/** * Serve individual views for Ajax. * * /ajax/view/<view_name>?<key/value params> * /ajax/form/<action_name>?<key/value params> * * @param string[] $segments URL segments (not including "ajax") * @return ResponseBuilder * * @see elgg_register_ajax_view() * @elgg_pagehandler ajax * @access private */ function _elgg_ajax_page_handler($segments) { elgg_ajax_gatekeeper(); if (count($segments) < 2) { return false; } if ($segments[0] === 'view' || $segments[0] === 'form') { if ($segments[0] === 'view') { // ignore 'view/' $view = implode('/', array_slice($segments, 1)); } else { // form views start with "forms", not "form" $view = 'forms/' . implode('/', array_slice($segments, 1)); } $ajax_api = _elgg_services()->ajax; $allowed_views = $ajax_api->getViews(); // cacheable views are always allowed if (!in_array($view, $allowed_views) && !_elgg_services()->views->isCacheableView($view)) { return elgg_error_response("Ajax view '{$view}' was not registered", REFERRER, ELGG_HTTP_FORBIDDEN); } // pull out GET parameters through filter $vars = array(); foreach (_elgg_services()->request->query->keys() as $name) { $vars[$name] = get_input($name); } if (isset($vars['guid'])) { $vars['entity'] = get_entity($vars['guid']); } $content_type = ''; if ($segments[0] === 'view') { $output = elgg_view($view, $vars); // Try to guess the mime-type switch ($segments[1]) { case "js": $content_type = 'text/javascript;charset=utf-8'; break; case "css": $content_type = 'text/css;charset=utf-8'; break; default: if (_elgg_services()->views->isCacheableView($view)) { $file = _elgg_services()->views->findViewFile($view, elgg_get_viewtype()); $content_type = (new \Elgg\Filesystem\MimeTypeDetector())->getType($file, 'text/html'); } break; } } else { $action = implode('/', array_slice($segments, 1)); $output = elgg_view_form($action, array(), $vars); } if ($content_type) { elgg_set_http_header("Content-Type: {$content_type}"); } return elgg_ok_response($output); } return false; }
public function testCanPrepareRedirectResponse() { $service = $this->createService(); elgg_set_http_header('X-Elgg-Testing: 2', true); elgg_set_http_header('X-Elgg-Override: 1'); $url = 'http://localhost/foo'; $status_code = ELGG_HTTP_MOVED_PERMANENTLY; $headers = ['X-Elgg-Response' => true, 'X-Elgg-Override' => '2']; $response = $service->prepareRedirectResponse($url, $status_code, $headers); $this->assertInstanceOf(RedirectResponse::class, $response); $this->assertEquals($url, $response->getTargetURL()); $this->assertEquals($status_code, $response->getStatusCode()); $this->assertTrue($response->headers->get('X-Elgg-Response')); $this->assertEquals('2', $response->headers->get('X-Elgg-Testing')); $this->assertEquals('2', $response->headers->get('X-Elgg-Override')); }
if (empty($vars['title'])) { $title = elgg_get_config('sitename'); } else { $title = elgg_get_config('sitename') . ": " . $vars['title']; } // Remove RSS from URL $rssurl = current_page_url(); $url = elgg_http_remove_url_query_element($rssurl, 'view'); $rssurl = htmlspecialchars($url, ENT_NOQUOTES, 'UTF-8'); $url = htmlspecialchars($url, ENT_NOQUOTES, 'UTF-8'); $body = elgg_extract('body', $vars, ''); $description = elgg_extract('description', $vars, ''); $namespaces = elgg_view('extensions/xmlns'); $extensions = elgg_view('extensions/channel'); // allow caching as required by stupid MS products for https feeds. elgg_set_http_header('Pragma: public'); elgg_set_http_header("Content-Type: text/xml;charset=utf-8"); echo "<?xml version='1.0'?>"; echo <<<END <rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:georss="http://www.georss.org/georss" xmlns:atom="http://www.w3.org/2005/Atom" {$namespaces}> <channel> \t<title><![CDATA[{$title}]]></title> \t<link>{$url}</link> \t<atom:link href="{$rssurl}" rel="self" type="application/rss+xml" /> \t<description><![CDATA[{$description}]]></description> \t{$extensions} \t{$body} </channel> </rss> END ;
<?php $site = elgg_get_site_entity(); $message = $site->getPrivateSetting('elgg_maintenance_message'); if (!$message) { $message = elgg_echo('admin:maintenance_mode:default_message'); } elgg_load_css('maintenance'); elgg_set_http_header("HTTP/1.1 503 Service Unavailable"); $body = elgg_view_layout('maintenance', array('message' => $message, 'site' => $site)); echo elgg_view_page($site->name, $body, 'maintenance');
<?php elgg_set_http_header("Content-type: application/json; charset=UTF-8"); echo json_encode(['foo' => 'bar']);
/** * Send an updated CSRF token, provided the page's current tokens were not fake. * * @return ResponseBuilder * @access private */ public function handleTokenRefreshRequest() { if (!elgg_is_xhr()) { return false; } // the page's session_token might have expired (not matching __elgg_session in the session), but // we still allow it to be given to validate the tokens in the page. $session_token = get_input('session_token', null, false); $pairs = (array) get_input('pairs', array(), false); $valid_tokens = (object) array(); foreach ($pairs as $pair) { list($ts, $token) = explode(',', $pair, 2); if ($this->validateTokenOwnership($token, $ts, $session_token)) { $valid_tokens->{$token} = true; } } $ts = $this->getCurrentTime()->getTimestamp(); $token = $this->generateActionToken($ts); $data = array('token' => array('__elgg_ts' => $ts, '__elgg_token' => $token, 'logged_in' => $this->session->isLoggedIn()), 'valid_tokens' => $valid_tokens, 'session_token' => $this->session->get('__elgg_session'), 'user_guid' => $this->session->getLoggedInUserGuid()); elgg_set_http_header("Content-Type: application/json;charset=utf-8"); return elgg_ok_response($data); }
<?php /** * Elgg JSON output pageshell * * @package Elgg * @subpackage Core * * @uses $vars['body'] */ elgg_set_http_header("Content-Type: application/json;charset=utf-8"); echo $vars['body']; // backward compatibility global $jsonexport; if (isset($jsonexport)) { elgg_deprecated_notice("Using \$jsonexport to produce json output has been deprecated", 1.9); echo json_encode($jsonexport); }
<?php /** * Page shell for all HTML pages * * @uses $vars['head'] Parameters for the <head> element * @uses $vars['body_attrs'] Attributes of the <body> tag * @uses $vars['body'] The main content of the page */ // Set the content type elgg_set_http_header("Content-type: text/html; charset=UTF-8"); $lang = get_current_language(); $attrs = ""; if (isset($vars['body_attrs'])) { $attrs = elgg_format_attributes($vars['body_attrs']); if ($attrs) { $attrs = " {$attrs}"; } } ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $lang; ?> " lang="<?php echo $lang; ?> "> <head> <?php echo $vars["head"];
/** * Elgg install pageshell * * @uses $vars['title'] The page title * @uses $vars['body'] The main content of the page * @uses $vars['sysmessages'] Array of system status messages */ use Elgg\Filesystem\Directory; $title = elgg_echo('install:title'); $title .= " : {$vars['title']}"; // we won't trust server configuration but specify utf-8 elgg_set_http_header('Content-type: text/html; charset=utf-8'); // turn off browser caching elgg_set_http_header('Pragma: public', TRUE); elgg_set_http_header("Cache-Control: no-cache, must-revalidate", TRUE); elgg_set_http_header('Expires: Fri, 05 Feb 1982 00:00:00 -0500', TRUE); $isElggAtRoot = Elgg\Application::elggDir()->getPath() === Directory\Local::root()->getPath(); $elggSubdir = $isElggAtRoot ? '' : 'vendor/elgg/elgg/'; ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title><?php echo $title; ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0"> <link rel="icon" href="<?php echo elgg_get_site_url() . $elggSubdir; ?>
<?php /** * Elgg failsafe pageshell * Special viewtype for rendering exceptions. Includes minimal code so as not to * create a "Exception thrown without a stack frame in Unknown on line 0" error * * @package Elgg * @subpackage Core * * @uses $vars['title'] The page title * @uses $vars['body'] The main content of the page */ // we won't trust server configuration but specify utf-8 elgg_set_http_header('Content-type: text/html; charset=utf-8'); ?> <!DOCTYPE html> <html> <head> <title><?php echo $vars['title']; ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <style type="text/css"> body { text-align:left; margin:0; padding:0;
<?php $type = elgg_extract('type', $vars); $params = elgg_extract('params', $vars, []); if (elgg_view_exists("errors/{$type}")) { $title = elgg_echo("error:{$type}:title"); if ($title == "error:{$type}:title") { // use default if there is no title for this error type $title = elgg_echo("error:default:title"); } $content = elgg_view("errors/{$type}", $params); } else { $title = elgg_echo("error:default:title"); $content = elgg_view("errors/default", $params); } $httpCodes = array('400' => 'Bad Request', '401' => 'Unauthorized', '403' => 'Forbidden', '404' => 'Not Found', '407' => 'Proxy Authentication Required', '500' => 'Internal Server Error', '503' => 'Service Unavailable'); if (isset($httpCodes[$type])) { elgg_set_http_header("HTTP/1.1 {$type} {$httpCodes[$type]}"); } $layout = elgg_in_context('admin') && elgg_is_admin_logged_in() ? 'admin' : 'error'; $body = elgg_view_layout($layout, array('title' => $title, 'content' => $content)); $shell = $layout; if (!elgg_is_logged_in() && elgg_get_config('walled_garden')) { $shell = 'walled_garden'; } echo elgg_view_page($title, $body, $shell);