end should force a secure protocol (HTTPS) enabled by config.

Returns

bool

Used by

Class	Description
`EventLogs`	Event Logs controller
`MailBrandSettings`	Mail brand customization controller
`MailLayouts`	Mail layouts controller
`MailPartials`	Mail partials controller
`MailTemplates`	Mail templates controller
`RequestLogs`	Request Logs controller
`Settings`	Settings controller
`Updates`	Updates controller
`Controller`	The Backend base controller class, used by Backend controllers.
`AccessLogs`	Access Logs controller
`Auth`	Authentication controller
`Files`	Backend files controller
`Index`	Dashboard controller
`Media`	Backend Media Manager
`Preferences`	Editor Settings controller
`UserGroups`	Backend user groups controller
`UserRoles`	Backend user groups controller
`Users`	Backend user controller
`Controller`	The CMS controller class.
`Index`	CMS index
`Media`	CMS Media Manager
`ThemeLogs`	Request Logs controller
`ThemeOptions`	Theme customization controller
`Themes`	Theme selector controller

← Previous page System\Traits\ResponseMaker Next page → System\Traits\ViewMaker

Copyright © 2025 Winter CMS