public function render($runData) { if ($runData->getModuleTemplate() == null) { return; } $this->build($runData); $template = $runData->getModuleTemplate(); $templateFile = PathManager::moduleTemplate($template); // render! $smarty = Ozone::getSmartyPlain(); $page = $runData->getPage(); $smarty->assign("page", $page); // put context into context $context = $runData->getContext(); if ($context !== null) { foreach ($context as $key => $value) { $smarty->assign($key, $value); } } // put errorMessages and messages into the smarty's context as well. $dataMessages = $runData->getMessages(); $dataErrorMessages = $runData->getErrorMessages(); if (count($dataMessages) > 0) { $smarty->assign('data_messages', $dataMessages); } if (count($dataErrorMessages) > 0) { $smarty->assign('data_errorMessages', $dataErrorMessages); } $out = $smarty->fetch($templateFile); return $out; }
/** * Macro calling method for Smarty. */ function smarty_function_macro($params, &$smarty) { if ($params['name'] == '') { $smarty->trigger_error("macro: missing attribute 'name' for the macro"); return; } ## get macro file name $templateFilename = $smarty->getMacroTemplateFileName($params['name']); if ($templateFilename == null) { $smarty->trigger_error("macro: template file for the macro missing"); return; } // get new smarty instance to process the template: $subSmarty = Ozone::getSmartyPlain(); unset($params['name']); $subSmarty->assign('params', $params); foreach ($params as $key => $value) { $subSmarty->assign($key, $value); } ## copy the macro register $subSmarty->setMacroRegister($smarty->getMacroRegister()); #render the content $out = $subSmarty->fetch(PathManager::smartyMacroTemplateDir() . "/" . $templateFilename); return $out; }
public function process() { Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); $runData->handleSessionStart(); $user = $runData->getUser(); $site = $this->siteFromHost($_SERVER['HTTP_HOST'], false, true); if (!$this->userAllowed($user, $site)) { $this->setContentTypeHeader("text/javascript"); echo "window.location = '/local--auth/' + encodeURIComponent(window.location);"; } }
public function render($runData) { $this->build($runData); $smarty = Ozone::getSmarty(); // put context into context $context = $runData->getContext(); if ($context !== null) { foreach ($context as $key => $value) { $smarty->assign($key, $value); } } $templateFile = WIKIDOT_ROOT . '/templates/screens/feed/FeedTemplate.tpl'; $out = $smarty->fetch($templateFile); return $out; }
public function process() { Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); $url = $_GET["url"]; $confirm = isset($_GET["confirm"]); $setie = isset($_GET["setiecookie"]); $siteHost = $_SERVER['HTTP_HOST']; $site = $this->siteFromHost($siteHost, true, true); if ($setie) { if ($siteHost != GlobalProperties::$URL_DOMAIN) { $this->siteNotExists(); } $runData->handleSessionStart(); if ($runData->getUser()) { setcookie(GlobalProperties::$SESSION_COOKIE_NAME_IE, $runData->getSessionId(), null, '/'); } else { setcookie(GlobalProperties::$SESSION_COOKIE_NAME_IE, "ANONYMOUS", null, '/'); } $this->redirect($url); } else { if (!$site) { $this->siteNotExists(); return; } if (!$confirm) { $user_id = $_GET["user_id"]; $skey = $_GET["skey"]; $session = $runData->getSessionFromDomainHash($skey, $_SERVER['HTTP_HOST'], $user_id); if ($session) { setcookie(GlobalProperties::$SESSION_COOKIE_NAME, "_domain_cookie_{$user_id}_{$skey}", null, '/', GlobalProperties::$SESSION_COOKIE_DOMAIN); $this->redirectConfirm($url); } else { $this->redirect($url); } } else { // checking if cookie exists $runData->handleSessionStart(); if ($runData->getUser()) { $this->redirect($url); } else { $this->cookieError($url); } } } }
function process(&$matches) { $pageName = WDStringUtils::toUnixName(trim($matches[1])); // get page source (if exists) $runData = Ozone::getRunData(); $site = $runData->getTemp("site"); $page = DB_PagePeer::instance()->selectByName($site->getSiteId(), $pageName); if ($page == null) { //$output = $this->wiki->addToken( // $this->rule, array('fromIncludeRule' => true, 'type' => 'error', 'pageName' => $pageName) $output = "\n\n" . '[[div class="error-block"]]' . "\n" . sprintf(_('Page to be included %s can not be found!'), htmlspecialchars($pageName)) . "\n" . '[[/div]]' . "\n\n"; $wiki = $this->wiki; if ($wiki->vars['inclusionsNotExist'] == null) { $wiki->vars['inclusionsNotExist'] = array(); } $wiki->vars['inclusionsNotExist'][$pageName] = $pageName; } else { $output = $page->getSource(); // prepare entry... $wiki = $this->wiki; if ($wiki->vars['inclusions'] == null) { $wiki->vars['inclusions'] = array(); } $wiki->vars['inclusions'][$page->getPageId()] = $page->getPageId(); // preprocess the output too!!! // missed a few rules so far... TODO!!! //process the output - make substitutions. $subs = $matches[2]; if ($subs) { $subsArray = explode('|', $subs); foreach ($subsArray as $sub) { if (strpos($sub, '=') !== false) { $pos = strpos($sub, '='); $var = trim(substr($sub, 0, $pos)); $value = trim(substr($sub, $pos + 1)); if ($value != '' && $var != '' && preg_match('/^[a-z0-9\\-\\_]+$/i', $var)) { // substitute!!! $output = str_replace('{$' . $var . '}', $value, $output); } } } } } // done, place the script output directly in the source return "\n\n" . $output . "\n\n"; }
public function process() { Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); /* Get session cookie.*/ $sessionId = $_COOKIE[GlobalProperties::$SESSION_COOKIE_NAME]; if (!$sessionId) { throw new ProcessException('Please accept cookies in your browser.'); } /* Make sure we are using http: protocol. */ if ($_SERVER['HTTPS']) { throw new ProcessException('This controller should be invoked in the http: mode.'); } $pl = $runData->getParameterList(); $sessionHash = $pl->getParameterValue('sessionHash'); /* Select session from the database. */ $c = new Criteria(); $c->add('session_id', $sessionId); $c->add("md5(session_id || '" . self::$secretSeed . "')", $sessionHash); $session = DB_OzoneSessionPeer::instance()->selectOne($c); if (!$session) { throw new ProcessException('No valid session found.'); } /* Set IP strings. */ /* Assume that the previous ip was obtained using the SSL proto. If not, this controller should not be invoked at all. */ $session->setIpAddressSsl($session->getIpAddress()); $session->setIpAddress($runData->createIpString()); $session->save(); /* IMPORTANT: Also clear the session cache. */ $mc = OZONE::$memcache; $key = 'session..' . $session->getSessionId(); $mc->set($key, $session, 0, 600); /* If everything went well, redirect to the original URL. */ $url = $pl->getParameterValue('origUrl'); if (!$url) { $url = 'http://' . GlobalProperties::$URL_HOST; } //echo $url; header('HTTP/1.1 301 Moved Permanently'); header("Location: {$url}"); }
/** * * Renders a token into text matching the requested format. * * @access public * * @param array $options The "options" portion of the token (second * element). * * @return string The text rendered from the token options. * */ function token($options) { $content = $options['content']; $hashcode = md5($content); $runData = Ozone::getRunData(); $site = $runData->getTemp('site'); $dir = $site->getLocalFilesPath() . '/math/inline'; if (!file_exists($dir)) { mkdirfull($dir); } $tmpDir = WIKIDOT_ROOT . '/tmp/math'; if (!file_exists($tmpDir)) { mkdirfull($tmpDir); } $imgFile = $hashcode . '.png'; if (!file_exists($dir . '/' . $imgFile)) { $renderer = new LatexRenderer(); $renderer->setTmpDir($tmpDir); $renderer->setOutputDir($dir); $renderer->setDensity(110); $content2 = '$' . $content . '$'; $renderer->render($content2, $hashcode); } if (!file_exists($dir . '/' . $imgFile)) { return '<span class="error-inline">' . _('The equation has not been processed correctly. Most prabably it has syntax error(s).') . ' </span>'; } $out = '<img class="math-inline" src="/local--math/inline/' . $imgFile . '" alt="' . htmlentities($content) . '" />'; return $out; $content = $options['content']; $hashcode = md5($content); $runData = Ozone::getRunData(); $site = $runData->getTemp('site'); $dir = $site->getLocalFilesPath() . '/math/inline'; if (!file_exists($dir)) { mkdirfull($dir); } $imgFile = $hashcode . '.png'; $imgFile = $hashcode . '.png'; $out = '<img src="http://' . $site->getDomain() . '/local--math/inline/' . $imgFile . '" alt="' . htmlentities($content) . '" />'; return $out; }
/** * * Renders a token into text matching the requested format. * * @access public * * @param array $options The "options" portion of the token (second * element). * * @return string The text rendered from the token options. * */ function token($options) { $content = $options['content']; $type = $options['type']; $hashcode = md5($content . '..' . $type); $runData = Ozone::getRunData(); $site = $runData->getTemp('site'); $dir = $site->getLocalFilesPath() . '/math/eqs'; if (!file_exists($dir)) { mkdirfull($dir); } $tmpDir = WIKIDOT_ROOT . '/tmp/math'; if (!file_exists($tmpDir)) { mkdirfull($tmpDir); } $imgFile = $hashcode . '.png'; if (!file_exists($dir . '/' . $imgFile)) { $renderer = new LatexRenderer(); $renderer->setTmpDir($tmpDir); $renderer->setOutputDir($dir); if ($type == 'eqnarray') { $content2 = "\\begin{eqnarray*}\n" . $content . "\n\\end{eqnarray*}"; } else { $content2 = "\\begin{equation*}\n" . $content . "\n\\end{equation}"; } $renderer->render($content2, $hashcode); } if (!file_exists($dir . '/' . $imgFile)) { return '<div class="error-block">' . _('The equation has not been processed correctly. Most prabably it has syntax error(s).') . '</div>'; } $label = $options['label']; $idPrefix = $this->getConf("id_prefix"); $idString = ' id="equation-' . $idPrefix . $options['id'] . '" '; $equationNumberLabel = '<span class="equation-number">(' . $options['id'] . ')</span>'; $out = '<div class="math-equation"' . $idString . '><img src="/local--math/eqs/' . $imgFile . '" alt="' . htmlentities($content) . '" /></div>'; return $equationNumberLabel . $out; }
private function handleNotifications($runData) { // check not earlier than 2 minutes after the previous check $user = $runData->getUser(); if ($user == null) { return; } // get last check date $lastCheck = $_COOKIE['lastncheck']; if ($lastCheck !== null && is_numeric($lastCheck) && time() - $lastCheck < 120) { return; } $cookieResult = setcookie('lastncheck', time(), time() + 10000000, "/", GlobalProperties::$SESSION_COOKIE_DOMAIN); // ok. go get the notifications now. $c = new Criteria(); $c->add("user_id", $user->getUserId()); $c->add("notify_online", true); $c->addOrderDescending("notification_id"); $nots = DB_NotificationPeer::instance()->select($c); if (count($nots) == 0) { return; } if (count($nots) > 0) { $q = "UPDATE notification SET notify_online=FALSE, notify_email=FALSE " . "WHERE user_id='" . $user->getUserId() . "' AND " . "notify_online = TRUE"; $db = Database::connection(); $db->query($q); } $nots2 = array(); foreach ($nots as &$not) { if ($not->getType() == "new_private_message") { // check if the message is read or still new $extra = $not->getExtra(); $pm = DB_PrivateMessagePeer::instance()->selectByPrimaryKey($extra['message_id']); if ($pm && $pm->getFlagNew()) { $body = $not->getBody(); $body = preg_replace('/<br\\/>Preview.*$/sm', '', $body); $body = preg_replace(';You have.*?<br/>;sm', '', $body); $not->setBody($body); $nots2[] = $not; } } else { $nots2[] = $not; } } if (count($nots2) == 0) { return; } $lang = $user->getLanguage(); switch ($lang) { case 'pl': $glang = "pl_PL"; $wp = "pl"; break; case 'en': $glang = "en_US"; $wp = "www"; break; } $runData->setLanguage($lang); putenv("LANG={$glang}"); putenv("LANGUAGE={$glang}"); setlocale(LC_ALL, $glang . '.UTF-8'); // get Smarty and render a dialog $smarty = Ozone::getSmartyPlain(); $dialogTemplateFile = PathManager::screenTemplate("NotificationDialog"); $count = count($nots2); if ($count > 3) { $nots2 = array_slice($nots2, 0, 3); $smarty->assign("more", $count - 3); } $smarty->assign("count", $count); $smarty->assign("notifications", $nots2); $out = $smarty->fetch($dialogTemplateFile); $this->vars['notificationsDialog'] = $out; $lang = $GLOBALS['lang']; switch ($lang) { case 'pl': $glang = "pl_PL"; break; case 'en': $glang = "en_US"; break; } $runData->setLanguage($lang); putenv("LANG={$glang}"); putenv("LANGUAGE={$glang}"); setlocale(LC_ALL, $glang . '.UTF-8'); }
/** * This method renders the page. * */ public function render($runData) { ## render! if ($runData->getScreenTemplate() == null || $runData->getPage()->getLayout() == null) { return null; } $smarty = Ozone::getSmarty(); $templateFile = PathManager::screenTemplate($runData->getScreenTemplate()); ////////// $updateLayoutContentLater = false; $mainContent = null; if (!file_exists($templateFile)) { // some error please! $runData->setScreenTemplate("DefaultError"); $runData->addErrorMessage("Taka strona nie istnieje."); $templateFile = PathManager::screenTemplate($runData->getScreenTemplate()); } else { // process the cache!!! $cacheSettings = $this->getScreenCacheSettings(); if ($runData->getRequestMethod() == "GET" && $runData->getAction() == null && $cacheSettings != null && $cacheSettings->isScreenCacheable($runData)) { $content = ScreenCacheManager::instance()->cachedScreen($runData, $this->getScreenCacheSettings()); if ($content != null && $content != "") { $mainContent = $content; } else { $updateScreenContentLater = true; // run user's method "build" $this->build($runData); } // cache end!!! (for now...) } else { // run user's method "build" $this->build($runData); } } // repeat in case sceen template has changed... $templateFile = PathManager::screenTemplate($runData->getScreenTemplate()); // put context into context $context = $runData->getContext(); if ($context !== null) { foreach ($context as $key => $value) { $smarty->assign($key, $value); } } $page = $runData->getPage(); $smarty->assign("page", $page); // put errorMessages and messages into the smarty's context as well. $dataMessages = $runData->getMessages(); $dataErrorMessages = $runData->getErrorMessages(); if (count($dataMessages) > 0) { $smarty->assign('data_messages', $dataMessages); } if (count($dataErrorMessages) > 0) { $smarty->assign('data_errorMessages', $dataErrorMessages); } if ($mainContent == null) { $mainContent = $smarty->fetch($templateFile); } if ($updateScreenContentLater) { // update the cached content in the database ScreenCacheManager::instance()->updateCachedScreen($runData, $mainContent); } $layoutFile = PathManager::layoutTemplate($page->getLayout()); $smarty->assign("screen_placeholder", $mainContent); $page->setStyleSelector(1); $out = $smarty->fetch($layoutFile); return $out; }
public function process() { global $timeStart; // initialize logging service $logger = OzoneLogger::instance(); $loggerFileOutput = new OzoneLoggerFileOutput(); $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log"); $logger->addLoggerOutput($loggerFileOutput); $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL); $logger->debug("request processing started, logger initialized"); Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); $logger->debug("RunData object created and initialized"); // check if site (wiki) exists! $siteHost = $_SERVER["HTTP_HOST"]; $memcache = Ozone::$memcache; if (preg_match("/^([a-zA-Z0-9\\-]+)\\." . GlobalProperties::$URL_DOMAIN_PREG . "\$/", $siteHost, $matches) == 1) { $siteUnixName = $matches[1]; // select site based on the unix name // check memcached first! // the memcache block is to avoid database connection if possible $mcKey = 'site..' . $siteUnixName; $site = $memcache->get($mcKey); if ($site == false) { $c = new Criteria(); $c->add("unix_name", $siteUnixName); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); $memcache->set($mcKey, $site, 0, 3600); } } else { // select site based on the custom domain $mcKey = 'site_cd..' . $siteHost; $site = $memcache->get($mcKey); if ($site == false) { $c = new Criteria(); $c->add("custom_domain", $siteHost); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); $memcache->set($mcKey, $site, 0, 3600); } GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $siteHost; } if ($site == null) { $runData->setScreenTemplate("wiki/SiteNotFound"); exit(1); } else { $runData->setTemp("site", $site); //nasty global thing... $GLOBALS['siteId'] = $site->getSiteId(); $GLOBALS['site'] = $site; } // set language $runData->setLanguage($site->getLanguage()); $GLOBALS['lang'] = $site->getLanguage(); // and for gettext too: $lang = $site->getLanguage(); switch ($lang) { case 'pl': $glang = "pl_PL"; break; case 'en': $glang = "en_US"; break; } putenv("LANG={$glang}"); putenv("LANGUAGE={$glang}"); setlocale(LC_ALL, $glang . '.UTF-8'); // Set the text domain as 'messages' $gdomain = 'messages'; bindtextdomain($gdomain, WIKIDOT_ROOT . '/locale'); textdomain($gdomain); $settings = $site->getSettings(); // handle SSL $sslMode = $settings->getSslMode(); if ($_SERVER['HTTPS']) { if (!$sslMode) { // not enabled, issue an errorr throw new ProcessException(_("Secure access is not enabled for this Wiki.")); } elseif ($sslMode == "ssl_only_paranoid") { // use secure authentication cookie // i.e. change authentication scheme GlobalProperties::$SESSION_COOKIE_NAME = "WIKIDOT_SESSION_SECURE_ID"; GlobalProperties::$SESSION_COOKIE_SECURE = true; } } else { // page accessed via http (nonsecure) switch ($sslMode) { case 'ssl': //enabled, but nonsecure allowed too. break; case 'ssl_only_paranoid': case 'ssl_only': throw new ProcessException(_("Nonsecure access is not enabled for this Wiki.")); break; } } // handle session at the begging of procession $runData->handleSessionStart(); $template = $runData->getScreenTemplate(); $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); // screen security check if (!$screen->isAllowed($runData)) { if ($classFile == $runData->getScreenClassPath()) { $runData->setScreenTemplate("errors/NotAllowed"); } else { // $screen->isAllowed() should set the error template!!! if not - // default NotAllowed is used // reload the class again - we do not want the unsecure screen to render! $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); $runData->setAction(null); } } // PROCESS ACTION $actionClass = $runData->getAction(); $logger->debug("processing action {$actionClass}"); while ($actionClass != null) { require_once PathManager::actionClass($actionClass); $tmpa1 = explode('/', $actionClass); $actionClassStripped = end($tmpa1); $action = new $actionClassStripped(); $classFile = $runData->getScreenClassPath(); if (!$action->isAllowed($runData)) { if ($classFile == $runData->getScreenClassPath()) { $runData->setScreenTemplate("errors/NotAllowed"); } // $action->isAllowed() should set the error template!!! if not - // default NotAllowed is used break; } $actionEvent = $runData->getActionEvent(); if ($actionEvent != null) { $action->{$actionEvent}($runData); $logger->debug("processing action: {$actionClass}, event: {$actionEvent}"); } else { $logger->debug("processing action: {$actionClass}"); $action->perform($runData); } // this is in case action changes the action name so that // the next action can be executed. if ($runData->getNextAction() != null) { $actionClass = $runData->getNextAction(); $runData->setAction($actionClass); $runData->setActionEvent($runData->getNextActionEvent()); } else { $actionClass = null; } } // end action process // check if template has been changed by the action. if so... if ($template != $runData->getScreenTemplate) { $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); } $rendered = $screen->render($runData); if ($rendered != null) { $moduleProcessor = new ModuleProcessor($runData); $moduleProcessor->setJavascriptInline(true); // embed associated javascript files in <script> tags $moduleProcessor->setCssInline(true); $rendered = $moduleProcessor->process($rendered); } $runData->handleSessionEnd(); // one more thing - some url will need to be rewritten if using HTTPS if ($_SERVER['HTTPS']) { // ? // scripts $rendered = preg_replace(';<script(.*?)src="http://' . GlobalProperties::$URL_HOST_PREG . '(.*?)</script>;s', '<script\\1src="https://' . GlobalProperties::$URL_HOST . '\\2</script>', $rendered); $rendered = preg_replace(';<link(.*?)href="http://' . GlobalProperties::$URL_HOST_PREG . '(.*?)/>;s', '<link\\1href="https://' . GlobalProperties::$URL_HOST . '\\2/>', $rendered); $rendered = preg_replace(';(<img\\s+.*?src=")http(://' . GlobalProperties::$URL_HOST_PREG . '(.*?)/>);s', '\\1https\\2', $rendered); do { $renderedOld = $rendered; $rendered = preg_replace(';(<style\\s+[^>]*>.*?@import url\\()http(://' . GlobalProperties::$URL_HOST_PREG . '.*?</style>);si', '\\1https\\2', $rendered); } while ($renderedOld != $rendered); } echo $rendered; }
public function load($macroSet) { $smarty = Ozone::getSmarty(); $smarty->fetch($this->macroPath . $macroSet . '.tpl'); // should we load it for the plain smarty too? }
public static function setRunData($runData) { self::$runData = $runData; }
public function process() { Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); $siteHost = $_SERVER['HTTP_HOST']; $site = $this->siteFromHost($siteHost, false, true); if (!$site) { $this->siteNotExists(); return; } if ($site->getSettings()->getSslMode() == "ssl_only" && !$_SERVER['HTTPS']) { header("HTTP/1.1 301 Moved Permanently"); header("Location: https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"); return; } $file = urldecode($_SERVER['QUERY_STRING']); $file = preg_replace("/\\?[0-9]+\$/", "", $file); $file = preg_replace("|^/*|", "", $file); if (!$file) { $this->fileNotExists(); return; } $path = $this->buildPath($site, $file); if ($this->isUploadDomain($siteHost) || !GlobalProperties::$USE_UPLOAD_DOMAIN) { if ($this->publicArea($site, $file)) { if ($this->isCodeRequest($file)) { $this->serveCode($site, $file, GlobalProperties::$CACHE_FILES_FOR, GlobalProperties::$RESTRICT_HTML); } else { $this->serveFileWithMime($path, GlobalProperties::$CACHE_FILES_FOR, GlobalProperties::$RESTRICT_HTML); } return; } else { /* NON PUBLIC AREA -- CHECK PERMISSION! */ $runData->handleSessionStart(); $user = $runData->getUser(); if ($this->userAllowed($user, $site, $file)) { if ($this->isCodeRequest($file)) { $this->serveCode($site, $file, -3600); } elseif ($this->isAuthRequest($file)) { $this->serveAuthResponse($file); } else { $this->serveFileWithMime($path, -3600, GlobalProperties::$RESTRICT_HTML); } return; } else { $url = $this->buildURL($site, GlobalProperties::$URL_DOMAIN, $file); $this->redirect($url); return; } } } else { /* NOT UPLOAD DOMAIN, so it's *.wikidot.com or a custom domain */ if ($this->publicArea($site, $file)) { $url = $this->buildURL($site, GlobalProperties::$URL_UPLOAD_DOMAIN, $file); $this->redirect($url); return; } else { $runData->handleSessionStart(); $user = $runData->getUser(); if ($this->userAllowed($user, $site, $file)) { $siteFilesDomain = $site->getUnixName() . "." . GlobalProperties::$URL_UPLOAD_DOMAIN; $skey = $runData->generateSessionDomainHash($siteFilesDomain); $user_id = $user->getUserId(); $file_url = $this->buildURL($site, GlobalProperties::$URL_UPLOAD_DOMAIN, $file); $url = $siteFilesDomain . CustomDomainLoginFlowController::$controllerUrl; $this->redirect($url, array("user_id" => $user_id, "skey" => $skey, "url" => $file_url), true); return; } } } $this->forbidden(); }
public function process() { // initialize logging service $logger = OzoneLogger::instance(); $loggerFileOutput = new OzoneLoggerFileOutput(); $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log"); $logger->addLoggerOutput($loggerFileOutput); $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL); $logger->debug("Feed request processing started, logger initialized"); Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); $logger->debug("RunData object created and initialized"); // check if site (wiki) exists! $siteHost = $_SERVER["HTTP_HOST"]; $memcache = Ozone::$memcache; if (preg_match("/^([a-zA-Z0-9\\-]+)\\." . GlobalProperties::$URL_DOMAIN . "\$/", $siteHost, $matches) == 1) { $siteUnixName = $matches[1]; // select site based on the unix name // check memcached first! // the memcache block is to avoid database connection if possible $mcKey = 'site..' . $siteUnixName; $site = $memcache->get($mcKey); if ($site == false) { $c = new Criteria(); $c->add("unix_name", $siteUnixName); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); $memcache->set($mcKey, $site, 0, 3600); } } else { // select site based on the custom domain $mcKey = 'site_cd..' . $siteHost; $site = $memcache->get($mcKey); if ($site == false) { $c = new Criteria(); $c->add("custom_domain", $siteHost); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); $memcache->set($mcKey, $site, 0, 3600); } GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $siteHost; } if ($site == null) { $content = file_get_contents(WIKIDOT_ROOT . "/files/site_not_exists.html"); echo $content; return $content; } $runData->setTemp("site", $site); //nasty global thing... $GLOBALS['siteId'] = $site->getSiteId(); $GLOBALS['site'] = $site; // set language $lang = $site->getLanguage(); $runData->setLanguage($lang); $GLOBALS['lang'] = $lang; // and for gettext too: switch ($lang) { case 'pl': $glang = "pl_PL"; break; case 'en': $glang = "en_US"; break; } putenv("LANG={$glang}"); putenv("LANGUAGE={$glang}"); setlocale(LC_ALL, $glang . '.UTF-8'); $settings = $site->getSettings(); // handle SSL $sslMode = $settings->getSslMode(); if ($_SERVER['HTTPS']) { if (!$sslMode) { // not enabled, redirect to http: echo _("Secure access is not enabled for this Wiki."); exit; } } $template = $runData->getScreenTemplate(); $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); // check if requires authentication if ($screen->getRequiresAuthentication() || $site->getPrivate()) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $user = null; if ($username !== null && $password !== null) { $user = SecurityManager::getUserByName($username); if ($user) { $upass = md5("feed_hashed_password_" . $user->getPassword()); $upass = substr($upass, 0, 15); if ($upass !== $password) { $user = null; } } } if ($site->getPrivate()) { if ($user && !$user->getSuperAdmin() && !$user->getSuperModerator()) { // check if member $c = new Criteria(); $c->add("site_id", $site->getSiteId()); $c->add("user_id", $user->getUserId()); $mem = DB_MemberPeer::instance()->selectOne($c); if (!$mem) { // check if a viewer $c = new Criteria(); $c->add("site_id", $site->getSiteId()); $c->add("user_id", $user->getUserId()); $vi = DB_SiteViewerPeer::instance()->selectOne($c); if (!$vi) { $user = null; } } } } if ($user == null) { header('WWW-Authenticate: Basic realm="Private"'); header('HTTP/1.0 401 Unauthorized'); header('Content-type: text/plain; charset=utf-8'); echo _("This is a private feed. User authentication required via Basic HTTP Authentication. You can not access it. Please go to 'Account settings' -> 'Notifications' to get the password if you believe you should be allowed."); exit; } $runData->setTemp("user", $user); } $logger->debug("OZONE initialized"); $logger->info("Ozone engines successfully initialized"); $rendered = $screen->render($runData); echo str_replace("%%%CURRENT_TIMESTAMP%%%", time(), $rendered); return $rendered; }
public function process() { global $timeStart; // initialize logging service $logger = OzoneLogger::instance(); $loggerFileOutput = new OzoneLoggerFileOutput(); $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log"); $logger->addLoggerOutput($loggerFileOutput); $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL); $logger->debug("AJAX module request processing started, logger initialized"); Ozone::init(); $runData = new RunData(); /* processing an AJAX request! */ $runData->setAjaxMode(true); $runData->init(); // extra return array - just for ajax handling $runData->ajaxResponseAdd("status", "ok"); Ozone::setRunData($runData); $logger->debug("RunData object created and initialized"); try { // check security token if ($_COOKIE['wikidot_token7'] == null || $_COOKIE['wikidot_token7'] !== $runData->getParameterList()->getParameterValue('wikidot_token7', 'AMODULE')) { throw new ProcessException("no", "wrong_token7"); } //remove token from parameter list!!! $runData->getParameterList()->delParameter('wikidot_token7'); $callbackIndex = $runData->getParameterList()->getParameterValue('callbackIndex'); $runData->getParameterList()->delParameter('callbackIndex'); // check if site (wiki) exists! $siteHost = $_SERVER["HTTP_HOST"]; $memcache = Ozone::$memcache; if (preg_match("/^([a-zA-Z0-9\\-]+)\\." . GlobalProperties::$URL_DOMAIN_PREG . "\$/", $siteHost, $matches) == 1) { $siteUnixName = $matches[1]; // select site based on the unix name // check memcached first! // the memcache block is to avoid database connection if possible $mcKey = 'site..' . $siteUnixName; $site = $memcache->get($mcKey); if ($site == false) { $c = new Criteria(); $c->add("unix_name", $siteUnixName); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); $memcache->set($mcKey, $site, 0, 3600); } } else { // select site based on the custom domain $mcKey = 'site_cd..' . $siteHost; $site = $memcache->get($mcKey); if ($site == false) { $c = new Criteria(); $c->add("custom_domain", $siteHost); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); $memcache->set($mcKey, $site, 0, 3600); } GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $siteHost; } if (!$site) { throw new ProcessException(_('The requested site does not exist.')); } $runData->setTemp("site", $site); //nasty global thing... $GLOBALS['siteId'] = $site->getSiteId(); $GLOBALS['site'] = $site; // set language $runData->setLanguage($site->getLanguage()); $GLOBALS['lang'] = $site->getLanguage(); // and for gettext too: $lang = $site->getLanguage(); switch ($lang) { case 'pl': $glang = "pl_PL"; break; case 'en': $glang = "en_US"; break; } putenv("LANG={$glang}"); putenv("LANGUAGE={$glang}"); setlocale(LC_ALL, $glang . '.UTF-8'); // Set the text domain as 'messages' $gdomain = 'messages'; bindtextdomain($gdomain, WIKIDOT_ROOT . '/locale'); textdomain($gdomain); $settings = $site->getSettings(); // handle SSL $sslMode = $settings->getSslMode(); if ($_SERVER['HTTPS']) { if (!$sslMode) { // not enabled, issue an errorr throw new ProcessException(_("Secure access is not enabled for this Wiki.")); } elseif ($sslMode == "ssl_only_paranoid") { // use secure authentication cookie // i.e. change authentication scheme GlobalProperties::$SESSION_COOKIE_NAME = "WIKIDOT_SESSION_SECURE_ID"; GlobalProperties::$SESSION_COOKIE_SECURE = true; } } else { // page accessed via http (nonsecure) switch ($sslMode) { case 'ssl': //enabled, but nonsecure allowed too. break; case 'ssl_only_paranoid': case 'ssl_only': throw new ProcessException(_("Nonsecure access is not enabled for this Wiki.")); break; } } // handle session at the begging of procession $runData->handleSessionStart(); // PRIVATE SITES: check if the site is private and if the user is its member if ($site->getPrivate()) { // check if not allow anyway $template = $runData->getModuleTemplate(); $actionClass = $runData->getAction(); $proceed = in_array($actionClass, array('', 'LoginAction', 'MembershipApplyAction', 'CreateAccountAction', 'PasswordRecoveryAction')) && ($template == '' || $template == 'Empty' || preg_match(';^createaccount/;', $template) || preg_match(';^login/;', $template) || preg_match(';^membership/;', $template) || preg_match(';^passwordrecovery/;', $template)); if (!$proceed) { $user = $runData->getUser(); if ($user && !$user->getSuperAdmin() && !$user->getSuperModerator()) { // check if member $c = new Criteria(); $c->add("site_id", $site->getSiteId()); $c->add("user_id", $user->getUserId()); $mem = DB_MemberPeer::instance()->selectOne($c); if (!$mem) { // check if a viewer $c = new Criteria(); $c->add("site_id", $site->getSiteId()); $c->add("user_id", $user->getUserId()); $vi = DB_SiteViewerPeer::instance()->selectOne($c); if (!$vi) { $user = null; } } } if ($user == null) { throw new ProcessException(_('This Site is private and accessible only to its members.')); } } } $template = $runData->getModuleTemplate(); $classFile = $runData->getModuleClassPath(); $className = $runData->getModuleClassName(); $logger->debug("processing template: " . $runData->getModuleTemplate() . ", class: {$className}"); require_once $classFile; $module = new $className(); // module security check if (!$module->isAllowed($runData)) { throw new WDPermissionException(_("Not allowed.")); } Ozone::initSmarty(); $logger->debug("OZONE initialized"); $logger->info("Ozone engines successfully initialized"); // PROCESS ACTION $actionClass = $runData->getAction(); $logger->debug("processing action {$actionClass}"); $runData->setTemp("jsInclude", array()); $runData->setTemp("cssInclude", array()); if ($actionClass) { require_once PathManager::actionClass($actionClass); $tmpa1 = explode('/', $actionClass); $actionClassStripped = end($tmpa1); $action = new $actionClassStripped(); $classFile = $runData->getModuleClassPath(); if (!$action->isAllowed($runData)) { throw new WDPermissionException("Not allowed."); } $actionEvent = $runData->getActionEvent(); /*try{*/ if ($actionEvent != null) { $action->{$actionEvent}($runData); $logger->debug("processing action: {$actionClass}, event: {$actionEvent}"); } else { $logger->debug("processing action: {$actionClass}"); $action->perform($runData); } } // end action process // check if template has been changed by the module. if so... if ($template != $runData->getModuleTemplate()) { $classFile = $runData->getModuleClassPath(); $className = $runData->getModuleClassName(); $logger->debug("processing template: " . $runData->getModuleTemplate() . ", class: {$className}"); require_once $classFile; $module = new $className(); } $module->setTemplate($template); $rendered = $module->render($runData); $jsInclude = $runData->getTemp("jsInclude"); $jsInclude = array_merge($jsInclude, $module->getExtraJs()); $runData->setTemp("jsInclude", $jsInclude); $cssInclude = $runData->getTemp("cssInclude"); $cssInclude = array_merge($cssInclude, $module->getExtraCss()); $runData->setTemp("cssInclude", $cssInclude); } catch (ProcessException $e) { $db = Database::connection(); $db->rollback(); $runData->ajaxResponseAdd("message", $e->getMessage()); $runData->ajaxResponseAdd("status", $e->getStatus()); $runData->setModuleTemplate(null); $template = null; } catch (WDPermissionException $e) { $db = Database::connection(); $db->rollback(); $runData->ajaxResponseAdd("message", $e->getMessage()); $runData->ajaxResponseAdd("status", "no_permission"); $runData->setModuleTemplate(null); $template = null; } catch (Exception $e) { $db = Database::connection(); $db->rollback(); $runData->ajaxResponseAdd("message", _("An error occured while processing the request.") . ' ' . $e->getMessage()); $runData->ajaxResponseAdd("status", "not_ok"); $runData->setModuleTemplate(null); $template = null; // LOG ERROR TOO!!! $logger = OzoneLogger::instance(); $logger->error("Exception caught while processing ajax module:\n\n" . $e->__toString()); } $rVars = $runData->getAjaxResponse(); if ($rendered != null) { // process modules... $moduleProcessor = new ModuleProcessor($runData); $out = $moduleProcessor->process($rendered); $rVars['body'] = $out; // check the javascript files for inclusion } if ($template != null && $template != "Empty") { $jsInclude = $runData->getTemp("jsInclude"); if ($module->getIncludeDefaultJs()) { $file = WIKIDOT_ROOT . '/' . GlobalProperties::$MODULES_JS_PATH . '/' . $template . '.js'; if (file_exists($file)) { $url = GlobalProperties::$MODULES_JS_URL . '/' . $template . '.js'; $incl = $url; $jsInclude[] = $incl; } } $rVars['jsInclude'] = $jsInclude; $cssInclude = $runData->getTemp("cssInclude"); if ($module->getIncludeDefaultCss()) { $file = WIKIDOT_ROOT . '/' . GlobalProperties::$MODULES_CSS_PATH . '/' . $template . '.css'; if (file_exists($file)) { $url = GlobalProperties::$MODULES_CSS_URL . '/' . $template . '.css'; $incl = $url; $cssInclude[] = $incl; } } $rVars['cssInclude'] = $cssInclude; } // specify (copy) jscallback. ugly, right? ;-) $rVars['callbackIndex'] = $callbackIndex; $json = new JSONService(); $out = $json->encode($rVars); $runData->handleSessionEnd(); echo $out; }
public function render($runData) { try { // get site $site = $runData->getTemp("site"); $runData->contextAdd("site", $site); $pl = $runData->getParameterList(); $wikiPage = $pl->getParameterValue("wiki_page"); if ($site->getPrivate()) { $user = $runData->getUser(); if ($user && !$user->getSuperAdmin() && !$user->getSuperModerator()) { // check if member $c = new Criteria(); $c->add("site_id", $site->getSiteId()); $c->add("user_id", $user->getUserId()); $mem = DB_MemberPeer::instance()->selectOne($c); if (!$mem) { // check if a viewer $c = new Criteria(); $c->add("site_id", $site->getSiteId()); $c->add("user_id", $user->getUserId()); $vi = DB_SiteViewerPeer::instance()->selectOne($c); if (!$vi) { $user = null; } } } if ($user == null) { throw new ProcessException("This is a private wiki. Access is limited to selected users."); } } $wikiPage = WDStringUtils::toUnixName($wikiPage); $runData->setTemp("pageUnixName", $wikiPage); if ($wikiPage === "") { $wikiPage = $site->getDefaultPage(); } $runData->contextAdd("wikiPageName", $wikiPage); // get wiki page from the database $page = DB_PagePeer::instance()->selectByName($site->getSiteId(), $wikiPage); if ($page == null) { throw new ProcessException("No such page"); } else { // page exists!!! wooo!!! $runData->setTemp("page", $page); $GLOBALS['page'] = $page; $compiled = $page->getCompiled(); $runData->contextAdd("wikiPage", $page); $runData->contextAdd("screen_placeholder", $compiled->getText()); $category = $page->getCategory(); $runData->setTemp("category", $category); } $runData->contextAdd("category", $category); // GET THEME for the category $theme = $category->getTheme(); $runData->contextAdd("theme", $theme); // GET LICENSE for the category $licenseText = $category->getLicenseText(); $runData->contextAdd("licenseText", $licenseText); $smarty = Ozone::getSmarty(); // put context into context $context = $runData->getContext(); if ($context !== null) { foreach ($context as $key => $value) { $smarty->assign($key, $value); } } $layoutFile = PathManager::layoutTemplate("PrintLayout"); $out = $smarty->fetch($layoutFile); return $out; } catch (Exception $e) { $out = $e->getMessage(); return $out; } }
function wikiPageExists($pageName) { if ($GLOBALS['site'] == null) { $runData = Ozone::getRunData(); $siteId = $runData->getTemp("site")->getSiteId(); } else { $siteId = $GLOBALS['site']->getSiteId(); } $q = "SELECT page_id FROM page WHERE unix_name='" . db_escape_string($pageName) . "' AND site_id='" . db_escape_string($siteId) . "' LIMIT 1"; $db = Database::connection(); $r = $db->query($q); if ($row = $r->nextRow()) { return $row['page_id']; } else { return false; } }
public function process() { global $timeStart; // initialize logging service $logger = OzoneLogger::instance(); $loggerFileOutput = new OzoneLoggerFileOutput(); $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log"); $logger->addLoggerOutput($loggerFileOutput); $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL); $logger->debug("request processing started, logger initialized"); Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); $logger->debug("RunData object created and initialized"); // handle session at the begging of procession $runData->handleSessionStart(); $template = $runData->getScreenTemplate(); $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); // screen security check if (!$screen->isAllowed($runData)) { if ($classFile == $runData->getScreenClassPath()) { $runData->setScreenTemplate("errors/NotAllowed"); } else { // $screen->isAllowed() should set the error template!!! if not - // default NotAllowed is used // reload the class again - we do not want the unsecure screen to render! $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); $runData->setAction(null); } } $logger->info("Ozone engines successfully initialized"); // caching of LAYOUT tasks should start here $cacheSettings = $screen->getScreenCacheSettings(); $updateLayoutContentLater = false; if ($runData->getRequestMethod() == "GET" && $runData->getAction() == null && $cacheSettings != null && $cacheSettings->isLayoutCacheable($runData)) { $content = ScreenCacheManager::instance()->cachedLayout($runData, $screen->getScreenCacheSettings()); if ($content != null && $content != "") { // process modules!!! // process modules... $moduleProcessor = new ModuleProcessor($runData); $out = $moduleProcessor->process($content); echo $out; $runData->handleSessionEnd(); return; } else { $updateLayoutContentLater = true; } } // PROCESS ACTION $actionClass = $runData->getAction(); $logger->debug("processing action {$actionClass}"); while ($actionClass != null) { require_once PathManager::actionClass($actionClass); $tmpa1 = explode('/', $actionClass); $actionClassStripped = end($tmpa1); $action = new $actionClassStripped(); $classFile = $runData->getScreenClassPath(); if (!$action->isAllowed($runData)) { if ($classFile == $runData->getScreenClassPath()) { $runData->setScreenTemplate("errors/NotAllowed"); } // $action->isAllowed() should set the error template!!! if not - // default NotAllowed is used break; } $actionEvent = $runData->getActionEvent(); if ($actionEvent != null) { $action->{$actionEvent}($runData); $logger->debug("processing action: {$actionClass}, event: {$actionEvent}"); } else { $logger->debug("processing action: {$actionClass}"); $action->perform($runData); } // this is in case action changes the action name so that // the next action can be executed. if ($runData->getNextAction() != null) { $actionClass = $runData->getNextAction(); $runData->setAction($actionClass); $runData->setActionEvent($runData->getNextActionEvent()); } else { $actionClass = null; } } // end action process // check if template has been changed by the action. if so... if ($template != $runData->getScreenTemplate) { $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); } $rendered = $screen->render($runData); if ($rendered != null) { // process modules... $moduleProcessor = new ModuleProcessor($runData); $out = $moduleProcessor->process($rendered); } if ($updateLayoutContentLater == true) { ScreenCacheManager::instance()->updateCachedLayout($runData, $rendered); } $runData->handleSessionEnd(); echo $out; }
public function process() { global $timeStart; // quick fix to prevent recursive RSS access by Wikidot itself. if (strpos($_SERVER['HTTP_USER_AGENT'], 'MagpieRSS') !== false) { exit; } // initialize logging service $logger = OzoneLogger::instance(); $loggerFileOutput = new OzoneLoggerFileOutput(); $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log"); $logger->addLoggerOutput($loggerFileOutput); $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL); $logger->debug("request processing started, logger initialized"); Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); $logger->debug("RunData object created and initialized"); // check if site (wiki) exists! $siteHost = $_SERVER["HTTP_HOST"]; $memcache = Ozone::$memcache; if (preg_match("/^([a-zA-Z0-9\\-]+)\\." . GlobalProperties::$URL_DOMAIN_PREG . "\$/", $siteHost, $matches) == 1) { $siteUnixName = $matches[1]; // select site based on the unix name // check memcached first! $mcKey = 'site..' . $siteUnixName; $site = $memcache->get($mcKey); if (!$site) { $c = new Criteria(); $c->add("unix_name", $siteUnixName); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); if ($site) { $memcache->set($mcKey, $site, 0, 864000); } } } else { // select site based on the custom domain $mcKey = 'site_cd..' . $siteHost; $site = $memcache->get($mcKey); if (!$site) { $c = new Criteria(); $c->add("custom_domain", $siteHost); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); if ($site) { $memcache->set($mcKey, $site, 0, 3600); } } if (!$site) { // check for redirects $c = new Criteria(); $q = "SELECT site.* FROM site, domain_redirect WHERE domain_redirect.url='" . db_escape_string($siteHost) . "' " . "AND site.deleted = false AND site.site_id = domain_redirect.site_id LIMIT 1"; $c->setExplicitQuery($q); $site = DB_SitePeer::instance()->selectOne($c); if ($site) { $newUrl = 'http://' . $site->getDomain() . $_SERVER['REQUEST_URI']; header("HTTP/1.1 301 Moved Permanently"); header("Location: " . $newUrl); exit; } } GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $siteHost; } if (!$site) { $content = file_get_contents(WIKIDOT_ROOT . "/files/site_not_exists.html"); echo $content; return $content; } $runData->setTemp("site", $site); //nasty global thing... $GLOBALS['siteId'] = $site->getSiteId(); $GLOBALS['site'] = $site; // set language $lang = $site->getLanguage(); $runData->setLanguage($lang); $GLOBALS['lang'] = $lang; // and for gettext too: switch ($lang) { case 'pl': $glang = "pl_PL"; break; case 'en': $glang = "en_US"; break; } putenv("LANG={$glang}"); putenv("LANGUAGE={$glang}"); setlocale(LC_ALL, $glang . '.UTF-8'); // Set the text domain as 'messages' $gdomain = 'messages'; bindtextdomain($gdomain, WIKIDOT_ROOT . '/locale'); textdomain($gdomain); $settings = $site->getSettings(); // handle SSL $sslMode = $settings->getSslMode(); if ($_SERVER['HTTPS']) { if (!$sslMode) { // not enabled, redirect to http: header("HTTP/1.1 301 Moved Permanently"); header("Location: " . 'http://' . $_SERVER["HTTP_HOST"] . $_SERVER['REQUEST_URI']); exit; } elseif ($sslMode == "ssl_only_paranoid") { // use secure authentication cookie // i.e. change authentication scheme GlobalProperties::$SESSION_COOKIE_NAME = "WIKIDOT_SESSION_SECURE_ID"; GlobalProperties::$SESSION_COOKIE_SECURE = true; } } else { // page accessed via http (nonsecure) switch ($sslMode) { case 'ssl': //enabled, but nonsecure allowed too. break; case 'ssl_only_paranoid': case 'ssl_only': header("HTTP/1.1 301 Moved Permanently"); header("Location: " . 'https://' . $_SERVER["HTTP_HOST"] . $_SERVER['REQUEST_URI']); exit; break; } } // handle session at the begging of procession $runData->handleSessionStart(); $template = $runData->getScreenTemplate(); $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); $logger->debug("OZONE initialized"); $logger->info("Ozone engines successfully initialized"); $rendered = $screen->render($runData); if ($rendered != null) { $runData->setTemp("jsInclude", array()); // process modules... $moduleProcessor = new ModuleProcessor($runData); //$moduleProcessor->setJavascriptInline(true); // embed associated javascript files in <script> tags $moduleProcessor->setCssInline(true); $rendered = $moduleProcessor->process($rendered); $jss = $runData->getTemp("jsInclude"); $jss = array_unique($jss); $incl = ''; foreach ($jss as $js) { $incl .= '<script type="text/javascript" src="' . $js . '"></script>'; } $rendered = preg_replace(';</head>;', $incl . '</head>', $rendered); } $runData->handleSessionEnd(); // one more thing - some url will need to be rewritten if using HTTPS if ($_SERVER['HTTPS']) { // ? // scripts $rendered = preg_replace(';<script(.*?)src="http://' . GlobalProperties::$URL_HOST_PREG . '(.*?)</script>;s', '<script\\1src="https://' . GlobalProperties::$URL_HOST . '\\2</script>', $rendered); $rendered = preg_replace(';<link(.*?)href="http://' . GlobalProperties::$URL_HOST_PREG . '(.*?)/>;s', '<link\\1href="https://' . GlobalProperties::$URL_HOST . '\\2/>', $rendered); $rendered = preg_replace(';(<img\\s+.*?src=")http(://' . GlobalProperties::$URL_HOST_PREG . '(.*?)/>);s', '\\1https\\2', $rendered); do { $renderedOld = $rendered; $rendered = preg_replace(';(<style\\s+[^>]*>.*?@import url\\()http(://' . GlobalProperties::$URL_HOST_PREG . '.*?</style>);si', '\\1https\\2', $rendered); } while ($renderedOld != $rendered); } if (GlobalProperties::$SEARCH_HIGHLIGHT) { $rendered = Wikidot_Search_Highlighter::highlightIfSuitable($rendered, $_SERVER["REQUEST_URI"], $_SERVER["HTTP_REFERER"]); } echo str_replace("%%%CURRENT_TIMESTAMP%%%", time(), $rendered); return $rendered; }
public function hasForumPermission($action, $user, $category, $thread = null, $post = null) { if ($user) { if (is_string($user) && is_numeric($user) || is_int($user)) { $user = DB_OzoneUserPeer::instance()->selectByPrimaryKey($user); } } if ($user && ($user->getSuperAdmin() || $user->getSuperModerator())) { return true; } $site = $GLOBALS['site']; // ugly. // ban by IP first. if ($this->checkIpBlocks) { $ips = Ozone::getRunData()->createIpString(); $blocks = $this->checkIpBlocked($ips, $site); if (count($blocks) > 0) { if ($this->throwExceptions) { throw new WDPermissionException(_("Sorry, your IP address is blocked from participating in and modifying this site.")); } else { return false; } } } if (strpos($action, "thread")) { $authorString = _("author of the thread"); } else { $authorString = _("author of the post"); } //action code $ac = self::$forumActions[$action]; //permission string $ps = $category->getPermissionString(); //throw new WDPermissionException($ps); // first try anonymous and registered to save effort $uc = self::$userClasses['anonymous']; if ($this->permissionLookup($ac, $uc, $ps)) { // ok, anyone can. // but check ip blocks. if ($this->checkUserBlocks && $user) { //if(!$user){ // $ips = Ozone::getRunData()->createIpString(); // // $blocks = $this->checkIpBlocked($ips, $site); // if(count($blocks)>0){ // // if($this->throwExceptions){ // throw new WDPermissionException(_("Sorry, your IP address is blocked from participating in and modifying this site.")); // }else{ // return false; // } // } //} //if($user){ $block = $this->checkUserBlocked($user, $site); if ($block) { if ($this->throwExceptions) { $message = _("Sorry, you are blocked from participating in and modifying this site. "); if ($block->getReason() && $block->getReason() != '') { $message .= _("The given reason is:") . " <p>" . htmlspecialchars($block->getReason()) . "</p>"; } throw new WDPermissionException($message); //throw new WDPermissionException("Sorry, you are blocked from participating in and modifying this site. " . // "The given reason is: \"".htmlspecialchars($block->getReason())."\""); } else { return false; } } //} } return true; } elseif (!$user) { // anonymous can not and the user is only anonymous. game over. // throw new WDPermissionException($ps); $m = $this->generateMessage($action, $uc, $ps, 'forum', array("o" => $authorString)); $this->handleFalse($m); return false; } // ok, check registered now $uc = self::$userClasses['registered']; if ($this->permissionLookup($ac, $uc, $ps)) { // check blocked users if ($this->checkUserBlocks) { $block = $this->checkUserBlocked($user, $site); if ($block) { if ($this->throwExceptions) { $message = _("Sorry, you are blocked from participating in and modifying this site. "); if ($block->getReason() && $block->getReason() != '') { $message .= _("The given reason is:") . " <p>" . htmlspecialchars($block->getReason()) . "</p>"; } throw new WDPermissionException($message); //throw new WDPermissionException("Sorry, you are blocked from participating in and modifying this site. " . // "The given reason is: \"".htmlspecialchars($block->getReason())."\""); } else { return false; } } } return true; } // ok, a "premium feature" or what... need to check members now... $uc = self::$userClasses['member']; if ($this->permissionLookup($ac, $uc, $ps)) { // ok, members CAN do this. is the user a member? $c = new Criteria(); $c->add("site_id", $category->getSiteId()); $c->add("user_id", $user->getUserId()); $rel = DB_MemberPeer::instance()->selectOne($c); if ($rel) { return true; } } /*// still nothing. check if owner of the page if($page && $page->getOwnerUserId() && $user->getUserId() == $page->getOwnerUserId()){ $uc = self::$userClasses['owner']; if($this->permissionLookup($ac, $uc, $ps)){ return true; } }*/ $uc = self::$userClasses['owner']; if (($post || $thread) && $this->permissionLookup($ac, $uc, $ps)) { $o = $post ? $post : $thread; if ($o && $o->getUserId() && $user->getUserId() == $o->getUserId()) { // check blocked users if ($this->checkUserBlocks) { $block = $this->checkUserBlocked($user, $site); if ($block) { if ($this->throwExceptions) { $message = _("Sorry, you are blocked from participating in and modifying this site. "); if ($block->getReason() && $block->getReason() != '') { $message .= _("The given reason is:") . " <p>" . htmlspecialchars($block->getReason()) . "</p>"; } throw new WDPermissionException($message); //throw new WDPermissionException("Sorry, you are blocked from participating in and modifying this site. " . // "The given reason is: \"".htmlspecialchars($block->getReason())."\""); } else { return false; } } } return true; } } // still nothing. check if moderator of "forum". $c = new Criteria(); $c->add("site_id", $category->getSiteId()); $c->add("user_id", $user->getUserId()); $rel = DB_ModeratorPeer::instance()->selectOne($c); if ($rel && strpos($rel->getPermissions(), 'f') !== false) { return true; } // still nothing. check if admin. $c = new Criteria(); $c->add("site_id", $category->getSiteId()); $c->add("user_id", $user->getUserId()); $rel = DB_AdminPeer::instance()->selectOne($c); if ($rel) { return true; } $m = $this->generateMessage($action, $uc, $ps, 'forum', array("o" => $authorString)); $this->handleFalse($m); return false; }
$npage->setMetadataId($nmeta->getMetadataId()); $npage->setTitle($title); $npage->setUnixName($unixName); $npage->setDateLastEdited($now); $npage->setDateCreated($now); $npage->setLastEditUserId(1); $npage->setOwnerUserId(1); $npage->save(); $nrev->setPageId($npage->getPageId()); $nrev->save(); $ncomp = new DB_PageCompiled(); $ncomp->setPageId($npage->getPageId()); $ncomp->setDateCompiled($now); $ncomp->save(); } Ozone::init(); $db = Database::connection(); $db->begin(); $od = new Outdater(); $od->recompileWholeSite(DB_SitePeer::instance()->selectByPrimaryKey(1)); $db->commit(); $db->begin(); $c = new Criteria(); $c->add("name", "auth"); $c->add("site_id", 1); if (DB_CategoryPeer::instance()->selectOne($c)) { die("The auth category already exists!\n\n"); } $ncat = DB_CategoryPeer::instance()->selectByPrimaryKey(1); $ncat->setNew(true); $ncat->setCategoryId(null);
* * @category Wikidot * @package Wikidot_Tools * @version $Id$ * @copyright Copyright (c) 2008, Wikidot Inc. (http://www.wikidot-inc.com) * @license http://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License */ chdir(dirname(__FILE__)); // unifies CLI/CGI cwd handling require '../php/setup.php'; // initialize things now $logger = OzoneLogger::instance(); $loggerFileOutput = new OzoneLoggerFileOutput(); $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/jobs.log"); $logger->addLoggerOutput($loggerFileOutput); $logger->setDebugLevel("debug"); $logger->debug("request processing started, logger initialized"); // initialize OZONE object too Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); // Set the text domain as 'messages' $gdomain = 'messages'; bindtextdomain($gdomain, WIKIDOT_ROOT . '/locale'); textdomain($gdomain); $jobName = $argv[1]; $classFile = WIKIDOT_ROOT . '/php/jobs/' . $jobName . '.php'; require_once $classFile; $job = new $jobName(); $job->run();
public function process() { global $timeStart; // initialize logging service $logger = OzoneLogger::instance(); $loggerFileOutput = new OzoneLoggerFileOutput(); $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log"); $logger->addLoggerOutput($loggerFileOutput); $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL); $logger->debug("AJAX module request processing started, logger initialized"); Ozone::init(); $runData = new RunData(); /* processing an AJAX request! */ $runData->setAjaxMode(true); $runData->init(); // extra return array - just for ajax handling $runData->ajaxResponseAdd("status", "OK"); Ozone::setRunData($runData); $logger->debug("RunData object created and initialized"); // handle session at the begging of procession $runData->handleSessionStart(); $template = $runData->getModuleTemplate(); $classFile = $runData->getModuleClassPath(); $className = $runData->getModuleClassName(); $logger->debug("processing template: " . $runData->getModuleTemplate() . ", class: {$className}"); require_once $classFile; $module = new $className(); // module security check if (!$module->isAllowed($runData)) { if ($classFile == $runData->getModuleClassPath()) { $runData->setModuleTemplate("errors/NotAllowed"); } else { // $module->isAllowed() should set the error template!!! if not - // default NotAllowed is used // reload the class again - we do not want the unsecure module to render! $classFile = $runData->getModuleClassPath(); $className = $runData->getModuleClassName(); $logger->debug("processing template: " . $runData->getModuleTemplate() . ", class: {$className}"); require_once $classFile; $module = new $className(); $runData->setAction(null); } } Ozone::initSmarty(); $logger->debug("OZONE initialized"); Ozone::initServices(); $logger->debug("Smarty template services loaded"); Ozone::parseMacros(); $logger->debug("Smarty macros parsed"); Ozone::updateSmartyPlain(); $logger->debug("plain version of Smarty created"); $logger->info("Ozone engines successfully initialized"); // PROCESS ACTION $actionClass = $runData->getAction(); $logger->debug("processing action {$actionClass}"); while ($actionClass != null) { require_once PathManager::actionClass($actionClass); $tmpa1 = explode('/', $actionClass); $actionClassStripped = end($tmpa1); $action = new $actionClassStripped(); // action security check $classFile = $runData->getModuleClassPath(); if (!$action->isAllowed($runData)) { if ($classFile == $runData->getModuleClassPath()) { $runData->setModuleTemplate("errors/NotAllowed"); } // $action->isAllowed() should set the error template!!! if not - // default NotAllowed is used break; } $actionEvent = $runData->getActionEvent(); if ($actionEvent != null) { $action->{$actionEvent}($runData); $logger->debug("processing action: {$actionClass}, event: {$actionEvent}"); } else { $logger->debug("processing action: {$actionClass}"); $action->perform($runData); } // this is in case action changes the action name so that // the next action can be executed. if ($runData->getNextAction() != null) { $actionClass = $runData->getNextAction(); $runData->setAction($actionClass); $runData->setActionEvent($runData->getNextActionEvent()); } else { $actionClass = null; } } // end action process // check if template has been changed by the module. if so... if ($template != $runData->getModuleTemplate) { $classFile = $runData->getModuleClassPath(); $className = $runData->getModuleClassName(); $logger->debug("processing template: " . $runData->getModuleTemplate() . ", class: {$className}"); require_once $classFile; $module = new $className(); } $module->setTemplate($template); $rendered = $module->render($runData); $rVars = $runData->getAjaxResponse(); if ($rendered != null) { // process modules... $moduleProcessor = new ModuleProcessor($runData); $out = $moduleProcessor->process($rendered); $rVars['body'] = $out; } $json = new JSONService(); $out = $json->encode($rVars); echo $out; $runData->handleSessionEnd(); }
public function render($navigationTemplate) { $smarty = Ozone::getSmarty(); return $smarty->fetch($this->navPath . $navigationTemplate . '.tpl'); }