public function preRequest(HTTPRequest $request, Session $session, DataModel $model) { // Bootstrap session so that Session::get() accesses the right instance $dummyController = new Controller(); $dummyController->setSession($session); $dummyController->setRequest($request); $dummyController->pushCurrent(); // Block non-authenticated users from setting the stage mode if (!Versioned::can_choose_site_stage($request)) { $permissionMessage = sprintf(_t("ContentController.DRAFT_SITE_ACCESS_RESTRICTION", 'You must log in with your CMS password in order to view the draft or archived content. ' . '<a href="%s">Click here to go back to the published site.</a>'), Convert::raw2xml(Controller::join_links(Director::baseURL(), $request->getURL(), "?stage=Live"))); // Force output since RequestFilter::preRequest doesn't support response overriding $response = Security::permissionFailure($dummyController, $permissionMessage); $session->inst_save(); $dummyController->popCurrent(); // Prevent output in testing if (class_exists('SilverStripe\\Dev\\SapphireTest', false) && SapphireTest::is_running_test()) { throw new HTTPResponse_Exception($response); } $response->output(); die; } Versioned::choose_site_stage(); $dummyController->popCurrent(); return true; }
public function getColumnContent($field, $record, $col) { if (!$record->canView()) { return null; } $data = new ArrayData(array('Link' => Controller::join_links($field->Link('item'), $record->ID, 'view'))); $template = SSViewer::get_templates_by_class($this, '', __CLASS__); return $data->renderWith($template); }
/** * Provide downloadable url * * @param string $path * @return string|null */ public function getPublicUrl($path) { $rootPath = realpath(BASE_PATH); $filesPath = realpath($this->pathPrefix); if (stripos($filesPath, $rootPath) === 0) { $dir = substr($filesPath, strlen($rootPath)); return Controller::join_links(Director::baseURL(), $dir, $path); } // File outside of webroot can't be used return null; }
public function getHTMLFragments($gridField) { $singleton = singleton($gridField->getModelClass()); if (!$singleton->canCreate()) { return array(); } if (!$this->buttonName) { // provide a default button name, can be changed by calling {@link setButtonName()} on this component $objectName = $singleton->i18n_singular_name(); $this->buttonName = _t('GridField.Add', 'Add {name}', array('name' => $objectName)); } $data = new ArrayData(array('NewLink' => Controller::join_links($gridField->Link('item'), 'new'), 'ButtonName' => $this->buttonName)); $templates = SSViewer::get_templates_by_class($this, '', __CLASS__); return array($this->targetFragment => $data->renderWith($templates)); }
public function forTemplate() { return sprintf('<div id="cms-editor-dialogs" data-url-linkform="%s" data-url-mediaform="%s"></div>', Controller::join_links($this->controller->Link(), $this->name, 'LinkForm', 'forTemplate'), Controller::join_links($this->controller->Link(), $this->name, 'MediaForm', 'forTemplate')); }
public function testChangePasswordForLoggedInUsers() { $goodResponse = $this->doTestLoginForm('*****@*****.**', '1nitialPassword'); // Change the password $this->get('Security/changepassword?BackURL=test/back'); $changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword'); $this->assertEquals(302, $changedResponse->getStatusCode()); $this->assertEquals(Controller::join_links(Director::absoluteBaseURL(), 'test/back'), $changedResponse->getHeader('Location')); $this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs')); // Check if we can login with the new password $goodResponse = $this->doTestLoginForm('*****@*****.**', 'changedPassword'); $this->assertEquals(302, $goodResponse->getStatusCode()); $this->assertEquals(Controller::join_links(Director::absoluteBaseURL(), 'test/link'), $goodResponse->getHeader('Location')); $this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs')); }
/** * @param string $action * @return string */ public function Link($action = null) { return Controller::join_links($this->parent->Link(), '/select/', $action); }
/** * Return a link to this field. * * @param string $action * * @return string */ public function Link($action = null) { return Controller::join_links($this->form->FormAction(), 'field/' . $this->name, $action); }
public function Link($action = null) { return Controller::join_links('test', $action, '/'); }
/** * Returns a link to this controller. Overload with your own Link rules if they exist. * * @param string $action Optional action * @return string */ public function Link($action = null) { return Controller::join_links(ClassInfo::shortName($this), $action, '/'); }
/** * Login in the user and figure out where to redirect the browser. * * The $data has this format * array( * 'AuthenticationMethod' => 'MemberAuthenticator', * 'Email' => '*****@*****.**', * 'Password' => '1nitialPassword', * 'BackURL' => 'test/link', * [Optional: 'Remember' => 1 ] * ) * * @param array $data * @return HTTPResponse */ protected function logInUserAndRedirect($data) { Session::clear('SessionForms.MemberLoginForm.Email'); Session::clear('SessionForms.MemberLoginForm.Remember'); if (Member::currentUser()->isPasswordExpired()) { if (isset($_REQUEST['BackURL']) && ($backURL = $_REQUEST['BackURL'])) { Session::set('BackURL', $backURL); } /** @skipUpgrade */ $cp = ChangePasswordForm::create($this->controller, 'ChangePasswordForm'); $cp->sessionMessage(_t('Member.PASSWORDEXPIRED', 'Your password has expired. Please choose a new one.'), 'good'); return $this->controller->redirect('Security/changepassword'); } // Absolute redirection URLs may cause spoofing if (!empty($_REQUEST['BackURL'])) { $url = $_REQUEST['BackURL']; if (Director::is_site_url($url)) { $url = Director::absoluteURL($url); } else { // Spoofing attack, redirect to homepage instead of spoofing url $url = Director::absoluteBaseURL(); } return $this->controller->redirect($url); } // If a default login dest has been set, redirect to that. if ($url = Security::config()->default_login_dest) { $url = Controller::join_links(Director::absoluteBaseURL(), $url); return $this->controller->redirect($url); } // Redirect the user to the page where they came from $member = Member::currentUser(); if ($member) { $firstname = Convert::raw2xml($member->FirstName); if (!empty($data['Remember'])) { Session::set('SessionForms.MemberLoginForm.Remember', '1'); $member->logIn(true); } else { $member->logIn(); } Session::set('Security.Message.message', _t('Member.WELCOMEBACK', "Welcome Back, {firstname}", array('firstname' => $firstname))); Session::set("Security.Message.type", "good"); } return Controller::curr()->redirectBack(); }
/** * Get the URL of the logout page. * * To update the logout url use the "Security.logout_url" config setting. * * @return string */ public static function lost_password_url() { return Controller::join_links(Director::baseURL(), self::config()->lost_password_url); }
/** * @param string $action * @return string */ public function Link($action = null) { return Controller::join_links($this->parent->Link(), '/item/', $this->itemID, $action); }
/** * Generate the JavaScript that will set TinyMCE's configuration: * - Parse all configurations into JSON objects to be used in JavaScript * - Includes TinyMCE and configurations using the {@link Requirements} system * * @return array */ protected function getConfig() { $settings = $this->getSettings(); // https://www.tinymce.com/docs/configure/url-handling/#document_base_url $settings['document_base_url'] = Director::absoluteBaseURL(); // https://www.tinymce.com/docs/api/class/tinymce.editormanager/#baseURL $tinyMCEBaseURL = Controller::join_links(Director::absoluteBaseURL(), $this->config()->get('base_dir') ?: ADMIN_THIRDPARTY_DIR . '/tinymce'); $settings['baseURL'] = $tinyMCEBaseURL; // map all plugins to absolute urls for loading $plugins = array(); foreach ($this->getPlugins() as $plugin => $path) { if (!$path) { // Empty paths: Convert to urls in standard base url $path = Controller::join_links($tinyMCEBaseURL, "plugins/{$plugin}/plugin.min.js"); } elseif (!Director::is_absolute_url($path)) { // Non-absolute urls are made absolute $path = Director::absoluteURL($path); } $plugins[$plugin] = $path; } // https://www.tinymce.com/docs/configure/integration-and-setup/#external_plugins if ($plugins) { $settings['external_plugins'] = $plugins; } // https://www.tinymce.com/docs/configure/editor-appearance/#groupingtoolbarcontrols $buttons = $this->getButtons(); $settings['toolbar'] = []; foreach ($buttons as $rowButtons) { $row = implode(' ', $rowButtons); if (count($buttons) > 1) { $settings['toolbar'][] = $row; } else { $settings['toolbar'] = $row; } } // https://www.tinymce.com/docs/configure/content-appearance/#content_css $settings['content_css'] = $this->getEditorCSS(); // https://www.tinymce.com/docs/configure/editor-appearance/#theme_url $theme = $this->getTheme(); if (!Director::is_absolute_url($theme)) { $theme = Controller::join_links($tinyMCEBaseURL, "themes/{$theme}/theme.min.js"); } $settings['theme_url'] = $theme; // Send back return $settings; }
/** * Redirect the user to the change password form. * * @return HTTPResponse */ protected function redirectToChangePassword() { // Since this form is loaded via an iframe, this redirect must be performed via javascript $changePasswordForm = new ChangePasswordForm($this->controller, 'SilverStripe\\Security\\ChangePasswordForm'); $changePasswordForm->sessionMessage(_t('Member.PASSWORDEXPIRED', 'Your password has expired. Please choose a new one.'), 'good'); // Get redirect url $changePasswordURL = $this->getExternalLink('changepassword'); if ($backURL = $this->controller->getRequest()->requestVar('BackURL')) { Session::set('BackURL', $backURL); $changePasswordURL = Controller::join_links($changePasswordURL, '?BackURL=' . urlencode($backURL)); } $changePasswordURLATT = Convert::raw2att($changePasswordURL); $changePasswordURLJS = Convert::raw2js($changePasswordURL); $message = _t('CMSMemberLoginForm.PASSWORDEXPIRED', '<p>Your password has expired. <a target="_top" href="{link}">Please choose a new one.</a></p>', 'Message displayed to user if their session cannot be restored', array('link' => $changePasswordURLATT)); // Redirect to change password page $this->controller->getResponse()->setStatusCode(200); $this->controller->getResponse()->setBody(<<<PHP <!DOCTYPE html> <html><body> {$message} <script type="application/javascript"> setTimeout(function(){top.location.href = "{$changePasswordURLJS}";}, 0); </script> </body></html> PHP ); return $this->controller->getResponse(); }
/** * @param String $url * @return String */ public function addToUrl($url) { return Controller::join_links($url, sprintf('?%s=%s', $this->getName(), $this->getValue())); }
public function Link($action = null) { return Controller::join_links('FormTest_ControllerWithStrictPostCheck', $this->request->latestParam('Action'), $this->request->latestParam('ID'), $action); }
/** * * @param GridField $gridField * @return string[] - HTML */ public function getHTMLFragments($gridField) { $dataClass = $gridField->getModelClass(); $forTemplate = new ArrayData(array()); $forTemplate->Fields = new FieldList(); $searchField = new TextField('gridfield_relationsearch', _t('GridField.RelationSearch', "Relation search")); $searchField->setAttribute('data-search-url', Controller::join_links($gridField->Link('search'))); $searchField->setAttribute('placeholder', $this->getPlaceholderText($dataClass)); $searchField->addExtraClass('relation-search no-change-track action_gridfield_relationsearch'); $findAction = new GridField_FormAction($gridField, 'gridfield_relationfind', _t('GridField.Find', "Find"), 'find', 'find'); $findAction->setAttribute('data-icon', 'relationfind'); $findAction->addExtraClass('action_gridfield_relationfind'); $addAction = new GridField_FormAction($gridField, 'gridfield_relationadd', _t('GridField.LinkExisting', "Link Existing"), 'addto', 'addto'); $addAction->setAttribute('data-icon', 'chain--plus'); $addAction->addExtraClass('action_gridfield_relationadd'); // If an object is not found, disable the action if (!is_int($gridField->State->GridFieldAddRelation(null))) { $addAction->setReadonly(true); } $forTemplate->Fields->push($searchField); $forTemplate->Fields->push($findAction); $forTemplate->Fields->push($addAction); if ($form = $gridField->getForm()) { $forTemplate->Fields->setForm($form); } $template = SSViewer::get_templates_by_class($this, '', __CLASS__); return array($this->targetFragment => $forTemplate->renderWith($template)); }
/** * @param bool $unlinked * @return ArrayList */ public function Breadcrumbs($unlinked = false) { $items = parent::Breadcrumbs($unlinked); // Show the class name rather than ModelAdmin title as root node $models = $this->getManagedModels(); $params = $this->getRequest()->getVars(); if (isset($params['url'])) { unset($params['url']); } $items[0]->Title = $models[$this->modelClass]['title']; $items[0]->Link = Controller::join_links($this->Link($this->sanitiseClassName($this->modelClass)), '?' . http_build_query($params)); return $items; }
public function Link($action = null) { /** @skipUpgrade */ return Controller::join_links(Director::baseURL(), "CMSSecurity", $action); }
/** * We overwrite the field attribute to add our hidden fields, as this * formfield can contain multiple values. * * @param array $properties * @return DBHTMLText */ public function Field($properties = array()) { $value = ''; $titleArray = array(); $idArray = array(); $items = $this->getItems(); $emptyTitle = _t('DropdownField.CHOOSE', '(Choose)', 'start value of a dropdown'); if ($items && count($items)) { foreach ($items as $item) { $idArray[] = $item->ID; $titleArray[] = $item instanceof ViewableData ? $item->obj($this->labelField)->forTemplate() : Convert::raw2xml($item->{$this->labelField}); } $title = implode(", ", $titleArray); $value = implode(",", $idArray); } else { $title = $emptyTitle; } $dataUrlTree = ''; if ($this->form) { $dataUrlTree = $this->Link('tree'); if (!empty($idArray)) { $dataUrlTree = Controller::join_links($dataUrlTree, '?forceValue=' . implode(',', $idArray)); } } $properties = array_merge($properties, array('Title' => $title, 'EmptyTitle' => $emptyTitle, 'Link' => $dataUrlTree, 'Value' => $value)); return FormField::Field($properties); }
/** * Return a SS_List of ArrayData objects containing the following pieces of info * about each batch action: * - Link * - Title * * @return ArrayList */ public function batchActionList() { $actions = $this->batchActions(); $actionList = new ArrayList(); foreach ($actions as $urlSegment => $action) { $actionObj = $this->buildAction($action['class']); if ($actionObj->canView()) { $actionDef = new ArrayData(array("Link" => Controller::join_links($this->Link(), $urlSegment), "Title" => $actionObj->getActionTitle())); $actionList->push($actionDef); } } return $actionList; }
public function Link($action = null) { return Controller::join_links("item-a/", $action); }
/** * Gets user-visible url to edit a specific {@see ChangeSetItem} * * @param int $itemID * @return string */ public function ItemLink($itemID) { return Controller::join_links($this->Link('item'), $itemID); }
/** * Save handler * * @param array $data * @param Form $form * @return HTTPResponse */ public function save($data, $form) { $request = $this->getRequest(); $className = $this->stat('tree_class'); // Existing or new record? $id = $data['ID']; if (is_numeric($id) && $id > 0) { $record = DataObject::get_by_id($className, $id); if ($record && !$record->canEdit()) { return Security::permissionFailure($this); } if (!$record || !$record->ID) { $this->httpError(404, "Bad record ID #" . (int) $id); } } else { if (!singleton($this->stat('tree_class'))->canCreate()) { return Security::permissionFailure($this); } $record = $this->getNewItem($id, false); } // save form data into record $form->saveInto($record, true); $record->write(); $this->extend('onAfterSave', $record); $this->setCurrentPageID($record->ID); $message = _t('LeftAndMain.SAVEDUP', 'Saved.'); if ($request->getHeader('X-Formschema-Request')) { $schemaId = Controller::join_links($this->Link('schema/DetailEditForm'), $id); // Ensure that newly created records have all their data loaded back into the form. $form->loadDataFrom($record); $form->setMessage($message, 'good'); $data = $this->getSchemaForForm($form, $schemaId); $response = new HTTPResponse(Convert::raw2json($data)); $response->addHeader('Content-Type', 'application/json'); } else { $response = $this->getResponseNegotiator()->respond($request); } $response->addHeader('X-Status', rawurlencode($message)); return $response; }
/** * Gets the list of modes this record can be previewed in. * * {@link https://tools.ietf.org/html/draft-kelly-json-hal-07#section-5} * * @return array Map of links in acceptable HAL format */ public function getPreviewLinks() { $links = []; // Preview draft $stage = $this->getObjectInStage(Versioned::DRAFT); if ($stage instanceof CMSPreviewable && $stage->canView() && ($link = $stage->PreviewLink())) { $links[Versioned::DRAFT] = ['href' => Controller::join_links($link, '?stage=' . Versioned::DRAFT), 'type' => $stage->getMimeType()]; } // Preview live $live = $this->getObjectInStage(Versioned::LIVE); if ($live instanceof CMSPreviewable && $live->canView() && ($link = $live->PreviewLink())) { $links[Versioned::LIVE] = ['href' => Controller::join_links($link, '?stage=' . Versioned::LIVE), 'type' => $live->getMimeType()]; } return $links; }
public function handleRequest(HTTPRequest $request, DataModel $model) { // If this is the final portion of the request (i.e. the URL is just /admin), direct to the default panel if ($request->allParsed()) { $segment = Config::inst()->get($this->config()->default_panel, 'url_segment'); $this->redirect(Controller::join_links(self::admin_url(), $segment, '/')); return $this->getResponse(); } else { $rules = self::rules(); foreach ($rules as $pattern => $controller) { if (($arguments = $request->match($pattern, true)) !== false) { $controllerObj = Injector::inst()->create($controller); $controllerObj->setSession($this->session); return $controllerObj->handleRequest($request, $model); } } } return $this->httpError(404, 'Not found'); }
/** * Turns the given URL into an absolute URL. By default non-site root relative urls will be * evaluated relative to the current base_url. * * @param string $url URL To transform to absolute. * @param string $relativeParent Method to use for evaluating relative urls. * Either one of BASE (baseurl), ROOT (site root), or REQUEST (requested page). * Defaults to BASE, which is the same behaviour as template url resolution. * Ignored if the url is absolute or site root. * * @return string */ public static function absoluteURL($url, $relativeParent = self::BASE) { if (is_bool($relativeParent)) { // Deprecate old boolean second parameter Deprecation::notice('5.0', 'Director::absoluteURL takes an explicit parent for relative url'); $relativeParent = $relativeParent ? self::BASE : self::REQUEST; } // Check if there is already a protocol given if (preg_match('/^http(s?):\\/\\//', $url)) { return $url; } // Absolute urls without protocol are added // E.g. //google.com -> http://google.com if (strpos($url, '//') === 0) { return self::protocol() . substr($url, 2); } // Determine method for mapping the parent to this relative url if ($relativeParent === self::ROOT || self::is_root_relative_url($url)) { // Root relative urls always should be evaluated relative to the root $parent = self::protocolAndHost(); } elseif ($relativeParent === self::REQUEST) { // Request relative urls rely on the REQUEST_URI param (old default behaviour) if (!isset($_SERVER['REQUEST_URI'])) { return false; } $parent = dirname($_SERVER['REQUEST_URI'] . 'x'); } else { // Default to respecting site base_url $parent = self::absoluteBaseURL(); } // Map empty urls to relative slash and join to base if (empty($url) || $url === '.' || $url === './') { $url = '/'; } return Controller::join_links($parent, $url); }
/** * Return the form's action attribute. * This is build by adding an executeForm get variable to the parent controller's Link() value * * @return string */ public function FormAction() { if ($this->formActionPath) { return $this->formActionPath; } elseif ($this->controller->hasMethod("FormObjectLink")) { return $this->controller->FormObjectLink($this->name); } else { return Controller::join_links($this->controller->Link(), $this->name); } }
function Link($action = null) { return Controller::join_links('EmailFieldTest_Controller', $this->getRequest()->latestParam('Action'), $this->getRequest()->latestParam('ID'), $action); }