/**
* Parses a string URL into an array. Parsed URLs will result in an automatic
* redirection.
*
* @param string $url The URL to parse.
* @return false|null False on failure. An exception is raised on a successful match.
* @throws \Cake\Routing\Exception\RedirectException An exception is raised on successful match.
* This is used to halt route matching and signal to the middleware that a redirect should happen.
*/
public function parse($url)
{
$params = parent::parse($url);
if (!$params) {
return false;
}
$redirect = $this->redirect;
if (count($this->redirect) === 1 && !isset($this->redirect['controller'])) {
$redirect = $this->redirect[0];
}
if (isset($this->options['persist']) && is_array($redirect)) {
$redirect += ['pass' => $params['pass'], 'url' => []];
if (is_array($this->options['persist'])) {
foreach ($this->options['persist'] as $elem) {
if (isset($params[$elem])) {
$redirect[$elem] = $params[$elem];
}
}
}
$redirect = Router::reverse($redirect);
}
$status = 301;
if (isset($this->options['status']) && ($this->options['status'] >= 300 && $this->options['status'] < 400)) {
$status = $this->options['status'];
}
throw new RedirectException(Router::url($redirect, true), $status);
}
/**
* Test that extensions work with Router::reverse()
*
* @return void
*/
public function testReverseWithExtension()
{
Router::connect('/:controller/:action/*');
Router::parseExtensions('json', false);
$request = new Request('/posts/view/1.json');
$request->addParams(array('controller' => 'posts', 'action' => 'view', 'pass' => array(1), 'ext' => 'json'));
$request->query = [];
$result = Router::reverse($request);
$expected = '/posts/view/1.json';
$this->assertEquals($expected, $result);
}
/**
* Calls a controller's method from any location. Can be used to connect controllers together
* or tie plugins into a main application. requestAction can be used to return rendered views
* or fetch the return value from controller actions.
*
* Under the hood this method uses Router::reverse() to convert the $url parameter into a string
* URL. You should use URL formats that are compatible with Router::reverse()
*
* ### Examples
*
* A basic example getting the return value of the controller action:
*
* ```
* $variables = $this->requestAction('/articles/popular');
* ```
*
* A basic example of request action to fetch a rendered page without the layout.
*
* ```
* $viewHtml = $this->requestAction('/articles/popular', ['return']);
* ```
*
* You can also pass the URL as an array:
*
* ```
* $vars = $this->requestAction(['controller' => 'articles', 'action' => 'popular']);
* ```
*
* ### Passing other request data
*
* You can pass POST, GET, COOKIE and other data into the request using the appropriate keys.
* Cookies can be passed using the `cookies` key. Get parameters can be set with `query` and post
* data can be sent using the `post` key.
*
* ```
* $vars = $this->requestAction('/articles/popular', [
* 'query' => ['page' => 1],
* 'cookies' => ['remember_me' => 1],
* ]);
* ```
*
* ### Sending environment or header values
*
* By default actions dispatched with this method will use the global $_SERVER and $_ENV
* values. If you want to override those values for a request action, you can specify the values:
*
* ```
* $vars = $this->requestAction('/articles/popular', [
* 'environment' => ['CONTENT_TYPE' => 'application/json']
* ]);
* ```
*
* ### Transmitting the session
*
* By default actions dispatched with this method will use the standard session object.
* If you want a particular session instance to be used, you need to specify it.
*
* ```
* $vars = $this->requestAction('/articles/popular', [
* 'session' => new Session($someSessionConfig)
* ]);
* ```
*
* @param string|array $url String or array-based url. Unlike other url arrays in CakePHP, this
* url will not automatically handle passed arguments in the $url parameter.
* @param array $extra if array includes the key "return" it sets the autoRender to true. Can
* also be used to submit GET/POST data, and passed arguments.
* @return mixed Boolean true or false on success/failure, or contents
* of rendered action if 'return' is set in $extra.
* @deprecated 3.3.0 You should refactor your code to use View Cells instead of this method.
*/
public function requestAction($url, array $extra = [])
{
if (empty($url)) {
return false;
}
if (($index = array_search('return', $extra)) !== false) {
$extra['return'] = 0;
$extra['autoRender'] = 1;
unset($extra[$index]);
}
$extra += ['autoRender' => 0, 'return' => 1, 'bare' => 1, 'requested' => 1];
$baseUrl = Configure::read('App.fullBaseUrl');
if (is_string($url) && strpos($url, $baseUrl) === 0) {
$url = Router::normalize(str_replace($baseUrl, '', $url));
}
if (is_string($url)) {
$params = ['url' => $url];
} elseif (is_array($url)) {
$defaultParams = ['plugin' => null, 'controller' => null, 'action' => null];
$params = ['params' => $url + $defaultParams, 'base' => false, 'url' => Router::reverse($url)];
if (empty($params['params']['pass'])) {
$params['params']['pass'] = [];
}
}
$current = Router::getRequest();
if ($current) {
$params['base'] = $current->base;
$params['webroot'] = $current->webroot;
}
$params['post'] = $params['query'] = [];
if (isset($extra['post'])) {
$params['post'] = $extra['post'];
}
if (isset($extra['query'])) {
$params['query'] = $extra['query'];
}
if (isset($extra['cookies'])) {
$params['cookies'] = $extra['cookies'];
}
if (isset($extra['environment'])) {
$params['environment'] = $extra['environment'] + $_SERVER + $_ENV;
}
unset($extra['environment'], $extra['post'], $extra['query']);
$params['session'] = isset($extra['session']) ? $extra['session'] : new Session();
$request = new Request($params);
$request->addParams($extra);
$dispatcher = DispatcherFactory::create();
// If an application is using PSR7 middleware,
// we need to 'fix' their missing dispatcher filters.
$needed = ['routing' => RoutingFilter::class, 'controller' => ControllerFactoryFilter::class];
foreach ($dispatcher->filters() as $filter) {
if ($filter instanceof RoutingFilter) {
unset($needed['routing']);
}
if ($filter instanceof ControllerFactoryFilter) {
unset($needed['controller']);
}
}
foreach ($needed as $class) {
$dispatcher->addFilter(new $class());
}
$result = $dispatcher->dispatch($request, new Response());
Router::popRequest();
return $result;
}
/**
* Calls a controller's method from any location. Can be used to connect controllers together
* or tie plugins into a main application. requestAction can be used to return rendered views
* or fetch the return value from controller actions.
*
* Under the hood this method uses Router::reverse() to convert the $url parameter into a string
* URL. You should use URL formats that are compatible with Router::reverse()
*
* ### Examples
*
* A basic example getting the return value of the controller action:
*
* ```
* $variables = $this->requestAction('/articles/popular');
* ```
*
* A basic example of request action to fetch a rendered page without the layout.
*
* ```
* $viewHtml = $this->requestAction('/articles/popular', ['return']);
* ```
*
* You can also pass the URL as an array:
*
* ```
* $vars = $this->requestAction(['controller' => 'articles', 'action' => 'popular']);
* ```
*
* ### Passing other request data
*
* You can pass POST, GET, COOKIE and other data into the request using the appropriate keys.
* Cookies can be passed using the `cookies` key. Get parameters can be set with `query` and post
* data can be sent using the `post` key.
*
* ```
* $vars = $this->requestAction('/articles/popular', [
* 'query' => ['page' => 1],
* 'cookies' => ['remember_me' => 1],
* ]);
* ```
*
* ### Sending environment or header values
*
* By default actions dispatched with this method will use the global $_SERVER and $_ENV
* values. If you want to override those values for a request action, you can specify the values:
*
* ```
* $vars = $this->requestAction('/articles/popular', [
* 'environment' => ['CONTENT_TYPE' => 'application/json']
* ]);
* ```
*
* ### Transmitting the session
*
* By default actions dispatched with this method will use the standard session object.
* If you want a particular session instance to be used, you need to specify it.
*
* ```
* $vars = $this->requestAction('/articles/popular', [
* 'session' => new Session($someSessionConfig)
* ]);
* ```
*
* @param string|array $url String or array-based url. Unlike other url arrays in CakePHP, this
* url will not automatically handle passed arguments in the $url parameter.
* @param array $extra if array includes the key "return" it sets the autoRender to true. Can
* also be used to submit GET/POST data, and passed arguments.
* @return mixed Boolean true or false on success/failure, or contents
* of rendered action if 'return' is set in $extra.
*/
public function requestAction($url, array $extra = [])
{
if (empty($url)) {
return false;
}
if (($index = array_search('return', $extra)) !== false) {
$extra['return'] = 0;
$extra['autoRender'] = 1;
unset($extra[$index]);
}
$extra += ['autoRender' => 0, 'return' => 1, 'bare' => 1, 'requested' => 1];
$baseUrl = Configure::read('App.fullBaseUrl');
if (is_string($url) && strpos($url, $baseUrl) === 0) {
$url = Router::normalize(str_replace($baseUrl, '', $url));
}
if (is_string($url)) {
$params = ['url' => $url];
} elseif (is_array($url)) {
$defaultParams = ['plugin' => null, 'controller' => null, 'action' => null];
$params = ['params' => $url + $defaultParams, 'base' => false, 'url' => Router::reverse($url)];
if (empty($params['params']['pass'])) {
$params['params']['pass'] = [];
}
}
$current = Router::getRequest();
if ($current) {
$params['base'] = $current->base;
$params['webroot'] = $current->webroot;
}
$params['post'] = $params['query'] = [];
if (isset($extra['post'])) {
$params['post'] = $extra['post'];
}
if (isset($extra['query'])) {
$params['query'] = $extra['query'];
}
if (isset($extra['cookies'])) {
$params['cookies'] = $extra['cookies'];
}
if (isset($extra['environment'])) {
$params['environment'] = $extra['environment'] + $_SERVER + $_ENV;
}
unset($extra['environment'], $extra['post'], $extra['query']);
$params['session'] = isset($extra['session']) ? $extra['session'] : new Session();
$request = new Request($params);
$request->addParams($extra);
$dispatcher = DispatcherFactory::create();
$result = $dispatcher->dispatch($request, new Response());
Router::popRequest();
return $result;
}
/**
* Check if a given url is authorized
*
* @param Event $event event
*
* @return bool
*/
public function isUrlAuthorized(Event $event)
{
$url = Hash::get((array) $event->data, 'url');
if (empty($url)) {
return false;
}
if (is_array($url)) {
$requestUrl = Router::reverse($url);
$requestParams = Router::parse($requestUrl);
} else {
try {
//remove base from $url if exists
$normalizedUrl = Router::normalize($url);
$requestParams = Router::parse($normalizedUrl);
} catch (MissingRouteException $ex) {
//if it's a url pointing to our own app
if (substr($normalizedUrl, 0, 1) === '/') {
throw $ex;
}
return true;
}
$requestUrl = $url;
}
// check if controller action is allowed
if ($this->_isActionAllowed($requestParams)) {
return true;
}
// check we are logged in
$user = $this->_registry->getController()->Auth->user();
if (empty($user)) {
return false;
}
$request = new Request($requestUrl);
$request->params = $requestParams;
$isAuthorized = $this->_registry->getController()->Auth->isAuthorized(null, $request);
return $isAuthorized;
}
/**
* Check if a given url is authorized
*
* @param Event $event event
*
* @return bool
*/
public function isUrlAuthorized(Event $event)
{
$user = $this->_registry->getController()->Auth->user();
if (empty($user)) {
return false;
}
$url = Hash::get((array) $event->data, 'url');
if (empty($url)) {
return false;
}
if (is_array($url)) {
$requestUrl = Router::reverse($url);
$requestParams = Router::parse($requestUrl);
} else {
$requestParams = Router::parse($url);
$requestUrl = $url;
}
$request = new Request($requestUrl);
$request->params = $requestParams;
$isAuthorized = $this->_registry->getController()->Auth->isAuthorized(null, $request);
return $isAuthorized;
}
/**
* Calls a controller's method from any location. Can be used to connect controllers together
* or tie plugins into a main application. requestAction can be used to return rendered views
* or fetch the return value from controller actions.
*
* Under the hood this method uses Router::reverse() to convert the $url parameter into a string
* URL. You should use URL formats that are compatible with Router::reverse()
*
* ### Examples
*
* A basic example getting the return value of the controller action:
*
* {{{
* $variables = $this->requestAction('/articles/popular');
* }}}
*
* A basic example of request action to fetch a rendered page without the layout.
*
* {{{
* $viewHtml = $this->requestAction('/articles/popular', ['return']);
* }}}
*
* You can also pass the URL as an array:
*
* {{{
* $vars = $this->requestAction(['controller' => 'articles', 'action' => 'popular']);
* }}}
*
* ### Passing other request data
*
* You can pass POST, GET, COOKIE and other data into the request using the apporpriate keys.
* Cookies can be passed using the `cookies` key. Get parameters can be set with `query` and post
* data can be sent using the `post` key.
*
* {{{
* $vars = $this->requestAction('/articles/popular', [
* 'query' => ['page' = > 1],
* 'cookies' => ['remember_me' => 1],
* ]);
* }}}
*
* @param string|array $url String or array-based url. Unlike other url arrays in CakePHP, this
* url will not automatically handle passed arguments in the $url parameter.
* @param array $extra if array includes the key "return" it sets the autoRender to true. Can
* also be used to submit GET/POST data, and passed arguments.
* @return mixed Boolean true or false on success/failure, or contents
* of rendered action if 'return' is set in $extra.
*/
public function requestAction($url, array $extra = array())
{
if (empty($url)) {
return false;
}
if (($index = array_search('return', $extra)) !== false) {
$extra['return'] = 0;
$extra['autoRender'] = 1;
unset($extra[$index]);
}
$extra = array_merge(['autoRender' => 0, 'return' => 1, 'bare' => 1, 'requested' => 1], $extra);
$post = $query = [];
if (isset($extra['post'])) {
$post = $extra['post'];
}
if (isset($extra['query'])) {
$query = $extra['query'];
}
unset($extra['post'], $extra['query']);
if (is_string($url) && strpos($url, Configure::read('App.fullBaseUrl')) === 0) {
$url = Router::normalize(str_replace(Configure::read('App.fullBaseUrl'), '', $url));
}
if (is_string($url)) {
$params = ['url' => $url];
} elseif (is_array($url)) {
$params = array_merge($url, ['pass' => [], 'base' => false, 'url' => Router::reverse($url)]);
}
if (!empty($post)) {
$params['post'] = $post;
}
if (!empty($query)) {
$params['query'] = $query;
}
$request = new Request($params);
$dispatcher = new Dispatcher();
$result = $dispatcher->dispatch($request, new Response(), $extra);
Router::popRequest();
return $result;
}
/**
* Parses a string URL into an array. Parsed URLs will result in an automatic
* redirection
*
* @param string $url The URL to parse
* @return bool False on failure
*/
public function parse($url)
{
$params = parent::parse($url);
if (!$params) {
return false;
}
if (!$this->response) {
$this->response = new Response();
}
$redirect = $this->redirect;
if (count($this->redirect) === 1 && !isset($this->redirect['controller'])) {
$redirect = $this->redirect[0];
}
if (isset($this->options['persist']) && is_array($redirect)) {
$redirect += ['pass' => $params['pass'], 'url' => []];
if (is_array($this->options['persist'])) {
foreach ($this->options['persist'] as $elem) {
if (isset($params[$elem])) {
$redirect[$elem] = $params[$elem];
}
}
}
$redirect = Router::reverse($redirect);
}
$status = 301;
if (isset($this->options['status']) && ($this->options['status'] >= 300 && $this->options['status'] < 400)) {
$status = $this->options['status'];
}
$this->response->header(['Location' => Router::url($redirect, true)]);
$this->response->statusCode($status);
$this->response->send();
$this->response->stop();
}
