public function build($runData) { // check first for standard cookie name $user = $runData->getUser(); $anon = false; if (!$user) { // check the ie cookie then GlobalProperties::$SESSION_COOKIE_NAME = GlobalProperties::$SESSION_COOKIE_NAME_IE; $runData->handleSessionStart(); $user = $runData->getUser(); $anon = $_COOKIE[GlobalProperties::$SESSION_COOKIE_NAME_IE] == "ANONYMOUS"; } if ($user) { $site_id = (int) $runData->getParameterList()->getParameterValue("site_id"); $site = DB_SitePeer::instance()->selectByPrimaryKey($site_id); if ($site && $site->getCustomDomain()) { $skey = $runData->generateSessionDomainHash($site->getCustomDomain()); $proto = $_SERVER["HTTPS"] ? "https" : "http"; $domain = $site->getCustomDomain(); $runData->contextAdd("redir", "{$proto}://{$domain}" . CustomDomainLoginFlowController::$controllerUrl . "?" . http_build_query(array("user_id" => $user->getUserId(), "skey" => $skey))); } } elseif (!$anon) { // no session found -- try to redirect to set ie cookie $proto = $_SERVER["HTTPS"] ? "https" : "http"; $runData->contextAdd("redirIE", $proto . '://' . GlobalProperties::$URL_HOST . CustomDomainLoginFlowController::$controllerUrl . '?' . http_build_query(array("url" => $url, "setiecookie" => true))); } }
public function process() { global $timeStart; // initialize logging service $logger = OzoneLogger::instance(); $loggerFileOutput = new OzoneLoggerFileOutput(); $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log"); $logger->addLoggerOutput($loggerFileOutput); $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL); $logger->debug("AJAX module request processing started, logger initialized"); Ozone::init(); $runData = new RunData(); /* processing an AJAX request! */ $runData->setAjaxMode(true); $runData->init(); // extra return array - just for ajax handling $runData->ajaxResponseAdd("status", "ok"); Ozone::setRunData($runData); $logger->debug("RunData object created and initialized"); try { // check security token if ($_COOKIE['wikidot_token7'] == null || $_COOKIE['wikidot_token7'] !== $runData->getParameterList()->getParameterValue('wikidot_token7', 'AMODULE')) { throw new ProcessException("no", "wrong_token7"); } //remove token from parameter list!!! $runData->getParameterList()->delParameter('wikidot_token7'); $callbackIndex = $runData->getParameterList()->getParameterValue('callbackIndex'); $runData->getParameterList()->delParameter('callbackIndex'); // check if site (wiki) exists! $siteHost = $_SERVER["HTTP_HOST"]; $memcache = Ozone::$memcache; if (preg_match("/^([a-zA-Z0-9\\-]+)\\." . GlobalProperties::$URL_DOMAIN_PREG . "\$/", $siteHost, $matches) == 1) { $siteUnixName = $matches[1]; // select site based on the unix name // check memcached first! // the memcache block is to avoid database connection if possible $mcKey = 'site..' . $siteUnixName; $site = $memcache->get($mcKey); if ($site == false) { $c = new Criteria(); $c->add("unix_name", $siteUnixName); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); $memcache->set($mcKey, $site, 0, 3600); } } else { // select site based on the custom domain $mcKey = 'site_cd..' . $siteHost; $site = $memcache->get($mcKey); if ($site == false) { $c = new Criteria(); $c->add("custom_domain", $siteHost); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); $memcache->set($mcKey, $site, 0, 3600); } GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $siteHost; } if (!$site) { throw new ProcessException(_('The requested site does not exist.')); } $runData->setTemp("site", $site); //nasty global thing... $GLOBALS['siteId'] = $site->getSiteId(); $GLOBALS['site'] = $site; // set language $runData->setLanguage($site->getLanguage()); $GLOBALS['lang'] = $site->getLanguage(); // and for gettext too: $lang = $site->getLanguage(); switch ($lang) { case 'pl': $glang = "pl_PL"; break; case 'en': $glang = "en_US"; break; } putenv("LANG={$glang}"); putenv("LANGUAGE={$glang}"); setlocale(LC_ALL, $glang . '.UTF-8'); // Set the text domain as 'messages' $gdomain = 'messages'; bindtextdomain($gdomain, WIKIDOT_ROOT . '/locale'); textdomain($gdomain); $settings = $site->getSettings(); // handle SSL $sslMode = $settings->getSslMode(); if ($_SERVER['HTTPS']) { if (!$sslMode) { // not enabled, issue an errorr throw new ProcessException(_("Secure access is not enabled for this Wiki.")); } elseif ($sslMode == "ssl_only_paranoid") { // use secure authentication cookie // i.e. change authentication scheme GlobalProperties::$SESSION_COOKIE_NAME = "WIKIDOT_SESSION_SECURE_ID"; GlobalProperties::$SESSION_COOKIE_SECURE = true; } } else { // page accessed via http (nonsecure) switch ($sslMode) { case 'ssl': //enabled, but nonsecure allowed too. break; case 'ssl_only_paranoid': case 'ssl_only': throw new ProcessException(_("Nonsecure access is not enabled for this Wiki.")); break; } } // handle session at the begging of procession $runData->handleSessionStart(); // PRIVATE SITES: check if the site is private and if the user is its member if ($site->getPrivate()) { // check if not allow anyway $template = $runData->getModuleTemplate(); $actionClass = $runData->getAction(); $proceed = in_array($actionClass, array('', 'LoginAction', 'MembershipApplyAction', 'CreateAccountAction', 'PasswordRecoveryAction')) && ($template == '' || $template == 'Empty' || preg_match(';^createaccount/;', $template) || preg_match(';^login/;', $template) || preg_match(';^membership/;', $template) || preg_match(';^passwordrecovery/;', $template)); if (!$proceed) { $user = $runData->getUser(); if ($user && !$user->getSuperAdmin() && !$user->getSuperModerator()) { // check if member $c = new Criteria(); $c->add("site_id", $site->getSiteId()); $c->add("user_id", $user->getUserId()); $mem = DB_MemberPeer::instance()->selectOne($c); if (!$mem) { // check if a viewer $c = new Criteria(); $c->add("site_id", $site->getSiteId()); $c->add("user_id", $user->getUserId()); $vi = DB_SiteViewerPeer::instance()->selectOne($c); if (!$vi) { $user = null; } } } if ($user == null) { throw new ProcessException(_('This Site is private and accessible only to its members.')); } } } $template = $runData->getModuleTemplate(); $classFile = $runData->getModuleClassPath(); $className = $runData->getModuleClassName(); $logger->debug("processing template: " . $runData->getModuleTemplate() . ", class: {$className}"); require_once $classFile; $module = new $className(); // module security check if (!$module->isAllowed($runData)) { throw new WDPermissionException(_("Not allowed.")); } Ozone::initSmarty(); $logger->debug("OZONE initialized"); $logger->info("Ozone engines successfully initialized"); // PROCESS ACTION $actionClass = $runData->getAction(); $logger->debug("processing action {$actionClass}"); $runData->setTemp("jsInclude", array()); $runData->setTemp("cssInclude", array()); if ($actionClass) { require_once PathManager::actionClass($actionClass); $tmpa1 = explode('/', $actionClass); $actionClassStripped = end($tmpa1); $action = new $actionClassStripped(); $classFile = $runData->getModuleClassPath(); if (!$action->isAllowed($runData)) { throw new WDPermissionException("Not allowed."); } $actionEvent = $runData->getActionEvent(); /*try{*/ if ($actionEvent != null) { $action->{$actionEvent}($runData); $logger->debug("processing action: {$actionClass}, event: {$actionEvent}"); } else { $logger->debug("processing action: {$actionClass}"); $action->perform($runData); } } // end action process // check if template has been changed by the module. if so... if ($template != $runData->getModuleTemplate()) { $classFile = $runData->getModuleClassPath(); $className = $runData->getModuleClassName(); $logger->debug("processing template: " . $runData->getModuleTemplate() . ", class: {$className}"); require_once $classFile; $module = new $className(); } $module->setTemplate($template); $rendered = $module->render($runData); $jsInclude = $runData->getTemp("jsInclude"); $jsInclude = array_merge($jsInclude, $module->getExtraJs()); $runData->setTemp("jsInclude", $jsInclude); $cssInclude = $runData->getTemp("cssInclude"); $cssInclude = array_merge($cssInclude, $module->getExtraCss()); $runData->setTemp("cssInclude", $cssInclude); } catch (ProcessException $e) { $db = Database::connection(); $db->rollback(); $runData->ajaxResponseAdd("message", $e->getMessage()); $runData->ajaxResponseAdd("status", $e->getStatus()); $runData->setModuleTemplate(null); $template = null; } catch (WDPermissionException $e) { $db = Database::connection(); $db->rollback(); $runData->ajaxResponseAdd("message", $e->getMessage()); $runData->ajaxResponseAdd("status", "no_permission"); $runData->setModuleTemplate(null); $template = null; } catch (Exception $e) { $db = Database::connection(); $db->rollback(); $runData->ajaxResponseAdd("message", _("An error occured while processing the request.") . ' ' . $e->getMessage()); $runData->ajaxResponseAdd("status", "not_ok"); $runData->setModuleTemplate(null); $template = null; // LOG ERROR TOO!!! $logger = OzoneLogger::instance(); $logger->error("Exception caught while processing ajax module:\n\n" . $e->__toString()); } $rVars = $runData->getAjaxResponse(); if ($rendered != null) { // process modules... $moduleProcessor = new ModuleProcessor($runData); $out = $moduleProcessor->process($rendered); $rVars['body'] = $out; // check the javascript files for inclusion } if ($template != null && $template != "Empty") { $jsInclude = $runData->getTemp("jsInclude"); if ($module->getIncludeDefaultJs()) { $file = WIKIDOT_ROOT . '/' . GlobalProperties::$MODULES_JS_PATH . '/' . $template . '.js'; if (file_exists($file)) { $url = GlobalProperties::$MODULES_JS_URL . '/' . $template . '.js'; $incl = $url; $jsInclude[] = $incl; } } $rVars['jsInclude'] = $jsInclude; $cssInclude = $runData->getTemp("cssInclude"); if ($module->getIncludeDefaultCss()) { $file = WIKIDOT_ROOT . '/' . GlobalProperties::$MODULES_CSS_PATH . '/' . $template . '.css'; if (file_exists($file)) { $url = GlobalProperties::$MODULES_CSS_URL . '/' . $template . '.css'; $incl = $url; $cssInclude[] = $incl; } } $rVars['cssInclude'] = $cssInclude; } // specify (copy) jscallback. ugly, right? ;-) $rVars['callbackIndex'] = $callbackIndex; $json = new JSONService(); $out = $json->encode($rVars); $runData->handleSessionEnd(); echo $out; }
/** * read wikidot.ini file * set some default values * calculate other values */ public static function init() { self::$iniConfig = parse_ini_file(WIKIDOT_ROOT . "/conf/wikidot.ini", true); // main settings self::$WIKI_FARM = self::fromIni("main", "wiki_farm", false); self::$HTTP_PORT = self::fromIni("main", "port", 8080); if (self::$WIKI_FARM) { self::$SERVICE_NAME = self::fromIni("main", "service"); //no default self::$URL_DOMAIN = self::fromIni("main", "domain", "singlewiki.wikidot.dev"); self::$URL_HOST = self::fromIni("main", "main_wiki", "www." . self::$URL_DOMAIN); } else { self::$SERVICE_NAME = ""; self::$URL_DOMAIN = self::fromIni("main", "domain", "singlewiki.wikidot.dev"); self::$URL_HOST = self::fromIni("main", "main_wiki", "www." . self::$URL_DOMAIN); } // security settings self::$SECRET = self::fromIni("security", "secret", self::fromFile('secret')); self::$USE_SSL = self::fromIni("security", "ssl", false); self::$SECRET_DOMAIN_LOGIN = self::fromIni("security", "secret_login", self::$SECRET . "_custom_domain_login"); self::$USE_UPLOAD_DOMAIN = self::fromIni("security", "upload_separate_domain", false); self::$URL_UPLOAD_DOMAIN = self::fromIni("security", "upload_domain", "wd.files." . self::$URL_DOMAIN); self::$RESTRICT_HTML = self::fromIni("security", "upload_restrict_html", true); self::$SECRET_MANAGE_SUPERADMIN = self::fromIni("security", "secret_manage_superadmin", md5(self::$SECRET . '_super_admin')); // database settings self::$DATABASE_USER = self::fromIni("db", "user"); // no default! self::$DATABASE_PASSWORD = self::fromIni("db", "password"); // no default! self::$DATABASE_NAME = self::fromIni("db", "database"); // no default! self::$DATABASE_SERVER = self::fromIni("db", "host", "127.0.0.1"); self::$DATABASE_PORT = self::fromIni("db", "port", "5432"); // search settings self::$SEARCH_LUCENE_INDEX = self::fromIni("search", "lucene_index", WIKIDOT_ROOT . "/tmp/lucene_index"); self::$SEARCH_LUCENE_QUEUE = self::fromIni("search", "lucene_queue", WIKIDOT_ROOT . "/tmp/lucene_queue"); self::$SEARCH_LUCENE_LOCK = self::fromIni("search", "lucene_lock", WIKIDOT_ROOT . "/tmp/lucene_lock"); self::$SEARCH_HIGHLIGHT = self::fromIni("search", "highlight", false); self::$SEARCH_USE_JAVA = self::fromIni("search", "use_java", false); // mail settings self::$DEFAULT_SMTP_HOST = self::fromIni("mail", "host", "127.0.0.1"); self::$DEFAULT_SMTP_SECURE = self::fromIni("mail", "ssl", false) ? "ssl" : ""; self::$DEFAULT_SMTP_PORT = self::fromIni("mail", "port", self::$DEFAULT_SMTP_SECURE == "ssl" ? 465 : 25); self::$DEFAULT_SMTP_USER = self::fromIni("mail", "user", "admin"); self::$DEFAULT_SMTP_PASSWORD = self::fromIni("mail", "password", ""); self::$DEFAULT_SMTP_AUTH = self::fromIni("mail", "auth", false); self::$DEFAULT_SMTP_HOSTNAME = self::fromIni("mail", "hostname", self::$DEFAULT_SMTP_HOST); self::$DEFAULT_SMTP_FROM_EMAIL = self::fromIni("mail", "from_mail", strstr(self::$DEFAULT_SMTP_USER, "@") ? self::$DEFAULT_SMTP_USER : self::$DEFAULT_SMTP_USER . "@" . self::$DEFAULT_SMTP_HOSTNAME); self::$DEFAULT_SMTP_FROM_NAME = self::fromIni("mail", "from_name", self::$SERVICE_NAME . " Mailer"); self::$DEFAULT_SMTP_REPLY_TO = self::fromIni("mail", "reply_to", "no-reply@" . self::$DEFAULT_SMTP_HOSTNAME); self::$DEFAULT_SMTP_SENDER = self::fromIni("mail", "sender", self::$DEFAULT_SMTP_FROM_EMAIL); self::$SUPPORT_EMAIL = self::fromIni("mail", "support", self::$DEFAULT_SMTP_FROM_EMAIL); // memcache settings self::$USE_MEMCACHE = self::fromIni("memcached", "enable", false); self::$MEMCACHE_HOST = self::fromIni("memcached", "host", "127.0.0.1"); self::$MEMCACHE_PORT = self::fromIni("memcached", "port", 11211); // session settings self::$SESSION_TIMEOUT = self::fromIni("session", "timeout", 3600); self::$SESSION_COOKIE_NAME = self::fromIni("session", "cookie_name", "WIKIDOT_SESSION_ID"); self::$SESSION_COOKIE_SECURE = self::fromIni("session", "cookie_ssl", false); self::$SESSION_COOKIE_NAME_IE = self::fromIni("session", "ie_cookie_name", self::$SESSION_COOKIE_NAME . "_IE"); // ui settings self::$UI_SLEEP = self::fromIni("ui", "sleep", true); self::$DEFAULT_LANGUAGE = self::fromIni("ui", "language", "en"); // log settings self::$LOGGER_LEVEL = self::fromIni("log", "level", "fatal"); self::$LOGGER_FILE = self::fromIni("log", "file", "wikidot.log"); // TODO: use this setting // other settings self::$CACHE_FILES_FOR = self::fromIni("misc", "cache_files_for", 0); self::$URL_DOCS = self::fromIni("misc", "doc_url", "http://www.wikidot.org/doc"); self::$IP_HOST = self::fromIni("misc", "ip", "127.0.0.1"); self::$USE_CUSTOM_DOMAINS = self::fromIni("misc", "custom_domains", false); self::$MODULES_JS_PATH = self::fromIni("misc", "modules_js_path", "web/files--common/modules/js"); self::$MODULES_JS_URL = self::fromIni("misc", "modules_js_url", "/common--modules/js"); self::$MODULES_CSS_PATH = self::fromIni("misc", "modules_css_path", "web/files--common/modules/css"); self::$MODULES_CSS_URL = self::fromIni("misc", "modules_css_url", "/common--modules/css"); self::$XSENDFILE_USE = self::fromIni("misc", "xsendfile", false); self::$XSENDFILE_HEADER = self::fromIni("misc", "xsendfile_header", "X-LIGHTTPD-send-file"); // non-configurable properties self::$DATABASE_TYPE = "pgsql"; self::$DATABASE_USE_PERSISTENT_CONNECTIONS = false; self::$SESSION_COOKIE_DOMAIN = "." . self::$URL_DOMAIN; self::$DEFAULT_SKIN = "default"; self::$URL_HOST_PREG = preg_quote(self::$URL_HOST); self::$URL_DOMAIN_PREG = preg_quote(self::$URL_DOMAIN); self::$URL_UPLOAD_DOMAIN_PREG = preg_quote(self::$URL_UPLOAD_DOMAIN); }
/** * Initializes a RunData object. */ public function init() { $parameterList = new ParameterList(); $parameterList->initParameterList($this); $this->parameterList = $parameterList; $this->setTemplateFromParameterList(); //set action $action = $this->parameterList->getParameterValue('action'); $parameterArray = $this->parameterList->asArray(); // now parse some importand parameters: language, skin if ($parameterArray["lang"] != null) { $this->language = $parameterArray["lang"]; } else { $this->language = GlobalProperties::$DEFAULT_LANGUAGE; } if ($parameterArray["skin"] != null) { $this->page->setSkin($parameterArray["skin"]); } if ($action !== null && preg_match('/^[a-z0-9_\\/]+$/i', $action) == 1) { $this->parameterList->delParameter['action']; $this->action = str_replace("__", "/", $action); // set action event // this on is more complicated - extract event from a key in the parameter list // of the form event_someevent //first check if event=foobar is present foreach ($parameterArray as $key => $value) { if ($key == 'event') { $this->actionEvent = $value . 'Event'; } } foreach ($parameterArray as $key => $value) { if (ereg('event_', $key)) { $this->actionEvent = str_replace('event_', '', $key) . 'Event'; break; } } } if (!preg_match(';\\.' . GlobalProperties::$URL_DOMAIN_PREG . '$;', $_SERVER['HTTP_HOST'])) { GlobalProperties::$SESSION_COOKIE_NAME .= "_" . substr(md5($_SERVER['HTTP_HOST']), 3, 8); GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $_SERVER['HTTP_HOST']; } // initialize cookies... $this->cookies = $_COOKIE; // store original request uri and request method: $this->requestUri = $_SERVER['REQUEST_URI']; $this->requestMethod = $_SERVER['REQUEST_METHOD']; }
public function process() { global $timeStart; // quick fix to prevent recursive RSS access by Wikidot itself. if (strpos($_SERVER['HTTP_USER_AGENT'], 'MagpieRSS') !== false) { exit; } // initialize logging service $logger = OzoneLogger::instance(); $loggerFileOutput = new OzoneLoggerFileOutput(); $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log"); $logger->addLoggerOutput($loggerFileOutput); $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL); $logger->debug("request processing started, logger initialized"); Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); $logger->debug("RunData object created and initialized"); // check if site (wiki) exists! $siteHost = $_SERVER["HTTP_HOST"]; $memcache = Ozone::$memcache; if (preg_match("/^([a-zA-Z0-9\\-]+)\\." . GlobalProperties::$URL_DOMAIN_PREG . "\$/", $siteHost, $matches) == 1) { $siteUnixName = $matches[1]; // select site based on the unix name // check memcached first! $mcKey = 'site..' . $siteUnixName; $site = $memcache->get($mcKey); if (!$site) { $c = new Criteria(); $c->add("unix_name", $siteUnixName); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); if ($site) { $memcache->set($mcKey, $site, 0, 864000); } } } else { // select site based on the custom domain $mcKey = 'site_cd..' . $siteHost; $site = $memcache->get($mcKey); if (!$site) { $c = new Criteria(); $c->add("custom_domain", $siteHost); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); if ($site) { $memcache->set($mcKey, $site, 0, 3600); } } if (!$site) { // check for redirects $c = new Criteria(); $q = "SELECT site.* FROM site, domain_redirect WHERE domain_redirect.url='" . db_escape_string($siteHost) . "' " . "AND site.deleted = false AND site.site_id = domain_redirect.site_id LIMIT 1"; $c->setExplicitQuery($q); $site = DB_SitePeer::instance()->selectOne($c); if ($site) { $newUrl = 'http://' . $site->getDomain() . $_SERVER['REQUEST_URI']; header("HTTP/1.1 301 Moved Permanently"); header("Location: " . $newUrl); exit; } } GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $siteHost; } if (!$site) { $content = file_get_contents(WIKIDOT_ROOT . "/files/site_not_exists.html"); echo $content; return $content; } $runData->setTemp("site", $site); //nasty global thing... $GLOBALS['siteId'] = $site->getSiteId(); $GLOBALS['site'] = $site; // set language $lang = $site->getLanguage(); $runData->setLanguage($lang); $GLOBALS['lang'] = $lang; // and for gettext too: switch ($lang) { case 'pl': $glang = "pl_PL"; break; case 'en': $glang = "en_US"; break; } putenv("LANG={$glang}"); putenv("LANGUAGE={$glang}"); setlocale(LC_ALL, $glang . '.UTF-8'); // Set the text domain as 'messages' $gdomain = 'messages'; bindtextdomain($gdomain, WIKIDOT_ROOT . '/locale'); textdomain($gdomain); $settings = $site->getSettings(); // handle SSL $sslMode = $settings->getSslMode(); if ($_SERVER['HTTPS']) { if (!$sslMode) { // not enabled, redirect to http: header("HTTP/1.1 301 Moved Permanently"); header("Location: " . 'http://' . $_SERVER["HTTP_HOST"] . $_SERVER['REQUEST_URI']); exit; } elseif ($sslMode == "ssl_only_paranoid") { // use secure authentication cookie // i.e. change authentication scheme GlobalProperties::$SESSION_COOKIE_NAME = "WIKIDOT_SESSION_SECURE_ID"; GlobalProperties::$SESSION_COOKIE_SECURE = true; } } else { // page accessed via http (nonsecure) switch ($sslMode) { case 'ssl': //enabled, but nonsecure allowed too. break; case 'ssl_only_paranoid': case 'ssl_only': header("HTTP/1.1 301 Moved Permanently"); header("Location: " . 'https://' . $_SERVER["HTTP_HOST"] . $_SERVER['REQUEST_URI']); exit; break; } } // handle session at the begging of procession $runData->handleSessionStart(); $template = $runData->getScreenTemplate(); $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); $logger->debug("OZONE initialized"); $logger->info("Ozone engines successfully initialized"); $rendered = $screen->render($runData); if ($rendered != null) { $runData->setTemp("jsInclude", array()); // process modules... $moduleProcessor = new ModuleProcessor($runData); //$moduleProcessor->setJavascriptInline(true); // embed associated javascript files in <script> tags $moduleProcessor->setCssInline(true); $rendered = $moduleProcessor->process($rendered); $jss = $runData->getTemp("jsInclude"); $jss = array_unique($jss); $incl = ''; foreach ($jss as $js) { $incl .= '<script type="text/javascript" src="' . $js . '"></script>'; } $rendered = preg_replace(';</head>;', $incl . '</head>', $rendered); } $runData->handleSessionEnd(); // one more thing - some url will need to be rewritten if using HTTPS if ($_SERVER['HTTPS']) { // ? // scripts $rendered = preg_replace(';<script(.*?)src="http://' . GlobalProperties::$URL_HOST_PREG . '(.*?)</script>;s', '<script\\1src="https://' . GlobalProperties::$URL_HOST . '\\2</script>', $rendered); $rendered = preg_replace(';<link(.*?)href="http://' . GlobalProperties::$URL_HOST_PREG . '(.*?)/>;s', '<link\\1href="https://' . GlobalProperties::$URL_HOST . '\\2/>', $rendered); $rendered = preg_replace(';(<img\\s+.*?src=")http(://' . GlobalProperties::$URL_HOST_PREG . '(.*?)/>);s', '\\1https\\2', $rendered); do { $renderedOld = $rendered; $rendered = preg_replace(';(<style\\s+[^>]*>.*?@import url\\()http(://' . GlobalProperties::$URL_HOST_PREG . '.*?</style>);si', '\\1https\\2', $rendered); } while ($renderedOld != $rendered); } if (GlobalProperties::$SEARCH_HIGHLIGHT) { $rendered = Wikidot_Search_Highlighter::highlightIfSuitable($rendered, $_SERVER["REQUEST_URI"], $_SERVER["HTTP_REFERER"]); } echo str_replace("%%%CURRENT_TIMESTAMP%%%", time(), $rendered); return $rendered; }
* http://www.wikidot.org/license * * @category Wikidot * @package Wikidot * @version $Id$ * @copyright Copyright (c) 2008, Wikidot Inc. * @license http://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License */ if (!defined('WIKIDOT_SETUP_COMPLETED')) { // assume that computer's clock runs in UTC putenv("TZ=UTC"); if (function_exists('date_default_timezone_set')) { date_default_timezone_set('UTC'); } // add settings for error-reporting error_reporting(E_ALL & ~E_NOTICE); // hardcode ;-) // determine WIKIDOT_ROOT directory if (!defined('WIKIDOT_ROOT')) { define('WIKIDOT_ROOT', dirname(dirname(__FILE__))); define('OZONE_ROOT', WIKIDOT_ROOT . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR . 'ozone'); } require_once WIKIDOT_ROOT . DIRECTORY_SEPARATOR . "php/utils/GlobalProperties.php"; require_once WIKIDOT_ROOT . DIRECTORY_SEPARATOR . "lib/ozone/php/core/functions.php"; require_once WIKIDOT_ROOT . DIRECTORY_SEPARATOR . "lib/ozone/php/core/autoload.inc.php"; if (!GlobalProperties::$WIKI_FARM) { $_SERVER['HTTP_HOST'] = GlobalProperties::$URL_HOST; GlobalProperties::$SESSION_COOKIE_DOMAIN = null; } define('WIKIDOT_SETUP_COMPLETED', true); }
public function process() { // initialize logging service $logger = OzoneLogger::instance(); $loggerFileOutput = new OzoneLoggerFileOutput(); $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log"); $logger->addLoggerOutput($loggerFileOutput); $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL); $logger->debug("Feed request processing started, logger initialized"); Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); $logger->debug("RunData object created and initialized"); // check if site (wiki) exists! $siteHost = $_SERVER["HTTP_HOST"]; $memcache = Ozone::$memcache; if (preg_match("/^([a-zA-Z0-9\\-]+)\\." . GlobalProperties::$URL_DOMAIN . "\$/", $siteHost, $matches) == 1) { $siteUnixName = $matches[1]; // select site based on the unix name // check memcached first! // the memcache block is to avoid database connection if possible $mcKey = 'site..' . $siteUnixName; $site = $memcache->get($mcKey); if ($site == false) { $c = new Criteria(); $c->add("unix_name", $siteUnixName); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); $memcache->set($mcKey, $site, 0, 3600); } } else { // select site based on the custom domain $mcKey = 'site_cd..' . $siteHost; $site = $memcache->get($mcKey); if ($site == false) { $c = new Criteria(); $c->add("custom_domain", $siteHost); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); $memcache->set($mcKey, $site, 0, 3600); } GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $siteHost; } if ($site == null) { $content = file_get_contents(WIKIDOT_ROOT . "/files/site_not_exists.html"); echo $content; return $content; } $runData->setTemp("site", $site); //nasty global thing... $GLOBALS['siteId'] = $site->getSiteId(); $GLOBALS['site'] = $site; // set language $lang = $site->getLanguage(); $runData->setLanguage($lang); $GLOBALS['lang'] = $lang; // and for gettext too: switch ($lang) { case 'pl': $glang = "pl_PL"; break; case 'en': $glang = "en_US"; break; } putenv("LANG={$glang}"); putenv("LANGUAGE={$glang}"); setlocale(LC_ALL, $glang . '.UTF-8'); $settings = $site->getSettings(); // handle SSL $sslMode = $settings->getSslMode(); if ($_SERVER['HTTPS']) { if (!$sslMode) { // not enabled, redirect to http: echo _("Secure access is not enabled for this Wiki."); exit; } } $template = $runData->getScreenTemplate(); $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); // check if requires authentication if ($screen->getRequiresAuthentication() || $site->getPrivate()) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $user = null; if ($username !== null && $password !== null) { $user = SecurityManager::getUserByName($username); if ($user) { $upass = md5("feed_hashed_password_" . $user->getPassword()); $upass = substr($upass, 0, 15); if ($upass !== $password) { $user = null; } } } if ($site->getPrivate()) { if ($user && !$user->getSuperAdmin() && !$user->getSuperModerator()) { // check if member $c = new Criteria(); $c->add("site_id", $site->getSiteId()); $c->add("user_id", $user->getUserId()); $mem = DB_MemberPeer::instance()->selectOne($c); if (!$mem) { // check if a viewer $c = new Criteria(); $c->add("site_id", $site->getSiteId()); $c->add("user_id", $user->getUserId()); $vi = DB_SiteViewerPeer::instance()->selectOne($c); if (!$vi) { $user = null; } } } } if ($user == null) { header('WWW-Authenticate: Basic realm="Private"'); header('HTTP/1.0 401 Unauthorized'); header('Content-type: text/plain; charset=utf-8'); echo _("This is a private feed. User authentication required via Basic HTTP Authentication. You can not access it. Please go to 'Account settings' -> 'Notifications' to get the password if you believe you should be allowed."); exit; } $runData->setTemp("user", $user); } $logger->debug("OZONE initialized"); $logger->info("Ozone engines successfully initialized"); $rendered = $screen->render($runData); echo str_replace("%%%CURRENT_TIMESTAMP%%%", time(), $rendered); return $rendered; }
public function process() { global $timeStart; // initialize logging service $logger = OzoneLogger::instance(); $loggerFileOutput = new OzoneLoggerFileOutput(); $loggerFileOutput->setLogFileName(WIKIDOT_ROOT . "/logs/ozone.log"); $logger->addLoggerOutput($loggerFileOutput); $logger->setDebugLevel(GlobalProperties::$LOGGER_LEVEL); $logger->debug("request processing started, logger initialized"); Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); $logger->debug("RunData object created and initialized"); // check if site (wiki) exists! $siteHost = $_SERVER["HTTP_HOST"]; $memcache = Ozone::$memcache; if (preg_match("/^([a-zA-Z0-9\\-]+)\\." . GlobalProperties::$URL_DOMAIN_PREG . "\$/", $siteHost, $matches) == 1) { $siteUnixName = $matches[1]; // select site based on the unix name // check memcached first! // the memcache block is to avoid database connection if possible $mcKey = 'site..' . $siteUnixName; $site = $memcache->get($mcKey); if ($site == false) { $c = new Criteria(); $c->add("unix_name", $siteUnixName); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); $memcache->set($mcKey, $site, 0, 3600); } } else { // select site based on the custom domain $mcKey = 'site_cd..' . $siteHost; $site = $memcache->get($mcKey); if ($site == false) { $c = new Criteria(); $c->add("custom_domain", $siteHost); $c->add("site.deleted", false); $site = DB_SitePeer::instance()->selectOne($c); $memcache->set($mcKey, $site, 0, 3600); } GlobalProperties::$SESSION_COOKIE_DOMAIN = '.' . $siteHost; } if ($site == null) { $runData->setScreenTemplate("wiki/SiteNotFound"); exit(1); } else { $runData->setTemp("site", $site); //nasty global thing... $GLOBALS['siteId'] = $site->getSiteId(); $GLOBALS['site'] = $site; } // set language $runData->setLanguage($site->getLanguage()); $GLOBALS['lang'] = $site->getLanguage(); // and for gettext too: $lang = $site->getLanguage(); switch ($lang) { case 'pl': $glang = "pl_PL"; break; case 'en': $glang = "en_US"; break; } putenv("LANG={$glang}"); putenv("LANGUAGE={$glang}"); setlocale(LC_ALL, $glang . '.UTF-8'); // Set the text domain as 'messages' $gdomain = 'messages'; bindtextdomain($gdomain, WIKIDOT_ROOT . '/locale'); textdomain($gdomain); $settings = $site->getSettings(); // handle SSL $sslMode = $settings->getSslMode(); if ($_SERVER['HTTPS']) { if (!$sslMode) { // not enabled, issue an errorr throw new ProcessException(_("Secure access is not enabled for this Wiki.")); } elseif ($sslMode == "ssl_only_paranoid") { // use secure authentication cookie // i.e. change authentication scheme GlobalProperties::$SESSION_COOKIE_NAME = "WIKIDOT_SESSION_SECURE_ID"; GlobalProperties::$SESSION_COOKIE_SECURE = true; } } else { // page accessed via http (nonsecure) switch ($sslMode) { case 'ssl': //enabled, but nonsecure allowed too. break; case 'ssl_only_paranoid': case 'ssl_only': throw new ProcessException(_("Nonsecure access is not enabled for this Wiki.")); break; } } // handle session at the begging of procession $runData->handleSessionStart(); $template = $runData->getScreenTemplate(); $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); // screen security check if (!$screen->isAllowed($runData)) { if ($classFile == $runData->getScreenClassPath()) { $runData->setScreenTemplate("errors/NotAllowed"); } else { // $screen->isAllowed() should set the error template!!! if not - // default NotAllowed is used // reload the class again - we do not want the unsecure screen to render! $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); $runData->setAction(null); } } // PROCESS ACTION $actionClass = $runData->getAction(); $logger->debug("processing action {$actionClass}"); while ($actionClass != null) { require_once PathManager::actionClass($actionClass); $tmpa1 = explode('/', $actionClass); $actionClassStripped = end($tmpa1); $action = new $actionClassStripped(); $classFile = $runData->getScreenClassPath(); if (!$action->isAllowed($runData)) { if ($classFile == $runData->getScreenClassPath()) { $runData->setScreenTemplate("errors/NotAllowed"); } // $action->isAllowed() should set the error template!!! if not - // default NotAllowed is used break; } $actionEvent = $runData->getActionEvent(); if ($actionEvent != null) { $action->{$actionEvent}($runData); $logger->debug("processing action: {$actionClass}, event: {$actionEvent}"); } else { $logger->debug("processing action: {$actionClass}"); $action->perform($runData); } // this is in case action changes the action name so that // the next action can be executed. if ($runData->getNextAction() != null) { $actionClass = $runData->getNextAction(); $runData->setAction($actionClass); $runData->setActionEvent($runData->getNextActionEvent()); } else { $actionClass = null; } } // end action process // check if template has been changed by the action. if so... if ($template != $runData->getScreenTemplate) { $classFile = $runData->getScreenClassPath(); $className = $runData->getScreenClassName(); $logger->debug("processing template: " . $runData->getScreenTemplate() . ", class: {$className}"); require_once $classFile; $screen = new $className(); } $rendered = $screen->render($runData); if ($rendered != null) { $moduleProcessor = new ModuleProcessor($runData); $moduleProcessor->setJavascriptInline(true); // embed associated javascript files in <script> tags $moduleProcessor->setCssInline(true); $rendered = $moduleProcessor->process($rendered); } $runData->handleSessionEnd(); // one more thing - some url will need to be rewritten if using HTTPS if ($_SERVER['HTTPS']) { // ? // scripts $rendered = preg_replace(';<script(.*?)src="http://' . GlobalProperties::$URL_HOST_PREG . '(.*?)</script>;s', '<script\\1src="https://' . GlobalProperties::$URL_HOST . '\\2</script>', $rendered); $rendered = preg_replace(';<link(.*?)href="http://' . GlobalProperties::$URL_HOST_PREG . '(.*?)/>;s', '<link\\1href="https://' . GlobalProperties::$URL_HOST . '\\2/>', $rendered); $rendered = preg_replace(';(<img\\s+.*?src=")http(://' . GlobalProperties::$URL_HOST_PREG . '(.*?)/>);s', '\\1https\\2', $rendered); do { $renderedOld = $rendered; $rendered = preg_replace(';(<style\\s+[^>]*>.*?@import url\\()http(://' . GlobalProperties::$URL_HOST_PREG . '.*?</style>);si', '\\1https\\2', $rendered); } while ($renderedOld != $rendered); } echo $rendered; }