/** * Reads the HTTP Request object. * * @return DevblocksHttpRequest */ static function readRequest() { $url = DevblocksPlatform::getUrlService(); $location = self::getWebPath(); $parts = $url->parseURL($location); // Add any query string arguments (?arg=value&arg=value) @($query = $_SERVER['QUERY_STRING']); $queryArgs = $url->parseQueryString($query); if (empty($parts)) { // Overrides (Form POST, etc.) // Controller (GET has precedence over POST) if (isset($_GET['c'])) { @($uri = DevblocksPlatform::importGPC($_GET['c'])); // extension } elseif (isset($_POST['c'])) { @($uri = DevblocksPlatform::importGPC($_POST['c'])); // extension } if (!empty($uri)) { $parts[] = DevblocksPlatform::strAlphaNum($uri); } // Action (GET has precedence over POST) if (isset($_GET['a'])) { @($listener = DevblocksPlatform::importGPC($_GET['a'])); // listener } elseif (isset($_POST['a'])) { @($listener = DevblocksPlatform::importGPC($_POST['a'])); // listener } if (!empty($listener)) { $parts[] = DevblocksPlatform::strAlphaNum($listener); } } // Controller XSS security (alphanum only) if (isset($parts[0])) { $parts[0] = DevblocksPlatform::strAlphaNum($parts[0]); } // Resource / Proxy /* * [TODO] Run this code through another audit. Is it worth a tiny hit per resource * to verify the plugin matches exactly in the DB? If so, make sure we cache the * resulting file. * * [TODO] Make this a controller */ $path = $parts; switch (array_shift($path)) { case "resource": $plugin_id = array_shift($path); if (null == ($plugin = DevblocksPlatform::getPlugin($plugin_id))) { break; } $file = implode(DIRECTORY_SEPARATOR, $path); // combine path $dir = APP_PATH . '/' . $plugin->dir . '/' . 'resources'; if (!is_dir($dir)) { die(""); } // basedir Security $resource = $dir . '/' . $file; if (0 != strstr($dir, $resource)) { die(""); } $ext = @array_pop(explode('.', $resource)); if (!is_file($resource) || 'php' == $ext) { die(""); } // extension security // Caching switch ($ext) { case 'css': case 'gif': case 'jpg': case 'js': case 'png': header('Cache-control: max-age=604800', true); // 1 wk // , must-revalidate header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 604800) . ' GMT'); // 1 wk break; } switch ($ext) { case 'css': header('Content-type: text/css;'); break; case 'gif': header('Content-type: image/gif;'); break; case 'jpeg': case 'jpg': header('Content-type: image/jpeg;'); break; case 'js': header('Content-type: text/javascript;'); break; case 'png': header('Content-type: image/png;'); break; case 'xml': header('Content-type: text/xml;'); break; } $out = file_get_contents($resource, false); // Pass through if ($out) { header('Content-Length: ' . strlen($out)); echo $out; } exit; break; default: break; } $request = new DevblocksHttpRequest($parts, $queryArgs); DevblocksPlatform::setHttpRequest($request); return $request; }