protected function checkSanitizing($in, $expectedOut)
{
$offset = '/cms/';
$langDir = 'de/';
$ls = new \LinkSanitizer($offset . $langDir, $in);
$this->assertEquals($expectedOut, $ls->replace());
}
/**
* Get the requested Page.
*
* @access public
*/
public function getPage()
{
$_GET['act'] = empty($_GET['act']) ? '' : $_GET['act'];
switch ($_GET['act']) {
case 'lostpw':
$this->showPasswordLost();
break;
case 'resetpw':
$this->showPasswordReset();
break;
case 'verify':
$this->verifyUserAccount();
break;
case 'captcha':
$this->getCaptcha();
break;
default:
$this->showLogin();
break;
}
$this->objTemplate->setVariable('CONTREXX_CHARSET', CONTREXX_CHARSET);
$endcode = $this->objTemplate->get();
// replace links from before contrexx 3
$ls = new \LinkSanitizer(ASCMS_PATH_OFFSET . ASCMS_BACKEND_PATH . '/', $endcode);
$endcode = $ls->replace();
echo $endcode;
exit;
}
/**
* Get the requested Page.
*
* @access public
*/
public function getPage()
{
$_GET['act'] = empty($_GET['act']) ? '' : $_GET['act'];
switch ($_GET['act']) {
case 'lostpw':
$this->showPasswordLost();
break;
case 'resetpw':
$this->showPasswordReset();
break;
case 'verify':
$this->verifyUserAccount();
break;
case 'captcha':
$this->getCaptcha();
break;
default:
$this->showLogin();
break;
}
$this->objTemplate->setVariable('CONTREXX_CHARSET', CONTREXX_CHARSET);
$endcode = $this->objTemplate->get();
// replace links from before contrexx 3
$cx = \Cx\Core\Core\Controller\Cx::instanciate();
$ls = new \LinkSanitizer($cx, $cx->getCodeBaseOffsetPath() . $cx->getBackendFolderName() . '/', $endcode);
$endcode = $ls->replace();
echo $endcode;
exit;
}
private static function __kill()
{
global $_CORELANG;
$data = $_SERVER['REQUEST_METHOD'] == 'GET' ? $_GET : $_POST;
self::add_code();
$tpl = new \Cx\Core\Html\Sigma(\Env::get('cx')->getCodeBaseCorePath() . '/Csrf/View/Template/Generic/');
$tpl->setErrorHandling(PEAR_ERROR_DIE);
$tpl->loadTemplateFile('Warning.html');
$form = '';
foreach ($data as $key => $value) {
if ($key == self::$formkey || $key == 'amp;' . self::$formkey || $key == '__cap') {
continue;
}
// There *MUST NOT* be any form element with a name attribute
// value of "submit" -- this will break the form's submit() method!
if ($key == 'submit') {
continue;
}
$form .= self::parseRequestParametersForForm($key, $value);
}
$csrfContinue = 'javascript:sendData();';
$csrfAbort = 'index.php' . (isset($_GET['cmd']) ? '?cmd=' . $_GET['cmd'] : '');
$_CORELANG['TXT_CSRF_DESCR'] = str_replace('%1$s', $csrfContinue . '" tabindex="-1', $_CORELANG['TXT_CSRF_DESCR']);
$_CORELANG['TXT_CSRF_DESCR'] = str_replace('%2$s', $csrfAbort . '" tabindex="-1', $_CORELANG['TXT_CSRF_DESCR']);
$action = $_SERVER['REQUEST_URI'];
$tpl->setGlobalVariable(array('TXT_CSRF_TITLE' => $_CORELANG['TXT_CSRF_TITLE'], 'TXT_CSRF_DESCR' => $_CORELANG['TXT_CSRF_DESCR'], 'TXT_CSRF_CONTINUE' => $_CORELANG['TXT_CSRF_CONTINUE'], 'TXT_CSRF_ABORT' => $_CORELANG['TXT_CSRF_ABORT'], 'CSRF_CONTINUE' => $csrfContinue . '" tabindex="1', 'CSRF_ABORT' => $csrfAbort . '" tabindex="2', 'REQUEST_METHOD' => strtolower($_SERVER['REQUEST_METHOD']), 'ACTION' => $action, 'FORM_ELEMENTS' => $form, 'IMAGES_PATH' => ASCMS_ADMIN_WEB_PATH . '/images/csrfprotection'));
$tpl->parse();
$endcode = $tpl->get();
// replace links from before contrexx 3
$ls = new \LinkSanitizer(ASCMS_PATH_OFFSET . ASCMS_BACKEND_PATH . '/', $endcode);
$endcode = $ls->replace();
echo $endcode;
die;
}
/**
* Save the block content
*
* @param array $params all given params from http request
* @throws NoPermissionException
* @throws NotEnoughArgumentsException
* @throws BlockCouldNotBeSavedException
* @return boolean true if everything finished with success
*/
public function saveBlockContent($params)
{
global $_CORELANG, $objDatabase;
// security check
if (!\FWUser::getFWUserObject()->objUser->login() || !\Permission::checkAccess(76, 'static', true)) {
throw new NoPermissionException($_CORELANG['TXT_ACCESS_DENIED_DESCRIPTION']);
}
// check arguments
if (empty($params['get']['block']) || empty($params['get']['lang'])) {
throw new NotEnoughArgumentsException('not enough arguments');
}
// get language and block id
$id = intval($params['get']['block']);
$lang = \FWLanguage::getLanguageIdByCode($params['get']['lang']);
if (!$lang) {
$lang = FRONTEND_LANG_ID;
}
$content = $params['post']['content'];
// query to update content in database
$query = "UPDATE `" . DBPREFIX . "module_block_rel_lang_content`\n SET content = '" . \contrexx_input2db($content) . "'\n WHERE\n block_id = " . $id . " AND lang_id = " . $lang;
$result = $objDatabase->Execute($query);
// error handling
if ($result === false) {
throw new BlockCouldNotBeSavedException('block could not be saved');
}
\LinkGenerator::parseTemplate($content);
$ls = new \LinkSanitizer(ASCMS_PATH_OFFSET . \Env::get('virtualLanguageDirectory') . '/', $content);
$this->messages[] = $_CORELANG['TXT_CORE_SAVED_BLOCK'];
return array('content' => $ls->replace());
}
public function getFrameXHtml()
{
global $_CORELANG;
if (!empty($_SESSION['upload']['handlers'][$this->uploadId]['singleFileMode'])) {
\ContrexxJavascript::getInstance()->setVariable('restrictUpload2SingleFile', true, "upload/widget_{$this->uploadId}");
}
//JS / CSS dependencies
\JS::activate('cx');
\JS::registerCSS('core_modules/Upload/css/uploaders/form/formUploader.css');
\JS::registerJS('core_modules/Upload/js/uploaders/form/formUploader.js');
$uploadPath = $this->getUploadPath('form');
$redirectUrl = '';
if ($this->isBackendRequest) {
$redirectUrl = ASCMS_ADMIN_WEB_PATH . '/index.php?cmd=Upload&act=formUploaderFrameFinished&uploadId=' . $this->uploadId;
} else {
$url = clone \Env::get('cx')->getRequest()->getUrl();
$url->removeAllParams();
$url->setParams(array('section' => 'Upload', 'cmd' => 'formUploaderFrameFinished', 'uploadId' => $this->uploadId));
$redirectUrl = (string) $url;
}
$this->setRedirectUrl($redirectUrl);
$tpl = new \Cx\Core\Html\Sigma(ASCMS_CORE_MODULE_PATH . '/Upload/template/uploaders');
$tpl->setErrorHandling(PEAR_ERROR_DIE);
$tpl->loadTemplateFile('formFrame.html');
$tpl->setVariable('UPLOAD_URL', $uploadPath);
$tpl->setVariable('INCLUDES', \JS::getCode());
$tpl->setVariable('CXJS_INIT_JS', \ContrexxJavascript::getInstance()->initJs());
$tpl->setVariable('UPLOAD_FORM_ADD', $_CORELANG['UPLOAD_FORM_ADD']);
$tpl->setVariable('UPLOAD', $_CORELANG['UPLOAD']);
$tpl->setVariable('UPLOAD_ID', $this->uploadId);
$tpl->setVariable('MAX_FILE_SIZE', \FWSystem::getMaxUploadFileSize() - 1000);
$cx = \Cx\Core\Core\Controller\Cx::instanciate();
$ls = new \LinkSanitizer($cx, $cx->getCodeBaseOffsetPath(), $tpl->get());
return $ls->replace();
}
/**
* Parses the main template in order to finish request
* @todo Remove usage of globals
* @global type $themesPages
* @global null $moduleStyleFile
* @global array $_CONFIG
* @global type $subMenuTitle
* @global type $_CORELANG
* @global type $plainCmd
* @global type $cmd
*/
protected function finalize()
{
global $themesPages, $moduleStyleFile, $_CONFIG, $subMenuTitle, $_CORELANG, $plainCmd, $cmd;
if ($this->mode == self::MODE_FRONTEND) {
// parse system
$parsingTime = $this->stopTimer();
$this->template->setVariable('PARSING_TIME', $parsingTime);
$this->parseGlobalPlaceholders($themesPages['sidebar']);
$this->template->setVariable(array('SIDEBAR_FILE' => $themesPages['sidebar'], 'JAVASCRIPT_FILE' => $themesPages['javascript'], 'BUILDIN_STYLE_FILE' => $themesPages['buildin_style'], 'DATE_YEAR' => date('Y'), 'DATE_MONTH' => date('m'), 'DATE_DAY' => date('d'), 'DATE_TIME' => date('H:i'), 'BUILDIN_STYLE_FILE' => $themesPages['buildin_style'], 'JAVASCRIPT_LIGHTBOX' => '<script type="text/javascript" src="lib/lightbox/javascript/mootools.js"></script>
<script type="text/javascript" src="lib/lightbox/javascript/slimbox.js"></script>', 'JAVASCRIPT_MOBILE_DETECTOR' => '<script type="text/javascript" src="lib/mobiledetector.js"></script>'));
if (!empty($moduleStyleFile)) {
$this->template->setVariable('STYLE_FILE', "<link rel=\"stylesheet\" href=\"{$moduleStyleFile}\" type=\"text/css\" media=\"screen, projection\" />");
}
if (!$this->resolvedPage->getUseSkinForAllChannels() && isset($_GET['pdfview']) && intval($_GET['pdfview']) == 1) {
$pageTitle = $this->resolvedPage->getTitle();
$extenstion = empty($pageTitle) ? null : '.pdf';
$objPDF = new \Cx\Core_Modules\Pdf\Model\Entity\PdfDocument();
$objPDF->SetTitle($pageTitle . $extenstion);
$objPDF->setContent($this->template->get());
$objPDF->Create();
exit;
}
// fetch the parsed webpage
$this->template->setVariable('JAVASCRIPT', 'javascript_inserting_here');
$endcode = $this->template->get();
/**
* Get all javascripts in the code, replace them with nothing, and register the js file
* to the javascript lib. This is because we don't want something twice, and there could be
* a theme that requires a javascript, which then could be used by a module too and therefore would
* be loaded twice.
*/
/* Finds all uncommented script tags, strips them out of the HTML and
* stores them internally so we can put them in the placeholder later
* (see JS::getCode() below)
*/
\JS::findJavascripts($endcode);
/*
* Proposal: Use this
* $endcode = preg_replace_callback('/<script\s.*?src=(["\'])(.*?)(\1).*?\/?>(?:<\/script>)?/i', array('JS', 'registerFromRegex'), $endcode);
* and change JS::registerFromRegex to use index 2
*/
// i know this is ugly, but is there another way
$endcode = str_replace('javascript_inserting_here', \JS::getCode(), $endcode);
// do a final replacement of all those node-urls ({NODE_<ID>_<LANG>}- placeholders) that haven't been captured earlier
$endcode = preg_replace('/\\[\\[([A-Z0-9_-]+)\\]\\]/', '{\\1}', $endcode);
\LinkGenerator::parseTemplate($endcode);
// remove the meta tag X-UA-Compatible if the user agent ist neighter internet explorer nor chromeframe
if (!preg_match('/(msie|chromeframe)/i', $_SERVER['HTTP_USER_AGENT'])) {
$endcode = preg_replace('/<meta.*?X-UA-Compatible.*?>/i', '', $endcode);
}
// replace links from before contrexx 3
$ls = new \LinkSanitizer($this, $this->getCodeBaseOffsetPath() . \Env::get('virtualLanguageDirectory') . '/', $endcode);
$this->endcode = $ls->replace();
} else {
// backend meta navigation
if ($this->template->blockExists('backend_metanavigation')) {
// parse language navigation
if ($this->template->blockExists('backend_language_navigation') && $this->template->blockExists('backend_language_navigation_item')) {
$backendLanguage = \FWLanguage::getActiveBackendLanguages();
if (count($backendLanguage) > 1) {
$this->template->setVariable('TXT_LANGUAGE', $_CORELANG['TXT_LANGUAGE']);
foreach ($backendLanguage as $language) {
$languageUrl = \Env::get('init')->getUriBy('setLang', $language['id']);
$this->template->setVariable(array('LANGUAGE_URL' => contrexx_raw2xhtml($languageUrl), 'LANGUAGE_NAME' => $language['name'], 'LANGUAGE_CSS' => \Env::get('init')->getBackendLangId() == $language['id'] ? 'active' : ''));
$this->template->parse('backend_language_navigation_item');
}
$this->template->parse('backend_language_navigation');
} else {
$this->template->hideBlock('backend_language_navigation');
}
}
$this->template->touchBlock('backend_metanavigation');
}
// page parsing
$parsingTime = $this->stopTimer();
// var_dump($parsingTime);
/*echo ($finishTime[0] - $startTime[0]) . '<br />';
if (!isset($_SESSION['asdf1']) || isset($_GET['reset'])) {
$_SESSION['asdf1'] = 0;
$_SESSION['asdf2'] = 0;
}
echo $_SESSION['asdf1'] . '<br />';
if ($_SESSION['asdf1'] > 0) {
echo $_SESSION['asdf2'] / $_SESSION['asdf1'];
}
$_SESSION['asdf1']++;
$_SESSION['asdf2'] += ($finishTime[0] - $startTime[0]);//*/
$objAdminNav = new \adminMenu($plainCmd);
$objAdminNav->getAdminNavbar();
$this->template->setVariable(array('SUB_MENU_TITLE' => $subMenuTitle, 'FRONTEND_LANG_MENU' => \Env::get('init')->getUserFrontendLangMenu(), 'TXT_GENERATED_IN' => $_CORELANG['TXT_GENERATED_IN'], 'TXT_SECONDS' => $_CORELANG['TXT_SECONDS'], 'TXT_LOGOUT_WARNING' => $_CORELANG['TXT_LOGOUT_WARNING'], 'PARSING_TIME' => $parsingTime, 'LOGGED_NAME' => htmlentities($this->getUser()->objUser->getProfileAttribute('firstname') . ' ' . $this->getUser()->objUser->getProfileAttribute('lastname'), ENT_QUOTES, CONTREXX_CHARSET), 'TXT_LOGGED_IN_AS' => $_CORELANG['TXT_LOGGED_IN_AS'], 'TXT_LOG_OUT' => $_CORELANG['TXT_LOG_OUT'], 'MODULE_INDEX' => MODULE_INDEX, 'JAVASCRIPT' => \JS::getCode(), 'CX_EDITION' => $_CONFIG['coreCmsEdition'], 'CX_VERSION' => $_CONFIG['coreCmsVersion'], 'CX_CODE_NAME' => $_CONFIG['coreCmsCodeName'], 'CX_STATUS' => $_CONFIG['coreCmsStatus'], 'CX_RELEASE_DATE' => date(ASCMS_DATE_FORMAT_DATE, $_CONFIG['coreCmsReleaseDate']), 'CX_NAME' => $_CONFIG['coreCmsName']));
// Style parsing
if (file_exists($this->codeBaseAdminTemplatePath . '/css/' . $cmd . '.css')) {
// check if there's a css file in the core section
$this->template->setVariable('ADD_STYLE_URL', $this->codeBaseAdminTemplateWebPath . '/css/' . $cmd . '.css');
$this->template->parse('additional_style');
} elseif (file_exists($this->codeBaseModulePath . '/' . $cmd . '/template/backend.css')) {
// of maybe in the current module directory
$this->template->setVariable('ADD_STYLE_URL', $this->codeBaseModuleWebPath . '/' . $cmd . '/template/backend.css');
$this->template->parse('additional_style');
} elseif (file_exists($this->codeBaseCoreModulePath . '/' . $cmd . '/template/backend.css')) {
// or in the core module directory
$this->template->setVariable('ADD_STYLE_URL', $this->codeBaseCoreModuleWebPath . '/' . $cmd . '/template/backend.css');
$this->template->parse('additional_style');
} else {
$this->template->hideBlock('additional_style');
}
/*echo '<pre>';
print_r($_SESSION);
/*echo '<b>Overall time: ' . (microtime(true) - $timeAtStart) . 's<br />';
echo 'Max RAM usage: ' . formatBytes(memory_get_peak_usage()) . '<br />';
echo 'End RAM usage: ' . formatBytes(memory_get_usage()) . '<br /></b>';*/
$endcode = $this->template->get();
// replace links from before contrexx 3
$ls = new \LinkSanitizer($this, $this->getCodeBaseOffsetPath() . $this->getBackendFolderName() . '/', $endcode);
$this->endcode = $ls->replace();
}
\DBG::log("(Cx: {$this->id}) Request parsing completed after {$parsingTime}");
}
