Beispiel #1
0
 /**
  * Set the 'X-Frame-Options' headers to prevent click-jacking, unless
  * specifically disabled. Backend only!
  *
  * @param Request  $request
  * @param Response $response
  */
 protected function setFrameOptions(Request $request, Response $response)
 {
     if (Zone::isBackend($request) && $this->app['config']->get('general/headers/x_frame_options')) {
         $response->headers->set('X-Frame-Options', 'SAMEORIGIN');
         $response->headers->set('Frame-Options', 'SAMEORIGIN');
     }
 }
Beispiel #2
0
 /**
  * Normal boot functions.
  *
  * @param GetResponseEvent $event
  *
  * @return Response|null
  */
 public function onBoot(GetResponseEvent $event)
 {
     if (Zone::isBackend($event->getRequest())) {
         $this->setVersionChangeNotice();
     }
     // Twig globals
     $this->setGlobals(false);
     $this->setGlobals(true);
     // Only cache if the config passes checks
     if ($this->app['config']->checkConfig() === false) {
         return null;
     }
     // Final thing we do, if we're still standing, is to save our
     // configuration to cache
     if (!$this->app['config']->get('general/caching/config')) {
         return null;
     }
     $cacheFs = $this->app['filesystem']->getFilesystem('cache');
     try {
         $this->app['config']->cacheConfig($cacheFs, '', false);
     } catch (IOException $e) {
         $response = $this->app['controller.exception']->genericException($e);
         $event->setResponse($response);
     }
 }
Beispiel #3
0
 /**
  * Render the not found page if on frontend and http exception
  *
  * @param GetResponseForExceptionEvent $event
  */
 public function onKernelException(GetResponseForExceptionEvent $event)
 {
     $exception = $event->getException();
     if (!$exception instanceof HttpExceptionInterface || Zone::isBackend($event->getRequest())) {
         return;
     }
     if ($exception->getStatusCode() !== Response::HTTP_NOT_FOUND) {
         return;
     }
     // If $notFoundPage is referencing a template, render it and be done.
     if ($this->render->hasTemplate($this->notFoundPage)) {
         try {
             $this->renderNotFound($event, $this->notFoundPage, []);
         } catch (TwigErrorLoader $e) {
             // Template not found, fall though to see if we can render a
             // record, failing that let the exception handler take over
         }
     }
     // Next try for referencing DB content.
     $content = $this->storage->getContent($this->notFoundPage, ['returnsingle' => true]);
     if (!$content instanceof Content || empty($content->id)) {
         return;
     }
     $template = $this->templateChooser->record($content);
     $this->renderNotFound($event, $template, $content->getTemplateContext());
 }
Beispiel #4
0
 /**
  * @covers \Bolt\Controller\Zone::get
  * @covers \Bolt\Controller\Zone::isBackend
  */
 public function testControllerZone()
 {
     $app = $this->getApp();
     $this->setRequest(Request::create('/bolt'));
     $request = $this->getRequest();
     $kernel = $this->getMock('Symfony\\Component\\HttpKernel\\HttpKernelInterface');
     $app['dispatcher']->dispatch(KernelEvents::REQUEST, new GetResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST));
     $this->assertEquals('backend', Zone::get($request));
     $this->assertTrue(Zone::isBackend($request));
 }
Beispiel #5
0
 /**
  * Render the not found page if on frontend and http exception
  *
  * @param GetResponseForExceptionEvent $event
  */
 public function onKernelException(GetResponseForExceptionEvent $event)
 {
     if (!$event->getException() instanceof HttpExceptionInterface || Zone::isBackend($event->getRequest())) {
         return;
     }
     $content = $this->storage->getContent($this->notFoundPage, ['returnsingle' => true]);
     if (!$content instanceof Content || empty($content->id)) {
         return;
     }
     $template = $this->templateChooser->record($content);
     $response = $this->render->render($template, $content->getTemplateContext());
     $event->setResponse($response);
 }
Beispiel #6
0
 /**
  * Handle errors thrown in the application.
  *
  * @param GetResponseForExceptionEvent $event
  */
 public function onKernelException(GetResponseForExceptionEvent $event)
 {
     $exception = $event->getException();
     // Log the error message
     $message = $exception->getMessage();
     $this->logger->critical($message, ['event' => 'exception', 'exception' => $exception]);
     if ($exception instanceof HttpExceptionInterface && !Zone::isBackend($event->getRequest())) {
         $message = "The page could not be found, and there is no 'notfound' set in 'config.yml'. Sorry about that.";
     }
     $context = ['class' => get_class($exception), 'message' => $message, 'code' => $exception->getCode(), 'trace' => $this->getSafeTrace($exception)];
     // Note: This uses the template from app/theme_defaults. Not app/view/twig.
     $response = $this->render->render('error.twig', ['context' => $context]);
     $event->setResponse($response);
 }
Beispiel #7
0
 /**
  * Route for kernel exception handling.
  *
  * @param GetResponseForExceptionEvent $event
  *
  * @return Response
  */
 public function kernelException(GetResponseForExceptionEvent $event)
 {
     if ($this->app === null) {
         throw new \RuntimeException('Exception controller being used outside of request cycle.');
     }
     $exception = $event->getException();
     $message = $exception->getMessage();
     if ($exception instanceof HttpExceptionInterface && !Zone::isBackend($event->getRequest())) {
         $message = "The page could not be found, and there is no 'notfound' set in 'config.yml'. Sorry about that.";
     }
     $context = $this->getContextArray($exception);
     $context['type'] = 'general';
     $context['message'] = $message;
     $html = $this->app['twig']->render('@bolt/exception/general.twig', $context);
     $response = new Response($html, Response::HTTP_OK);
     $response->headers->set('X-Debug-Exception-Handled', time());
     return $response;
 }
Beispiel #8
0
 /**
  * Render the not found page if on frontend and http exception
  *
  * @param GetResponseForExceptionEvent $event
  */
 public function onKernelException(GetResponseForExceptionEvent $event)
 {
     if (!$event->getException() instanceof HttpExceptionInterface || Zone::isBackend($event->getRequest())) {
         return;
     }
     // If $notFoundPage is referencing a template, render it and be done.
     if ($this->render->hasTemplate($this->notFoundPage)) {
         $response = $this->render->render($this->notFoundPage);
         $event->setResponse($response);
         return;
     }
     // Next try for referencing DB content.
     $content = $this->storage->getContent($this->notFoundPage, ['returnsingle' => true]);
     if (!$content instanceof Content || empty($content->id)) {
         return;
     }
     $template = $this->templateChooser->record($content);
     $response = $this->render->render($template, [], $content->getTemplateContext());
     $event->setResponse($response);
 }
Beispiel #9
0
 public function onRequest(GetResponseEvent $event)
 {
     if (!Zone::isBackend($event->getRequest())) {
         return;
     }
     foreach ($this->config->getRolesAdmin() as $role) {
         if ($this->users->isAllowed($role)) {
             return;
         }
     }
     throw new AccessDeniedException('Logged in user does not have the correct rights to use this class.');
 }
Beispiel #10
0
 /**
  * Parse textquery into useable arguments.
  *
  * This is tightly coupled to $this->getContent()
  *
  * @see $this->decodeContentQuery()
  *
  * @param $textquery
  * @param array $decoded         a pre-set decoded array to fill
  * @param array $metaParameters  meta parameters
  * @param array $ctypeParameters contenttype parameters
  */
 private function parseTextQuery($textquery, array &$decoded, array &$metaParameters, array &$ctypeParameters)
 {
     // Our default callback
     $decoded['queries_callback'] = [$this, 'executeGetContentQueries'];
     // Some special cases, like 'entry/1' or 'page/about' need to be caught before further processing.
     if (preg_match('#^/?([a-z0-9_-]+)/([0-9]+)$#i', $textquery, $match)) {
         // like 'entry/12' or '/page/12345'
         $decoded['contenttypes'] = $this->decodeContentTypesFromText($match[1]);
         $decoded['return_single'] = true;
         // if allow_numeric_slug option is set on contenttype, interpret number as slug instead of id
         $contenttype = $this->getContentType($decoded['contenttypes'][0]);
         $field = $contenttype['allow_numeric_slugs'] === true ? 'slug' : 'id';
         $ctypeParameters[$field] = $match[2];
     } elseif (preg_match('#^/?([a-z0-9_(\\),-]+)/search(/([0-9]+))?$#i', $textquery, $match)) {
         // like 'page/search or '(entry,page)/search'
         $decoded['contenttypes'] = $this->decodeContentTypesFromText($match[1]);
         $metaParameters['order'] = [$this, 'compareSearchWeights'];
         if (count($match) >= 3) {
             $metaParameters['limit'] = $match[3];
         }
         $decoded['queries_callback'] = [$this, 'executeGetContentSearch'];
     } elseif (preg_match('#^/?([a-z0-9_-]+)/([a-z0-9_-]+)$#i', $textquery, $match)) {
         // like 'page/lorem-ipsum-dolor' or '/page/home'
         $decoded['contenttypes'] = $this->decodeContentTypesFromText($match[1]);
         $decoded['return_single'] = true;
         $ctypeParameters['slug'] = $match[2];
     } elseif (preg_match('#^/?([a-z0-9_-]+)/(latest|first)/([0-9]+)$#i', $textquery, $match)) {
         // like 'page/latest/5'
         $decoded['contenttypes'] = $this->decodeContentTypesFromText($match[1]);
         if (!isset($metaParameters['order']) || $metaParameters['order'] === false) {
             $metaParameters['order'] = 'datepublish ' . ($match[2] == 'latest' ? 'DESC' : 'ASC');
         }
         if (!isset($metaParameters['limit'])) {
             $metaParameters['limit'] = $match[3];
         }
     } elseif (preg_match('#^/?([a-z0-9_-]+)/random/([0-9]+)$#i', $textquery, $match)) {
         // like 'page/random/4'
         $decoded['contenttypes'] = $this->decodeContentTypesFromText($match[1]);
         $dboptions = $this->app['config']->get('general/database');
         $metaParameters['order'] = $dboptions['randomfunction'];
         // 'RAND()' or 'RANDOM()'
         if (!isset($metaParameters['limit'])) {
             $metaParameters['limit'] = $match[2];
         }
     } else {
         $decoded['contenttypes'] = $this->decodeContentTypesFromText($textquery);
         if (isset($ctypeParameters['id']) && is_numeric($ctypeParameters['id'])) {
             $decoded['return_single'] = true;
         }
     }
     // When using from the frontend, we assume (by default) that we only want published items,
     // unless something else is specified explicitly
     $request = $this->app['request_stack']->getCurrentRequest();
     $isBackend = $request ? Zone::isBackend($request) : false;
     if (!$isBackend && empty($ctypeParameters['status'])) {
         $ctypeParameters['status'] = 'published';
     }
     if (isset($metaParameters['returnsingle'])) {
         $decoded['return_single'] = $metaParameters['returnsingle'];
         unset($metaParameters['returnsingle']);
     }
 }