public function handleRequest(AphrontRequest $request)
{
$viewer = $request->getViewer();
$site = $request->getSite();
if ($site instanceof PhameBlogSite) {
$blog = $site->getBlog();
} else {
$id = $request->getURIData('id');
$blog = id(new PhameBlogQuery())->setViewer($viewer)->withIDs(array($id))->executeOne();
if (!$blog) {
return new Aphront404Response();
}
}
if ($blog->getDomain() && $request->getHost() != $blog->getDomain()) {
$base_uri = $blog->getLiveURI();
// Don't redirect directly, since the domain is user-controlled and there
// are a bevy of security issues associated with automatic redirects to
// external domains.
// Previously we CSRF'd this and someone found a way to pass OAuth
// information through it using anchors. Just make users click a normal
// link so that this is no more dangerous than any other external link
// on the site.
$dialog = id(new AphrontDialogView())->setTitle(pht('Blog Moved'))->setUser($viewer)->appendParagraph(pht('This blog is now hosted here:'))->appendParagraph(phutil_tag('a', array('href' => $base_uri), $base_uri))->addCancelButton('/');
return id(new AphrontDialogResponse())->setDialog($dialog);
}
$phame_request = clone $request;
$more = $phame_request->getURIData('more', '');
$phame_request->setPath('/' . ltrim($more, '/'));
$uri = $blog->getLiveURI();
$skin = $blog->getSkinRenderer($phame_request);
$skin->setBlog($blog)->setBaseURI($uri);
$skin->willProcessRequest(array());
return $skin->processRequest();
}
protected function isPhabricatorSite(AphrontRequest $request)
{
$site = $request->getSite();
if (!$site) {
return false;
}
return $site instanceof PhabricatorSite;
}
