public function xss_in_merged_url_test()
{
Router::$current_uri = "foo/<xss>/bar";
Router::$complete_uri = "foo/<xss>/bar?foo=bar";
$_GET = array("foo" => "bar");
$this->assert_same("foo/<xss>/bar?foo=bar", url::merge(array()));
$this->assert_same("foo/<xss>/bar?foo=bar&a=b", url::merge(array("a" => "b")));
}
public static function init()
{
// find URI
$uri = self::uri();
// remove query string from URI
if (($query = strpos($uri, '?')) !== FALSE) {
// split URI on question mark
list($uri, $query) = explode('?', $uri, 2);
// parse the query string into $_GET if using CLI
// warning: converts spaces and dots to underscores
if (PHP_SAPI === 'cli') {
parse_str($query, $_GET);
}
}
// store requested URI on first run only
if (self::$current_uri === NULL) {
self::$current_uri = trim($uri, '/');
}
// matches a defined route
$matched = FALSE;
// match URI against route
foreach (self::$routes as $route => $callback) {
// trim slashes
$route = trim($route, '/');
$callback = trim($callback, '/');
if (preg_match('#^' . $route . '$#u', self::$current_uri)) {
if (strpos($callback, '$') !== FALSE) {
// use regex routing
self::$routed_uri = preg_replace('#^' . $route . '$#u', $callback, self::$current_uri);
} else {
// standard routing
self::$routed_uri = $callback;
}
// valid route has been found
$matched = TRUE;
break;
}
}
// no route matches found, use actual uri
if (!$matched) {
self::$routed_uri = self::$current_uri;
}
// use default route if requesting /
if (empty(self::$routed_uri)) {
self::$routed_uri = self::$routes['_default'];
}
// decipher controller/method
$segments = explode('/', self::$routed_uri);
// controller is first segment
self::$controller = $segments[0];
// use default method if none specified
self::$method = isset($segments[1]) ? $segments[1] : self::$method;
// remaining arguments
self::$arguments = array_slice($segments, 2);
// instatiate controller
self::execute();
}
public static function find_uri()
{
parent::find_uri();
if (preg_match('~^[a-z]{2}(?=/|$)~i', Router::$current_uri, $matches) and isset($matches[0])) {
$lang = strtolower($matches[0]);
if (array_key_exists($lang, Kohana::config('locale.languages'))) {
Router::$language = $lang;
Router::$current_uri = substr(Router::$current_uri, 3);
}
}
}
/**
* Add the chroot path at the begining of the requested URI
*/
static function parse_url()
{
if (user_chroot::album()) {
if (Router::$controller == 'albums' && Router::$current_uri == '') {
// Root album requested
Router::$controller = null;
Router::$current_uri = trim(user_chroot::album()->relative_url() . '/' . Router::$current_uri, '/');
} else {
if (is_null(Router::$controller) && Router::$current_uri != '') {
// Non-root album requested
Router::$current_uri = trim(user_chroot::album()->relative_url() . '/' . Router::$current_uri, '/');
}
}
}
return parent::parse_url();
}
protected function setUp()
{
// Save config
$this->kohana_config['core.url_suffix'] = Kohana_Config::instance()->get('core.url_suffix');
// Save Server API
$this->kohana_server_api = Kohana::$server_api;
// Save Router members
$this->router_vars = array('complete_uri' => Router::$complete_uri, 'controller' => Router::$controller, 'current_uri' => Router::$current_uri, 'query_string' => Router::$query_string, 'rsegments' => Router::$rsegments, 'routed_uri' => Router::$routed_uri, 'segments' => Router::$segments, 'url_suffix' => Router::$url_suffix);
// Reset Router members
Router::$complete_uri = '';
Router::$controller = NULL;
Router::$current_uri = '';
Router::$query_string = '';
Router::$rsegments = NULL;
Router::$routed_uri = '';
Router::$segments = NULL;
Router::$url_suffix = '';
}
/**
* Instantiates the specified controller, optionally replacing $_GET and $_POST contents before calling the component constructor.
* \note The original $_GET and $_POST array are restored as soon as the component is instantiated.
* @param $controller The name of the controller class to be instantiated, lowercase, without the "Controller_" prefix.
* @param $get The array that should replace $_GET.
* @param $post The array that should replace $_POST.
* @return A new Component object.
*/
public static function factory($controller, $get = null, $post = null)
{
// Backup router state
$old_router = array();
$old_router['current_route'] = Router::$current_route;
$old_router['current_uri'] = Router::$current_uri;
$old_router['query_string'] = Router::$query_string;
$old_router['complete_uri'] = Router::$complete_uri;
$old_router['controller'] = Router::$controller;
$old_router['method'] = Router::$method;
$old_router['arguments'] = Router::$arguments;
// The following three variables could be determined by running Router code and passing an url, but:
// 1) The performance penalty would be high
// 1) It's not a good idea for a controller to alter its behaviour depending on them, anyway
//Router::$current_route = '';
//Router::$current_uri = '';
//Router::$complete_uri = '';
Router::$controller = $controller;
// We don't know these yet
Router::$method = '';
Router::$arguments = array();
// If get or post parameters are passed, alter $_GET, $_POST and Router::$query_string accordingly
// NOTE: Should we alter $_SERVER['QUERY_STRING'] too?
if ($get !== null) {
$old_get = $_GET;
$_GET = $get;
Router::$query_string = '?' . http_build_query($get);
}
if ($post !== null) {
$old_post = $_POST;
$_POST = $post;
}
// If class is not defined already, load controller file
$controller_class = 'Controller_' . ucfirst($controller);
if (!class_exists($controller_class, false)) {
$controller_file = str_replace('_', '/', strtolower($controller_class));
// If the component file doesn't exist, fire exception
$filepath = Kohana::find_file('classes', $controller_file, true);
// Include the Controller file
require_once $filepath;
}
// Run system.pre_controller
Event::run('dispatch.pre_controller');
// Initialize the controller
$controller_instance = new $controller_class();
// Run system.post_controller_constructor
Event::run('dispatch.post_controller_constructor');
// Revert $_GET and $_POST changes
if ($get !== null) {
$_GET = $old_get;
}
if ($post !== null) {
$_POST = $old_post;
}
// Revert Router state
Router::$current_route = $old_router['current_route'];
Router::$current_uri = $old_router['current_uri'];
Router::$query_string = $old_router['query_string'];
Router::$complete_uri = $old_router['complete_uri'];
Router::$controller = $old_router['controller'];
Router::$method = $old_router['method'];
Router::$arguments = $old_router['arguments'];
return new Component($controller_instance, $controller, $old_router);
}
/**
* Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF.
*
* @return void
*/
public static function find_uri()
{
if (PHP_SAPI === 'cli') {
// Command line requires a bit of hacking
if (isset($_SERVER['argv'][1])) {
Router::$current_uri = $_SERVER['argv'][1];
// Remove GET string from segments
if (($query = strpos(Router::$current_uri, '?')) !== FALSE) {
list(Router::$current_uri, $query) = explode('?', Router::$current_uri, 2);
// Parse the query string into $_GET
parse_str($query, $_GET);
// Convert $_GET to UTF-8
$_GET = utf8::clean($_GET);
}
}
} elseif (isset($_GET['kohana_uri'])) {
// Use the URI defined in the query string
Router::$current_uri = $_GET['kohana_uri'];
// Remove the URI from $_GET
unset($_GET['kohana_uri']);
// Remove the URI from $_SERVER['QUERY_STRING']
$_SERVER['QUERY_STRING'] = preg_replace('~\\bkohana_uri\\b[^&]*+&?~', '', $_SERVER['QUERY_STRING']);
} elseif (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO']) {
Router::$current_uri = $_SERVER['PATH_INFO'];
} elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) {
Router::$current_uri = $_SERVER['ORIG_PATH_INFO'];
} elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) {
Router::$current_uri = $_SERVER['PHP_SELF'];
}
// The front controller directory and filename
$fc = substr(realpath($_SERVER['SCRIPT_FILENAME']), strlen(DOCROOT));
if (($strpos_fc = strpos(Router::$current_uri, $fc)) !== FALSE) {
// Remove the front controller from the current uri
Router::$current_uri = substr(Router::$current_uri, $strpos_fc + strlen($fc));
}
// Remove slashes from the start and end of the URI
Router::$current_uri = trim(Router::$current_uri, '/');
if (Router::$current_uri !== '') {
if ($suffix = Kohana::config('core.url_suffix') and strpos(Router::$current_uri, $suffix) !== FALSE) {
// Remove the URL suffix
Router::$current_uri = preg_replace('#' . preg_quote($suffix) . '$#u', '', Router::$current_uri);
// Set the URL suffix
Router::$url_suffix = $suffix;
}
// Reduce multiple slashes into single slashes
Router::$current_uri = preg_replace('#//+#', '/', Router::$current_uri);
}
}
/**
* Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF.
*
* @return void
*/
public static function find_uri()
{
if (Kohana::$server_api === 'cli') {
// Command line requires a bit of hacking
if (isset($_SERVER['argv'][1])) {
Router::$current_uri = $_SERVER['argv'][1];
// Remove GET string from segments
if (strpos(Router::$current_uri, '?') !== FALSE) {
list(Router::$current_uri, $query) = explode('?', Router::$current_uri, 2);
// Parse the query string into $_GET
parse_str($query, $_GET);
// Convert $_GET to UTF-8
$_GET = Input::clean($_GET);
}
}
} elseif (isset($_GET['kohana_uri'])) {
// Use the URI defined in the query string
Router::$current_uri = $_GET['kohana_uri'];
// Remove the URI from $_GET
unset($_GET['kohana_uri']);
// Remove the URI from $_SERVER['QUERY_STRING']
$_SERVER['QUERY_STRING'] = preg_replace('~\\bkohana_uri\\b[^&]*+&?~', '', $_SERVER['QUERY_STRING']);
} else {
if (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO']) {
Router::$current_uri = $_SERVER['PATH_INFO'];
} elseif (isset($_SERVER['ORIG_PATH_INFO']) and $_SERVER['ORIG_PATH_INFO']) {
Router::$current_uri = $_SERVER['ORIG_PATH_INFO'];
} elseif (isset($_SERVER['PHP_SELF']) and $_SERVER['PHP_SELF']) {
// PATH_INFO is empty during requests to the front controller
Router::$current_uri = $_SERVER['PHP_SELF'];
}
if (isset($_SERVER['SCRIPT_NAME']) and $_SERVER['SCRIPT_NAME']) {
// Clean up PATH_INFO fallbacks
// PATH_INFO may be formatted for ISAPI instead of CGI on IIS
if (strncmp(Router::$current_uri, $_SERVER['SCRIPT_NAME'], strlen($_SERVER['SCRIPT_NAME'])) === 0) {
// Remove the front controller from the current uri
Router::$current_uri = (string) substr(Router::$current_uri, strlen($_SERVER['SCRIPT_NAME']));
}
}
}
// Remove slashes from the start and end of the URI
Router::$current_uri = trim(Router::$current_uri, '/');
if (Router::$current_uri !== '') {
if ($suffix = Kohana::config('core.url_suffix') and strpos(Router::$current_uri, $suffix) !== FALSE) {
// Remove the URL suffix
Router::$current_uri = preg_replace('#' . preg_quote($suffix) . '$#u', '', Router::$current_uri);
// Set the URL suffix
Router::$url_suffix = $suffix;
}
// Reduce multiple slashes into single slashes
Router::$current_uri = preg_replace('#//+#', '/', Router::$current_uri);
}
}
public static function new_route()
{
if (strpos(Router::$current_uri, 'admin') === 0) {
return;
}
$cache_name = 'route_' . Router::$language . '_' . str_replace('/', '_', Router::$current_uri);
if (($cache = Cache::instance()->get($cache_name)) === NULL) {
$uri = explode('/', Router::$current_uri);
$tree = ORM::factory('page')->find_all();
// stop of we dont have pages
if (count($tree) == 0) {
return;
}
// load first page if uri is empty
if (empty(Router::$current_uri)) {
$page = $tree->current();
// redirect the home page
if ($page->type == 'redirect' and !empty($page->target)) {
$redirect = ORM::factory('page', $page->target);
if ($redirect->loaded) {
url::redirect($redirect->uri());
}
}
Router::$current_id = (int) $page->id;
Router::$current_uri = 'page/index/' . $page->id;
return;
}
$pages = array();
foreach ($tree as $row) {
if ($row->level == 0) {
continue;
}
$pages[$row->level][] = array('id' => $row->id, 'uri' => $row->uri, 'type' => $row->type, 'target' => $row->target);
}
$id = NULL;
$routed_uri = array();
$routed_arguments = array();
$load_module = FALSE;
$found = FALSE;
$uri_size = count($uri);
$pages_size = count($pages);
for ($level = 1; $level <= $uri_size; $level++) {
if ($level > $pages_size) {
$routed_arguments[] = $uri[$level - 1];
continue;
}
if ($load_module !== FALSE) {
$routed_arguments[] = $uri[$level - 1];
}
foreach ($pages[$level] as $page) {
if ($page['uri'] == $uri[$level - 1] or $page['target'] == $uri[$level - 1]) {
$found = TRUE;
$id = $page['id'];
$routed_uri[] = $page['uri'];
// check, if we have to load a controller
if (!empty($page['target'])) {
$load_module = $page['target'];
}
continue 2;
}
}
}
Router::$current_id = (int) $id;
Router::$current_arguments = implode('/', $routed_arguments);
$cache = array('current_id' => Router::$current_id, 'current_arguments' => Router::$current_arguments, 'found' => $found, 'load_module' => $load_module, 'routed_uri' => $routed_uri);
// set cache
Cache::instance()->set($cache_name, $cache, array('route'));
} else {
Router::$current_id = $cache['current_id'];
Router::$current_arguments = $cache['current_arguments'];
$found = $cache['found'];
$load_module = $cache['load_module'];
$routed_uri = $cache['routed_uri'];
}
if ($found) {
if ($load_module) {
Kohana::config_set('routes.' . implode('/', $routed_uri) . '(/.*)?', $load_module . '/' . Router::$current_arguments);
return;
}
Router::$current_uri = 'page/index/' . Router::$current_id;
}
}
/**
* Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF.
* @return bool
* @throws Exception_Exido
*/
public static function getUri()
{
// Debug log
if (Exido::$log_debug) {
Exido::$log->add('EXIDO_DEBUG_LOG', 'Determine current URI');
}
Helper::load('input');
// Trying to detect the URI
if (inputServer('PATH_INFO')) {
self::$current_uri = inputServer('PATH_INFO');
} elseif (inputServer('ORIG_PATH_INFO')) {
self::$current_uri = inputServer('ORIG_PATH_INFO');
} elseif (inputServer('REQUEST_URI')) {
self::$current_uri = inputServer('REQUEST_URI');
} else {
throw new Exception_Exido(__("Can't detect URI"));
}
// Remove slashes from the start and end of the URI
self::$current_uri = trim(self::$current_uri, '/');
if (self::$current_uri !== '') {
if ($suffix = Exido::config('global.core.url_suffix') and strpos(self::$current_uri, $suffix) !== false) {
// Remove the URL suffix
self::$current_uri = preg_replace('#' . preg_quote($suffix) . '$#u', '', self::$current_uri);
// Set the URL suffix
self::$url_suffix = $suffix;
}
// Find index file name
if ($indexfile = Exido::config('global.core.index_file') and $indexpos = strpos(self::$current_uri, $indexfile) and $indexpos !== false) {
// Remove the index file name
self::$current_uri = substr(self::$current_uri, 0, $indexpos);
}
// Reduce multiple slashes into single slashes
self::$current_uri = preg_replace('#//+#', '/', self::$current_uri);
}
return true;
}
/**
* Modify routing and direct /json to /json/share
*/
public static function routing()
{
if (Router::$current_uri == 'json/index' or Router::$current_uri == 'json/cluster' or Router::$current_uri == 'json') {
Router::$current_uri = str_replace('json', 'json/share', Router::$current_uri);
}
}
