Ejemplo n.º 1
0
 /**
  * Does the user authentication.
  */
 protected function initAuth()
 {
     // this is a work-around since neither RequestHandler
     // nor RouteHandler are populated right now
     $pathInfo = RouteHandler::getPathInfo();
     if (empty($pathInfo) || !preg_match('~^/?(acp-?captcha|login|logout)/~i', $pathInfo)) {
         if (WCF::getUser()->userID == 0) {
             // work-around for AJAX-requests within ACP
             if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
                 throw new AJAXException(WCF::getLanguage()->get('wcf.ajax.error.sessionExpired'), AJAXException::SESSION_EXPIRED, '');
             }
             // build redirect path
             $application = ApplicationHandler::getInstance()->getActiveApplication();
             if ($application === null) {
                 throw new SystemException("You have aborted the installation, therefore this installation is unusable. You are required to reinstall the software.");
             }
             // fallback for unknown host (rescue mode)
             if ($application->domainName != $_SERVER['HTTP_HOST']) {
                 $pageURL = RouteHandler::getProtocol() . $_SERVER['HTTP_HOST'] . RouteHandler::getPath(array('acp'));
             } else {
                 $pageURL = $application->getPageURL();
             }
             // drop session id
             $redirectURI = preg_replace('~[&\\?]s=[a-f0-9]{40}(&|$)~', '', WCF::getSession()->requestURI);
             $path = $pageURL . 'acp/index.php?login/' . SID_ARG_2ND_NOT_ENCODED . '&url=' . rawurlencode(RouteHandler::getProtocol() . $_SERVER['HTTP_HOST'] . $redirectURI);
             HeaderUtil::redirect($path);
             exit;
         } else {
             // work-around for AJAX-requests within ACP
             if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
                 try {
                     WCF::getSession()->checkPermissions(array('admin.general.canUseAcp'));
                 } catch (PermissionDeniedException $e) {
                     throw new AJAXException(self::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS, $e->getTraceAsString());
                 }
             } else {
                 WCF::getSession()->checkPermissions(array('admin.general.canUseAcp'));
             }
             // force debug mode if in ACP and authenticated
             self::$overrideDebugMode = true;
         }
     }
 }
Ejemplo n.º 2
0
 /**
  * Returns the URI of the current page.
  * 
  * @return	string
  */
 public static function getRequestURI()
 {
     if (URL_LEGACY_MODE) {
         // resolve path and query components
         $scriptName = $_SERVER['SCRIPT_NAME'];
         $pathInfo = RouteHandler::getPathInfo();
         if (empty($pathInfo)) {
             // bug fix if URL omits script name and path
             $scriptName = substr($scriptName, 0, strrpos($scriptName, '/'));
         }
         $path = str_replace('/index.php', '', str_replace($scriptName, '', $_SERVER['REQUEST_URI']));
         if (!StringUtil::isUTF8($path)) {
             $path = StringUtil::convertEncoding('ISO-8859-1', 'UTF-8', $path);
         }
         $path = FileUtil::removeLeadingSlash($path);
         $baseHref = self::getTPL()->get('baseHref');
         if (!empty($path) && mb_strpos($path, '?') !== 0) {
             $baseHref .= 'index.php/';
         }
         return $baseHref . $path;
     } else {
         $url = preg_replace('~^(https?://[^/]+)(?:/.*)?$~', '$1', self::getTPL()->get('baseHref'));
         $url .= $_SERVER['REQUEST_URI'];
         return $url;
     }
 }
Ejemplo n.º 3
0
 /**
  * Builds a new request.
  * 
  * @param	string		$application
  */
 protected function buildRequest($application)
 {
     try {
         $routeData = RouteHandler::getInstance()->getRouteData();
         // handle landing page for frontend requests
         if (!$this->isACPRequest()) {
             $this->handleDefaultController($application, $routeData);
             // check if accessing from the wrong domain (e.g. "www." omitted but domain was configured with)
             if (!defined('WCF_RUN_MODE') || WCF_RUN_MODE != 'embedded') {
                 $applicationObject = ApplicationHandler::getInstance()->getApplication($application);
                 if ($applicationObject->domainName != $_SERVER['HTTP_HOST']) {
                     // build URL, e.g. http://example.net/forum/
                     $url = FileUtil::addTrailingSlash(RouteHandler::getProtocol() . $applicationObject->domainName . RouteHandler::getPath());
                     if (URL_LEGACY_MODE) {
                         // add path info, e.g. index.php/Board/2/
                         $pathInfo = RouteHandler::getPathInfo();
                         if (!empty($pathInfo)) {
                             $url .= 'index.php' . $pathInfo;
                         }
                     }
                     // query string, e.g. ?foo=bar
                     if (!empty($_SERVER['QUERY_STRING'])) {
                         $url .= '?' . $_SERVER['QUERY_STRING'];
                     }
                     HeaderUtil::redirect($url, true);
                     exit;
                 }
             }
             // handle controller aliasing
             if (empty($routeData['isImplicitController']) && !URL_LEGACY_MODE && isset($routeData['controller'])) {
                 $ciController = mb_strtolower($routeData['controller']);
                 // aliased controller, redirect to new URL
                 $alias = $this->getAliasByController($ciController);
                 if ($alias !== null) {
                     $this->redirect($routeData, $application);
                 }
                 $controller = $this->getControllerByAlias($ciController);
                 if ($controller !== null) {
                     // check if controller was provided explicitly as it should
                     $alias = $this->getAliasByController($controller);
                     if ($alias != $routeData['controller']) {
                         $routeData['controller'] = $controller;
                         $this->redirect($routeData, $application);
                     }
                     $routeData['controller'] = $controller;
                 }
             }
         } else {
             if (empty($routeData['controller'])) {
                 $routeData['controller'] = 'Index';
             }
         }
         $controller = $routeData['controller'];
         // validate class name
         if (!preg_match('~^[a-z0-9-]+$~i', $controller)) {
             throw new SystemException("Illegal class name '" . $controller . "'");
         }
         // work-around for WCFSetup
         if (!PACKAGE_ID) {
             $parts = explode('-', $controller);
             $parts = array_map(function ($part) {
                 return ucfirst($part);
             }, $parts);
             $controller = implode('', $parts);
         }
         // find class
         $classData = $this->getClassData($controller, 'page', $application);
         if ($classData === null) {
             $classData = $this->getClassData($controller, 'form', $application);
         }
         if ($classData === null) {
             $classData = $this->getClassData($controller, 'action', $application);
         }
         if ($classData === null) {
             throw new SystemException("unable to find class for controller '" . $controller . "'");
         } else {
             if (!class_exists($classData['className'])) {
                 throw new SystemException("unable to find class '" . $classData['className'] . "'");
             }
         }
         // check if controller was provided exactly as it should
         if (!URL_LEGACY_MODE && !$this->isACPRequest()) {
             if (preg_match('~([A-Za-z0-9]+)(?:Action|Form|Page)$~', $classData['className'], $matches)) {
                 $realController = self::getTokenizedController($matches[1]);
                 if ($controller != $realController) {
                     $this->redirect($routeData, $application, $matches[1]);
                 }
             }
         }
         $this->activeRequest = new Request($classData['className'], $classData['controller'], $classData['pageType']);
     } catch (SystemException $e) {
         throw new IllegalLinkException();
     }
 }