/**
* Re-send a request after successful re-authentication
* Re-creates a GET or POST request based on data passed along in a form. Used
* in case of an expired security token so that the user doesn't lose changes.
*/
function resend_request()
{
global $_CONF;
$method = '';
if (isset($_POST['token_requestmethod'])) {
$method = COM_applyFilter($_POST['token_requestmethod']);
}
$returnUrl = '';
if (isset($_POST['token_returnurl'])) {
$returnUrl = urldecode($_POST['token_returnurl']);
if (substr($returnUrl, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
// only accept URLs on our site
$returnUrl = '';
}
}
$postData = '';
if (isset($_POST['token_postdata'])) {
$postData = urldecode($_POST['token_postdata']);
}
$getData = '';
if (isset($_POST['token_getdata'])) {
$getData = urldecode($_POST['token_getdata']);
}
$files = '';
if (isset($_POST['token_files'])) {
$files = urldecode($_POST['token_files']);
}
if (SECINT_checkToken() && !empty($method) && !empty($returnUrl) && ($method === 'POST' && !empty($postData) || $method === 'GET' && !empty($getData))) {
$magic = get_magic_quotes_gpc();
if ($method === 'POST') {
$req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_POST);
$data = unserialize($postData);
foreach ($data as $key => $value) {
if ($key == CSRF_TOKEN) {
$req->addPostParameter($key, SEC_createToken());
} else {
if ($magic) {
$value = stripslashes_gpc_recursive($value);
}
$req->addPostParameter($key, $value);
}
}
if (!empty($files)) {
$files = unserialize($files);
}
if (!empty($files)) {
foreach ($files as $key => $value) {
$req->addPostParameter('_files_' . $key, $value);
}
}
} else {
$data = unserialize($getData);
foreach ($data as $key => &$value) {
if ($key == CSRF_TOKEN) {
$value = SEC_createToken();
} else {
if ($magic) {
$value = stripslashes_gpc_recursive($value);
}
}
}
$returnUrl = $returnUrl . '?' . http_build_query($data);
$req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_GET);
}
$req->setHeader('User-Agent', 'Geeklog/' . VERSION);
// need to fake the referrer so the new token matches
$req->setHeader('Referer', COM_getCurrentUrl());
foreach ($_COOKIE as $cookie => $value) {
$req->addCookie($cookie, $value);
}
try {
$response = $req->send();
$status = $response->getStatus();
if ($status == 200) {
COM_output($response->getBody());
} else {
throw new HTTP_Request2_Exception('HTTP error: status code = ' . $status);
}
} catch (HTTP_Request2_Exception $e) {
if (!empty($files)) {
SECINT_cleanupFiles($files);
}
trigger_error("Resending {$method} request failed: " . $e->getMessage());
}
} else {
if (!empty($files)) {
SECINT_cleanupFiles($files);
}
COM_redirect($_CONF['site_url'] . '/index.php');
}
// don't return
exit;
}
/**
* Re-send a request after successful re-authentication
*
* Re-creates a GET or POST request based on data passed along in a form. Used
* in case of an expired security token so that the user doesn't lose changes.
*
*/
function resend_request()
{
global $_CONF;
require_once 'HTTP/Request.php';
$method = '';
if (isset($_POST['token_requestmethod'])) {
$method = COM_applyFilter($_POST['token_requestmethod']);
}
$returnurl = '';
if (isset($_POST['token_returnurl'])) {
$returnurl = urldecode($_POST['token_returnurl']);
if (substr($returnurl, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
// only accept URLs on our site
$returnurl = '';
}
}
$postdata = '';
if (isset($_POST['token_postdata'])) {
$postdata = urldecode($_POST['token_postdata']);
}
$getdata = '';
if (isset($_POST['token_getdata'])) {
$getdata = urldecode($_POST['token_getdata']);
}
$files = '';
if (isset($_POST['token_files'])) {
$files = urldecode($_POST['token_files']);
}
if (SECINT_checkToken() && !empty($method) && !empty($returnurl) && ($method == 'POST' && !empty($postdata) || $method == 'GET' && !empty($getdata))) {
$magic = get_magic_quotes_gpc();
$req = new HTTP_Request($returnurl);
if ($method == 'POST') {
$req->setMethod(HTTP_REQUEST_METHOD_POST);
$data = unserialize($postdata);
foreach ($data as $key => $value) {
if ($key == CSRF_TOKEN) {
$req->addPostData($key, SEC_createToken());
} else {
if ($magic) {
$value = stripslashes_gpc_recursive($value);
}
$req->addPostData($key, $value);
}
}
if (!empty($files)) {
$files = unserialize($files);
}
if (!empty($files)) {
foreach ($files as $key => $value) {
$req->addPostData('_files_' . $key, $value);
}
}
} else {
$req->setMethod(HTTP_REQUEST_METHOD_GET);
$data = unserialize($getdata);
foreach ($data as $key => $value) {
if ($key == CSRF_TOKEN) {
$req->addQueryString($key, SEC_createToken());
} else {
if ($magic) {
$value = stripslashes_gpc_recursive($value);
}
$req->addQueryString($key, $value);
}
}
}
$req->addHeader('User-Agent', 'Geeklog/' . VERSION);
// need to fake the referrer so the new token matches
$req->addHeader('Referer', COM_getCurrentUrl());
foreach ($_COOKIE as $cookie => $value) {
$req->addCookie($cookie, $value);
}
$response = $req->sendRequest();
if (PEAR::isError($response)) {
if (!empty($files)) {
SECINT_cleanupFiles($files);
}
trigger_error("Resending {$method} request failed: " . $response->getMessage());
} else {
COM_output($req->getResponseBody());
}
} else {
if (!empty($files)) {
SECINT_cleanupFiles($files);
}
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
// don't return
exit;
}
