/**
* Re-send a request after successful re-authentication
* Re-creates a GET or POST request based on data passed along in a form. Used
* in case of an expired security token so that the user doesn't lose changes.
*/
function resend_request()
{
global $_CONF;
$method = '';
if (isset($_POST['token_requestmethod'])) {
$method = COM_applyFilter($_POST['token_requestmethod']);
}
$returnUrl = '';
if (isset($_POST['token_returnurl'])) {
$returnUrl = urldecode($_POST['token_returnurl']);
if (substr($returnUrl, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
// only accept URLs on our site
$returnUrl = '';
}
}
$postData = '';
if (isset($_POST['token_postdata'])) {
$postData = urldecode($_POST['token_postdata']);
}
$getData = '';
if (isset($_POST['token_getdata'])) {
$getData = urldecode($_POST['token_getdata']);
}
$files = '';
if (isset($_POST['token_files'])) {
$files = urldecode($_POST['token_files']);
}
if (SECINT_checkToken() && !empty($method) && !empty($returnUrl) && ($method === 'POST' && !empty($postData) || $method === 'GET' && !empty($getData))) {
$magic = get_magic_quotes_gpc();
if ($method === 'POST') {
$req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_POST);
$data = unserialize($postData);
foreach ($data as $key => $value) {
if ($key == CSRF_TOKEN) {
$req->addPostParameter($key, SEC_createToken());
} else {
if ($magic) {
$value = stripslashes_gpc_recursive($value);
}
$req->addPostParameter($key, $value);
}
}
if (!empty($files)) {
$files = unserialize($files);
}
if (!empty($files)) {
foreach ($files as $key => $value) {
$req->addPostParameter('_files_' . $key, $value);
}
}
} else {
$data = unserialize($getData);
foreach ($data as $key => &$value) {
if ($key == CSRF_TOKEN) {
$value = SEC_createToken();
} else {
if ($magic) {
$value = stripslashes_gpc_recursive($value);
}
}
}
$returnUrl = $returnUrl . '?' . http_build_query($data);
$req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_GET);
}
$req->setHeader('User-Agent', 'Geeklog/' . VERSION);
// need to fake the referrer so the new token matches
$req->setHeader('Referer', COM_getCurrentUrl());
foreach ($_COOKIE as $cookie => $value) {
$req->addCookie($cookie, $value);
}
try {
$response = $req->send();
$status = $response->getStatus();
if ($status == 200) {
COM_output($response->getBody());
} else {
throw new HTTP_Request2_Exception('HTTP error: status code = ' . $status);
}
} catch (HTTP_Request2_Exception $e) {
if (!empty($files)) {
SECINT_cleanupFiles($files);
}
trigger_error("Resending {$method} request failed: " . $e->getMessage());
}
} else {
if (!empty($files)) {
SECINT_cleanupFiles($files);
}
COM_redirect($_CONF['site_url'] . '/index.php');
}
// don't return
exit;
}
/**
* Check a security token.
* Checks the POST and GET data for a security token, if one exists, validates
* that it's for this user and URL. If the token is not valid, it asks the user
* to re-authenticate and resends the request if authentication was successful.
*
* @return boolean true if the token is valid; does not return if not!
* @see SECINT_checkToken
* @link http://wiki.geeklog.net/index.php/Re-Authentication_for_expired_Tokens
*/
function SEC_checkToken()
{
global $_CONF, $LANG20, $LANG_ADMIN;
if (SECINT_checkToken()) {
// if this was a recreated request, recreate $_FILES array, too
SECINT_recreateFilesArray();
return true;
}
/**
* Token not valid (probably expired): Ask user to authenticate again
*/
$returnurl = COM_getCurrentUrl();
$method = strtoupper($_SERVER['REQUEST_METHOD']);
$postdata = serialize($_POST);
$getdata = serialize($_GET);
$files = '';
if (!empty($_FILES)) {
// rescue uploaded files
foreach ($_FILES as $key => $f) {
if (!empty($f['name'])) {
$filename = basename($f['tmp_name']);
move_uploaded_file($f['tmp_name'], $_CONF['path_data'] . $filename);
$_FILES[$key]['tmp_name'] = $filename;
// drop temp. dir
}
}
$files = serialize($_FILES);
}
$display = COM_showMessageText($LANG_ADMIN['token_expired']) . SECINT_authform($returnurl, $method, $postdata, $getdata, $files);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG20[1]));
COM_output($display);
exit;
// we don't return from here
}
/**
* Re-send a request after successful re-authentication
*
* Re-creates a GET or POST request based on data passed along in a form. Used
* in case of an expired security token so that the user doesn't lose changes.
*
*/
function resend_request()
{
global $_CONF;
require_once 'HTTP/Request.php';
$method = '';
if (isset($_POST['token_requestmethod'])) {
$method = COM_applyFilter($_POST['token_requestmethod']);
}
$returnurl = '';
if (isset($_POST['token_returnurl'])) {
$returnurl = urldecode($_POST['token_returnurl']);
if (substr($returnurl, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
// only accept URLs on our site
$returnurl = '';
}
}
$postdata = '';
if (isset($_POST['token_postdata'])) {
$postdata = urldecode($_POST['token_postdata']);
}
$getdata = '';
if (isset($_POST['token_getdata'])) {
$getdata = urldecode($_POST['token_getdata']);
}
$files = '';
if (isset($_POST['token_files'])) {
$files = urldecode($_POST['token_files']);
}
if (SECINT_checkToken() && !empty($method) && !empty($returnurl) && ($method == 'POST' && !empty($postdata) || $method == 'GET' && !empty($getdata))) {
$magic = get_magic_quotes_gpc();
$req = new HTTP_Request($returnurl);
if ($method == 'POST') {
$req->setMethod(HTTP_REQUEST_METHOD_POST);
$data = unserialize($postdata);
foreach ($data as $key => $value) {
if ($key == CSRF_TOKEN) {
$req->addPostData($key, SEC_createToken());
} else {
if ($magic) {
$value = stripslashes_gpc_recursive($value);
}
$req->addPostData($key, $value);
}
}
if (!empty($files)) {
$files = unserialize($files);
}
if (!empty($files)) {
foreach ($files as $key => $value) {
$req->addPostData('_files_' . $key, $value);
}
}
} else {
$req->setMethod(HTTP_REQUEST_METHOD_GET);
$data = unserialize($getdata);
foreach ($data as $key => $value) {
if ($key == CSRF_TOKEN) {
$req->addQueryString($key, SEC_createToken());
} else {
if ($magic) {
$value = stripslashes_gpc_recursive($value);
}
$req->addQueryString($key, $value);
}
}
}
$req->addHeader('User-Agent', 'Geeklog/' . VERSION);
// need to fake the referrer so the new token matches
$req->addHeader('Referer', COM_getCurrentUrl());
foreach ($_COOKIE as $cookie => $value) {
$req->addCookie($cookie, $value);
}
$response = $req->sendRequest();
if (PEAR::isError($response)) {
if (!empty($files)) {
SECINT_cleanupFiles($files);
}
trigger_error("Resending {$method} request failed: " . $response->getMessage());
} else {
COM_output($req->getResponseBody());
}
} else {
if (!empty($files)) {
SECINT_cleanupFiles($files);
}
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
// don't return
exit;
}
