Esempio n. 1
0
 /**
  * Routes the specified web request by setting the controller name, action and possible
  * parameters. If the request could not be routed, it will be left untouched.
  *
  * @param \F3\FLOW3\MVC\Web\Request $request The web request to be analyzed. Will be modified by the router.
  * @return void
  * @author Robert Lemke <*****@*****.**>
  * @author Bastian Waidelich <*****@*****.**>
  * @author Karsten Dambekalns <*****@*****.**>
  */
 public function route(\F3\FLOW3\MVC\Web\Request $request)
 {
     $this->request = $request;
     $requestPath = $this->request->getRequestPath();
     $matchResults = $this->findMatchResults($requestPath);
     if ($matchResults !== NULL) {
         $this->setControllerKeysAndFormat($matchResults);
         foreach ($matchResults as $argumentName => $argumentValue) {
             if ($argumentName[0] !== '@') {
                 $this->request->setArgument($argumentName, $argumentValue);
             }
         }
     }
     $this->setControllerKeysAndFormat($this->request->getArguments());
 }
Esempio n. 2
0
 /**
  * Builds the URI
  *
  * @return string The URI
  * @api
  * @author Bastian Waidelich <*****@*****.**>
  */
 public function build()
 {
     $arguments = array();
     if ($this->addQueryString === TRUE) {
         $arguments = $this->request->getArguments();
         foreach ($this->argumentsToBeExcludedFromQueryString as $argumentToBeExcluded) {
             unset($arguments[$argumentToBeExcluded]);
         }
     }
     $arguments = \F3\FLOW3\Utility\Arrays::arrayMergeRecursiveOverrule($arguments, $this->arguments);
     $uri = $this->router->resolve($arguments);
     $this->lastArguments = $arguments;
     if ($this->section !== '') {
         $uri .= '#' . $this->section;
     }
     if (!$this->environment->isRewriteEnabled()) {
         $uri = 'index.php/' . $uri;
     }
     if ($this->createAbsoluteUri === TRUE) {
         $uri = $this->request->getBaseUri() . $uri;
     }
     return $uri;
 }
Esempio n. 3
0
 /**
  * Verify the request. Checks if there is an __hmac argument, and if yes, tries to validate and verify it.
  *
  * In the end, $request->setHmacVerified is set depending on the value.
  * @param \F3\FLOW3\MVC\Web\Request $request The request to verify
  * @return void
  * @author Sebastian Kurfürst <*****@*****.**>
  */
 public function verifyRequest(\F3\FLOW3\MVC\Web\Request $request)
 {
     if (!$request->hasArgument('__hmac')) {
         $request->setHmacVerified(FALSE);
         return;
     }
     $hmac = $request->getArgument('__hmac');
     if (strlen($hmac) < 40) {
         throw new \F3\FLOW3\Security\Exception\SyntacticallyWrongRequestHashException('Request hash too short. This is a probably manipulation attempt!', 1255089361);
     }
     $serializedFieldNames = substr($hmac, 0, -40);
     // TODO: Constant for hash length needs to be introduced
     $hash = substr($hmac, -40);
     if ($this->hashService->validateHmac($serializedFieldNames, $hash)) {
         $requestArguments = $request->getArguments();
         // Unset framework arguments
         unset($requestArguments['__referrer']);
         unset($requestArguments['__hmac']);
         if ($this->checkFieldNameInclusion($requestArguments, unserialize($serializedFieldNames))) {
             $request->setHmacVerified(TRUE);
         } else {
             $request->setHmacVerified(FALSE);
         }
     } else {
         $request->setHmacVerified(FALSE);
     }
 }