/** * Cross-Site Request Forgery (CSRF) form protection. * @param string * @param int * @return void */ public function addProtection($message = NULL, $timeout = NULL) { $session = $this->getSession()->getNamespace('Nette.Forms.Form/CSRF'); $key = "key{$timeout}"; if (isset($session->{$key})) { $token = $session->{$key}; } else { $session->{$key} = $token = Nette\String::random(); } $session->setExpiration($timeout, $key); $this[self::PROTECTOR_ID] = new HiddenField($token); $this[self::PROTECTOR_ID]->addRule(self::PROTECTION, $message, $token); }
/** * @return void */ public function __destruct() { if (self::$fixIE && isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE ') !== FALSE && in_array($this->code, array(400, 403, 404, 405, 406, 408, 409, 410, 500, 501, 505), TRUE) && $this->getHeader('Content-Type', 'text/html') === 'text/html') { echo Nette\String::random(2000.0, " \t\r\n"); // sends invisible garbage for IE self::$fixIE = FALSE; } }
/** * Initializes parsing. * @param LatteFilter * @param string * @return void */ public function initialize($filter, & $s) { $this->filter = $filter; $this->nodes = array(); $this->blocks = array(); $this->namedBlocks = array(); $this->extends = NULL; $this->uniq = String::random(); $this->cacheCounter = 0; $filter->context = LatteFilter::CONTEXT_TEXT; $filter->escape = 'Nette\Templates\TemplateHelpers::escapeHtml'; }
/** * Returns encoded message. * @return string */ public function generateMessage() { $output = ''; $boundary = '--------' . Nette\String::random(); foreach ($this->headers as $name => $value) { $output .= $name . ': ' . $this->getEncodedHeader($name); if ($this->parts && $name === 'Content-Type') { $output .= ';' . self::EOL . "\tboundary=\"$boundary\""; } $output .= self::EOL; } $output .= self::EOL; $body = (string) $this->body; if ($body !== '') { switch ($this->getEncoding()) { case self::ENCODING_QUOTED_PRINTABLE: $output .= function_exists('quoted_printable_encode') ? quoted_printable_encode($body) : self::encodeQuotedPrintable($body); break; case self::ENCODING_BASE64: $output .= rtrim(chunk_split(base64_encode($body), self::LINE_LENGTH, self::EOL)); break; case self::ENCODING_7BIT: $body = preg_replace('#[\x80-\xFF]+#', '', $body); // break intentionally omitted case self::ENCODING_8BIT: $body = str_replace(array("\x00", "\r"), '', $body); $body = str_replace("\n", self::EOL, $body); $output .= $body; break; default: throw new \InvalidStateException('Unknown encoding.'); } } if ($this->parts) { if (substr($output, -strlen(self::EOL)) !== self::EOL) $output .= self::EOL; foreach ($this->parts as $part) { $output .= '--' . $boundary . self::EOL . $part->generateMessage() . self::EOL; } $output .= '--' . $boundary.'--'; } return $output; }
/** * Stores current request to session. * @param mixed optional expiration time * @return string key */ public function storeRequest($expiration = '+ 10 minutes') { $session = $this->getSession('Nette.Application/requests'); do { $key = Nette\String::random(5); } while (isset($session[$key])); $session[$key] = end($this->requests); $session->setExpiration($expiration, $key); return $key; }
/** * Builds email. * @return void */ protected function build() { $mail = clone $this; $hostname = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'localhost'); $mail->setHeader('Message-ID', '<' . String::random() . "@$hostname>"); $mail->buildHtml(); $mail->buildText(); $cursor = $mail; if ($mail->attachments) { $tmp = $cursor->setContentType('multipart/mixed'); $cursor = $cursor->addPart(); foreach ($mail->attachments as $value) { $tmp->addPart($value); } } if ($mail->html != NULL) { // intentionally == $tmp = $cursor->setContentType('multipart/alternative'); $cursor = $cursor->addPart(); $alt = $tmp->addPart(); if ($mail->inlines) { $tmp = $alt->setContentType('multipart/related'); $alt = $alt->addPart(); foreach ($mail->inlines as $name => $value) { $tmp->addPart($value); } } $alt->setContentType('text/html', 'UTF-8') ->setEncoding(preg_match('#[\x80-\xFF]#', $mail->html) ? self::ENCODING_8BIT : self::ENCODING_7BIT) ->setBody($mail->html); } $text = $mail->getBody(); $mail->setBody(NULL); $cursor->setContentType('text/plain', 'UTF-8') ->setEncoding(preg_match('#[\x80-\xFF]#', $text) ? self::ENCODING_8BIT : self::ENCODING_7BIT) ->setBody($text); return $mail; }
/** * Starts and initializes session data. * @throws \InvalidStateException * @return void */ public function start() { if (self::$started) { return; } elseif (self::$started === NULL && defined('SID')) { throw new \InvalidStateException('A session had already been started by session.auto-start or session_start().'); } $this->configure($this->options); Nette\Debug::tryError(); session_start(); if (Nette\Debug::catchError($e)) { @session_write_close(); // this is needed throw new \InvalidStateException($e->getMessage()); } self::$started = TRUE; if ($this->regenerationNeeded) { session_regenerate_id(TRUE); $this->regenerationNeeded = FALSE; } /* structure: __NF: Counter, BrowserKey, Data, Meta DATA: namespace->variable = data META: namespace->variable = Timestamp, Browser, Version */ unset($_SESSION['__NT'], $_SESSION['__NS'], $_SESSION['__NM']); // old unused structures // initialize structures $nf = & $_SESSION['__NF']; if (empty($nf)) { // new session $nf = array('C' => 0); } else { $nf['C']++; } // browser closing detection $browserKey = $this->getHttpRequest()->getCookie('nette-browser'); if (!$browserKey) { $browserKey = Nette\String::random(); } $browserClosed = !isset($nf['B']) || $nf['B'] !== $browserKey; $nf['B'] = $browserKey; // resend cookie $this->sendCookie(); // process meta metadata if (isset($nf['META'])) { $now = time(); // expire namespace variables foreach ($nf['META'] as $namespace => $metadata) { if (is_array($metadata)) { foreach ($metadata as $variable => $value) { if ((!empty($value['B']) && $browserClosed) || (!empty($value['T']) && $now > $value['T']) // whenBrowserIsClosed || Time || ($variable !== '' && is_object($nf['DATA'][$namespace][$variable]) && (isset($value['V']) ? $value['V'] : NULL) // Version !== Nette\Reflection\ClassReflection::from($nf['DATA'][$namespace][$variable])->getAnnotation('serializationVersion'))) { if ($variable === '') { // expire whole namespace unset($nf['META'][$namespace], $nf['DATA'][$namespace]); continue 2; } unset($nf['META'][$namespace][$variable], $nf['DATA'][$namespace][$variable]); } } } } } register_shutdown_function(array($this, 'clean')); }
/** * Returns session namespace provided to pass temporary data between redirects. * @return Nette\Web\SessionNamespace */ public function getFlashSession() { if (empty($this->params[self::FLASH_KEY])) { $this->params[self::FLASH_KEY] = Nette\String::random(4); } return $this->getSession('Nette.Application.Flash/' . $this->params[self::FLASH_KEY]); }