public function preDispatch(Zend_Controller_Request_Abstract $request) { // Kiem tra neu chua dang nhap thi bo qua $identity = Digitalus_Auth::getIdentity(); if (!$identity) { return; } //////////////////////////////////////// // $this->_cache = ZendX_Cache_Manager::getInstance(); $this->_cache = Digitalus_Cache_Manager::getInstance(); // La la cac phuong thuc khac get() no se khong lay tu content tu cache ra if (!$request->isGet()) { self::$doNotCache = true; return; } $module = $request->getModuleName(); $controller = $request->getControllerName(); $action = $request->getActionName(); $path = $request->getPathInfo(); // co loi o day , xem link de biet cach sua $this->_key = md5($path); $this->_keyTags = array($module, "{$module}_{$controller}", "{$module}_{$controller}_{$action}"); if (false !== ($data = $this->getCache())) { $response = $this->getResponse(); $response->setBody($data['default']); $response->sendResponse(); exit; } }
/** * Validate every call against CSRF if it's a POST call * and there's an available token on the session. * */ public function routeShutdown(Zend_Controller_Request_Abstract $request) { // Avoid error override! :S if (count($this->getResponse()->getException())) { return; } $auth = Zend_Auth::getInstance(); $identity = $auth->getIdentity(); $byPassMethods = array(App_Controller_Plugin_Auth::AUTH_TYPE_LOST_PASSWORD, App_Controller_Plugin_Auth::AUTH_TYPE_ASYNC, App_Controller_Plugin_Auth::AUTH_TYPE_EXTERNAL, App_Controller_Plugin_Auth::AUTH_TYPE_THIRD_PARTY); $byPassModules = array('async', 'external', 'externalr12', 'thirdparty'); //Bypass some auth methods if (in_array($request->module, $byPassModules) || $identity['authType'] && in_array($identity['authType'], $byPassMethods)) { return; } $session = new Zend_Session_Namespace('csrf'); if (empty($session->token)) { // Generate a new CSRF token and save it on the session \App::log()->info("Session token empty, generating new CSRF token..."); $session->token = $this->_generateToken(); } // Return the token on an HTTP header $resp = $this->getResponse(); $resp->setHeader('X-CSRF-Token', $session->token); // Don't do anything if it's a GET request if ($request->isGet()) { return; } $post = $request->getPost(); if (empty($post) && empty($_FILES)) { $max = ini_get('post_max_size'); $length = $request->getServer('CONTENT_LENGTH'); if ($max < $length) { return; } } // Try to get the CSRF token from frontend if (!($csrfToken = $this->_getFrontendToken($request))) { $message = 'Possible CSRF attack: CSRF token not found on request'; $this->_throwError($request, $message); return; } // Disable plugin for dev environment if (App::config('csrf.disabled', false) && $csrfToken == 'dev') { return true; } // If tokens don't match log a possible CSRF attack a throw an exception if ($session->token != $csrfToken) { $message = 'Possible CSRF attack: BE and FE tokens don\'t match'; $this->_throwError($request, $message); return; } }
/** * Start caching * * Determine if we have a cache hit. If so, return the response; else, * start caching. * * @param Zend_Controller_Request_Abstract $request * @return void */ public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) { if (!$request->isGet()) { self::$_disableCache = true; return; } $path = $request->getPathInfo(); $this->_key = md5($path); $response = Zrt_Cache::load($this->_key); if (false !== $response) { $response->sendResponse(); if (!$this->_suppressExit) { exit; } } }
/** * Only GET requests can be processed. * Also check headers for HTTPS and ignore caching for sessions. * * @param \Zend_Controller_Request_Abstract $request */ protected function checkRequest(\Zend_Controller_Request_Abstract $request) { if (!$request->isGet()) { $this->ignored = true; } if (!$request->isSecure()) { if (isset($_SERVER["HTTP_CACHE_CONTROL"]) && $_SERVER["HTTP_CACHE_CONTROL"] === "no-cache") { $this->ignored = true; } if (isset($_SERVER["HTTP_PRAGMA"]) && $_SERVER["HTTP_PRAGMA"] === "no-cache") { $this->ignored = true; } } if (session_id() || isset($_COOKIE['pimcore_admin_sid'])) { $this->ignored = true; } }
/** * Start caching * * Determine if we have a cache hit. If so, return the response; else, * start caching. * * @param Zend_Controller_Request_Abstract $request * @return void */ public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) { // echo "<pre>"; // print_r($request->getRequestUri()); // echo "</pre>"; // exit(); if (!$request->isGet()) { self::$doNotCache = true; return; } $path = $request->getPathInfo(); // co loi o day , xem link de biet cach sua $this->_key = md5($path); if (false !== ($response = $this->getCache())) { $response->sendResponse(); exit; } }
public function routeStartup(\Zend_Controller_Request_Abstract $request) { /** @var $request \Zend_Controller_Request_Http */ if (!$request->isGet()) { return; } $host = 'http://' . $request->getHttpHost(); $uri = \Zend_Uri_Http::fromString($host . $request->getRequestUri()); $query = $uri->getQueryAsArray(); if (!isset($query['_escaped_fragment_'])) { return; } $path = $uri->getPath() . ltrim($query['_escaped_fragment_'], '/'); $uri->setPath($path); unset($query['_escaped_fragment_']); $uri->setQuery($query); $request->setRequestUri(str_replace($host, '', $uri->getUri())); $request->setPathInfo(); }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $this->_cache = Zend_Registry::get('cache'); // La la cac phuong thuc khac get() no se khong lay tu content tu cache ra if (!$request->isGet()) { self::$doNotCache = true; return; } $module = $request->getModuleName(); $controller = $request->getControllerName(); $action = $request->getActionName(); $path = $request->getPathInfo(); // co loi o day , xem link de biet cach sua $this->_key = md5($path); $this->_keyTags = array($module, "{$module}_{$controller}", "{$module}_{$controller}_{$action}"); if (false !== ($data = $this->getCache())) { $response = $this->getResponse(); $response->setBody($data['default']); $response->sendResponse(); exit; } }
/** * @param \Zend_Controller_Request_Abstract $request * @return bool|void */ public function routeStartup(\Zend_Controller_Request_Abstract $request) { $requestUri = $request->getRequestUri(); $excludePatterns = array(); // only enable GET method if (!$request->isGet()) { return $this->disable(); } // disable the output-cache if browser wants the most recent version // unfortunately only Chrome + Firefox if not using SSL if (!$request->isSecure()) { if (isset($_SERVER["HTTP_CACHE_CONTROL"]) && $_SERVER["HTTP_CACHE_CONTROL"] == "no-cache") { return $this->disable("HTTP Header Cache-Control: no-cache was sent"); } if (isset($_SERVER["HTTP_PRAGMA"]) && $_SERVER["HTTP_PRAGMA"] == "no-cache") { return $this->disable("HTTP Header Pragma: no-cache was sent"); } } try { $conf = \Pimcore\Config::getSystemConfig(); if ($conf->cache) { $conf = $conf->cache; if (!$conf->enabled) { return $this->disable(); } if (\Pimcore::inDebugMode()) { return $this->disable("in debug mode"); } if ($conf->lifetime) { $this->setLifetime((int) $conf->lifetime); } if ($conf->excludePatterns) { $confExcludePatterns = explode(",", $conf->excludePatterns); if (!empty($confExcludePatterns)) { $excludePatterns = $confExcludePatterns; } } if ($conf->excludeCookie) { $cookies = explode(",", strval($conf->excludeCookie)); foreach ($cookies as $cookie) { if (!empty($cookie) && isset($_COOKIE[trim($cookie)])) { return $this->disable("exclude cookie in system-settings matches"); } } } // output-cache is always disabled when logged in at the admin ui if (isset($_COOKIE["pimcore_admin_sid"])) { return $this->disable("backend user is logged in"); } } else { return $this->disable(); } } catch (\Exception $e) { \Logger::error($e); return $this->disable("ERROR: Exception (see debug.log)"); } foreach ($excludePatterns as $pattern) { if (@preg_match($pattern, $requestUri)) { return $this->disable("exclude path pattern in system-settings matches"); } } $deviceDetector = Tool\DeviceDetector::getInstance(); $device = $deviceDetector->getDevice(); $deviceDetector->setWasUsed(false); $this->defaultCacheKey = "output_" . md5($request->getHttpHost() . $requestUri); $cacheKeys = [$this->defaultCacheKey . "_" . $device, $this->defaultCacheKey]; $cacheItem = null; foreach ($cacheKeys as $cacheKey) { $cacheItem = CacheManager::load($cacheKey, true); if ($cacheItem) { break; } } if (is_array($cacheItem) && !empty($cacheItem)) { header("X-Pimcore-Output-Cache-Tag: " . $cacheKey, true, 200); header("X-Pimcore-Output-Cache-Date: " . $cacheItem["date"]); foreach ($cacheItem["rawHeaders"] as $header) { header($header); } foreach ($cacheItem["headers"] as $header) { header($header['name'] . ': ' . $header['value'], $header['replace']); } echo $cacheItem["content"]; exit; } else { // set headers to tell the client to not cache the contents // this can/will be overwritten in $this->dispatchLoopShutdown() if the cache is enabled $date = new \Zend_Date(1); $this->getResponse()->setHeader("Expires", $date->get(\Zend_Date::RFC_1123), true); $this->getResponse()->setHeader("Cache-Control", "max-age=0, no-cache", true); } }
public function routeStartup(Zend_Controller_Request_Abstract $request) { $requestUri = $request->getRequestUri(); $excludePatterns = array(); // only enable GET method if (!$request->isGet()) { return $this->disable(); } try { $conf = Pimcore_Config::getSystemConfig(); if ($conf->cache) { $conf = $conf->cache; if (!$conf->enabled) { return $this->disable(); } if ($conf->lifetime) { $this->setLifetime((int) $conf->lifetime); } if ($conf->excludePatterns) { $confExcludePatterns = explode(",", $conf->excludePatterns); if (!empty($confExcludePatterns)) { $excludePatterns = $confExcludePatterns; } } if ($conf->excludeCookie) { $cookies = explode(",", strval($conf->excludeCookie)); foreach ($cookies as $cookie) { if (isset($_COOKIE[trim($cookie)])) { return $this->disable(); } } } } else { return $this->disable(); } } catch (Exception $e) { return $this->disable(); } foreach ($excludePatterns as $pattern) { if (preg_match($pattern, $requestUri)) { return $this->disable(); } } $appendKey = ""; // this is for example for the image-data-uri plugin if ($request->getParam("pimcore_cache_tag_suffix")) { $tags = $request->getParam("pimcore_cache_tag_suffix"); if (is_array($tags)) { $appendKey = "_" . implode("_", $tags); } } $this->cacheKey = "output_" . md5(Pimcore_Tool::getHostname() . $requestUri) . $appendKey; if ($cacheItem = Pimcore_Model_Cache::load($this->cacheKey, true)) { header("X-Pimcore-Cache-Tag: " . $this->cacheKey, true, 200); header("X-Pimcore-Cache-Date: " . $cacheItem["date"]); foreach ($cacheItem["rawHeaders"] as $header) { header($header); } foreach ($cacheItem["headers"] as $header) { header($header['name'] . ': ' . $header['value'], $header['replace']); } echo $cacheItem["content"]; exit; } }