function startup(Controller $controller)
{
if (!isset($this->settings[$controller->name][$controller->action])) {
return;
}
$settings = $this->settings[$controller->name][$controller->action];
if (!in_array('Filter.Filter', $controller->helpers)) {
$controller->helpers[] = 'Filter.Filter';
}
$sessionKey = sprintf('FilterPlugin.Filters.%s.%s', $controller->name, $controller->action);
if (!$controller->request->is('post') || !isset($controller->request->data['Filter']['filterFormId'])) {
$persistedData = array();
if ($this->Session->check($sessionKey)) {
$persistedData = $this->Session->read($sessionKey);
}
if (empty($persistedData)) {
return;
}
$this->formData = $persistedData;
} else {
$this->formData = $controller->request->data;
$this->Session->write($sessionKey, $this->formData);
$controller->redirect($controller->referer());
}
foreach ($settings as $model => $options) {
if (!isset($controller->{$model})) {
trigger_error(__('Filter model not found: %s', $model));
continue;
}
$controller->{$model}->setFilterValues($this->formData);
}
}
/**
* Logout user from application and Facebook
*
* @param string|array $redirectUrl
*/
public function logout($redirectUrl = null)
{
if (!$redirectUrl) {
$redirectUrl = $this->Controller->referer();
}
$logoutUrl = $this->getLogoutUrl($redirectUrl);
$this->flash(__('Disconnecting from facebook'), $logoutUrl);
}
/**
* Called after the Controller::beforeFilter() and before the controller action
*
* @param Controller $controller Controller with components to startup
* @return void
*/
public function startup(Controller $controller)
{
// ファイルアップロード等で post_max_size を超えると $_POSTが空っぽになるため、このタイミングでエラー表示
$contentLength = Hash::get($_SERVER, 'CONTENT_LENGTH');
if ($contentLength > CakeNumber::fromReadableSize(ini_get('post_max_size'))) {
$message = __d('files', 'FileUpload.post_max_size.over');
$controller->NetCommons->setFlashNotification($message, array('class' => 'danger', 'interval' => NetCommonsComponent::ALERT_VALIDATE_ERROR_INTERVAL));
$controller->redirect($controller->referer());
}
}
/**
* Store the referer information for use later
*/
public function startup(Controller $controller)
{
$redirect = $controller->Session->read($this->_key);
if (!in_array($controller->action, $this->_actions)) {
return;
}
if (!empty($redirect)) {
return;
}
$controller->Session->write($this->_key, $controller->referer());
}
/**
* undocumented function
*
* @param string $officeId
* @return void
* @access public
*/
function admin_activate($officeId = null)
{
if ($officeId == Configure::read('Office.id')) {
$msg = __('This office is already active.', true);
return $this->Message->add($msg, 'ok');
}
Assert::true(Office::isOwn($officeId), '403');
$office = $this->Office->find('first', array('conditions' => array('Office.id' => $officeId), 'contain' => array('SubOffice', 'ParentOffice')));
Assert::notEmpty($office, '404');
$this->Office->activate($office['Office']['id']);
$msg = __('The office was successfully activated!', true);
return $this->Message->add($msg, 'ok', true, Controller::referer());
}
/**
* Is the passed ID valid ?
*
* By default we assume you want to validate an numeric string
* like a normal incremental ids from MySQL
*
* Change the validateId settings key to "uuid" for UUID check instead
*
* @param mixed $id
* @return boolean
*/
protected function _validateId($id)
{
if (isset($this->settings['validateId'])) {
$type = $this->settings['validateId'];
} else {
$type = $this->_detectPrimaryKeyFieldType();
}
if (!$type) {
return true;
} elseif ($type === 'uuid') {
$valid = Validation::uuid($id);
} else {
$valid = is_numeric($id);
}
if ($valid) {
return true;
}
$subject = $this->trigger('invalidId', compact('id'));
$this->_setFlash('invalid_id.error');
return $this->_redirect($subject, $this->_controller->referer());
}
/**
* Main execution method. Handles redirecting of invalid users, and processing
* of login form data.
*
* @param Controller $controller A reference to the instantiating controller object
* @return boolean
*/
public function startup(Controller $controller)
{
$methods = array_flip(array_map('strtolower', $controller->methods));
$action = strtolower($controller->request->params['action']);
$isMissingAction = $controller->scaffold === false && !isset($methods[$action]);
if ($isMissingAction) {
return true;
}
if (!$this->_setDefaults()) {
return false;
}
$request = $controller->request;
$url = '';
if (isset($request->url)) {
$url = $request->url;
}
$url = Router::normalize($url);
$loginAction = Router::normalize($this->loginAction);
$allowedActions = $this->allowedActions;
$isAllowed = $this->allowedActions == array('*') || in_array($action, array_map('strtolower', $allowedActions));
if ($loginAction != $url && $isAllowed) {
return true;
}
if ($loginAction == $url) {
if (empty($request->data)) {
if (!$this->Session->check('Auth.redirect') && !$this->loginRedirect && env('HTTP_REFERER')) {
$this->Session->write('Auth.redirect', $controller->referer(null, true));
}
}
return true;
} else {
if (!$this->_getUser()) {
if (!$request->is('ajax')) {
$this->flash($this->authError);
$this->Session->write('Auth.redirect', $request->here());
$controller->redirect($loginAction);
return false;
} elseif (!empty($this->ajaxLogin)) {
$controller->viewPath = 'Elements';
echo $controller->render($this->ajaxLogin, $this->RequestHandler->ajaxLayout);
$this->_stop();
return false;
} else {
$controller->redirect(null, 403);
}
}
}
if (empty($this->authorize) || $this->isAuthorized($this->user())) {
return true;
}
$this->flash($this->authError);
$default = '/';
if (!empty($this->loginRedirect)) {
$default = $this->loginRedirect;
}
$controller->redirect($controller->referer($default), null, true);
return false;
}
function __checkDimensions($filePath)
{
$size = getimagesize($filePath);
if (!$size) {
$this->Session->setFlash('We could not check that image\'s size, so we can\'t upload it.', 'error');
$this->redirect(Controller::referer('/'));
}
$error = '';
if ($size[0] > 800 || $size[1] > 800) {
$this->Session->setFlash('Images cannot be any larger than 800 by 800 pixels.', 'error');
$this->redirect(Controller::referer('/'));
}
}
/**
* Test that the referer is not absolute if it is '/'.
*
* This avoids the base path being applied twice on string urls.
*
* @return void
*/
public function testRefererSlash()
{
$request = $this->getMock('CakeRequest', array('referer'));
$request->base = '/base';
$request->expects($this->any())->method('referer')->will($this->returnValue('/'));
Router::setRequestInfo($request);
$controller = new Controller($request);
$result = $controller->referer('/', true);
$this->assertEquals('/', $result);
$controller = new Controller($request);
$result = $controller->referer('/some/path', true);
$this->assertEquals('/base/some/path', $result);
}
/**
* testReferer method
*
* @access public
* @return void
*/
function testReferer()
{
$Controller = new Controller();
$_SERVER['HTTP_REFERER'] = 'http://cakephp.org';
$result = $Controller->referer(null, false);
$expected = 'http://cakephp.org';
$this->assertIdentical($result, $expected);
$_SERVER['HTTP_REFERER'] = '';
$result = $Controller->referer('http://cakephp.org', false);
$expected = 'http://cakephp.org';
$this->assertIdentical($result, $expected);
$_SERVER['HTTP_REFERER'] = '';
$referer = array('controller' => 'pages', 'action' => 'display', 'home');
$result = $Controller->referer($referer, false);
$expected = 'http://' . env('HTTP_HOST') . '/pages/display/home';
$this->assertIdentical($result, $expected);
$_SERVER['HTTP_REFERER'] = '';
$result = $Controller->referer(null, false);
$expected = '/';
$this->assertIdentical($result, $expected);
$_SERVER['HTTP_REFERER'] = FULL_BASE_URL . $Controller->webroot . '/some/path';
$result = $Controller->referer(null, false);
$expected = '/some/path';
$this->assertIdentical($result, $expected);
$Controller->webroot .= '/';
$_SERVER['HTTP_REFERER'] = FULL_BASE_URL . $Controller->webroot . '/some/path';
$result = $Controller->referer(null, false);
$expected = '/some/path';
$this->assertIdentical($result, $expected);
$_SERVER['HTTP_REFERER'] = FULL_BASE_URL . $Controller->webroot . 'some/path';
$result = $Controller->referer(null, false);
$expected = '/some/path';
$this->assertIdentical($result, $expected);
$Controller->webroot = '/recipe/';
$_SERVER['HTTP_REFERER'] = FULL_BASE_URL . $Controller->webroot . 'recipes/add';
$result = $Controller->referer();
$expected = '/recipes/add';
$this->assertIdentical($result, $expected);
}
/**
* _popupStartup
* POPUP型の場合はGetアクセスをはじく
* POSTが来たときは、送信された認証キーとControllerが指定しているmodel, contentId, additionalIdでDBからデータを取り出し
* マッチするか確認する
* 一致しない場合は、前の画面を再度呼び出す
*
* @param Controller $controller Controller with components to startup
* @return void
* @throws ForbiddenException
*/
protected function _popupStartup(Controller $controller)
{
// 現在実行されようとしているActionがガード対象のものであればチェックを走らせる
if ($controller->action == $this->targetAction) {
if ($controller->request->is('post') || $controller->request->is('put')) {
// POPUPのときはここでDBからデータを取り出す
$authKey = $this->AuthorizationKey->getAuthorizationKeyByContentId($this->model, $this->contentId, $this->additionalId);
//
// 入力された認証キーが正しいことを確認する
$data = $this->controller->request->data;
if (!isset($data['AuthorizationKey']['authorization_key']) || $authKey['AuthorizationKey']['authorization_key'] !== $data['AuthorizationKey']['authorization_key']) {
$this->_setErrorMessage();
$controller->redirect($controller->referer());
// 元に戻す
}
} else {
// POPUP型のガード処理でPOST以外で来ているということはURL強制HACK!
// 許さない
throw new ForbiddenException(__d('authorization_keys', 'you can not access without entering authorization key.'));
}
}
// それ以外の場合は何もせず通す
return true;
}
/**
* Sets the referer page
*
* We need to know where were you, to get you back there
*
* @return void
* @see CroogoComponent::redirect()
*/
public function setReferer()
{
$default = array('controller' => $this->_controller->request->params['controller'], 'action' => 'index');
$referer = $this->_controller->referer($default, true);
$this->Session->write('Croogo.referer', array('url' => $referer));
}
function dump($object = 'options')
{
if ($object == 'view') {
$this->set('header', 'Dumping a View Object');
$this->render('view_dump');
} elseif ($object == 'controller') {
$this->Gatekeeper->restrict_from_app_modes(array('production'), '/demo/gatekeeper/blocked', 'this option is blocked in production mode');
$REPORT = array($this->name => $this);
$this->set('header', 'Dumping the Controller Object');
$this->set('data', $REPORT);
$this->render('report');
} elseif ($object == 'config') {
$REPORT = array('App.mode' => Configure::Read('App.mode'), 'App.domain' => Configure::Read('App.domain'), 'debug' => Configure::read('debug'), 'Configure::Read(\'App\')' => Configure::Read('App'));
$this->set('header', 'Cakewell Context-Specific App Values');
$this->set('data', $REPORT);
$this->render('report');
} elseif ($object == 'phpinfo') {
$this->Gatekeeper->restrict_from_app_modes(array('production'), '/demo/', 'this action is blocked in production mode');
ob_start();
phpinfo();
$phpinfo = ob_get_clean();
$this->set('content_for_view', $phpinfo);
$this->render('blank', 'default');
} elseif ($object == 'request_handler') {
$Report = array('$this->Session->id()' => $this->Session->id(), '$this->Session->id' => $this->Session->id, '$this->RequestHandler->getReferrer()' => $this->RequestHandler->getReferrer(), '$_SERVER[\'HTTP_REFERER\']' => $_SERVER['HTTP_REFERER'], '$_SERVER[\'HTTP_USER_AGENT\']' => $_SERVER['HTTP_USER_AGENT'], 'Controller::referer' => Controller::referer(), '$this->RequestHandler->getClientIP()' => $this->RequestHandler->getClientIP(), 'FULL_BASE_URL + Router::url(\'\', false)' => FULL_BASE_URL . Router::url('', false), '$this->RequestHandler' => $this->RequestHandler);
$this->set('header', 'showing RequestHandler info for client at ip ' . $this->RequestHandler->getClientIP());
$this->set('data', $Report);
$this->render('report');
} elseif ($object == 'referer') {
$Data = array('referer' => $this->referer(), 'SERVER[\'HTTP_REFERER\']' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'NULL', 'Configure::read(\'Security.level\')' => Configure::read('Security.level'));
$this->set('header', 'Checking Referrer');
$this->set('data', $Data);
$this->render('report');
} elseif ($object == 'constants') {
$this->set('header', 'Some CakePHP Constants and Globals (<a href="http://book.cakephp.org/view/122/Core-Definition-Constants">docs</a>)');
$this->set('data', $this->_cake_constants());
$this->render('report');
} else {
$content = <<<EOMENU
<h3>choose an object to dump</h3>
<a href="/demo/dump/controller/">controller object</a><br />
<a href="/demo/dump/view/">view object</a><br />
<a href="/demo/dump/config/">configuration app values</a><br />
<a href="/demo/dump/request_handler/">request handler</a><br />
<a href="/demo/dump/referer/">referrer</a><br />
<a href="/demo/dump/constants/">cakephp constants</a><br />
<a href="/demo/dump/phpinfo/">phpinfo</a><br />
EOMENU;
$this->set('header', 'Object Dumper');
$this->set('content', $content);
$this->render('index');
}
}
/**
* undocumented function
*
* @return void
*/
function referer($default = null, $local = true)
{
return parent::referer($default, $local);
}
/**
*
*/
public function admin_update_multiple()
{
$this->autoRender = false;
$modelArray = array_keys($this->data);
if ($modelArray[0] == '_Token') {
$modelArray[0] = $modelArray[1];
}
if (!empty($this->data)) {
$message = $this->{$modelArray[0]}->updateMultiple($this->data);
$this->_message($message, Controller::referer());
}
}
/**
* testReferer method
*
* @return void
*/
public function testReferer()
{
$request = $this->getMock('CakeRequest');
$request->expects($this->any())->method('referer')->with(true)->will($this->returnValue('/posts/index'));
$Controller = new Controller($request);
$result = $Controller->referer(null, true);
$this->assertEquals('/posts/index', $result);
$Controller = new Controller($request);
$request->setReturnValue('referer', '/', array(true));
$result = $Controller->referer(array('controller' => 'posts', 'action' => 'index'), true);
$this->assertEquals('/posts/index', $result);
$request = $this->getMock('CakeRequest');
$request->expects($this->any())->method('referer')->with(false)->will($this->returnValue('http://localhost/posts/index'));
$Controller = new Controller($request);
$result = $Controller->referer();
$this->assertEquals('http://localhost/posts/index', $result);
$Controller = new Controller(null);
$result = $Controller->referer();
$this->assertEquals('/', $result);
}
/**
* Handle unauthorized access attempt
*
* @param Controller $controller A reference to the controller object
* @return bool Returns false
* @throws ForbiddenException
* @see AuthComponent::$unauthorizedRedirect
*/
protected function _unauthorized(Controller $controller)
{
if ($this->unauthorizedRedirect === false) {
throw new ForbiddenException($this->authError);
}
$this->flash($this->authError);
if ($this->unauthorizedRedirect === true) {
$default = '/';
if (!empty($this->loginRedirect)) {
$default = $this->loginRedirect;
}
$url = $controller->referer($default, true);
} else {
$url = $this->unauthorizedRedirect;
}
$controller->redirect($url, null, true);
return false;
}
/**
* Saves the user selected rating value. Depending on the plugin
* configuration, it also updates or deletes the rating.
*
* @param string $model Name of the model
* @param integer $id Id of the model
* @param integer $value User rating value
*/
function save($model = '', $id = 0, $value = 0) {
$this->layout = null;
$saved = false;
$fallback = false;
$referer = Controller::referer();
$name = $this->params['url']['name'];
$config = $this->params['url']['config'];
// load the config file
$this->__loadConfig($config);
// data from fallback form
if (isset($this->params['url']['fallback'])
&& $this->params['url']['fallback']) {
$fallback = true;
$model = $this->params['url']['model'];
$id = $this->params['url']['rating'];
$value = $this->params['url']['value'];
}
// check if model id exists
$modelInstance = ClassRegistry::init($model);
$modelInstance->id = $id;
if (!$modelInstance->exists(true)) {
if (!$fallback) {
$this->view($model, $id, base64_encode(json_encode(array('name' => $name, 'config' => $config))));
} else {
$this->redirect($referer);
}
return;
}
// choose between user and guest id
if (Configure::read('Rating.guest') && $this->Session->read('Rating.guest_id')) {
$userId = $this->Session->read('Rating.guest_id');
} else {
$userId = $this->Session->read(Configure::read('Rating.sessionUserId'));
}
// check if a rating already exists
$userRating = $this->Rating->find(array('model' => $model,
'model_id' => $id,
'user_id' => $userId,
'name' => $name));
// save, update or delete rating
if (!empty($userRating) && Configure::read('Rating.allowChange')) {
$this->Rating->id = $userRating['Rating']['id'];
if ($userRating['Rating']['rating'] == $value && Configure::read('Rating.allowDelete')) {
$this->Rating->delete($userRating['Rating']['id']);
$saved = true;
} else {
$saved = $this->Rating->saveField('rating', $value);
}
} else if (empty($userRating) && $userId) {
$this->data['Rating']['rating'] = $value;
$this->data['Rating']['model'] = $model;
$this->data['Rating']['model_id'] = $id;
$this->data['Rating']['user_id'] = $userId;
$this->data['Rating']['name'] = $name;
$this->Rating->create();
$saved = $this->Rating->save($this->data);
}
// set flash message
if ($saved && Configure::read('Rating.flash')) {
$this->Session->setFlash(Configure::read('Rating.flashMessage'),
'default',
array('class' => 'rating-flash'),
'rating');
}
// save rating values to model
if ($saved && Configure::read('Rating.saveToModel')) {
// check if fields exist in model
if (!$modelInstance->hasField(Configure::read('Rating.modelAverageField'))
&& !$modelInstance->hasField(Configure::read('Rating.modelVotesField'))) {
if (!$fallback) {
$this->view($model, $id, base64_encode(json_encode(array('name' => $name, 'config' => $config))));
} else {
$this->redirect($referer);
}
return;
}
// retrieve actual rating values
$values = $this->Rating->find(array('model' => $model,
'model_id' => $id,
'name' => $name),
array('AVG(Rating.rating)', 'COUNT(*)'));
$avgRating = round($values[0]['AVG(`Rating`.`rating`)'], 1);
$votes = $values[0]['COUNT(*)'];
if ($avgRating && !strpos($avgRating, '.')) {
$avgRating = $avgRating.'.0';
} else if (!$avgRating) {
$avgRating = '0.0';
}
if (empty($votes)) {
$votes = '0';
}
$modelInstance->id = $id;
// save rating values
if ($modelInstance->exists()) {
$modelInstance->saveField(Configure::read('Rating.modelAverageField'), $avgRating);
$modelInstance->saveField(Configure::read('Rating.modelVotesField'), $votes);
}
}
// show view again
if (!$fallback) {
$this->view($model, $id, base64_encode(json_encode(array('name' => $name, 'config' => $config))));
} else {
if ($saved && Configure::read('Rating.fallbackFlash')) {
$this->flash(Configure::read('Rating.flashMessage'), Controller::referer());
$this->Session->setFlash(null);
} else {
$this->redirect($referer);
}
}
$this->autoRender = false;
}
