  * Handles returning a JSON response, makes sure Content-Type header is set
  * @param array $array
  * @param bool $isJson Is the passed string already a json string
  * @return SS_HTTPResponse
 public function jsonResponse($array, $isJson = false)
     $json = $array;
     if (!$isJson) {
         $json = Convert::raw2json($array);
     $response = new SS_HTTPResponse($json);
     $response->addHeader('Content-Type', 'application/json');
     $response->addHeader('Vary', 'Accept');
     return $response;
 public function getGoogleMapPin(SS_HTTPRequest $request)
     $color = Convert::raw2sql($request->param('Color'));
     $path = ASSETS_PATH . '/maps/pins';
     // create folder on assets if does not exists ....
     if (!is_dir($path)) {
         mkdir($path, $mode = 0775, $recursive = true);
     // if not get it from google (default)
     $ping_url = "http://chart.apis.google.com/chart?cht=mm&chs=32x32&chco=FFFFFF,{$color},000000&ext=.png";
     $write_2_disk = true;
     if (file_exists($path . '/pin_' . $color . '.jpg')) {
         // if we have the file on assets use it
         $ping_url = $path . '/pin_' . $color . '.jpg';
         $write_2_disk = false;
     $body = file_get_contents($ping_url);
     if ($write_2_disk) {
         file_put_contents($path . '/pin_' . $color . '.jpg', $body);
     $ext = 'jpg';
     $response = new SS_HTTPResponse($body, 200);
     $response->addHeader('Content-Type', 'image/' . $ext);
     return $response;
 public function testAddCacheHeaders()
     $body = "<html><head></head><body><h1>Mysite</h1></body></html>";
     $response = new SS_HTTPResponse($body, 200);
     // Ensure max-age is zero for development.
     Config::inst()->update('Director', 'environment_type', 'dev');
     $response = new SS_HTTPResponse($body, 200);
     $this->assertContains('max-age=0', $response->getHeader('Cache-Control'));
     // Ensure max-age setting is respected in production.
     Config::inst()->update('Director', 'environment_type', 'live');
     $response = new SS_HTTPResponse($body, 200);
     $this->assertContains('max-age=30', explode(', ', $response->getHeader('Cache-Control')));
     $this->assertNotContains('max-age=0', $response->getHeader('Cache-Control'));
     // Still "live": Ensure header's aren't overridden if already set (using purposefully different values).
     $headers = array('Vary' => '*', 'Pragma' => 'no-cache', 'Cache-Control' => 'max-age=0, no-cache, no-store');
     $response = new SS_HTTPResponse($body, 200);
     foreach ($headers as $name => $value) {
         $response->addHeader($name, $value);
     foreach ($headers as $name => $value) {
         $this->assertEquals($value, $response->getHeader($name));
Beispiel #4
 public function httpError($code, $message = null)
     $response = new SS_HTTPResponse();
     $response->addHeader('Content-Type', 'text/html');
     return $response;
  * Action to handle upload of a single file
  * @param SS_HTTPRequest $request
  * @return SS_HTTPResponse
  * @return SS_HTTPResponse
 public function upload(SS_HTTPRequest $request)
     if ($this->isDisabled() || $this->isReadonly() || !$this->canUpload()) {
         return $this->httpError(403);
     // Protect against CSRF on destructive action
     $token = $this->getForm()->getSecurityToken();
     if (!$token->checkRequest($request)) {
         return $this->httpError(400);
     // Get form details
     $name = $this->getName();
     $postVars = $request->postVar($name);
     // Save the temporary file into a File object
     $uploadedFiles = $this->extractUploadedFileData($postVars);
     $firstFile = reset($uploadedFiles);
     $file = $this->saveTemporaryFile($firstFile, $error);
     if (empty($file)) {
         $return = array('error' => $error);
     } else {
         $return = $this->encodeFileAttributes($file);
     // Format response with json
     $response = new SS_HTTPResponse(Convert::raw2json(array($return)));
     $response->addHeader('Content-Type', 'text/plain');
     if (!empty($return['error'])) {
     return $response;
  * Returns the unread count in a JSONobject
  * @return SS_HTTPResponse
 public function count()
     $notifications = TimelineEvent::get_unread(Member::currentUser());
     $response = new SS_HTTPResponse(json_encode(array('count' => $notifications->count())), 200);
     $response->addHeader('Content-Type', 'application/json');
     return $response;
 public function load($request)
     $response = new SS_HTTPResponse();
     $response->addHeader('Content-Type', 'application/json');
     $response->setBody(Convert::array2json(array("_memberID" => Member::currentUserID())));
     return $response;
 public function load($request)
     $response = new SS_HTTPResponse();
     $response->addHeader('Content-Type', 'application/json');
     $response->setBody(Convert::array2json(call_user_func($this->source, $request->getVar('val'))));
     return $response;
Beispiel #9
  * Use cURL to request a URL, and return a SS_HTTPResponse object.
 protected function curlRequest($url, $method, $data = null, $headers = null, $curlOptions = array())
     $ch = curl_init();
     $timeout = 5;
     $ssInfo = new SapphireInfo();
     $useragent = 'SilverStripe/' . $ssInfo->version();
     curl_setopt($ch, CURLOPT_URL, $url);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
     curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
     curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
     curl_setopt($ch, CURLOPT_HEADER, 1);
     if ($headers) {
         curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
     // Add fields to POST and PUT requests
     if ($method == 'POST') {
         curl_setopt($ch, CURLOPT_POST, 1);
         curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
     } elseif ($method == 'PUT') {
         $put = fopen("php://temp", 'r+');
         fwrite($put, $data);
         fseek($put, 0);
         curl_setopt($ch, CURLOPT_PUT, 1);
         curl_setopt($ch, CURLOPT_INFILE, $put);
         curl_setopt($ch, CURLOPT_INFILESIZE, strlen($data));
     // Follow redirects
     curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
     // Set any custom options passed to the request() function
     curl_setopt_array($ch, $curlOptions);
     // Run request
     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
     $fullResponseBody = curl_exec($ch);
     $curlError = curl_error($ch);
     list($responseHeaders, $responseBody) = preg_split('/(\\n\\r?){2}/', $fullResponseBody, 2);
     if (preg_match("#^HTTP/1.1 100#", $responseHeaders)) {
         list($responseHeaders, $responseBody) = preg_split('/(\\n\\r?){2}/', $responseBody, 2);
     $responseHeaders = explode("\n", trim($responseHeaders));
     $statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
     if ($curlError !== '' || $statusCode == 0) {
         $statusCode = 500;
     $response = new SS_HTTPResponse($responseBody, $statusCode);
     foreach ($responseHeaders as $headerLine) {
         if (strpos($headerLine, ":") !== false) {
             list($headerName, $headerVal) = explode(":", $headerLine, 2);
             // This header isn't relevant outside of curlRequest
             if (strtolower($headerName) == 'transfer-encoding') {
             $response->addHeader(trim($headerName), trim($headerVal));
     return $response;
  * Creates and return the editing interface
  * @return string Form's HTML
 public function index()
     $form = $this->listForm();
     $form->addExtraClass('center cms-content');
     $form->setAttribute('data-pjax-fragment', 'CurrentForm Content');
     if ($this->request->isAjax()) {
         $response = new SS_HTTPResponse(Convert::raw2json(array('Content' => $form->forAjaxTemplate()->getValue())));
         $response->addHeader('X-Pjax', 'Content');
         $response->addHeader('Content-Type', 'text/json');
         $response->addHeader('X-Title', 'SilverStripe - Bulk ' . $this->gridField->list->dataClass . ' Editing');
         return $response;
     } else {
         $controller = $this->getToplevelController();
         return $controller->customise(array('Content' => $form));
Beispiel #11
 function Places()
     $Places = DataObject::get("Place");
     $body = $this->owner->customise(array('Places' => $Places))->renderWith("KMLPlaces");
     $response = new SS_HTTPResponse($body, 200);
     $response->addHeader('Content-type', "application/vnd.google-earth.kml+xml");
     return $response;
  * Unlink the selected records passed from the unlink bulk action.
  * @param SS_HTTPRequest $request
  * @return SS_HTTPResponse List of affected records ID
 public function unLink(SS_HTTPRequest $request)
     $ids = $this->getRecordIDList();
     $response = new SS_HTTPResponse(Convert::raw2json(array('done' => true, 'records' => $ids)));
     $response->addHeader('Content-Type', 'text/json');
     return $response;
  * Returns a JSON string of tags, for lazy loading.
  * @param SS_HTTPRequest $request
  * @return SS_HTTPResponse
 public function suggest(SS_HTTPRequest $request)
     $members = $this->getMembers($request->getVar('term'));
     $response = new SS_HTTPResponse();
     $response->addHeader('Content-Type', 'application/json');
     return $response;
  * @param Object $originator
  * @param SS_HTTPRequest $request
  * @param SS_HTTPResponse $response
  * @param DataModel $model
 public function applyToResponse($originator, SS_HTTPRequest $request, SS_HTTPResponse $response, DataModel $model)
     foreach ($this->headers as $key => $value) {
         if ($value !== "") {
             $response->addHeader($key, $value);
         } else {
 public function postRequest(\SS_HTTPRequest $request, \SS_HTTPResponse $response, \DataModel $model)
     $time = sprintf('%.3f ms', microtime(true) - $this->start);
     $response->addHeader('X-SilverStripe-Time', $time);
     $b = $response->getBody();
     if (strpos($b, '</html>')) {
         $b = str_replace('</html>', "\n<!-- Generated in {$time} -->\n</html>", $b);
  * Require basic authentication.  Will request a username and password if none is given.
  * Used by {@link Controller::init()}.
  * @throws SS_HTTPResponse_Exception
  * @param string $realm
  * @param string|array $permissionCode Optional
  * @param boolean $tryUsingSessionLogin If true, then the method with authenticate against the
  *  session log-in if those credentials are disabled.
  * @return Member $member
 public static function requireLogin($realm, $permissionCode = null, $tryUsingSessionLogin = true)
     $isRunningTests = class_exists('SapphireTest', false) && SapphireTest::is_running_test();
     if (!Security::database_is_ready() || Director::is_cli() && !$isRunningTests) {
         return true;
      * Enable HTTP Basic authentication workaround for PHP running in CGI mode with Apache
      * Depending on server configuration the auth header may be in HTTP_AUTHORIZATION or
      * The follow rewrite rule must be in the sites .htaccess file to enable this workaround
      * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
     $matches = array();
     if ($authHeader && preg_match('/Basic\\s+(.*)$/i', $authHeader, $matches)) {
         list($name, $password) = explode(':', base64_decode($matches[1]));
         $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
         $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
     $member = null;
     if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
         $member = MoreAdminsAuthenticator::authenticate(array('Email' => $_SERVER['PHP_AUTH_USER'], 'Password' => $_SERVER['PHP_AUTH_PW']), null);
     if (!$member && $tryUsingSessionLogin) {
         $member = Member::currentUser();
     // If we've failed the authentication mechanism, then show the login form
     if (!$member) {
         $response = new SS_HTTPResponse(null, 401);
         $response->addHeader('WWW-Authenticate', "Basic realm=\"{$realm}\"");
         if (isset($_SERVER['PHP_AUTH_USER'])) {
             $response->setBody(_t('BasicAuth.ERRORNOTREC', "That username / password isn't recognised"));
         } else {
             $response->setBody(_t('BasicAuth.ENTERINFO', "Please enter a username and password."));
         // Exception is caught by RequestHandler->handleRequest() and will halt further execution
         $e = new SS_HTTPResponse_Exception(null, 401);
         throw $e;
     if ($permissionCode && !Permission::checkMember($member->ID, $permissionCode)) {
         $response = new SS_HTTPResponse(null, 401);
         $response->addHeader('WWW-Authenticate', "Basic realm=\"{$realm}\"");
         if (isset($_SERVER['PHP_AUTH_USER'])) {
             $response->setBody(_t('BasicAuth.ERRORNOTADMIN', "That user is not an administrator."));
         // Exception is caught by RequestHandler->handleRequest() and will halt further execution
         $e = new SS_HTTPResponse_Exception(null, 401);
         throw $e;
     return $member;
 public function getAndroidAssetLinksFile(SS_HTTPRequest $request)
     $file = [];
     foreach ($APP_LINKS_ANDROID_FILE_CONFIG as $package => $fingerprints) {
         $file[] = ["relation" => ["delegate_permission/common.handle_all_urls"], "target" => ["namespace" => "android_app", "package_name" => $package, "sha256_cert_fingerprints" => $fingerprints]];
     $response = new SS_HTTPResponse(json_encode($file), 200);
     $response->addHeader('Content-Type', 'application/json; charset=utf-8');
     return $response;
  * Generates the response containing the robots.txt content
  * @return SS_HTTPResponse
 public function index()
     $text = "";
     $text .= $this->renderSitemap();
     $text .= "User-agent: *\n";
     $text .= $this->renderDisallow();
     $text .= $this->renderAllow();
     $response = new SS_HTTPResponse($text, 200);
     $response->addHeader("Content-Type", "text/plain; charset=\"utf-8\"");
     return $response;
  * Delete the selected records passed from the delete bulk action.
  * @param SS_HTTPRequest $request
  * @return SS_HTTPResponse List of deleted records ID
 public function delete(SS_HTTPRequest $request)
     $ids = array();
     foreach ($this->getRecords() as $record) {
         array_push($ids, $record->ID);
     $response = new SS_HTTPResponse(Convert::raw2json(array('done' => true, 'records' => $ids)));
     $response->addHeader('Content-Type', 'text/json');
     return $response;
 public function handleAssignBulkAction($gridField, $request)
     $entity_id = $request->param('EntityID');
     $controller = $gridField->getForm()->Controller();
     $this->gridField = $gridField;
     $ids = $this->getRecordIDList();
     $this->processRecordIds($ids, $entity_id, $gridField, $request);
     $response = new SS_HTTPResponse(Convert::raw2json(array('done' => true, 'records' => $ids)));
     $response->addHeader('Content-Type', 'text/json');
     return $response;
 public function postRequest(\SS_HTTPRequest $request, \SS_HTTPResponse $response, \DataModel $model)
     if ($request->getVar('clear') && Member::currentUserID() && Permission::check('ADMIN')) {
         $key = trim($request->getVar('url'), '/');
         $key = (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '') . '/' . $key;
         $item = $this->dynamicCache->get($key);
         if ($item) {
             $response->addHeader('X-SilverStripe-Cache', 'deleted ' . $key);
  * AJAX Json Response handler
  * @param array|null $retVars
  * @param boolean $success
  * @return \SS_HTTPResponse
 public function handleJsonResponse($success = false, $retVars = null)
     $result = array();
     if ($success) {
         $result = array('success' => $success);
     if ($retVars) {
         $result = array_merge($retVars, $result);
     $response = new SS_HTTPResponse(json_encode($result));
     $response->addHeader('Content-Type', 'application/json');
     return $response;
  * Unpublish the selected records passed from the unpublish bulk action
  * @param SS_HTTPRequest $request
  * @return SS_HTTPResponse List of published record IDs
 public function unpublish(SS_HTTPRequest $request)
     $ids = array();
     foreach ($this->getRecords() as $record) {
         if ($record->hasExtension('Versioned')) {
             array_push($ids, $record->ID);
     $response = new SS_HTTPResponse(Convert::raw2json(array('done' => true, 'records' => $ids)));
     $response->addHeader('Content-Type', 'text/json');
     return $response;
 public function getMemberProfileImage(SS_HTTPRequest $request)
     $member_id = intval($request->param('MemberID'));
     $member = Member::get()->byID($member_id);
     if (is_null($member)) {
         return $this->notFound();
     $photo_url = $member->ProfilePhotoUrl($width = 100, $generic_photo_type = 'speaker');
     $body = file_get_contents($photo_url);
     $ext = 'jpg';
     $response = new SS_HTTPResponse($body, 200);
     $response->addHeader('Content-Type', 'image/' . $ext);
     return $response;
 public function load($request)
     $response = new SS_HTTPResponse();
     $response->addHeader('Content-Type', 'application/json');
     $items = call_user_func($this->source, $request->getVar('val'));
     $results = array();
     if ($items) {
         foreach ($items as $k => $v) {
             $results[] = array('k' => $k, 'v' => $v);
     return $response;
Beispiel #26
 public function returnToBrowser()
     if ($this->ExternalLink) {
         return $this->ExternalLink;
     } else {
         if ($this->FileID) {
             if ($file = $this->File()) {
                 return $file->AbsoluteURL();
         } else {
             $content = base64_decode($this->Content);
             $response = new SS_HTTPResponse($content, '200');
             $response->addHeader('Content-Description', 'File Transfer');
             $response->addHeader('Content-Type', $this->ContentType);
             if ($this->IsImage()) {
                 $response->addHeader('Content-Disposition', 'inline; filename="' . basename($this->FileName) . '"');
             } else {
                 $response->addHeader('Content-Disposition', 'download; filename="' . basename($this->FileName) . '"');
             $response->addHeader('Content-Length', $this->Length);
Beispiel #27
  * Require basic authentication.  Will request a username and password if none is given.
  * Used by {@link Controller::init()}.
  * @throws SS_HTTPResponse_Exception
  * @param string $realm
  * @param string|array $permissionCode Optional
  * @param boolean $tryUsingSessionLogin If true, then the method with authenticate against the
  *  session log-in if those credentials are disabled.
  * @return Member $member
 public static function requireLogin($realm, $permissionCode = null, $tryUsingSessionLogin = true)
     $isRunningTests = class_exists('SapphireTest', false) && SapphireTest::is_running_test();
     if (!Security::database_is_ready() || Director::is_cli() && !$isRunningTests) {
         return true;
     $matches = array();
     if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
         list($name, $password) = explode(':', base64_decode($matches[1]));
         $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
         $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
     $member = null;
     if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
         $member = MemberAuthenticator::authenticate(array('Email' => $_SERVER['PHP_AUTH_USER'], 'Password' => $_SERVER['PHP_AUTH_PW']), null);
     if (!$member && $tryUsingSessionLogin) {
         $member = Member::currentUser();
     // If we've failed the authentication mechanism, then show the login form
     if (!$member) {
         $response = new SS_HTTPResponse(null, 401);
         $response->addHeader('WWW-Authenticate', "Basic realm=\"{$realm}\"");
         if (isset($_SERVER['PHP_AUTH_USER'])) {
             $response->setBody(_t('BasicAuth.ERRORNOTREC', "That username / password isn't recognised"));
         } else {
             $response->setBody(_t('BasicAuth.ENTERINFO', "Please enter a username and password."));
         // Exception is caught by RequestHandler->handleRequest() and will halt further execution
         $e = new SS_HTTPResponse_Exception(null, 401);
         throw $e;
     if ($permissionCode && !Permission::checkMember($member->ID, $permissionCode)) {
         $response = new SS_HTTPResponse(null, 401);
         $response->addHeader('WWW-Authenticate', "Basic realm=\"{$realm}\"");
         if (isset($_SERVER['PHP_AUTH_USER'])) {
             $response->setBody(_t('BasicAuth.ERRORNOTADMIN', "That user is not an administrator."));
         // Exception is caught by RequestHandler->handleRequest() and will halt further execution
         $e = new SS_HTTPResponse_Exception(null, 401);
         throw $e;
     return $member;
 public function index(SS_HTTPRequest $r)
     $username = $r->postVar('username');
     $password = $r->postVar('password');
     if (!$username || !$password) {
         return $this->httpError(400, "You must provide 'username' and 'password' parameters in the request");
     if ($member = Member::get()->filter('Email', $username)->first()) {
         if ($member->checkPassword($password)) {
             $response = new SS_HTTPResponse(200);
             $response->addHeader('Content-type', 'application/json')->setBody(Convert::array2json(array('token' => $member->AuthenticationToken)));
             return $response;
     return $this->httpError(403, "Invalid login");
  * Filter executed AFTER a request
  * @param SS_HTTPRequest $request Request container object
  * @param SS_HTTPResponse $response Response output object
  * @param DataModel $model Current DataModel
  * @return boolean Whether to continue processing other filters. Null or true will continue processing (optional)
 public function postRequest(SS_HTTPRequest $request, SS_HTTPResponse $response, DataModel $model)
     $code = $response->getStatusCode();
     $error_page_path = Director::baseFolder() . "/errors_pages/ui/{$code}/index.html";
     if (!$request->isAjax() && file_exists($error_page_path)) {
         //clean buffer
         $page_file = fopen($error_page_path, "r") or die("Unable to open file!");
         $body = fread($page_file, filesize($error_page_path));
         // set content type
         $response->addHeader('Content-Type', 'text/html');
         return true;
     return true;
  * Unlink the selected records by setting the foreign key to zero
  * in both Stage and Live tables.
  * @param SS_HTTPRequest $request
  * @return SS_HTTPResponse List of published record IDs
 public function versionedunlink(SS_HTTPRequest $request)
     $ids = $this->getRecordIDList();
     // remove the selected entries from Stage.
     // Unpublish the unlinked records.
     // This is potentially destructive, but there's no other "good" way to do this.
     // When a unlinked record gets added to another page, the only way to "activate" the
     // record is to publish it.. so the published version will be overwritten anyway!
     foreach ($this->getRecords() as $record) {
         if ($record->hasExtension('Versioned')) {
     $response = new SS_HTTPResponse(Convert::raw2json(array('done' => true, 'records' => $ids)));
     $response->addHeader('Content-Type', 'text/json');
     return $response;