public static function FailureOrRedirect($message, $redirect = null, $data = null)
{
if (requestIsAjax()) {
die(self::Failure($message, self::_addRedirectToData($data, $redirect)));
}
Typeframe::Redirect($message, $redirect);
}
/**
* check for csrfs
* @param string $action action to pass to check_nonce
* @param string $file file to pass to check_nonce
* @param bool $die if false return instead of die
* @return bool returns true if csrf check fails
*/
function check_for_csrf($action, $file = "", $die = true)
{
// check for csrf
if (!getDef('GSNOCSRF', true)) {
$nonce = $_REQUEST['nonce'];
if (!check_nonce($nonce, $action, $file)) {
exec_action('csrf');
// @hook csrf a csrf was detected
if (requestIsAjax()) {
$error = i18n_r("CSRF", "CRSF Detected!");
echo "<div>";
// jquery bug will not parse 1 html element so we wrap it
include 'template/error_checking.php';
echo "</div>";
die;
}
if ($die) {
die(i18n_r("CSRF", "CRSF Detected!"));
}
return true;
}
}
}
/**
* Redirect URL
*
* @since 3.0
* @author schlex
*
* @param string $url
* @param bool ajax force redirects if ajax
*/
function redirect($url, $ajax = false)
{
global $i18n;
$url = var_out($url, 'url');
// filter url here since it can come from alot of places, specifically redirectto user input
// handle expired sessions for ajax requests
if (requestIsAjax()) {
if (!cookie_check()) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: FormBased');
// @note this is not a security function for ajax, just a session timeout handler
die;
} else {
if ($ajax) {
header('HTTP/1.1 302 Redirect');
echo $url;
// header('Location: '.$url);
// @note this is not a security function for ajax, just a session timeout handler
die;
}
}
}
if (function_exists('exec_action')) {
exec_action('redirect');
}
// @hook redirect a redirect is occuring
$debugredirect = getDef('GSDEBUGREDIRECTS', true);
if (!headers_sent($filename, $linenum) && !$debugredirect) {
header('Location: ' . $url);
} else {
// @todo not sure this ever gets used or headers_sent is reliable ( turn output buffering off to test )
echo "<html><head><title>" . i18n_r('REDIRECT') . "</title></head><body>";
if (!isDebug()) {
echo '<script type="text/javascript">';
echo 'window.location.href="' . $url . '";';
echo '</script>';
echo '<noscript>';
echo '<meta http-equiv="refresh" content="0;url=' . $url . '" />';
echo '</noscript>';
}
if (headers_sent()) {
echo i18n_r('ERROR') . ": Headers already sent in " . $filename . " on line " . $linenum . "<br/><br/>\n\n";
}
printf(i18n_r('REDIRECT_MSG'), $url);
if (!isAuthPage()) {
if (isDebug()) {
debugLog(debug_backtrace());
outputDebugLog();
}
}
echo "</body></html>";
}
exit;
}
header("HTTP/1.0 403");
i18n('ERROR_UPLOAD');
die;
}
}
//successfull message
}
}
// after uploading all files process messages
if (sizeof($messages) != 0) {
foreach ($messages as $msg) {
$success = $msg . '<br />';
}
}
if (sizeof($errors) != 0) {
if (requestIsAjax()) {
header("HTTP/1.0 403");
i18n('ERROR_UPLOAD');
die;
}
foreach ($errors as $msg) {
$error = $msg . '<br />';
}
}
}
}
// if creating new folder
if (isset($_GET['newfolder']) && $allowcreatefolder) {
check_for_csrf("createfolder");
$newfolder = $_GET['newfolder'];
// check for invalid chars
}
/**
* Error Checking
*
* Displays error and success messages
*
* @package GetSimple
*
* You can pass $update(global) directly if not using a redirrect and querystring
*
*/
// do not use these alerts if ajax requests as they will not be seen, and interfere with other alerts
if (!requestIsAjax() && file_exists(GSUSERSPATH . _id($USR) . ".xml.reset") && get_filename_id() != 'index' && get_filename_id() != 'resetpassword') {
doNotify(sprintf(i18n_r('ER_PWD_CHANGE'), 'profile.php'), 'error');
}
if (!requestIsAjax() && (!defined('GSNOAPACHECHECK') || GSNOAPACHECHECK == false) and !server_is_apache()) {
doNotify(i18n_r('WARNING') . ': <a href="health-check.php">' . i18n_r('SERVER_SETUP') . ' non-Apache</a>', 'info');
}
if (!isset($update)) {
$update = '';
}
if (isset($_GET['upd'])) {
$update = var_in($_GET['upd']);
}
if (isset($_GET['success'])) {
$success = var_in($_GET['success']);
}
if (isset($_GET['error'])) {
$error = var_in($_GET['error']);
}
// if(isset($_GET['err'])) $err = var_in($_GET['err']); // deprecated not used
/**
* Redirect URL
*
* @since 3.0
* @author schlex
*
* @param string $url
*/
function redirect($url)
{
global $i18n;
// handle expired sessions for ajax requests
if (requestIsAjax() && !cookie_check()) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: FormBased');
// @note this is not a security function for ajax, just a handler
die;
}
if (function_exists('exec_action')) {
exec_action('redirect');
}
if (!headers_sent($filename, $linenum)) {
header('Location: ' . $url);
} else {
// @todo not sure this ever gets used or headers_sent is reliable ( turn output buffering off to test )
echo "<html><head><title>" . i18n_r('REDIRECT') . "</title></head><body>";
if (!isDebug()) {
echo '<script type="text/javascript">';
echo 'window.location.href="' . $url . '";';
echo '</script>';
echo '<noscript>';
echo '<meta http-equiv="refresh" content="0;url=' . $url . '" />';
echo '</noscript>';
}
echo i18n_r('ERROR') . ": Headers already sent in " . $filename . " on line " . $linenum . "<br/><br/>\n\n";
printf(i18n_r('REDIRECT_MSG'), $url);
if (!isAuthPage()) {
if (isDebug()) {
global $GS_debug;
echo '<h2>' . i18n_r('DEBUG_CONSOLE') . '</h2><div id="gsdebug">';
echo '<pre>';
foreach ($GS_debug as $log) {
print $log . '<br/>';
}
echo '</pre>';
echo '</div>';
}
}
echo "</body></html>";
}
exit;
}
/**
* Redirect URL
*
* @since 3.0
* @author schlex
*
* @param string $url
*/
function redirect($url)
{
global $i18n;
// handle expired sessions for ajax requests
if (requestIsAjax() && !cookie_check()) {
header('HTTP/1.1 401 Unauthorized', true, 401);
header('WWW-Authenticate: FormBased');
die;
}
if (!headers_sent($filename, $linenum)) {
header('Location: ' . $url);
} else {
echo "<html><head><title>" . i18n_r('REDIRECT') . "</title></head><body>";
if (!isDebug()) {
echo '<script type="text/javascript">';
echo 'window.location.href="' . $url . '";';
echo '</script>';
echo '<noscript>';
echo '<meta http-equiv="refresh" content="0;url=' . $url . '" />';
echo '</noscript>';
}
echo i18n_r('ERROR') . ": Headers already sent in " . $filename . " on line " . $linenum . "\n";
printf(i18n_r('REDIRECT_MSG'), $url);
echo "</body></html>";
}
exit;
}
public function execute($return = false)
{
set_error_handler(array($this, '_errorHandler'));
if ($return) {
ob_start();
}
$backups = array();
foreach ($this->_superglobals as $key => $value) {
eval('$backups[\'' . $key . '\'] = $_' . $key . ';');
// The $_SERVER superglobal gets merged instead of replaced.
if ($key == 'SERVER') {
eval('$value = array_merge($_SERVER, $value);');
}
eval('$_' . $key . ' = $value;');
}
if (isset($this->_superglobals['GET']) || isset($this->_superglobals['POST'])) {
$backups['REQUEST'] = $_REQUEST;
$_REQUEST = array();
$order = array('_GET', '_POST');
foreach ($order as $var) {
eval('$tmp = $' . $var . ';');
foreach ($tmp as $key => $value) {
$_REQUEST[$key] = $value;
}
}
}
if (!isset($backups['SESSION']) && session_id() == '' && !headers_sent()) {
session_start();
}
self::$_current[] = $this;
$this->_initialize();
self::_Include($this->_controller, $this->_pagemill);
if (isset($this->_callbacks[$this->controllerPath()])) {
foreach ($this->_callbacks[$this->controllerPath()] as $callback) {
call_user_func($callback);
}
}
Typeframe::Timestamp('Scripts and controller executed');
// TODO: Process output (Pagemill template)
$selectedTemplate = null;
if (is_null($this->_redirectLocation)) {
if (is_null($this->_template)) {
$selectedTemplate = $this->_resolveTemplate($this->_getDefaultTemplate());
} else {
$selectedTemplate = $this->_resolveTemplate($this->_template);
}
} else {
$selectedTemplate = $this->_resolveTemplate('/redirect.html');
if (!$return && !requestIsAjax()) {
if ($this->_redirectHeader) {
header('Location: ' . $this->_redirectLocation);
}
if (isset($this->_redirectResponseCode) && !requestIsAjax()) {
http_response_code($this->_redirectResponseCode);
}
}
}
if ($selectedTemplate) {
$pm = Typeframe::Pagemill();
$pm->writeFile($selectedTemplate, false, !isset($_SERVER['SHELL']));
}
array_pop(self::$_current);
if ($this->_errors) {
echo "\n<!--[errors]\n";
foreach ($this->_errors as $error) {
echo "{$error}\n";
}
echo "[/errors]-->\n";
}
foreach ($backups as $key => $value) {
eval('$_' . $key . ' = $value;');
}
if (!isset($backups['SESSION']) && session_id() != '') {
if (TYPEF_WEB_DIR != '') {
session_set_cookie_params(ini_get('session.cookie_lifetime'), TYPEF_WEB_DIR);
}
session_write_close();
}
restore_error_handler();
if ($return) {
return ob_get_clean();
}
}
public function execute()
{
static $executed = false;
if (!$executed) {
$executed = true;
$this->_executeApplicationCode();
Typeframe::Timestamp('Controller and triggers executed');
$selectedTemplate = $this->_template;
if (!$selectedTemplate && $this->_application->name()) {
$pathinfo = pathinfo($this->_controller);
$selectedTemplate = substr($pathinfo['dirname'], strlen(TYPEF_SOURCE_DIR . '/controllers')) . '/' . $pathinfo['filename'] . '.html';
$finalTemplate = Typeframe::FindTemplate($selectedTemplate);
if (is_null($finalTemplate)) {
$selectedTemplate = null;
}
} else {
$finalTemplate = Typeframe::FindTemplate($selectedTemplate);
}
// $selectedTemplate tells us if a template was selected (either explicitly or automatically).
// $finalTemplate tells us if the template is valid.
if ($selectedTemplate) {
if ($finalTemplate) {
Typeframe::Timestamp('Starting page render');
if ($this->_redirectLocation) {
// If there were errors sent to the browser (i.e., output has already started), don't use meta redirect
//if ( (headers_sent()) || (ob_get_length()) ) {
// Typeframe::Pagemill()->setVariable("time", 0);
//}
if (Typeframe::Pagemill()->getVariable('time') == 0 && $_SERVER['REQUEST_METHOD'] == 'POST' && !headers_sent() && !requestIsAjax()) {
$_SESSION['typef_redirect_message'] = Typeframe::Pagemill()->getVariable('message');
}
}
$this->_executedTemplate = $finalTemplate;
if ($this->_redirectHeader) {
if (!headers_sent() && !requestIsAjax()) {
header('Location: ' . $this->_redirectLocation, true, $this->_redirectResponseCode);
}
}
Typeframe::Pagemill()->writeFile($finalTemplate);
// TODO: Another quick and dirty hack to make JavaScript templates work.
/*$pathinfo = pathinfo($selectedTemplate);
switch ($pathinfo['extension']) {
case 'js':
$output = str_replace('<', '<', $output);
$output = str_replace('>', '>', $output);
$output = str_replace('&', '&', $output);
}
echo $output;*/
} else {
trigger_error("Template {$selectedTemplate} not found");
}
}
} else {
trigger_error("Page controller was already executed");
}
if (!$this->_redirectLocation && !requestIsAjax()) {
unset($_SESSION['typef_redirect_message']);
}
session_write_close();
}
<?php
$globals = array('get' => $_GET, 'post' => $_POST, 'session' => $_SESSION, 'cookie' => $_COOKIE, 'request' => $_REQUEST, 'request_is_ajax' => requestIsAjax());
$globals['http_referer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$pm->setVariable('globals', $globals);
if (isset($_SESSION['typef_redirect_message'])) {
unset($_SESSION['typef_redirect_message']);
}
// Add current URI and other general info to Pagemill
$pm->setVariable('typef_page_uri', Typeframe::CurrentPage()->uri());
$pm->setVariable('typef_pageid', Typeframe::CurrentPage()->pageid());
$pm->setVariable('typef_siteid', Typeframe::CurrentPage()->siteid());
$pm->setVariable('typef_app_uri', Typeframe::CurrentPage()->page()->uri());
$pm->setVariable('typef_app_dir', Typeframe::CurrentPage()->applicationUri());
$pm->setVariable('typef_app_base', Typeframe::CurrentPage()->applicationUri() . '/');
$pm->setVariable('typef_web_dir', TYPEF_WEB_DIR);
$pm->setVariable('typef_web_base', TYPEF_WEB_DIR . '/');
//$pm->setVariable('typef_root_web_dir', TYPEF_ROOT_WEB_DIR); // TODO: Deprecated
$pm->setVariable('typef_title', TYPEF_TITLE);
//$pm->setVariable('typef_host', (defined('TYPEF_HOST') ? $_SERVER['HTTP_HOST'] : TYPEF_HOST));
$pm->setVariable('typef_host', Typeframe::CurrentPage()->siteid() == 0 && defined('TYPEF_HOST') ? TYPEF_HOST : $_SERVER['HTTP_HOST']);
$parts = parse_url($_SERVER['REQUEST_URI']);
$pm->setVariable('typef_request_uri', $_SERVER['REQUEST_URI']);
$pm->setVariable('typef_request_path', Typeframe::CurrentPage()->uri());
$pm->setVariable('typef_app_name', Typeframe::CurrentPage()->application()->name());
$detect = new Mobile_Detect();
$pm->setVariable('typef_is_mobile', $detect->isMobile() && !$detect->isTablet());
$pm->setVariable('typef_is_tablet', $detect->isTablet());
<?php
if (!isset($_SESSION['scriptonce'])) {
$_SESSION['scriptonce'] = array();
}
if (!requestIsAjax()) {
$url = !empty($_SERVER['HTTPS']) ? 'https://' : 'http://';
$url .= $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$_SESSION['scriptonce'][$url] = array();
} else {
if (!empty($_SERVER['HTTP_REFERER']) && isset($_SESSION['scriptonce'][$_SERVER['HTTP_REFERER']])) {
Typeframe_Tag_Scriptonce::AlreadyLoaded($_SESSION['scriptonce'][$_SERVER['HTTP_REFERER']]);
} else {
trigger_error('Request appears to be Ajax but does not have a referer');
}
}