/**
* Set Access-Control-Allow-Origin header.
*
* If a Origin header is sent by the client, attempt to verify it against the list of
* trusted domains in Garden.TrustedDomains. If the value of Origin is verified as
* being part of a trusted domain, add the Access-Control-Allow-Origin header to the
* response using the client's Origin header value.
*/
protected function setAccessControl()
{
$origin = Gdn::request()->getValueFrom(Gdn_Request::INPUT_SERVER, 'HTTP_ORIGIN', false);
if ($origin) {
$originHost = parse_url($origin, PHP_URL_HOST);
if ($originHost && isTrustedDomain($originHost)) {
$this->setHeader('Access-Control-Allow-Origin', $origin);
}
}
}
/**
* Defines & retrieves the view and master view. Renders all content within
* them to the screen.
*
* @param string $View
* @param string $ControllerName
* @param string $ApplicationFolder
* @param string $AssetName The name of the asset container that the content should be rendered in.
*/
public function xRender($View = '', $ControllerName = false, $ApplicationFolder = false, $AssetName = 'Content')
{
// Remove the deliver type and method from the query string so they don't corrupt calls to Url.
$this->Request->setValueOn(Gdn_Request::INPUT_GET, 'DeliveryType', null);
$this->Request->setValueOn(Gdn_Request::INPUT_GET, 'DeliveryMethod', null);
Gdn::pluginManager()->callEventHandlers($this, $this->ClassName, $this->RequestMethod, 'Render');
if ($this->_DeliveryType == DELIVERY_TYPE_NONE) {
return;
}
// Handle deprecated StatusMessage values that may have been added by plugins
$this->informMessage($this->StatusMessage);
// If there were uncontrolled errors above the json data, wipe them out
// before fetching it (otherwise the json will not be properly parsed
// by javascript).
if ($this->_DeliveryMethod == DELIVERY_METHOD_JSON) {
if (ob_get_level()) {
ob_clean();
}
$this->contentType('application/json; charset=' . c('Garden.Charset', 'utf-8'));
$this->setHeader('X-Content-Type-Options', 'nosniff');
// Cross-Origin Resource Sharing (CORS)
/**
* Access-Control-Allow-Origin
* If a Origin header is sent by the client, attempt to verify it against the list of
* trusted domains in Garden.TrustedDomains. If the value of Origin is verified as
* being part of a trusted domain, add the Access-Control-Allow-Origin header to the
* response using the client's Origin header value.
*/
$origin = Gdn::request()->getValueFrom(Gdn_Request::INPUT_SERVER, 'HTTP_ORIGIN', false);
if ($origin) {
$originHost = parse_url($origin, PHP_URL_HOST);
if ($originHost && isTrustedDomain($originHost)) {
$this->setHeader('Access-Control-Allow-Origin', $origin);
}
}
}
if ($this->_DeliveryMethod == DELIVERY_METHOD_TEXT) {
$this->contentType('text/plain');
}
// Send headers to the browser
$this->sendHeaders();
// Make sure to clear out the content asset collection if this is a syndication request
if ($this->SyndicationMethod !== SYNDICATION_NONE) {
$this->Assets['Content'] = '';
}
// Define the view
if (!in_array($this->_DeliveryType, array(DELIVERY_TYPE_BOOL, DELIVERY_TYPE_DATA))) {
$View = $this->fetchView($View, $ControllerName, $ApplicationFolder);
// Add the view to the asset container if necessary
if ($this->_DeliveryType != DELIVERY_TYPE_VIEW) {
$this->addAsset($AssetName, $View, 'Content');
}
}
// Redefine the view as the entire asset contents if necessary
if ($this->_DeliveryType == DELIVERY_TYPE_ASSET) {
$View = $this->getAsset($AssetName);
} elseif ($this->_DeliveryType == DELIVERY_TYPE_BOOL) {
// Or as a boolean if necessary
$View = true;
if (property_exists($this, 'Form') && is_object($this->Form)) {
$View = $this->Form->errorCount() > 0 ? false : true;
}
}
if ($this->_DeliveryType == DELIVERY_TYPE_MESSAGE && $this->Form) {
$View = $this->Form->errors();
}
if ($this->_DeliveryType == DELIVERY_TYPE_DATA) {
$ExitRender = $this->renderData();
if ($ExitRender) {
return;
}
}
if ($this->_DeliveryMethod == DELIVERY_METHOD_JSON) {
// Format the view as JSON with some extra information about the
// success status of the form so that jQuery knows what to do
// with the result.
if ($this->_FormSaved === '') {
// Allow for override
$this->_FormSaved = property_exists($this, 'Form') && $this->Form->errorCount() == 0 ? true : false;
}
$this->setJson('FormSaved', $this->_FormSaved);
$this->setJson('DeliveryType', $this->_DeliveryType);
$this->setJson('Data', base64_encode($View instanceof Gdn_IModule ? $View->toString() : $View));
$this->setJson('InformMessages', $this->_InformMessages);
$this->setJson('ErrorMessages', $this->_ErrorMessages);
$this->setJson('RedirectUrl', $this->RedirectUrl);
// Make sure the database connection is closed before exiting.
$this->finalize();
if (!check_utf8($this->_Json['Data'])) {
$this->_Json['Data'] = utf8_encode($this->_Json['Data']);
}
$Json = json_encode($this->_Json);
// Check for jsonp call.
if (($Callback = $this->Request->get('callback', false)) && $this->allowJSONP()) {
$Json = $Callback . '(' . $Json . ')';
}
$this->_Json['Data'] = $Json;
exit($this->_Json['Data']);
} else {
if (count($this->_InformMessages) > 0 && $this->SyndicationMethod === SYNDICATION_NONE) {
$this->addDefinition('InformMessageStack', base64_encode(json_encode($this->_InformMessages)));
}
if ($this->RedirectUrl != '' && $this->SyndicationMethod === SYNDICATION_NONE) {
$this->addDefinition('RedirectUrl', $this->RedirectUrl);
}
if ($this->_DeliveryMethod == DELIVERY_METHOD_XHTML && debug()) {
$this->addModule('TraceModule');
}
// Render
if ($this->_DeliveryType == DELIVERY_TYPE_BOOL) {
echo $View ? 'TRUE' : 'FALSE';
} elseif ($this->_DeliveryType == DELIVERY_TYPE_ALL) {
// Render
$this->renderMaster();
} else {
if ($View instanceof Gdn_IModule) {
$View->render();
} else {
echo $View;
}
}
}
}
