/**
* Reads the HTTP Request object.
*
* @return DevblocksHttpRequest
*/
static function readRequest()
{
$url = DevblocksPlatform::getUrlService();
$location = self::getWebPath();
$parts = $url->parseURL($location);
// Add any query string arguments (?arg=value&arg=value)
@($query = $_SERVER['QUERY_STRING']);
$queryArgs = $url->parseQueryString($query);
if (empty($parts)) {
// Overrides (Form POST, etc.)
// Controller (GET has precedence over POST)
if (isset($_GET['c'])) {
@($uri = DevblocksPlatform::importGPC($_GET['c']));
// extension
} elseif (isset($_POST['c'])) {
@($uri = DevblocksPlatform::importGPC($_POST['c']));
// extension
}
if (!empty($uri)) {
$parts[] = DevblocksPlatform::strAlphaNum($uri);
}
// Action (GET has precedence over POST)
if (isset($_GET['a'])) {
@($listener = DevblocksPlatform::importGPC($_GET['a']));
// listener
} elseif (isset($_POST['a'])) {
@($listener = DevblocksPlatform::importGPC($_POST['a']));
// listener
}
if (!empty($listener)) {
$parts[] = DevblocksPlatform::strAlphaNum($listener);
}
}
// Controller XSS security (alphanum only)
if (isset($parts[0])) {
$parts[0] = DevblocksPlatform::strAlphaNum($parts[0]);
}
// Resource / Proxy
/*
* [TODO] Run this code through another audit. Is it worth a tiny hit per resource
* to verify the plugin matches exactly in the DB? If so, make sure we cache the
* resulting file.
*
* [TODO] Make this a controller
*/
$path = $parts;
switch (array_shift($path)) {
case "resource":
$plugin_id = array_shift($path);
if (null == ($plugin = DevblocksPlatform::getPlugin($plugin_id))) {
break;
}
$file = implode(DIRECTORY_SEPARATOR, $path);
// combine path
$dir = APP_PATH . '/' . $plugin->dir . '/' . 'resources';
if (!is_dir($dir)) {
die("");
}
// basedir Security
$resource = $dir . '/' . $file;
if (0 != strstr($dir, $resource)) {
die("");
}
$ext = @array_pop(explode('.', $resource));
if (!is_file($resource) || 'php' == $ext) {
die("");
}
// extension security
// Caching
switch ($ext) {
case 'css':
case 'gif':
case 'jpg':
case 'js':
case 'png':
header('Cache-control: max-age=604800', true);
// 1 wk // , must-revalidate
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 604800) . ' GMT');
// 1 wk
break;
}
switch ($ext) {
case 'css':
header('Content-type: text/css;');
break;
case 'gif':
header('Content-type: image/gif;');
break;
case 'jpeg':
case 'jpg':
header('Content-type: image/jpeg;');
break;
case 'js':
header('Content-type: text/javascript;');
break;
case 'png':
header('Content-type: image/png;');
break;
case 'xml':
header('Content-type: text/xml;');
break;
}
$out = file_get_contents($resource, false);
// Pass through
if ($out) {
header('Content-Length: ' . strlen($out));
echo $out;
}
exit;
break;
default:
break;
}
$request = new DevblocksHttpRequest($parts, $queryArgs);
DevblocksPlatform::setHttpRequest($request);
return $request;
}
