/**
* This is the default handler for the Q/responseExtras event.
* It should not be invoked during AJAX requests, and especially
* not during JSONP requests. It will output things like the nonce,
* which prevents CSRF attacks, but is only supposed to be printed
* on our webpages and not also given to anyone who does a JSONP request.
*/
function Q_before_Q_responseExtras()
{
$app = Q_Config::expect('Q', 'app');
$uri = Q_Dispatcher::uri();
$url = Q_Request::url(true);
$base_url = Q_Request::baseUrl();
$ajax = Q_Request::isAjax();
if (!$uri) {
return;
}
$info = array('url' => $url, 'uriString' => (string) $uri);
if ($uri) {
$info['uri'] = $uri->toArray();
}
if (!$ajax) {
$info = array_merge(array('app' => Q_Config::expect('Q', 'app')), $info, array('proxies' => Q_Config::get('Q', 'proxies', array()), 'baseUrl' => $base_url, 'proxyBaseUrl' => Q_Uri::url($base_url), 'proxyUrl' => Q_Uri::url($url), 'sessionName' => Q_Session::name(), 'nodeUrl' => Q_Utils::nodeUrl(), 'slotNames' => Q_Config::get("Q", "response", "slotNames", array('content', 'dashboard', 'title', 'notices'))));
}
foreach ($info as $k => $v) {
Q_Response::setScriptData("Q.info.{$k}", $v);
}
if (!$ajax) {
$uris = Q_Config::get('Q', 'javascript', 'uris', array());
$urls = array();
foreach ($uris as $u) {
$urls["{$u}"] = Q_Uri::url("{$u}");
}
Q_Response::setScriptData('Q.urls', $urls);
}
// Export more variables to inline js
$nonce = isset($_SESSION['Q']['nonce']) ? $_SESSION['Q']['nonce'] : null;
if ($nonce) {
Q_Response::setScriptData('Q.nonce', $nonce);
}
// Attach stylesheets and scripts
foreach (Q_Config::get('Q', 'javascript', 'responseExtras', array()) as $src => $b) {
if (!$b) {
continue;
}
Q_Response::addScript($src);
}
foreach (Q_Config::get('Q', 'stylesheets', 'responseExtras', array()) as $src => $media) {
if (!$media) {
continue;
}
if ($media === true) {
$media = 'screen,print';
}
Q_Response::addStylesheet($src, null, $media);
}
}
/**
* @method start
* @static
* @return {boolean}
*/
static function start()
{
if (self::id()) {
// Session has already started
return false;
}
/**
* @event Q/session/start {before}
* @return {false}
* Return false to cancel session start
*/
if (false === Q::event('Q/session/start', array(), 'before')) {
return false;
}
if (Q_Config::get('Q', 'session', 'custom', true)) {
session_set_save_handler(array(__CLASS__, 'openHandler'), array(__CLASS__, 'closeHandler'), array(__CLASS__, 'readHandler'), array(__CLASS__, 'writeHandler'), array(__CLASS__, 'destroyHandler'), array(__CLASS__, 'gcHandler'));
}
if (!empty($_SESSION)) {
$pre_SESSION = $_SESSION;
}
self::init();
$name = Q_Session::name();
$id = isset($_REQUEST[$name]) ? $_REQUEST[$name] : isset($_COOKIE[$name]) ? $_COOKIE[$name] : null;
if (!self::isValidId($id)) {
// The session id was probably not generated by us, generate a new one
/**
* @event Q/session/generate {before}
* @param {string} id An invalid id, if any, that was passed by the client
* @return {boolean}
*/
if (false === Q::event('Q/session/generate', compact('id'), 'before')) {
return false;
}
$id = self::generateId();
}
try {
if ($id) {
self::processDbInfo();
if (self::$session_db_connection) {
$id_field = self::$session_db_id_field;
$data_field = self::$session_db_data_field;
$updated_field = self::$session_db_updated_field;
$duration_field = self::$session_db_duration_field;
$class = self::$session_db_row_class;
$row = new $class();
$row->{$id_field} = $id;
if ($row->retrieve(null, null, array('lock' => 'FOR UPDATE'))) {
self::$session_db_row = $row;
} else {
// Start a new session with our own id
$row->{$id_field} = self::generateId();
$row->{$data_field} = "";
$row->{$updated_field} = date('Y-m-d H:i:s');
$row->{$duration_field} = Q_Config::get('Q', 'session', 'durations', Q_Request::formFactor(), Q_Config::expect('Q', 'session', 'durations', 'session'));
if (false !== Q::event('Q/session/save', array('row' => $row, 'id_field' => $id_field, 'data_field' => $data_field, 'updated_field' => $updated_field, 'duration_field' => $duration_field), 'before')) {
$row->save();
self::id($row->{$id_field});
// this sets the session cookie as well
self::$session_db_row = $row;
}
}
} else {
self::id($id);
}
}
if (!empty($_SERVER['HTTP_HOST'])) {
session_start();
} else {
if (empty($_SESSION)) {
$_SESSION = array();
}
}
} catch (Exception $e) {
$app = Q_Config::get('Q', 'app', null);
$prefix = $app ? "{$app}/" : '';
if (empty($_SERVER['HTTP_HOST'])) {
echo "Warning: Ignoring Q_Session::start() called before running {$prefix}scripts/Q/install.php --all" . PHP_EOL;
$message = $e->getMessage();
$file = $e->getFile();
$line = $e->getLine();
if (is_callable(array($e, 'getTraceAsStringEx'))) {
$trace_string = $e->getTraceAsStringEx();
} else {
$trace_string = $e->getTraceAsString();
}
echo "{$message}\n(in {$file} line {$line})\n{$trace_string}" . PHP_EOL;
} else {
if (is_callable('apc_clear_cache')) {
apc_clear_cache('user');
}
Q::log($e);
throw new Q_Exception("Please run {$prefix}scripts/Q/install.php --all");
}
}
// merge in all the stuff that was added to $_SESSION
// before we started it.
if (isset($pre_SESSION)) {
foreach ($pre_SESSION as $k => $v) {
$_SESSION[$k] = $v;
}
}
if (isset($_SESSION['Q']['notices'])) {
foreach ($_SESSION['Q']['notices'] as $k => $v) {
Q_Response::setNotice($k, $v);
}
}
/**
* @event Q/session/start {after}
*/
Q::event('Q/session/start', array(), 'after');
return true;
}