/** * [remove all unwanted characters from request and args] * @return [void] */ protected function sanitizeInputs() { /** * GET & POST * TODO: improve ? */ foreach ($_POST as &$post) { $key = preg_replace($GLOBALS['config']['security']['allowed_characters']['inputs'], "", array_search($post, $_POST)); self::$post[$key] = htmlspecialchars(preg_replace($GLOBALS['config']['security']['allowed_characters']['inputs'], "", urldecode($post)), ENT_QUOTES, "utf-8", false); unset($_POST[array_search($post, $_POST)]); } foreach ($_GET as &$get) { $key = preg_replace($GLOBALS['config']['security']['allowed_characters']['inputs'], "", array_search($get, $_GET)); self::$get[$key] = htmlspecialchars(preg_replace($GLOBALS['config']['security']['allowed_characters']['inputs'], "", urldecode($get)), ENT_QUOTES, "utf-8", false); unset($_GET[array_search($get, $_GET)]); } //TODO : sanitize cookie & session /** * Deleting $_REQUEST variables : elements are already in self::$get & self::$post */ foreach ($_REQUEST as &$req) { unset($_REQUEST[array_search($req, $_REQUEST)]); } /** * REQUEST_URI */ self::$request = preg_replace($GLOBALS['config']['security']['allowed_characters']['request_uri'], "", urldecode($_SERVER['REQUEST_URI'])); unset($_SERVER['REQUEST_URI']); Debug::write("Request_URI requested (after sanitizing) : '" . self::$request . "' from IP : '" . $_SERVER["REMOTE_ADDR"] . "'", 0); }
public static function parseRequest() { Site::$request = $_SERVER['REQUEST_URI']; Site::$args = explode('/', Site::$request); array_shift(Site::$args); if (strstr(Site::$args[0], 'search?')) { Site::$args[0] = "search"; } }
public function getRoute() { $route = \Site::urlManager()->parseUrl(\Site::request()); if (($route = trim($route, '/')) === '') { $route = $this->defaultController; } if (!\Site::urlManager()->caseSensitive) { $route = strtolower($route); } return $route; }
/** * Action that needs to be called for the page to let the user recover * the password. */ public function actionRecoverPassword() { if (\GO\Base\Util\Http::isPostRequest()) { $user = \GO\Base\Model\User::model()->findSingleByAttribute('email', $_POST['email']); if ($user == null) { \Site::notifier()->setMessage('error', \GO::t("invaliduser", "site")); } else { $siteTitle = \Site::model()->name; $url = \Site::request()->getHostInfo() . \Site::urlManager()->createUrl('/site/account/resetpassword', array(), false); $fromName = \Site::model()->name; $fromEmail = '*****@*****.**'; $user->sendResetPasswordMail($siteTitle, $url, $fromName, $fromEmail); \Site::notifier()->setMessage('success', \GO::t('recoverEmailSent', 'site') . " " . $user->email); } } echo $this->render('recoverPassword'); }
public function run($action = '', $params = array(), $render = true, $checkPermissions = true) { try { if (empty($action)) { $this->_action = $action = strtolower($this->defaultAction); } else { $this->_action = $action = strtolower($action); } $ignoreAcl = in_array($action, $this->ignoreAclPermissions()) || in_array('*', $this->ignoreAclPermissions()); if ($ignoreAcl) { $oldIgnore = \GO::setIgnoreAclPermissions(true); } $this->beforeAction(); if (!$this->_checkPermission($action)) { throw new \GO\Base\Exception\AccessDenied(); } $methodName = 'action' . $action; //$this->$methodName($_REQUEST); $this->callActionMethod($methodName, $params); //restore old value for acl permissions if this method was allowed for guests. if (isset($oldIgnore)) { \GO::setIgnoreAclPermissions($oldIgnore); } } catch (\GO\Base\Exception\MissingParameter $e) { echo $this->render('/site/404', array('error' => $e)); } catch (\GO\Base\Exception\AccessDenied $e) { \GO::debug($e->getMessage()); \GO::debug($e->getTraceAsString()); if (!\GO::user()) { //Path the page you tried to visit into lastPath session for redirecting after login \GO::session()->values['sites']['returnUrl'] = \Site::request()->getRequestUri(); $loginpath = array('site/account/login'); $this->redirect($loginpath); } else { // $controller = new \GO\Site\Controller\SiteController(); echo $this->render('/site/error', array('error' => $e)); } //echo $this->render('error', array('error'=>$e)); } catch (\GO\Base\Exception\NotFound $e) { header("HTTP/1.0 404 Not Found"); header("Status: 404 Not Found"); echo $this->render('/site/404', array('error' => $e)); } catch (\Exception $e) { echo $this->render('/site/error', array('error' => $e)); } }
/** * Returns the base URL of the application. * @return string the base URL of the application (the part after host name and before query string). * If {@link showScriptName} is true, it will include the script name part. * Otherwise, it will not, and the ending slashes are stripped off. */ public function getBaseUrl() { if ($this->_baseUrl !== null) { return $this->_baseUrl; } else { $this->_baseUrl = \Site::request()->getBaseUrl(); if ($this->showScriptName && $this->_urlFormat === self::GET_FORMAT) { $this->_baseUrl .= '/index.php'; } return $this->_baseUrl; } }