/** * Processes the request. * * @throws HttpException */ public function processRequest() { // If this is a resource request, we should respond with the resource ASAP $this->_processResourceRequest(); // Validate some basics on the database configuration file. $this->_validateDbConfigFile(); // Process install requests $this->_processInstallRequest(); // If the system in is maintenance mode and it's a site request, throw a 503. if (Craft::isInMaintenanceMode() && $this->request->isSiteRequest()) { throw new HttpException(503); } // Set the target language $this->setLanguage($this->_getTargetLanguage()); // Check if the app path has changed. If so, run the requirements check again. $this->_processRequirementsCheck(); // If the track has changed, put the brakes on the request. if (!$this->updates->isTrackValid()) { if ($this->request->isCpRequest()) { $this->runController('templates/invalidtrack'); $this->end(); } else { throw new HttpException(503); } } // Set the package components $this->_setPackageComponents(); // isCraftDbUpdateNeeded will return true if we're in the middle of a manual or auto-update for Craft itself. // If we're in maintenance mode and it's not a site request, show the manual update template. if ($this->updates->isCraftDbUpdateNeeded() || Craft::isInMaintenanceMode() && $this->request->isCpRequest() || $this->request->getActionSegments() == array('update', 'cleanUp') || $this->request->getActionSegments() == array('update', 'rollback')) { $this->_processUpdateLogic(); } // Make sure that the system is on, or that the user has permission to access the site/CP while the system is off if (Craft::isSystemOn() || $this->request->isActionRequest() && $this->request->getActionSegments() == array('users', 'login') || $this->request->isSiteRequest() && $this->userSession->checkPermission('accessSiteWhenSystemIsOff') || $this->request->isCpRequest() && $this->userSession->checkPermission('accessCpWhenSystemIsOff')) { // Load the plugins craft()->plugins->loadPlugins(); // Check if a plugin needs to update the database. if ($this->updates->isPluginDbUpdateNeeded()) { $this->_processUpdateLogic(); } // If this is a non-login, non-validate, non-setPassword CP request, make sure the user has access to the CP if ($this->request->isCpRequest() && !($this->request->isActionRequest() && $this->_isValidActionRequest())) { // Make sure the user has access to the CP $this->userSession->requireLogin(); $this->userSession->requirePermission('accessCp'); // If they're accessing a plugin's section, make sure that they have permission to do so $firstSeg = $this->request->getSegment(1); if ($firstSeg) { $plugin = $plugin = $this->plugins->getPlugin($firstSeg); if ($plugin) { $this->userSession->requirePermission('accessPlugin-' . $plugin->getClassHandle()); } } } // If this is an action request, call the controller $this->_processActionRequest(); // If we're still here, finally let UrlManager do it's thing. parent::processRequest(); } else { // Log out the user if ($this->userSession->isLoggedIn()) { $this->userSession->logout(false); } if ($this->request->isCpRequest()) { // Redirect them to the login screen $this->userSession->requireLogin(); } else { // Display the offline template $this->runController('templates/offline'); } } }
/** * Processes the request. * * @throws HttpException * @return null */ public function processRequest() { // If this is a resource request, we should respond with the resource ASAP $this->_processResourceRequest(); // If we're not in devMode, or it's a 'dontExtendSession' request, we're going to remove some logging routes. if (!$this->config->get('devMode') || craft()->isInstalled() && !$this->userSession->shouldExtendSession()) { $this->log->removeRoute('WebLogRoute'); $this->log->removeRoute('ProfileLogRoute'); } // Additionally, we don't want these in the log files at all. if (craft()->isInstalled() && !$this->userSession->shouldExtendSession()) { $this->log->removeRoute('FileLogRoute'); } // If this is a CP request, prevent robots from indexing/following the page // (see https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag) if ($this->request->isCpRequest()) { HeaderHelper::setHeader(array('X-Robots-Tag' => 'none')); } // Validate some basics on the database configuration file. $this->validateDbConfigFile(); // Process install requests $this->_processInstallRequest(); // If the system in is maintenance mode and it's a site request, throw a 503. if ($this->isInMaintenanceMode() && $this->request->isSiteRequest()) { throw new HttpException(503); } // Check if the app path has changed. If so, run the requirements check again. $this->_processRequirementsCheck(); // These have been deprecated in PHP 6 in favor of default_charset, which defaults to 'UTF-8' // http://php.net/manual/en/migration56.deprecated.php if (version_compare(PHP_VERSION, '6.0.0') < 0) { // Now that we've ran the requirements checker, set MB to use UTF-8 mb_internal_encoding('UTF-8'); mb_http_input('UTF-8'); mb_http_output('UTF-8'); } mb_detect_order('auto'); // Makes sure that the uploaded files are compatible with the current DB schema if (!$this->updates->isSchemaVersionCompatible()) { if ($this->request->isCpRequest()) { $version = $this->getVersion(); $build = $this->getBuild(); $url = "http://download.buildwithcraft.com/craft/{$version}/{$version}.{$build}/Craft-{$version}.{$build}.zip"; throw new HttpException(200, Craft::t('Craft does not support backtracking to this version. Please upload Craft {url} or later.', array('url' => '[' . $build . '](' . $url . ')'))); } else { throw new HttpException(503); } } // Set the edition components $this->_setEditionComponents(); // isCraftDbMigrationNeeded will return true if we're in the middle of a manual or auto-update for Craft itself. // If we're in maintenance mode and it's not a site request, show the manual update template. if ($this->updates->isCraftDbMigrationNeeded() || $this->isInMaintenanceMode() && $this->request->isCpRequest() || $this->request->getActionSegments() == array('update', 'cleanUp') || $this->request->getActionSegments() == array('update', 'rollback')) { $this->_processUpdateLogic(); } // If there's a new version, but the schema hasn't changed, just update the info table if ($this->updates->hasCraftBuildChanged()) { $this->updates->updateCraftVersionInfo(); } // If the system is offline, make sure they have permission to be here $this->_enforceSystemStatusPermissions(); // Load the plugins $this->plugins->loadPlugins(); // Check if a plugin needs to update the database. if ($this->updates->isPluginDbUpdateNeeded()) { $this->_processUpdateLogic(); } // If this is a non-login, non-validate, non-setPassword CP request, make sure the user has access to the CP if ($this->request->isCpRequest() && !($this->request->isActionRequest() && $this->_isSpecialCaseActionRequest())) { // Make sure the user has access to the CP $this->userSession->requireLogin(); $this->userSession->requirePermission('accessCp'); // If they're accessing a plugin's section, make sure that they have permission to do so $firstSeg = $this->request->getSegment(1); if ($firstSeg) { $plugin = $plugin = $this->plugins->getPlugin($firstSeg); if ($plugin) { $this->userSession->requirePermission('accessPlugin-' . $plugin->getClassHandle()); } } } // If this is an action request, call the controller $this->_processActionRequest(); // If we're still here, finally let UrlManager do it's thing. parent::processRequest(); }
/** * Processes the request. * * @throws HttpException * @return null */ public function processRequest() { // If this is a resource request, we should respond with the resource ASAP. $this->_processResourceRequest(); $configService = $this->config; // If we're not in devMode, or it's a 'dontExtendSession' request, we're going to remove some logging routes. if (!$configService->get('devMode') || craft()->isInstalled() && !$this->userSession->shouldExtendSession()) { $this->log->removeRoute('WebLogRoute'); $this->log->removeRoute('ProfileLogRoute'); } // Additionally, we don't want these in the log files at all. if (craft()->isInstalled() && !$this->userSession->shouldExtendSession()) { $this->log->removeRoute('FileLogRoute'); } // If this is a CP request, prevent robots from indexing/following the page // (see https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag) if ($this->request->isCpRequest()) { HeaderHelper::setHeader(array('X-Robots-Tag' => 'none')); HeaderHelper::setHeader(array('X-Frame-Options' => 'SAMEORIGIN')); HeaderHelper::setHeader(array('X-Content-Type-Options' => 'nosniff')); } // Send the X-Powered-By header? if ($configService->get('sendPoweredByHeader')) { HeaderHelper::setHeader(array('X-Powered-By' => 'Craft CMS')); } else { // In case PHP is already setting one HeaderHelper::removeHeader('X-Powered-By'); } // Validate some basics on the database configuration file. $this->validateDbConfigFile(); // Process install requests $this->_processInstallRequest(); // If the system in is maintenance mode and it's a site request, throw a 503. if ($this->isInMaintenanceMode() && $this->request->isSiteRequest()) { throw new HttpException(503); } // Check if the app path has changed. If so, run the requirements check again. $this->_processRequirementsCheck(); // Makes sure that the uploaded files are compatible with the current database schema if (!$this->updates->isSchemaVersionCompatible()) { if ($this->request->isCpRequest()) { $version = $this->getVersion(); $build = $this->getBuild(); $url = "https://download.craftcdn.com/craft/{$version}/{$version}.{$build}/Craft-{$version}.{$build}.zip"; throw new HttpException(200, Craft::t('Craft does not support backtracking to this version. Please upload Craft {url} or later.', array('url' => '[' . $build . '](' . $url . ')'))); } else { throw new HttpException(503); } } // isCraftDbMigrationNeeded will return true if we're in the middle of a manual or auto-update for Craft itself. // If we're in maintenance mode and it's not a site request, show the manual update template. if ($this->updates->isCraftDbMigrationNeeded() || $this->isInMaintenanceMode() && $this->request->isCpRequest() || $this->request->getActionSegments() == array('update', 'cleanUp') || $this->request->getActionSegments() == array('update', 'rollback')) { $this->_processUpdateLogic(); } // If there's a new version, but the schema hasn't changed, just update the info table if ($this->updates->hasCraftBuildChanged()) { $this->updates->updateCraftVersionInfo(); } // If the system is offline, make sure they have permission to be here $this->_enforceSystemStatusPermissions(); // Load the plugins $this->plugins->loadPlugins(); // Check if a plugin needs to update the database. if ($this->updates->isPluginDbUpdateNeeded()) { $this->_processUpdateLogic(); } // If this is a non-login, non-validate, non-setPassword CP request, make sure the user has access to the CP if ($this->request->isCpRequest() && !($this->request->isActionRequest() && $this->_isSpecialCaseActionRequest())) { // Make sure the user has access to the CP $this->userSession->requireLogin(); $this->userSession->requirePermission('accessCp'); // If they're accessing a plugin's section, make sure that they have permission to do so $firstSeg = $this->request->getSegment(1); if ($firstSeg) { $plugin = $plugin = $this->plugins->getPlugin($firstSeg); if ($plugin) { $this->userSession->requirePermission('accessPlugin-' . $plugin->getClassHandle()); } } } // If this is an action request, call the controller $this->_processActionRequest(); // If we're still here, finally let UrlManager do it's thing. parent::processRequest(); }
/** * Processes the request. * * @throws HttpException * @return null */ public function processRequest() { // If this is a resource request, we should respond with the resource ASAP $this->_processResourceRequest(); // Validate some basics on the database configuration file. $this->validateDbConfigFile(); // Process install requests $this->_processInstallRequest(); // If the system in is maintenance mode and it's a site request, throw a 503. if ($this->isInMaintenanceMode() && $this->request->isSiteRequest()) { throw new HttpException(503); } // Check if the app path has changed. If so, run the requirements check again. $this->_processRequirementsCheck(); // Now that we've ran the requirements checker, set MB to use UTF-8 mb_internal_encoding('UTF-8'); mb_http_input('UTF-8'); mb_http_output('UTF-8'); mb_detect_order('auto'); // Makes sure that the uploaded files are compatible with the current DB schema if (!$this->updates->isSchemaVersionCompatible()) { if ($this->request->isCpRequest()) { $version = $this->getVersion(); $build = $this->getBuild(); $url = "http://download.buildwithcraft.com/craft/{$version}/{$version}.{$build}/Craft-{$version}.{$build}.zip"; throw new HttpException(200, Craft::t('Craft does not support backtracking to this version. Please upload Craft {url} or later.', array('url' => '<a href="' . $url . '">build ' . $build . '</a>'))); } else { throw new HttpException(503); } } // Set the edition components $this->_setEditionComponents(); // isCraftDbMigrationNeeded will return true if we're in the middle of a manual or auto-update for Craft itself. // If we're in maintenance mode and it's not a site request, show the manual update template. if ($this->updates->isCraftDbMigrationNeeded() || $this->isInMaintenanceMode() && $this->request->isCpRequest() || $this->request->getActionSegments() == array('update', 'cleanUp') || $this->request->getActionSegments() == array('update', 'rollback')) { $this->_processUpdateLogic(); } // If there's a new version, but the schema hasn't changed, just update the info table if ($this->updates->hasCraftBuildChanged()) { $this->updates->updateCraftVersionInfo(); } // If the system is offline, make sure they have permission to be here $this->_enforceSystemStatusPermissions(); // Load the plugins $this->plugins->loadPlugins(); // Check if a plugin needs to update the database. if ($this->updates->isPluginDbUpdateNeeded()) { $this->_processUpdateLogic(); } // If this is a non-login, non-validate, non-setPassword CP request, make sure the user has access to the CP if ($this->request->isCpRequest() && !($this->request->isActionRequest() && $this->_isSpecialCaseActionRequest())) { // Make sure the user has access to the CP $this->userSession->requireLogin(); $this->userSession->requirePermission('accessCp'); // If they're accessing a plugin's section, make sure that they have permission to do so $firstSeg = $this->request->getSegment(1); if ($firstSeg) { $plugin = $plugin = $this->plugins->getPlugin($firstSeg); if ($plugin) { $this->userSession->requirePermission('accessPlugin-' . $plugin->getClassHandle()); } } } // If this is an action request, call the controller $this->_processActionRequest(); // If we're still here, finally let UrlManager do it's thing. parent::processRequest(); }