/**
 * This is the default handler for the Q/responseExtras event.
 * It should not be invoked during AJAX requests, and especially
 * not during JSONP requests. It will output things like the nonce,
 * which prevents CSRF attacks, but is only supposed to be printed
 * on our webpages and not also given to anyone who does a JSONP request.
 */
function Q_before_Q_responseExtras()
{
    $app = Q_Config::expect('Q', 'app');
    $uri = Q_Dispatcher::uri();
    $url = Q_Request::url(true);
    $base_url = Q_Request::baseUrl();
    $ajax = Q_Request::isAjax();
    if (!$uri) {
        return;
    }
    $info = array('url' => $url, 'uriString' => (string) $uri);
    if ($uri) {
        $info['uri'] = $uri->toArray();
    }
    if (!$ajax) {
        $info = array_merge(array('app' => Q_Config::expect('Q', 'app')), $info, array('proxies' => Q_Config::get('Q', 'proxies', array()), 'baseUrl' => $base_url, 'proxyBaseUrl' => Q_Uri::url($base_url), 'proxyUrl' => Q_Uri::url($url), 'sessionName' => Q_Session::name(), 'nodeUrl' => Q_Utils::nodeUrl(), 'slotNames' => Q_Config::get("Q", "response", "slotNames", array('content', 'dashboard', 'title', 'notices'))));
    }
    foreach ($info as $k => $v) {
        Q_Response::setScriptData("Q.info.{$k}", $v);
    }
    if (!$ajax) {
        $uris = Q_Config::get('Q', 'javascript', 'uris', array());
        $urls = array();
        foreach ($uris as $u) {
            $urls["{$u}"] = Q_Uri::url("{$u}");
        }
        Q_Response::setScriptData('Q.urls', $urls);
    }
    // Export more variables to inline js
    $nonce = isset($_SESSION['Q']['nonce']) ? $_SESSION['Q']['nonce'] : null;
    if ($nonce) {
        Q_Response::setScriptData('Q.nonce', $nonce);
    }
    // Attach stylesheets and scripts
    foreach (Q_Config::get('Q', 'javascript', 'responseExtras', array()) as $src => $b) {
        if (!$b) {
            continue;
        }
        Q_Response::addScript($src);
    }
    foreach (Q_Config::get('Q', 'stylesheets', 'responseExtras', array()) as $src => $media) {
        if (!$media) {
            continue;
        }
        if ($media === true) {
            $media = 'screen,print';
        }
        Q_Response::addStylesheet($src, null, $media);
    }
}
Beispiel #2
0
 /**
  * @method start
  * @static
  * @return {boolean}
  */
 static function start()
 {
     if (self::id()) {
         // Session has already started
         return false;
     }
     /**
      * @event Q/session/start {before}
      * @return {false}
      *	Return false to cancel session start
      */
     if (false === Q::event('Q/session/start', array(), 'before')) {
         return false;
     }
     if (Q_Config::get('Q', 'session', 'custom', true)) {
         session_set_save_handler(array(__CLASS__, 'openHandler'), array(__CLASS__, 'closeHandler'), array(__CLASS__, 'readHandler'), array(__CLASS__, 'writeHandler'), array(__CLASS__, 'destroyHandler'), array(__CLASS__, 'gcHandler'));
     }
     if (!empty($_SESSION)) {
         $pre_SESSION = $_SESSION;
     }
     self::init();
     $name = Q_Session::name();
     $id = isset($_REQUEST[$name]) ? $_REQUEST[$name] : isset($_COOKIE[$name]) ? $_COOKIE[$name] : null;
     if (!self::isValidId($id)) {
         // The session id was probably not generated by us, generate a new one
         /**
          * @event Q/session/generate {before}
          * @param {string} id An invalid id, if any, that was passed by the client
          * @return {boolean}
          */
         if (false === Q::event('Q/session/generate', compact('id'), 'before')) {
             return false;
         }
         $id = self::generateId();
     }
     try {
         if ($id) {
             self::processDbInfo();
             if (self::$session_db_connection) {
                 $id_field = self::$session_db_id_field;
                 $data_field = self::$session_db_data_field;
                 $updated_field = self::$session_db_updated_field;
                 $duration_field = self::$session_db_duration_field;
                 $class = self::$session_db_row_class;
                 $row = new $class();
                 $row->{$id_field} = $id;
                 if ($row->retrieve(null, null, array('lock' => 'FOR UPDATE'))) {
                     self::$session_db_row = $row;
                 } else {
                     // Start a new session with our own id
                     $row->{$id_field} = self::generateId();
                     $row->{$data_field} = "";
                     $row->{$updated_field} = date('Y-m-d H:i:s');
                     $row->{$duration_field} = Q_Config::get('Q', 'session', 'durations', Q_Request::formFactor(), Q_Config::expect('Q', 'session', 'durations', 'session'));
                     if (false !== Q::event('Q/session/save', array('row' => $row, 'id_field' => $id_field, 'data_field' => $data_field, 'updated_field' => $updated_field, 'duration_field' => $duration_field), 'before')) {
                         $row->save();
                         self::id($row->{$id_field});
                         // this sets the session cookie as well
                         self::$session_db_row = $row;
                     }
                 }
             } else {
                 self::id($id);
             }
         }
         if (!empty($_SERVER['HTTP_HOST'])) {
             session_start();
         } else {
             if (empty($_SESSION)) {
                 $_SESSION = array();
             }
         }
     } catch (Exception $e) {
         $app = Q_Config::get('Q', 'app', null);
         $prefix = $app ? "{$app}/" : '';
         if (empty($_SERVER['HTTP_HOST'])) {
             echo "Warning: Ignoring Q_Session::start() called before running {$prefix}scripts/Q/install.php --all" . PHP_EOL;
             $message = $e->getMessage();
             $file = $e->getFile();
             $line = $e->getLine();
             if (is_callable(array($e, 'getTraceAsStringEx'))) {
                 $trace_string = $e->getTraceAsStringEx();
             } else {
                 $trace_string = $e->getTraceAsString();
             }
             echo "{$message}\n(in {$file} line {$line})\n{$trace_string}" . PHP_EOL;
         } else {
             if (is_callable('apc_clear_cache')) {
                 apc_clear_cache('user');
             }
             Q::log($e);
             throw new Q_Exception("Please run {$prefix}scripts/Q/install.php --all");
         }
     }
     // merge in all the stuff that was added to $_SESSION
     // before we started it.
     if (isset($pre_SESSION)) {
         foreach ($pre_SESSION as $k => $v) {
             $_SESSION[$k] = $v;
         }
     }
     if (isset($_SESSION['Q']['notices'])) {
         foreach ($_SESSION['Q']['notices'] as $k => $v) {
             Q_Response::setNotice($k, $v);
         }
     }
     /**
      * @event Q/session/start {after}
      */
     Q::event('Q/session/start', array(), 'after');
     return true;
 }