public function doGet(WebAppRequest $req, WebAppResponse $res) { $resource = substr(\Innomatic\Webapp\WebAppContainer::instance('\\Innomatic\\Webapp\\WebAppContainer')->getCurrentWebApp()->getHome(), 0, -1) . $req->getPathInfo(); // If this is a directory, check that a welcome file exists if (is_dir($resource)) { $this->welcomeFiles = \Innomatic\Webapp\WebAppContainer::instance('\\Innomatic\\Webapp\\WebAppContainer')->getCurrentWebApp()->getWelcomeFiles(); $path = $this->getRelativePath($req); $welcomeFile = $this->findWelcomeFile($path); if ($welcomeFile != null) { $resource = $resource . $welcomeFile; } else { $res->sendError(WebAppResponse::SC_FORBIDDEN, $req->getRequestURI()); return; } } // Make sure that this path exists on disk if ($req->getPathInfo() == '/index' or !file_exists($resource . '.php')) { $res->sendError(WebAppResponse::SC_NOT_FOUND, $req->getRequestURI()); return; } // Core directory is private if (substr($req->getPathInfo(), 0, 6) == '/core/') { $res->sendError(WebAppResponse::SC_FORBIDDEN, $req->getRequestURI()); return; } // Resource must reside inside the webapp if (\Innomatic\Security\SecurityManager::isAboveBasePath($resource, \Innomatic\Webapp\WebAppContainer::instance('\\Innomatic\\Webapp\\WebAppContainer')->getCurrentWebApp()->getHome())) { $res->sendError(WebAppResponse::SC_FORBIDDEN, $req->getRequestURI()); return; } include $resource . '.php'; }
/** * Reports errors */ public function report(WebAppRequest $req, WebAppResponse $res) { $statusReportsTree = simplexml_load_file(\Innomatic\Core\RootContainer::instance('\\Innomatic\\Core\\RootContainer')->getHome() . 'innomatic/core/conf/webapp/statusreports.xml'); $statusReports = array(); foreach ($statusReportsTree->status as $status) { $statusReports[sprintf('%s', $status->statuscode)] = sprintf('%s', $status->statusreport); } $tpl = new \Innomatic\Php\PHPTemplate(\Innomatic\Core\RootContainer::instance('\\Innomatic\\Core\\RootContainer')->getHome() . 'innomatic/core/conf/webapp/report.tpl.php'); $tpl->set('status_code', $res->getStatus()); $tpl->set('message', htmlspecialchars($res->getMessage())); $tpl->set('report', str_replace('{0}', $res->getMessage(), isset($statusReports[$res->getStatus()]) ? $statusReports[$res->getStatus()] : '')); $tpl->set('title', $req->getServerName()); $tpl->set('server_info', $req->getServerName()); $tpl->set('e', $res->getException()); $res->startBuffer(); echo $tpl->parse(); $res->flushBuffer(); }
protected function serveResource(WebAppRequest $request, WebAppResponse $response, $content) { //$webAppPath = $request->getUrlPath(); // identify the requested resource path $path = $this->getRelativePath($request); $resource = substr(\Innomatic\Webapp\WebAppContainer::instance('\\Innomatic\\Webapp\\WebAppContainer')->getCurrentWebApp()->getHome(), 0, -1) . $path; // make sure that this path exists on disk if (!file_exists($resource)) { $response->sendError(WebAppResponse::SC_NOT_FOUND, $request->getRequestURI()); return; } // if this is a directory, first check welcome files...if that fails // see if we can do a listing if (is_dir($resource)) { $welcomeFile = $this->findWelcomeFile($path); if ($welcomeFile != null) { $response->sendRedirect($this->getURL($request, $welcomeFile)); $response->flushBuffer(); return; } if ($this->listings == 'false') { $response->sendError(WebAppResponse::SC_FORBIDDEN, $request->getRequestURI()); return; } else { if ($content) { // serve up the directory listing $response->setContentType('text/html'); echo $this->renderListing($request, $webAppPath, $path, $resource); return; } } } if ($content) { // we are serving up an actual file here, which we know exists $contentType = \Innomatic\Webapp\WebAppContainer::instance('\\Innomatic\\Webapp\\WebAppContainer')->getCurrentWebApp()->getMimeType($resource); if (!is_null($contentType)) { $response->setContentType($contentType); } $response->addDateHeader('Last-Modified', filemtime($resource)); readfile($resource); } }