コード例 #1
0
ファイル: users.php プロジェクト: Geeklog-Core/geeklog
/**
 * Re-send a request after successful re-authentication
 * Re-creates a GET or POST request based on data passed along in a form. Used
 * in case of an expired security token so that the user doesn't lose changes.
 */
function resend_request()
{
    global $_CONF;
    $method = '';
    if (isset($_POST['token_requestmethod'])) {
        $method = COM_applyFilter($_POST['token_requestmethod']);
    }
    $returnUrl = '';
    if (isset($_POST['token_returnurl'])) {
        $returnUrl = urldecode($_POST['token_returnurl']);
        if (substr($returnUrl, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
            // only accept URLs on our site
            $returnUrl = '';
        }
    }
    $postData = '';
    if (isset($_POST['token_postdata'])) {
        $postData = urldecode($_POST['token_postdata']);
    }
    $getData = '';
    if (isset($_POST['token_getdata'])) {
        $getData = urldecode($_POST['token_getdata']);
    }
    $files = '';
    if (isset($_POST['token_files'])) {
        $files = urldecode($_POST['token_files']);
    }
    if (SECINT_checkToken() && !empty($method) && !empty($returnUrl) && ($method === 'POST' && !empty($postData) || $method === 'GET' && !empty($getData))) {
        $magic = get_magic_quotes_gpc();
        if ($method === 'POST') {
            $req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_POST);
            $data = unserialize($postData);
            foreach ($data as $key => $value) {
                if ($key == CSRF_TOKEN) {
                    $req->addPostParameter($key, SEC_createToken());
                } else {
                    if ($magic) {
                        $value = stripslashes_gpc_recursive($value);
                    }
                    $req->addPostParameter($key, $value);
                }
            }
            if (!empty($files)) {
                $files = unserialize($files);
            }
            if (!empty($files)) {
                foreach ($files as $key => $value) {
                    $req->addPostParameter('_files_' . $key, $value);
                }
            }
        } else {
            $data = unserialize($getData);
            foreach ($data as $key => &$value) {
                if ($key == CSRF_TOKEN) {
                    $value = SEC_createToken();
                } else {
                    if ($magic) {
                        $value = stripslashes_gpc_recursive($value);
                    }
                }
            }
            $returnUrl = $returnUrl . '?' . http_build_query($data);
            $req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_GET);
        }
        $req->setHeader('User-Agent', 'Geeklog/' . VERSION);
        // need to fake the referrer so the new token matches
        $req->setHeader('Referer', COM_getCurrentUrl());
        foreach ($_COOKIE as $cookie => $value) {
            $req->addCookie($cookie, $value);
        }
        try {
            $response = $req->send();
            $status = $response->getStatus();
            if ($status == 200) {
                COM_output($response->getBody());
            } else {
                throw new HTTP_Request2_Exception('HTTP error: status code = ' . $status);
            }
        } catch (HTTP_Request2_Exception $e) {
            if (!empty($files)) {
                SECINT_cleanupFiles($files);
            }
            trigger_error("Resending {$method} request failed: " . $e->getMessage());
        }
    } else {
        if (!empty($files)) {
            SECINT_cleanupFiles($files);
        }
        COM_redirect($_CONF['site_url'] . '/index.php');
    }
    // don't return
    exit;
}
コード例 #2
0
ファイル: users.php プロジェクト: milk54/geeklog-japan
/**
* Re-send a request after successful re-authentication
*
* Re-creates a GET or POST request based on data passed along in a form. Used
* in case of an expired security token so that the user doesn't lose changes.
*
*/
function resend_request()
{
    global $_CONF;
    require_once 'HTTP/Request.php';
    $method = '';
    if (isset($_POST['token_requestmethod'])) {
        $method = COM_applyFilter($_POST['token_requestmethod']);
    }
    $returnurl = '';
    if (isset($_POST['token_returnurl'])) {
        $returnurl = urldecode($_POST['token_returnurl']);
        if (substr($returnurl, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
            // only accept URLs on our site
            $returnurl = '';
        }
    }
    $postdata = '';
    if (isset($_POST['token_postdata'])) {
        $postdata = urldecode($_POST['token_postdata']);
    }
    $getdata = '';
    if (isset($_POST['token_getdata'])) {
        $getdata = urldecode($_POST['token_getdata']);
    }
    $files = '';
    if (isset($_POST['token_files'])) {
        $files = urldecode($_POST['token_files']);
    }
    if (SECINT_checkToken() && !empty($method) && !empty($returnurl) && ($method == 'POST' && !empty($postdata) || $method == 'GET' && !empty($getdata))) {
        $magic = get_magic_quotes_gpc();
        $req = new HTTP_Request($returnurl);
        if ($method == 'POST') {
            $req->setMethod(HTTP_REQUEST_METHOD_POST);
            $data = unserialize($postdata);
            foreach ($data as $key => $value) {
                if ($key == CSRF_TOKEN) {
                    $req->addPostData($key, SEC_createToken());
                } else {
                    if ($magic) {
                        $value = stripslashes_gpc_recursive($value);
                    }
                    $req->addPostData($key, $value);
                }
            }
            if (!empty($files)) {
                $files = unserialize($files);
            }
            if (!empty($files)) {
                foreach ($files as $key => $value) {
                    $req->addPostData('_files_' . $key, $value);
                }
            }
        } else {
            $req->setMethod(HTTP_REQUEST_METHOD_GET);
            $data = unserialize($getdata);
            foreach ($data as $key => $value) {
                if ($key == CSRF_TOKEN) {
                    $req->addQueryString($key, SEC_createToken());
                } else {
                    if ($magic) {
                        $value = stripslashes_gpc_recursive($value);
                    }
                    $req->addQueryString($key, $value);
                }
            }
        }
        $req->addHeader('User-Agent', 'Geeklog/' . VERSION);
        // need to fake the referrer so the new token matches
        $req->addHeader('Referer', COM_getCurrentUrl());
        foreach ($_COOKIE as $cookie => $value) {
            $req->addCookie($cookie, $value);
        }
        $response = $req->sendRequest();
        if (PEAR::isError($response)) {
            if (!empty($files)) {
                SECINT_cleanupFiles($files);
            }
            trigger_error("Resending {$method} request failed: " . $response->getMessage());
        } else {
            COM_output($req->getResponseBody());
        }
    } else {
        if (!empty($files)) {
            SECINT_cleanupFiles($files);
        }
        echo COM_refresh($_CONF['site_url'] . '/index.php');
    }
    // don't return
    exit;
}