/** * Configures the in-built session. * * A value of 'private' for the cache limiter prevents 'page has expired' * warnings and enables client caching of session pages. However, it should * not be used with POST forms or other content that should not be cached * by the client. The default is to disallow all caching. * * @see http://shiflett.org/articles/how-to-avoid-page-has-expired-warnings * @param string $name session name * @param string $dir directory to save session files in * @param bool $https_only maintain session for https requests only * @param T_Url $url root url for session (if on shared host) * @param string $cache_limiter caching type ('nocache' by default) * @param int $cache_expire cache expiry (mins) */ function __construct($name = 'sid', $dir = null, $https_only = false, T_Url $url = null, $cache_limiter = 'nocache', $cache_expire = 30) { // use cookies only ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); // set session name session_name($name); // setup cookie parameters if ($url) { $path = '/'; if (count($url->getPath()) > 0) { $path .= implode('/', $url->getPath()) . '/'; } $domain = $url->getHost(); // remove any 'www.' prefix subdomain as not relevant, and take off // any port information. if (strncasecmp('www.', $domain, 4) === 0) { $domain = substr($domain, 4); } if (($pos = strpos($domain, ':')) !== false) { $domain = substr($domain, 0, $pos); } if (strpos($domain, '.') === false) { $domain = null; // HTTP protocol doesn't allow setting top level domains like // 'localhost' for security reasons } else { $domain = '.' . $domain; // prefix domain with dot to make sure it is // available on all sub-domains } } else { $path = '/'; $domain = null; } session_set_cookie_params(null, $path, $domain, $https_only); // set save path if ($dir) { session_save_path($dir); } else { $default = new T_File_Dir(T_CACHE_DIR . 'session'); session_save_path($default->__toString()); // it is not safe on shared hosts to store session files in shared // temporary dirs. Therefore by default store session files in // cache directory. } // configure caching session_cache_limiter($cache_limiter); session_cache_expire($cache_expire); }
/** * Create controller from previous context. * * This default controller action clones URL and subspace from the previous * controller context. If it is consuming the URL path (as is normal), it * shifts a single value out from the subspace and moves it onto its own URL. * Sometimes, the request is "delegated" sideways in the controller stack, and * in this case the controller simply takes over from the parent and does not * pop any bits off the pathname. * * @param T_Controller_Context $context context */ function __construct(T_Controller_Context $context) { $this->context = $context; $this->url = clone $context->getUrl(); $this->subspace = $context->getSubspace(); if (!$context->isDelegated()) { $name = array_shift($this->subspace); if (strlen($name) == 0) { throw new T_Exception_Controller('no subspace stack'); } $this->url->appendPath($name); } $this->coerceScheme($context->getCoerceScheme()); // inherit any scheme coerce }
/** * Prepare-filter forwards to get if form was present and valid. * * At this point, the request has not been sent, but has been created and is about to be. * If the request is valid, we want to skip out *before* the form is sent and simply * redirect. * * @param T_Response $response encapsulated response to filter */ protected function doPrepareFilter(T_Response $response) { if ($this->form->isPresent() && $this->form->isValid() && $this->forward) { // POST request is successful, therefore redirect to GET so the // back button cannot be used to repeat the request. $response->abort(); throw new T_Response_Redirect($this->forward->getUrl()); } }
/** * Render an embedded resource. * * At the moment, this renderer is setup to assume that all embedded resources are * images. However, this could be easily extended to handle video, and so on. * * @param T_Text_EmbeddedLink $element */ function visitTextResource(T_Text_Resource $node) { $escape = new T_Filter_Xhtml(); if ($node->isInternal()) { $url = $this->root_url->getUrl($escape) . $node->getUrl($escape); } else { $url = $node->getUrl($escape); } $this->xhtml .= '<img src="' . $url . '" alt="' . $node->getContent($this->filter) . '" />' . EOL; }
/** * Set a cookie. * * @param string $name cookie name * @param string $value cookie value * @param int $expires expiry time (UNIX time) * @param string $path path on which the cookie is available * @param string $domain domain on which cookie is available * @param bool $secure whether to only send the cookie over https */ function set($name, $value, $expires = null, $path = null, $domain = null, $secure = null) { // if domain/path is default (null), and a server document root value is // available, then we use that as these parameters. if (is_null($path) && is_null($domain) && $this->root) { $path = '/'; if (count($this->root->getPath()) > 0) { $path .= implode('/', $this->root->getPath()) . '/'; } $domain = $this->root->getHost(); // remove any 'www.' prefix subdomain as not relevant, and take off // any port information. if (strncasecmp('www.', $domain, 4) === 0) { $domain = substr($domain, 4); } if (($pos = strpos($domain, ':')) !== false) { $domain = substr($domain, 0, $pos); } if (strpos($domain, '.') === false) { $domain = null; // HTTP protocol doesn't allow setting top level domains like // 'localhost' for security reasons } else { $domain = '.' . $domain; // prefix domain with dot to make sure it is // available on all sub-domains } } elseif (strlen($domain) > 0 && strpos($domain, '.') === false) { $msg = "{$domain} is a TLD which HTTP protocol forbids in a cookie"; throw new InvalidArgumentException($msg); } if ($expires > time() || !is_int($expires)) { $this->data[$name] = $value; } else { // deleting cookie unset($this->data[$name]); $value = null; } $this->doCookieSet($name, $value, $expires, $path, $domain, $secure); return $this; }
/** * Create a URL. * * @param string $title title of the URL link * @param string $scheme URL scheme (e.g. http,https,etc.) * @param string $host URL host (e.g. subdomain.domain:port) * @param array $path URL path as a segment array * @param array $parameters URL parameters as name=>value pair array * @param string $fragment URL fragment (e.g. HTTP anchor value) */ function __construct($title, $scheme, $host, array $path = array(), array $parameters = array(), $fragment = null) { parent::__construct($scheme, $host, $path, $parameters, $fragment); $this->title = (string) $title; }