public function preDispatch(Zend_Controller_Request_Abstract $request)
{
// Kiem tra neu chua dang nhap thi bo qua
$identity = Digitalus_Auth::getIdentity();
if (!$identity) {
return;
}
////////////////////////////////////////
// $this->_cache = ZendX_Cache_Manager::getInstance();
$this->_cache = Digitalus_Cache_Manager::getInstance();
// La la cac phuong thuc khac get() no se khong lay tu content tu cache ra
if (!$request->isGet()) {
self::$doNotCache = true;
return;
}
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$path = $request->getPathInfo();
// co loi o day , xem link de biet cach sua
$this->_key = md5($path);
$this->_keyTags = array($module, "{$module}_{$controller}", "{$module}_{$controller}_{$action}");
if (false !== ($data = $this->getCache())) {
$response = $this->getResponse();
$response->setBody($data['default']);
$response->sendResponse();
exit;
}
}
/**
* Validate every call against CSRF if it's a POST call
* and there's an available token on the session.
* */
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
// Avoid error override! :S
if (count($this->getResponse()->getException())) {
return;
}
$auth = Zend_Auth::getInstance();
$identity = $auth->getIdentity();
$byPassMethods = array(App_Controller_Plugin_Auth::AUTH_TYPE_LOST_PASSWORD, App_Controller_Plugin_Auth::AUTH_TYPE_ASYNC, App_Controller_Plugin_Auth::AUTH_TYPE_EXTERNAL, App_Controller_Plugin_Auth::AUTH_TYPE_THIRD_PARTY);
$byPassModules = array('async', 'external', 'externalr12', 'thirdparty');
//Bypass some auth methods
if (in_array($request->module, $byPassModules) || $identity['authType'] && in_array($identity['authType'], $byPassMethods)) {
return;
}
$session = new Zend_Session_Namespace('csrf');
if (empty($session->token)) {
// Generate a new CSRF token and save it on the session
\App::log()->info("Session token empty, generating new CSRF token...");
$session->token = $this->_generateToken();
}
// Return the token on an HTTP header
$resp = $this->getResponse();
$resp->setHeader('X-CSRF-Token', $session->token);
// Don't do anything if it's a GET request
if ($request->isGet()) {
return;
}
$post = $request->getPost();
if (empty($post) && empty($_FILES)) {
$max = ini_get('post_max_size');
$length = $request->getServer('CONTENT_LENGTH');
if ($max < $length) {
return;
}
}
// Try to get the CSRF token from frontend
if (!($csrfToken = $this->_getFrontendToken($request))) {
$message = 'Possible CSRF attack: CSRF token not found on request';
$this->_throwError($request, $message);
return;
}
// Disable plugin for dev environment
if (App::config('csrf.disabled', false) && $csrfToken == 'dev') {
return true;
}
// If tokens don't match log a possible CSRF attack a throw an exception
if ($session->token != $csrfToken) {
$message = 'Possible CSRF attack: BE and FE tokens don\'t match';
$this->_throwError($request, $message);
return;
}
}
/**
* Start caching
*
* Determine if we have a cache hit. If so, return the response; else,
* start caching.
*
* @param Zend_Controller_Request_Abstract $request
* @return void
*/
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
if (!$request->isGet()) {
self::$_disableCache = true;
return;
}
$path = $request->getPathInfo();
$this->_key = md5($path);
$response = Zrt_Cache::load($this->_key);
if (false !== $response) {
$response->sendResponse();
if (!$this->_suppressExit) {
exit;
}
}
}
/**
* Only GET requests can be processed.
* Also check headers for HTTPS and ignore caching for sessions.
*
* @param \Zend_Controller_Request_Abstract $request
*/
protected function checkRequest(\Zend_Controller_Request_Abstract $request)
{
if (!$request->isGet()) {
$this->ignored = true;
}
if (!$request->isSecure()) {
if (isset($_SERVER["HTTP_CACHE_CONTROL"]) && $_SERVER["HTTP_CACHE_CONTROL"] === "no-cache") {
$this->ignored = true;
}
if (isset($_SERVER["HTTP_PRAGMA"]) && $_SERVER["HTTP_PRAGMA"] === "no-cache") {
$this->ignored = true;
}
}
if (session_id() || isset($_COOKIE['pimcore_admin_sid'])) {
$this->ignored = true;
}
}
/**
* Start caching
*
* Determine if we have a cache hit. If so, return the response; else,
* start caching.
*
* @param Zend_Controller_Request_Abstract $request
* @return void
*/
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
// echo "<pre>";
// print_r($request->getRequestUri());
// echo "</pre>";
// exit();
if (!$request->isGet()) {
self::$doNotCache = true;
return;
}
$path = $request->getPathInfo();
// co loi o day , xem link de biet cach sua
$this->_key = md5($path);
if (false !== ($response = $this->getCache())) {
$response->sendResponse();
exit;
}
}
public function routeStartup(\Zend_Controller_Request_Abstract $request)
{
/** @var $request \Zend_Controller_Request_Http */
if (!$request->isGet()) {
return;
}
$host = 'http://' . $request->getHttpHost();
$uri = \Zend_Uri_Http::fromString($host . $request->getRequestUri());
$query = $uri->getQueryAsArray();
if (!isset($query['_escaped_fragment_'])) {
return;
}
$path = $uri->getPath() . ltrim($query['_escaped_fragment_'], '/');
$uri->setPath($path);
unset($query['_escaped_fragment_']);
$uri->setQuery($query);
$request->setRequestUri(str_replace($host, '', $uri->getUri()));
$request->setPathInfo();
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$this->_cache = Zend_Registry::get('cache');
// La la cac phuong thuc khac get() no se khong lay tu content tu cache ra
if (!$request->isGet()) {
self::$doNotCache = true;
return;
}
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$path = $request->getPathInfo();
// co loi o day , xem link de biet cach sua
$this->_key = md5($path);
$this->_keyTags = array($module, "{$module}_{$controller}", "{$module}_{$controller}_{$action}");
if (false !== ($data = $this->getCache())) {
$response = $this->getResponse();
$response->setBody($data['default']);
$response->sendResponse();
exit;
}
}
/**
* @param \Zend_Controller_Request_Abstract $request
* @return bool|void
*/
public function routeStartup(\Zend_Controller_Request_Abstract $request)
{
$requestUri = $request->getRequestUri();
$excludePatterns = array();
// only enable GET method
if (!$request->isGet()) {
return $this->disable();
}
// disable the output-cache if browser wants the most recent version
// unfortunately only Chrome + Firefox if not using SSL
if (!$request->isSecure()) {
if (isset($_SERVER["HTTP_CACHE_CONTROL"]) && $_SERVER["HTTP_CACHE_CONTROL"] == "no-cache") {
return $this->disable("HTTP Header Cache-Control: no-cache was sent");
}
if (isset($_SERVER["HTTP_PRAGMA"]) && $_SERVER["HTTP_PRAGMA"] == "no-cache") {
return $this->disable("HTTP Header Pragma: no-cache was sent");
}
}
try {
$conf = \Pimcore\Config::getSystemConfig();
if ($conf->cache) {
$conf = $conf->cache;
if (!$conf->enabled) {
return $this->disable();
}
if (\Pimcore::inDebugMode()) {
return $this->disable("in debug mode");
}
if ($conf->lifetime) {
$this->setLifetime((int) $conf->lifetime);
}
if ($conf->excludePatterns) {
$confExcludePatterns = explode(",", $conf->excludePatterns);
if (!empty($confExcludePatterns)) {
$excludePatterns = $confExcludePatterns;
}
}
if ($conf->excludeCookie) {
$cookies = explode(",", strval($conf->excludeCookie));
foreach ($cookies as $cookie) {
if (!empty($cookie) && isset($_COOKIE[trim($cookie)])) {
return $this->disable("exclude cookie in system-settings matches");
}
}
}
// output-cache is always disabled when logged in at the admin ui
if (isset($_COOKIE["pimcore_admin_sid"])) {
return $this->disable("backend user is logged in");
}
} else {
return $this->disable();
}
} catch (\Exception $e) {
\Logger::error($e);
return $this->disable("ERROR: Exception (see debug.log)");
}
foreach ($excludePatterns as $pattern) {
if (@preg_match($pattern, $requestUri)) {
return $this->disable("exclude path pattern in system-settings matches");
}
}
$deviceDetector = Tool\DeviceDetector::getInstance();
$device = $deviceDetector->getDevice();
$deviceDetector->setWasUsed(false);
$this->defaultCacheKey = "output_" . md5($request->getHttpHost() . $requestUri);
$cacheKeys = [$this->defaultCacheKey . "_" . $device, $this->defaultCacheKey];
$cacheItem = null;
foreach ($cacheKeys as $cacheKey) {
$cacheItem = CacheManager::load($cacheKey, true);
if ($cacheItem) {
break;
}
}
if (is_array($cacheItem) && !empty($cacheItem)) {
header("X-Pimcore-Output-Cache-Tag: " . $cacheKey, true, 200);
header("X-Pimcore-Output-Cache-Date: " . $cacheItem["date"]);
foreach ($cacheItem["rawHeaders"] as $header) {
header($header);
}
foreach ($cacheItem["headers"] as $header) {
header($header['name'] . ': ' . $header['value'], $header['replace']);
}
echo $cacheItem["content"];
exit;
} else {
// set headers to tell the client to not cache the contents
// this can/will be overwritten in $this->dispatchLoopShutdown() if the cache is enabled
$date = new \Zend_Date(1);
$this->getResponse()->setHeader("Expires", $date->get(\Zend_Date::RFC_1123), true);
$this->getResponse()->setHeader("Cache-Control", "max-age=0, no-cache", true);
}
}
public function routeStartup(Zend_Controller_Request_Abstract $request)
{
$requestUri = $request->getRequestUri();
$excludePatterns = array();
// only enable GET method
if (!$request->isGet()) {
return $this->disable();
}
try {
$conf = Pimcore_Config::getSystemConfig();
if ($conf->cache) {
$conf = $conf->cache;
if (!$conf->enabled) {
return $this->disable();
}
if ($conf->lifetime) {
$this->setLifetime((int) $conf->lifetime);
}
if ($conf->excludePatterns) {
$confExcludePatterns = explode(",", $conf->excludePatterns);
if (!empty($confExcludePatterns)) {
$excludePatterns = $confExcludePatterns;
}
}
if ($conf->excludeCookie) {
$cookies = explode(",", strval($conf->excludeCookie));
foreach ($cookies as $cookie) {
if (isset($_COOKIE[trim($cookie)])) {
return $this->disable();
}
}
}
} else {
return $this->disable();
}
} catch (Exception $e) {
return $this->disable();
}
foreach ($excludePatterns as $pattern) {
if (preg_match($pattern, $requestUri)) {
return $this->disable();
}
}
$appendKey = "";
// this is for example for the image-data-uri plugin
if ($request->getParam("pimcore_cache_tag_suffix")) {
$tags = $request->getParam("pimcore_cache_tag_suffix");
if (is_array($tags)) {
$appendKey = "_" . implode("_", $tags);
}
}
$this->cacheKey = "output_" . md5(Pimcore_Tool::getHostname() . $requestUri) . $appendKey;
if ($cacheItem = Pimcore_Model_Cache::load($this->cacheKey, true)) {
header("X-Pimcore-Cache-Tag: " . $this->cacheKey, true, 200);
header("X-Pimcore-Cache-Date: " . $cacheItem["date"]);
foreach ($cacheItem["rawHeaders"] as $header) {
header($header);
}
foreach ($cacheItem["headers"] as $header) {
header($header['name'] . ': ' . $header['value'], $header['replace']);
}
echo $cacheItem["content"];
exit;
}
}
