function getPlugin() { $plugin = DevblocksPlatform::getPlugin($this->plugin_id); return $plugin; }
/** * Reads the HTTP Request object. * * @return DevblocksHttpRequest */ static function readRequest() { $url = DevblocksPlatform::getUrlService(); $location = self::getWebPath(); $parts = $url->parseURL($location); // Add any query string arguments (?arg=value&arg=value) @($query = $_SERVER['QUERY_STRING']); $queryArgs = $url->parseQueryString($query); if (empty($parts)) { // Overrides (Form POST, etc.) // Controller (GET has precedence over POST) if (isset($_GET['c'])) { @($uri = DevblocksPlatform::importGPC($_GET['c'])); // extension } elseif (isset($_POST['c'])) { @($uri = DevblocksPlatform::importGPC($_POST['c'])); // extension } if (!empty($uri)) { $parts[] = DevblocksPlatform::strAlphaNum($uri); } // Action (GET has precedence over POST) if (isset($_GET['a'])) { @($listener = DevblocksPlatform::importGPC($_GET['a'])); // listener } elseif (isset($_POST['a'])) { @($listener = DevblocksPlatform::importGPC($_POST['a'])); // listener } if (!empty($listener)) { $parts[] = DevblocksPlatform::strAlphaNum($listener); } } // Controller XSS security (alphanum only) if (isset($parts[0])) { $parts[0] = DevblocksPlatform::strAlphaNum($parts[0]); } // Resource / Proxy /* * [TODO] Run this code through another audit. Is it worth a tiny hit per resource * to verify the plugin matches exactly in the DB? If so, make sure we cache the * resulting file. * * [TODO] Make this a controller */ $path = $parts; switch (array_shift($path)) { case "resource": $plugin_id = array_shift($path); if (null == ($plugin = DevblocksPlatform::getPlugin($plugin_id))) { break; } $file = implode(DIRECTORY_SEPARATOR, $path); // combine path $dir = APP_PATH . '/' . $plugin->dir . '/' . 'resources'; if (!is_dir($dir)) { die(""); } // basedir Security $resource = $dir . '/' . $file; if (0 != strstr($dir, $resource)) { die(""); } $ext = @array_pop(explode('.', $resource)); if (!is_file($resource) || 'php' == $ext) { die(""); } // extension security // Caching switch ($ext) { case 'css': case 'gif': case 'jpg': case 'js': case 'png': header('Cache-control: max-age=604800', true); // 1 wk // , must-revalidate header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 604800) . ' GMT'); // 1 wk break; } switch ($ext) { case 'css': header('Content-type: text/css;'); break; case 'gif': header('Content-type: image/gif;'); break; case 'jpeg': case 'jpg': header('Content-type: image/jpeg;'); break; case 'js': header('Content-type: text/javascript;'); break; case 'png': header('Content-type: image/png;'); break; case 'xml': header('Content-type: text/xml;'); break; } $out = file_get_contents($resource, false); // Pass through if ($out) { header('Content-Length: ' . strlen($out)); echo $out; } exit; break; default: break; } $request = new DevblocksHttpRequest($parts, $queryArgs); DevblocksPlatform::setHttpRequest($request); return $request; }
function saveAddTemplatePeekAction() { @($view_id = DevblocksPlatform::importGPC($_REQUEST['view_id'], 'string', '')); @($portal = DevblocksPlatform::importGPC($_REQUEST['portal'], 'string', '')); @($template = DevblocksPlatform::importGPC($_REQUEST['template'], 'string', '')); list($plugin_id, $template_path) = explode(':', $template, 2); $tpl = DevblocksPlatform::getTemplateService(); $tpl->assign('view_id', $view_id); // Pull from filesystem for editing $content = ''; if (null != ($plugin = DevblocksPlatform::getPlugin($plugin_id))) { $path = APP_PATH . '/' . $plugin->dir . '/templates/' . $template_path; if (file_exists($path)) { $content = file_get_contents($path); } } $fields = array(DAO_DevblocksTemplate::LAST_UPDATED => 0, DAO_DevblocksTemplate::PLUGIN_ID => $plugin_id, DAO_DevblocksTemplate::PATH => $template_path, DAO_DevblocksTemplate::TAG => 'portal_' . $portal, DAO_DevblocksTemplate::CONTENT => $content); $id = DAO_DevblocksTemplate::create($fields); $template = DAO_DevblocksTemplate::get($id); $tpl->assign('template', $template); $tpl->display('file:' . $this->_TPL_PATH . 'community/display/tabs/templates/peek.tpl'); }