public function before()
{
$className = $this->get_real_class($this);
$controllerName = strtolower($className);
if ($className == 'Install' && $this->request->param('action') == 'index') {
$this->installationProcess = true;
}
// Check Hackazon is installed
if (!$this->installationProcess && !$this->pixie->session->get('isInstalled')) {
try {
/** @var Connection $pdov */
$pdov = $this->pixie->db->get();
/** @var \PDO $conn */
$conn = $pdov->conn;
$res = $conn->query("SHOW TABLES");
$dbTables = $res->fetchAll();
if (count($dbTables) < 20) {
throw new \Exception("Not all tables are existing");
}
$this->pixie->session->set('isInstalled', true);
} catch (\Exception $e) {
$this->redirect('/install');
$this->execute = false;
return;
}
}
// Create vulnerability service.
$this->vulninjection = $this->pixie->vulninjection->service($controllerName);
$this->pixie->setVulnService($this->vulninjection);
// Switch vulnerability config to the controller level
$this->vulninjection->goDown($controllerName);
}
public function before()
{
$className = $this->get_real_class($this);
$controllerName = strtolower($className);
// Create vulnerability service.
if (!isset($this->pixie->vulnService)) {
$this->vulninjection = $this->pixie->vulninjection->service($controllerName);
$this->pixie->setVulnService($this->vulninjection);
} else {
$this->vulninjection = $this->pixie->vulnService;
$this->pixie->vulnService->loadAndAddChildContext($controllerName);
}
$this->vulninjection->getConfig()->getCurrentContext()->setRequest($this->request);
// Switch vulnerability config to the controller level
$this->vulninjection->goDown($controllerName);
if ($this->mustCheckSessionId()) {
$actionContext = $this->vulninjection->getCurrentContext()->getOrCreateChildByName($this->request->param('action'));
/** @var PHPSessionIdOverflow $sessVuln */
$sessVuln = $actionContext->getVulnerability('PHPSessionIdOverflow');
$sessVuln->fixSession();
}
if ($className == 'Install' && in_array($this->request->param('action'), ['index', 'login'])) {
$this->installationProcess = true;
}
try {
/** @var Connection $pdov */
$this->pixie->db->get();
} catch (\Exception $e) {
$this->pixie->session->set('isInstalled', false);
if (!$this->installationProcess) {
$this->redirect('/install');
return;
}
}
// Check Hackazon is installed
if (!$this->installationProcess && !$this->pixie->session->get('isInstalled')) {
try {
/** @var Connection $pdov */
$pdov = $this->pixie->db->get();
/** @var \PDO $conn */
$conn = $pdov->conn;
$res = $conn->query("SHOW TABLES");
$dbTables = $res->fetchAll();
if (count($dbTables) < 20) {
throw new \Exception("Not all tables are existing");
}
$this->pixie->session->set('isInstalled', true);
} catch (\Exception $e) {
$this->pixie->session->set('isInstalled', false);
$this->redirect('/install');
return;
}
}
}
/**
* @inheritdoc
* @throws \Amfphp_Core_Exception
* @throws \Exception
*/
protected function handleRequestMessage(Amfphp_Core_Amf_Message $requestMessage, Amfphp_Core_Common_ServiceRouter $serviceRouter)
{
$filterManager = \Amfphp_Core_FilterManager::getInstance();
$fromFilters = $filterManager->callFilters(self::FILTER_AMF_REQUEST_MESSAGE_HANDLER, null, $requestMessage);
if ($fromFilters) {
$handler = $fromFilters;
return $handler->handleRequestMessage($requestMessage, $serviceRouter);
}
//plugins didn't do any special handling. Assumes this is a simple Amfphp_Core_Amf_ RPC call
$serviceCallParameters = $this->getServiceCallParameters($requestMessage);
$this->vulnService->goDown($serviceCallParameters->serviceName);
$this->vulnService->goDown($serviceCallParameters->methodName);
$ret = $serviceRouter->executeServiceCall($serviceCallParameters->serviceName, $serviceCallParameters->methodName, $serviceCallParameters->methodParameters);
$this->vulnService->goUp()->goUp();
$responseMessage = new Amfphp_Core_Amf_Message();
$responseMessage->data = $ret;
$responseMessage->targetUri = $requestMessage->responseUri . \Amfphp_Core_Amf_Constants::CLIENT_SUCCESS_METHOD;
//not specified
$responseMessage->responseUri = 'null';
return $responseMessage;
}
