/** * * Has the user requested a prior session? * * @return bool * */ public function isContinuing() { if ($this->_stopped) { // Don't attempt to continue a session we've already destroyed return false; } $name = session_name(); return $this->_request->cookie($name); }
/** * * Does the incoming request look like a cross-site forgery? * * Only works for POST requests. * * @return string * */ public function isForgery() { $this->_update(); if (!self::$_request->isPost()) { // only POST requests can be cross-site request forgeries return false; } if (!self::$_current) { // there is no current value so it doesn't matter return false; } // get the incoming csrf value from $_POST $key = $this->getKey(); $val = self::$_request->post($key); // if they don't match, it's a forgery return $val != self::$_current; }
/** * * Sets properties from a specified URI. * * @param string $uri The URI to parse. If null, defaults to the * current URI. * * @return void * */ public function set($uri = null) { // build a default scheme (with '://' in it) $scheme = $this->_request->isSsl() ? 'https://' : 'http://'; // get the current host, using a dummy host name if needed. // we need a host name so that parse_url() works properly. // we remove the dummy host name at the end of this method. $host = $this->_request->server('HTTP_HOST', 'example.com'); // right now, we assume we don't have to force any values. $forced = false; // forcibly set to the current uri? $uri = trim($uri); if (!$uri) { // we're forcing values $forced = true; // add the scheme and host $uri = $scheme . $host; // we need to see if mod_rewrite is turned on or off. // if on, we can use REQUEST_URI as-is. // if off, we need to use the script name, esp. for // front-controller stuff. // we make a guess based on the 'path' config key. // if it ends in '.php' then we guess that mod_rewrite is // off. if (substr($this->_config['path'], -5) == '.php/') { // guess that mod_rewrite is off; build up from // component parts. $uri .= $this->_request->server('SCRIPT_NAME') . $this->_request->server('PATH_INFO') . '?' . $this->_request->server('QUERY_STRING'); } else { // guess that mod_rewrite is on $uri .= $this->_request->server('REQUEST_URI'); } } // forcibly add the scheme and host? $pos = strpos($uri, '://'); if ($pos === false) { $forced = true; $uri = ltrim($uri, '/'); $uri = "{$scheme}{$host}/{$uri}"; } // default uri elements $elem = array('scheme' => null, 'user' => null, 'pass' => null, 'host' => null, 'port' => null, 'path' => null, 'query' => null, 'fragment' => null); // parse the uri and merge with the defaults $elem = array_merge($elem, parse_url($uri)); // strip the prefix from the path. // the conditions are ... // $elem['path'] == '/index.php/' // -- or -- // $elem['path'] == '/index.php' // -- or -- // $elem['path'] == '/index.php/*' // $path = $this->_config['path']; $len = strlen($path); $flag = $elem['path'] == $path || $elem['path'] == rtrim($path, '/') || substr($elem['path'], 0, $len) == $path; if ($flag) { $elem['path'] = substr($elem['path'], $len); } // retain parsed elements as properties $this->scheme = $elem['scheme']; $this->user = $elem['user']; $this->pass = $elem['pass']; $this->host = $elem['host']; $this->port = $elem['port']; $this->fragment = $elem['fragment']; // extended processing of parsed elements into properties $this->setPath($elem['path']); // will also set $this->format $this->setQuery($elem['query']); // if we had to force values, remove dummy placeholders if ($forced && !$this->_request->server('HTTP_HOST')) { $this->scheme = null; $this->host = null; } // finally, if we don't have a host, and there's a default, // use it if (!$this->host) { $this->host = $this->_config['host']; } }
/** * * Lazy-start the session (i.e., only if a session cookie from the client * already exists). * * @return void * */ public function lazyStart() { // don't start more than once. if ($this->isStarted()) { // be sure the segment is loaded, though $this->load(); return; } $name = session_name(); if (self::$_request->cookie($name)) { // a previous session exists, start it $this->start(); } }
/** * * Tells if the current page load appears to be the result of * an attempt to log out. * * @return bool * */ public function isLogoutRequest() { $method = strtolower($this->_config['source']); $process = $this->_request->{$method}($this->_config['source_process']); return !$this->_request->isCsrf() && $process == $this->_config['process_logout']; }
/** * * Post-construction tasks to complete object construction. * * @return void * */ public function _postConstruct() { parent::_postConstruct(); // get the current request environment $this->_request = Solar::dependency('Solar_Request', $this->_config['request']); // make sure we have a default action $action = $this->_request->server('REQUEST_URI'); $this->_default_attribs['action'] = $action; // reset the form propertes $this->reset(); }
/** * * Whether or not user requested a specific process within the action. * * By default, looks for $process_key in [[Solar_Request::post()]] to get the * value of the process request. * * Checks against "PROCESS_$type" locale string for matching. For example, * $this->_isProcess('save') checks Solar_Request::post('process') * against $this->locale('PROCESS_SAVE'). * * @param string $type The process type; for example, 'save', 'delete', * 'preview', etc. If empty, returns true if *any* process type * was posted. * * @param string $process_key If not empty, check against this * [[Solar_Request::post()]] key instead $this->_process_key. Default * null. * * @return bool * */ protected function _isProcess($type = null, $process_key = null) { // make sure we know what post-var to look in if (empty($process_key)) { $process_key = $this->_process_key; } // didn't ask for a process type; answer if *any* process was // requested. if (empty($type)) { $any = $this->_request->post($process_key); return !empty($any); } // asked for a process type, find the locale string for it. $locale_key = 'PROCESS_' . strtoupper($type); $locale = $this->locale($locale_key); // $process must be non-empty, and must match locale string. // not enough just to match the locale string, as it might // be empty. $process = $this->_request->post($process_key, false); return $process && $process == $locale; }
/** * * Post-construction tasks to complete object construction. * * @return void * */ protected function _postConstruct() { parent::_postConstruct(); // request environment $this->_request = Solar::dependency('Solar_Request', $this->_config['request']); // filter object $this->_filter = Solar::dependency('Solar_Filter', $this->_config['filter']); // csrf object $this->_csrf = Solar::factory('Solar_Csrf'); // set the default action attribute $action = $this->_request->server('REQUEST_URI'); $this->_default_attribs['action'] = $action; // reset everything $this->reset(); }
/** * * Indicates this is a cross-site request forgery attempt. * * @return void * */ protected function _csrfAttempt() { $this->_errors[] = 'ERR_CSRF_ATTEMPT'; $vars = $this->_request->post(); foreach ((array) $vars as $key => $val) { $this->_errors[] = "{$key}: {$val}"; } $this->_response->setStatusCode(403); return $this->_forward('error'); }
/** * * Post-construction tasks to complete object construction. * * @return void * */ protected function _postConstruct() { parent::_postConstruct(); // only set up the handler if it doesn't exist yet. if (!self::$_handler) { self::$_handler = Solar::dependency('Solar_Session_Handler', $this->_config['handler']); } // only set up the request if it doesn't exist yet. if (!self::$_request) { self::$_request = Solar_Registry::get('request'); } // determine the storage segment; use trim() and strict-equals to // allow for string zero segment names. $this->_class = trim($this->_config['class']); if ($this->_class === '') { $this->_class = 'Solar'; } // set the class $this->setClass($this->_class); // lazy start: find the cookie name and look for the session cookie $name = session_name(); if (self::$_request->cookie($name)) { // a previous session exists, start it $this->start(); } }
/** * * Prepares the comment, spam, or ham comment data **by reference** for * submission to Akismet. * * The $data keys are: * * `blog` * : The front page or home URL of the instance making the * request. For a blog or wiki this would be the front page. Must be a * full URI, including 'http://'. Default is the config value for * `blog`. * * `user_ip` * : IP address of the comment submitter. Default is the * server REMOTE_ADDR value. * * `user_agent` * : User agent information. Default is the server * HTTP_USER_AGENT value. * * `referrer` (note spelling) * : Default is the HTTP_REFERER value. * * `permalink` * : The permanent location of the entry the comment was submitted to. * * `comment_type` * : May be blank, 'comment', 'trackback', 'pingback', or any other value * (e.g., 'registration'). Default blank. * * `comment_author` * : Submitted name with the comment. Default blank. Leaving blank is * highly likely to result in a "spam" result. * * `comment_author_email` * : Submitted email address * * `comment_author_url` * : Commenter URL. * * `comment_content` * : The content that was submitted. * * @param array &$data The data to prepare **by reference**. * * @return void * */ protected function _prepareData(&$data) { $base = array('blog' => $this->_config['blog'], 'user_ip' => $this->_request->server('REMOTE_ADDR'), 'user_agent' => $this->_request->http('user_agent'), 'referrer' => $this->_request->http('referer'), 'permalink' => null, 'comment_type' => null, 'comment_author' => null, 'comment_author_email' => null, 'comment_author_url' => null, 'comment_content' => null); // merge the base info, data overrides, and the server info $data = array_merge($base, $data, $this->_request->server()); }
/** * * Post-construction tasks to complete object construction. * * @return void * */ protected function _postConstruct() { parent::_postConstruct(); // request environment $this->_request = Solar::dependency('Solar_Request', $this->_config['request']); // filter object $this->_filter = Solar::dependency('Solar_Filter', $this->_config['filter']); // set the default action attribute $action = $this->_request->server('REQUEST_URI'); $this->_default_attribs['action'] = $action; // now merge attribute configs to defaults $this->_default_attribs = array_merge($this->_config['attribs'], $this->_default_attribs); // reset everything $this->reset(); }