/** * Override base method to do some processing of incoming requests * * @param \CAction $action * * @return bool * @throws Exception */ protected function _beforeAction($action) { /** * fix the slash at the end, Yii removes trailing slash by default, * but it is needed in some APIs to determine file vs folder, etc. * 'rest/<service:[_0-9a-zA-Z-]+>/<resource:[_0-9a-zA-Z-\/. ]+>' */ $_path = $_service = FilterInput::get($_GET, 'path', null, FILTER_SANITIZE_STRING); $_resource = null; if (false !== ($_pos = strpos($_path, '/'))) { $_service = substr($_path, 0, $_pos); $_resource = $_pos < strlen($_path) ? substr($_path, $_pos + 1) : null; // // fix removal of trailing slashes from resource // if ( !empty( $this->_resource ) ) // { // $requestUri = Yii::app()->request->requestUri; // // if ( ( false === strpos( $requestUri, '?' ) && '/' === substr( $requestUri, strlen( $requestUri ) - 1, 1 ) ) || // ( '/' === substr( $requestUri, strpos( $requestUri, '?' ) - 1, 1 ) ) // ) // { // $this->_resource .= '/'; // } // } } return array($_service, $_resource); }
/** * */ public function actionGet() { $_service = FilterInput::get(INPUT_GET, 'service', ''); try { /** @var BaseFileSvc $_obj */ $_obj = ServiceHandler::getServiceObject($_service); switch ($_obj->getType()) { case 'Local File Storage': case 'Remote File Storage': $_fullPath = FilterInput::get(INPUT_GET, 'path', ''); if (!empty($_obj->privatePaths)) { // match path pieces to public accessible $_count = substr_count($_fullPath, '/'); $_pos = -1; for ($_ndx = 0; $_ndx < $_count; $_ndx++) { $_pos = strpos($_fullPath, '/', $_pos + 1); $_piece = substr($_fullPath, 0, $_pos) . '/'; if (false !== array_search($_piece, $_obj->privatePaths)) { $_statusHeader = 'HTTP/1.1 403 Forbidden. You have no access to this file or folder.'; header($_statusHeader); header('Content-Type: text/html'); Pii::end(); } } // check for full file path if (false !== array_search($_fullPath, $_obj->privatePaths)) { $_statusHeader = 'HTTP/1.1 403 Forbidden. You have no access to this file or folder.'; header($_statusHeader); header('Content-Type: text/html'); Pii::end(); } } $_container = substr($_fullPath, 0, strpos($_fullPath, '/')); $_path = ltrim(substr($_fullPath, strpos($_fullPath, '/') + 1), '/'); $_obj->streamFile($_container, $_path); Pii::end(); break; } $_statusHeader = 'HTTP/1.1 403 Forbidden. You have no access to this file or folder.'; header($_statusHeader); header('Content-Type: text/html'); Pii::end(); } catch (\Exception $ex) { die($ex->getMessage()); } }
/** * @return bool|string */ protected static function _checkExistingSession() { return FilterInput::cookie(self::CookiePrefix . 'session_id', false); }
/** * Handle inbound redirect from various services * * @throws DreamFactory\Platform\Exceptions\RestException */ public function actionAuthorize() { Log::debug('Inbound $REQUEST: ' . print_r($_REQUEST, true)); $_state = Storage::defrost(Option::request('state')); $_origin = Option::get($_state, 'origin'); $_apiKey = Option::get($_state, 'api_key'); Log::debug('Inbound state: ' . print_r($_state, true)); if (empty($_origin) || empty($_apiKey)) { Log::error('Invalid request state.'); throw new BadRequestException(); } if ($_apiKey != ($_testKey = sha1($_origin))) { Log::error('API Key mismatch: ' . $_apiKey . ' != ' . $_testKey); throw new ForbiddenException(); } $_code = FilterInput::request('code', null, FILTER_SANITIZE_STRING); if (!empty($_code)) { Log::debug('Inbound code received: ' . $_code . ' from ' . $_state['origin']); } else { if (null === Option::get($_REQUEST, 'access_token')) { Log::error('Inbound request code missing.'); throw new RestException(HttpResponse::BadRequest); } else { Log::debug('Token received. Relaying to origin.'); } } $_redirectUri = Option::get($_state, 'redirect_uri', $_state['origin']); $_redirectUrl = $_redirectUri . (false === strpos($_redirectUri, '?') ? '?' : '&') . \http_build_query($_REQUEST); Log::debug('Proxying request to: ' . $_redirectUrl); header('Location: ' . $_redirectUrl); exit; }
/** * @return array * @throws DreamFactory\Platform\Exceptions\BadRequestException */ protected function _parseRequest() { $_resourceId = strtolower(trim(FilterInput::request('resource', null, FILTER_SANITIZE_STRING))); $_id = FilterInput::request('id', null, FILTER_SANITIZE_STRING); if (empty($_resourceId) || empty($_resourceId) && empty($_id)) { throw new BadRequestException(404, 'Not found.'); } // Handle a plural request if (false !== ($_tempId = Inflector::isPlural($_resourceId, true))) { $_resourceId = $_tempId; } $this->setModelClass('DreamFactory\\Platform\\Yii\\Models\\' . Inflector::deneutralize($_resourceId)); return array($_resourceId, $_id); }
/** * Checks the progress of any in-flight OAuth requests * * @param bool $skipTokenCheck If true, assume there is no token * * @throws NotImplementedException * @throws \DreamFactory\Oasys\Exceptions\RedirectRequiredException * @return string */ public function checkAuthenticationProgress($skipTokenCheck = false) { if (false === $skipTokenCheck && $this->getConfig('access_token')) { return true; } if (GrantTypes::AUTHORIZATION_CODE != $this->getConfig('grant_type')) { throw new NotImplementedException(); } $_code = FilterInput::get(INPUT_GET, 'code'); // No code is present, request one if (empty($_code)) { $_redirectUrl = $this->getAuthorizationUrl(); if (Flows::SERVER_SIDE == $this->getConfig('flow_type')) { throw new RedirectRequiredException($_redirectUrl); } header('Location: ' . $_redirectUrl); exit; } // Figure out where the redirect goes... $_redirectUri = $this->getConfig('redirect_uri'); $_proxyUrl = $this->getConfig('redirect_proxy_url'); if (!empty($_proxyUrl)) { $_redirectUri = $_proxyUrl; } // Got a code, now get a token $_token = $this->requestAccessToken(GrantTypes::AUTHORIZATION_CODE, array('code' => $_code, 'redirect_uri' => $_redirectUri, 'state' => Option::request('state'))); $_info = null; if (isset($_token, $_token['result'])) { if (!is_string($_token['result'])) { $_info = $_token['result']; } else { parse_str($_token['result'], $_info); } $this->_responsePayload = $_info; } if (!is_array($_info) && !is_object($_info) || null !== ($_error = Option::get($_info, 'error'))) { // Error Log::error('Error returned from oauth token request: ' . print_r($_info, true)); $this->_revokeAuthorization(); return false; } return $this->_processReceivedToken($_info); }
use Kisma\Core\Utility\Curl; use Kisma\Core\Utility\FilterInput; /** * @var string $content * @var ConsoleController $this */ $_route = $this->route; $_step = 'light'; $_headline = 'DSP Settings'; $_themeList = null; // Change these to update the CDN versions used. Set to false to disable $_bootstrapVersion = '3.1.1'; // Set to false to disable $_bootswatchVersion = '3.1.1'; $_dataTablesVersion = '1.9.4'; $_bootswatchTheme = FilterInput::request('theme', Pii::getState('admin.default_theme', 'default'), FILTER_SANITIZE_STRING); Pii::setState('dsp.admin_theme', $_bootswatchTheme); $_useBootswatchThemes = 'default' != $_bootswatchTheme; $_fontAwesomeVersion = '4.0.3'; // Set to false to disable $_jqueryVersion = '1.11.0'; $_themes = array('Default', 'Amelia', 'Cerulean', 'Cosmo', 'Cyborg', 'Flatly', 'Journal', 'Readable', 'Simplex', 'Slate', 'Spacelab', 'United'); $_url = Curl::currentUrl(false); foreach ($_themes as $_item) { $_name = strtolower($_item); $_class = $_bootswatchTheme == $_name ? 'class="active"' : null; $_themeList .= <<<HTML \t<li {$_class}><a href="{$_url}?theme={$_name}">{$_item}</a></li> HTML; } // Our css building begins...