private function _detect_format() { // A format has been passed as an argument in the URL and it is supported if (\Input::get_post('format') and $this->_supported_formats[\Input::get_post('format')]) { return \Input::get_post('format'); } // Otherwise, check the HTTP_ACCEPT (if it exists and we are allowed) if (\Config::get('rest.ignore_http_accept') === false and \Input::server('HTTP_ACCEPT')) { // Check all formats against the HTTP_ACCEPT header foreach (array_keys($this->_supported_formats) as $format) { // Has this format been requested? if (strpos(\Input::server('HTTP_ACCEPT'), $format) !== false) { // If not HTML or XML assume its right and send it on its way if ($format != 'html' and $format != 'xml') { return $format; } else { // If it is truely HTML, it wont want any XML if ($format == 'html' and strpos(\Input::server('HTTP_ACCEPT'), 'xml') === false) { return $format; } elseif ($format == 'xml' and strpos(\Input::server('HTTP_ACCEPT'), 'html') === false) { return $format; } } } } } // End HTTP_ACCEPT checking // Well, none of that has worked! Let's see if the controller has a default if (!empty($this->rest_format)) { return $this->rest_format; } // Just use the default format return \Config::get('rest.default_format'); }
public function callback() { // Create an consumer from the config $this->consumer = \OAuth\Consumer::forge($this->config); // Load the provider $this->provider = \OAuth\Provider::forge($this->provider); if ($token = \Cookie::get('oauth_token')) { // Get the token from storage $this->token = unserialize(base64_decode($token)); } if ($this->token and $this->token->access_token !== \Input::get_post('oauth_token')) { // Delete the token, it is not valid \Cookie::delete('oauth_token'); // Send the user back to the beginning exit('invalid token after coming back to site'); } // Get the verifier $verifier = \Input::get_post('oauth_verifier'); // Store the verifier in the token $this->token->verifier($verifier); // Exchange the request token for an access token return $this->provider->access_token($this->consumer, $this->token); }
/** * read a cookie * * @access private * @return void */ protected function _get_cookie() { // was the cookie posted? $cookie = \Input::get_post($this->config['post_cookie_name'], false); // if not found, fetch the regular cookie if ($cookie === false) { $cookie = \Cookie::get($this->config['cookie_name'], false); } if ($cookie !== false) { // fetch the payload $cookie = $this->_unserialize(\Crypt::decode($cookie)); // validate the cookie if (!isset($cookie[0])) { // not a valid cookie payload } elseif ($cookie[0]['updated'] + $this->config['expiration_time'] <= $this->time->get_timestamp()) { // session has expired } elseif ($this->config['match_ip'] && $cookie[0]['ip_hash'] !== md5(\Input::ip() . \Input::real_ip())) { // IP address doesn't match } elseif ($this->config['match_ua'] && $cookie[0]['user_agent'] !== \Input::user_agent()) { // user agent doesn't match } else { // session is valid, retrieve the session keys if (isset($cookie[0])) { $this->keys = $cookie[0]; } // and return the cookie payload array_shift($cookie); return $cookie; } } // no payload return false; }
/** * To JSONP conversion * * @param mixed $data * @return string */ public function to_jsonp($data = null) { $callback = \Input::get_post('callback', null); is_null($callback) and $callback = 'response'; return $callback . '(' . $this->to_json($data) . ')'; }
/** * Fetch an item from the POST array * * @param string The index key * @param mixed The default value * @param array Array of filters - if empty then all filter will be used * * @return string|array */ public static function secured_get_post($index = null, $default = null, $filters = array('strip_tags', 'htmlentities', 'xss_clean')) { return \Security::clean(\Input::get_post($index, $default), $filters); }
private function _detect_format() { $pattern = '/\.(' . implode( '|', array_keys($this->_supported_formats) ) . ')$/'; // Check if a file extension is used if (preg_match($pattern, end($_GET), $matches)) { // The key of the last argument $last_key = end(array_keys($_GET)); // Remove the extension from arguments too $_GET[$last_key] = preg_replace($pattern, '', \Input::get($last_key)); return $matches[1]; } // A format has been passed as an argument in the URL and it is supported if (\Input::get_post('format') and $this->_supported_formats[\Input::get_post('format')]) { return \Input::get_post('format'); } // Otherwise, check the HTTP_ACCEPT (if it exists and we are allowed) if (\Config::get('rest.ignore_http_accept') === false and \Input::server('HTTP_ACCEPT')) { // Check all formats against the HTTP_ACCEPT header foreach(array_keys($this->_supported_formats) as $format) { // Has this format been requested? if (strpos(\Input::server('HTTP_ACCEPT'), $format) !== false) { // If not HTML or XML assume its right and send it on its way if ($format != 'html' and $format != 'xml') { return $format; } // HTML or XML have shown up as a match else { // If it is truely HTML, it wont want any XML if ($format == 'html' and strpos(\Input::server('HTTP_ACCEPT'), 'xml') === false) { return $format; } // If it is truely XML, it wont want any HTML elseif ($format == 'xml' and strpos(\Input::server('HTTP_ACCEPT'), 'html') === false) { return $format; } } } } } // End HTTP_ACCEPT checking // Well, none of that has worked! Let's see if the controller has a default if ( ! empty($this->rest_format)) { return $this->rest_format; } // Just use the default format return \Config::get('rest.default_format'); }
/** * Exchange the request token for an access token. * * $token = $provider->access_token($consumer, $token); * * @param Consumer consumer * @param Token_Request token * @param array additional request parameters * @return Token_Access */ public function access_token(Consumer $consumer, Token_Request $token, array $params = NULL) { // Create a new GET request for a request token with the required parameters $request = Request::forge('access', 'GET', $this->url_access_token(), array( 'oauth_consumer_key' => $consumer->key, 'oauth_token' => $token->access_token, 'oauth_verifier' => $token->verifier, )); if ($params) { // Load user parameters $request->params($params); } // Sign the request using only the consumer, no token is available yet $request->sign($this->signature, $consumer, $token); // Create a response from the request $response = $request->execute(); // Store this token somewhere useful return Token::forge('access', array( 'access_token' => $response->param('oauth_token'), 'secret' => $response->param('oauth_token_secret'), 'uid' => $response->param($this->uid_key) ?: \Input::get_post($this->uid_key), )); }