/**
* @param Ajde_Core_Route $route
*
* @return Ajde_Controller
*/
public static function fromRoute(Ajde_Core_Route $route)
{
if ($controller = $route->getController()) {
$moduleController = ucfirst($route->getModule()) . ucfirst($controller) . 'Controller';
} else {
$moduleController = ucfirst($route->getModule()) . 'Controller';
}
if (!class_exists($moduleController)) {
// Prevent resursive 404 routing
$errorRoutes = config('routes.errors');
if (isset($errorRoutes[Ajde_Http_Response::RESPONSE_TYPE_NOTFOUND])) {
$notFoundRoute = new Ajde_Core_Route($errorRoutes[Ajde_Http_Response::RESPONSE_TYPE_NOTFOUND]);
if ($route->buildRoute() == $notFoundRoute->buildRoute()) {
Ajde_Http_Response::setResponseType(404);
die('<h2>Ouch, something broke.</h2><p>This is serious. We tried to give you a nice error page, but even that failed.</p><button onclick="location.href=\'' . config('app.rootUrl') . '\';">Go back to homepage</button>');
}
}
if (class_exists('Ajde_Exception')) {
$exception = new Ajde_Core_Exception_Routing("Controller {$moduleController} for module {$route->getModule()} not found", 90008);
} else {
// Normal exception here to prevent [Class 'Ajde_Exception' not found] errors...
$exception = new Exception("Controller {$moduleController} for module {$route->getModule()} not found");
}
Ajde::routingError($exception);
}
$controller = new $moduleController($route->getAction(), $route->getFormat());
$controller->_route = $route;
foreach ($route->values() as $part => $value) {
$controller->set($part, $value);
}
return $controller;
}
/**
* @throws Ajde_Core_Exception_Security
*
* @return Ajde_Http_Request
*/
public static function fromGlobal()
{
$instance = new self();
$post = self::globalPost();
if (!empty($post) && self::requirePostToken() && !self::_isWhitelisted()) {
// Measures against CSRF attacks
$session = new Ajde_Session('AC.Form');
if (!isset($post['_token']) || !$session->has('formTime')) {
$exception = new Ajde_Core_Exception_Security('No form token received or no form time set, bailing out to prevent CSRF attack');
if (config('app.debug') === true) {
Ajde_Http_Response::setResponseType(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
throw $exception;
} else {
// Prevent inf. loops
unset($_POST);
unset($_REQUEST);
// Rewrite
Ajde_Exception_Log::logException($exception);
Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
}
}
$formToken = $post['_token'];
if (!self::verifyFormToken($formToken) || !self::verifyFormTime()) {
// TODO:
if (!self::verifyFormToken($formToken)) {
$exception = new Ajde_Core_Exception_Security('No matching form token (got ' . self::_getHashFromSession($formToken) . ', expected ' . self::_tokenHash($formToken) . '), bailing out to prevent CSRF attack');
} else {
$exception = new Ajde_Core_Exception_Security('Form token timed out, bailing out to prevent CSRF attack');
}
if (config('app.debug') === true) {
Ajde_Http_Response::setResponseType(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
throw $exception;
} else {
// Prevent inf. loops
unset($_POST);
unset($_REQUEST);
// Rewrite
Ajde_Exception_Log::logException($exception);
Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN);
}
}
}
// Security measure, protect $_POST
$global = self::globalGet();
foreach ($global as $key => $value) {
$instance->set($key, $value);
}
$instance->_postData = self::globalPost();
if (!empty($instance->_postData)) {
Ajde_Cache::getInstance()->disable();
}
return $instance;
}
