/** * Renders page-level debugging output and replaces the original view content * with it. Alternatively, it could inject itself into the view content. * * @param string $originalContent Original, rendered view content * * @return string Replacement rendered view content */ public function renderDebugOutput($originalContent) { $this->_response->clearHeaders(); $this->_response->setHttpResponseCode(200); $this->_response->setHeader('Content-Type', 'text/html; charset=UTF-8', true); $this->_response->setHeader('Last-Modified', gmdate('D, d M Y H:i:s') . ' GMT', true); return XenForo_Debug::getDebugPageWrapperHtml(XenForo_Debug::getDebugHtml()); }
/** * Intercept a request for a cached image from the proxy and output it * * @param string|bool $error If non-false, an error that occurred when validating the request */ protected function _outputImage($error) { if (empty(XenForo_Application::getOptions()->imageLinkProxy['images'])) { $error = 'disabled'; } /* @var $proxyModel XenForo_Model_ImageProxy */ $proxyModel = XenForo_Model::create('XenForo_Model_ImageProxy'); $image = false; if (!$error) { $urlParts = parse_url($this->_url); if ($this->_isLocalHost($urlParts['host']) && (empty($_SERVER['SERVER_NAME']) || !$this->_isLocalHost($_SERVER['SERVER_NAME']))) { $error = 'local_url'; } } if (!$error) { $image = $proxyModel->getImage($this->_url); if ($image) { $image = $proxyModel->prepareImage($image); if ($image['use_file']) { $proxyModel->logImageView($image); $eTag = !empty($_SERVER['HTTP_IF_NONE_MATCH']) ? $_SERVER['HTTP_IF_NONE_MATCH'] : null; if ($eTag && $eTag == '"' . $image['fetch_date'] . '"') { $this->_response->setHttpResponseCode(304); $this->_response->clearHeader('Last-Modified'); $this->_response->sendHeaders(); return; } } else { $image = false; $error = 'retrieve_failed'; } } } if (!$image) { $image = $proxyModel->getPlaceHolderImage(); } $imageTypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png'); if (in_array($image['mime_type'], $imageTypes)) { $this->_response->setHeader('Content-type', $image['mime_type'], true); $this->_setDownloadFileName($image['file_name'], true); } else { $this->_response->setHeader('Content-type', 'application/octet-stream', true); $this->_setDownloadFileName($image['file_name']); } if (!$error) { $this->_response->setHeader('ETag', '"' . $image['fetch_date'] . '"', true); } if ($image['file_size']) { $this->_response->setHeader('Content-Length', $image['file_size'], true); } $this->_response->setHeader('X-Content-Type-Options', 'nosniff'); if ($error) { $this->_response->setHeader('X-Proxy-Error', $error); } $this->_response->sendHeaders(); $imageData = new XenForo_FileOutput($image['file_path']); $imageData->output(); }
/** * Challenge Client * * Sets a 401 Unauthorized response code, and creates the * appropriate Authenticate header(s) to prompt for credentials. * * @return Zend_Auth_Result Always returns a non-identity Auth result */ protected function _challengeClient() { $this->_response->setHttpResponseCode(401); // Send a challenge in each acceptable authentication scheme foreach ($this->_schemes as $scheme => $callback) { $this->_response->setHeader('WWW-Authenticate', $scheme); } return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, array(), array('Invalid or absent credentials; challenging client')); }
public function testPostDispatchDoesNothingOnRedirect() { $this->request->setModuleName('bar')->setControllerName('index')->setActionName('test')->setDispatched(true); $this->response->setHttpResponseCode(302); $controller = new Bar_IndexController($this->request, $this->response, array()); $this->helper->setActionController($controller); $this->helper->postDispatch(); $content = $this->response->getBody(); $this->assertNotContains('Rendered index/test.phtml in bar module', $content); $this->assertTrue(empty($content)); }
/** * Challenge Client * * Sets a 401 or 407 Unauthorized response code, and creates the * appropriate Authenticate header(s) to prompt for credentials. * * @return Zend_Auth_Result Always returns a non-identity Auth result */ protected function _challengeClient() { if ($this->_imaProxy) { $statusCode = 407; $headerName = 'Proxy-Authenticate'; } else { $statusCode = 401; $headerName = 'WWW-Authenticate'; } $this->_response->setHttpResponseCode($statusCode); $this->_response->setHeader($headerName, $this->_getAuthHeader()); return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, array(), array('Invalid or absent credentials; challenging client')); }
protected function _error($message = null, $statusCode = self::REST_STATUS_BAD_REQUEST) { if (is_numeric($statusCode)) { $statusCode = intval($statusCode); } $this->_response->clearAllHeaders()->clearBody(); $this->_response->setHttpResponseCode(intval($statusCode))->setHeader('Content-Type', 'application/json', true); if (!empty($message)) { $this->_response->setBody(json_encode($message)); } $this->_response->sendResponse(); exit; }
/** * Enter description here... * * @throws Zend_Auth_Adapter_Exception If authentication cannot be performed * @return Zend_Auth_Result */ public function authenticate() { if ('' == ($authHeader = $this->_request->getServer("HTTP_X_WSSE"))) { $this->_response->setHttpResponseCode(401, 'Unauthorized', true); $this->_response->setHeader('WWW-Authenticate', 'WSSE realm="' . $this->_realm . '", profile="UsernameToken"'); return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, array(), array('Missing WSSE Header')); } $headerParts = $this->parseWsseHeader($authHeader); $passwordDigest = $this->createPasswordDigest($headerParts['nonce'], $headerParts['created'], $this->_credential); if ($passwordDigest == $headerParts['digest'] && $this->_identity == $headerParts['username']) { return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_identity); } $this->_response->setHttpResponseCode(401, 'Unauthorized', true); return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, array(), array('Unauthorized')); }
public function __construct($msg = '', $code = 0, Exception $previous = null) { // just pass ahead if it was throw from the CLI if (php_sapi_name() == "cli") { return parent::__construct($msg, (int) $code, $previous); } else { parent::__construct($msg, (int) $code, $previous); $response = new Zend_Controller_Response_Http(); $response->setHttpResponseCode(500); ob_get_clean(); ob_start(); require APPLICATION_PATH . "/layout/scripts/exception.phtml"; $outputBuffer = ob_get_clean(); $response->setBody($outputBuffer); $response->sendResponse(); trigger_error($msg, E_USER_ERROR); exit; } }
/** * Retrieve HTTP HOST * * @param bool $trimPort * @return string */ public function getHttpHost($trimPort = true) { if (!isset($_SERVER['HTTP_HOST'])) { return false; } $host = $_SERVER['HTTP_HOST']; if ($trimPort) { $hostParts = explode(':', $_SERVER['HTTP_HOST']); $host = $hostParts[0]; } if (strpos($host, ',') !== false || strpos($host, ';') !== false) { $response = new Zend_Controller_Response_Http(); $response->setHttpResponseCode(400)->sendHeaders(); exit; } return $host; }
public function run(Zend_Controller_Response_Abstract $response = null) { $args = array($this); $this->runCallback(self::CB_BEFORE_RUN, $args); if ($response === null) { $response = new Zend_Controller_Response_Http(); } $this->response = $response; $action = $this->getCurrentAction(); $this->request->setActionName($action); ob_start(); $this->actionRun($action); if ($this->response->isRedirect() && $this->completeRequest->isXmlHttpRequest()) { $url = null; foreach ($response->getHeaders() as $header) { if ($header['name'] == 'Location') { $url = $header['value']; } } $code = $response->getHttpResponseCode(); // change request to ajax response $response->clearAllHeaders(); $response->clearBody(); $response->setHttpResponseCode(200); $response->setHeader("Content-Type", "application/json; charset=UTF-8", true); $response->setBody(Am_Controller::getJson(array('ngrid-redirect' => $url, 'status' => $code))); //throw new Am_Exception_Redirect($url); } else { $response->appendBody(ob_get_clean()); } unset($this->response); return $response; }
/** * Return current page base url * * @return string */ protected function _getFullPageUrl() { $uri = false; /** * Define server HTTP HOST */ if (isset($_SERVER['HTTP_HOST'])) { if (strpos($_SERVER['HTTP_HOST'], ',') !== false || strpos($_SERVER['HTTP_HOST'], ';') !== false) { $response = new Zend_Controller_Response_Http(); $response->setHttpResponseCode(400)->sendHeaders(); exit; } $uri = $_SERVER['HTTP_HOST']; } elseif (isset($_SERVER['SERVER_NAME'])) { $uri = $_SERVER['SERVER_NAME']; } /** * Define request URI */ if ($uri) { if (isset($_SERVER['REQUEST_URI'])) { $uri .= $_SERVER['REQUEST_URI']; } elseif (!empty($_SERVER['IIS_WasUrlRewritten']) && !empty($_SERVER['UNENCODED_URL'])) { $uri .= $_SERVER['UNENCODED_URL']; } elseif (isset($_SERVER['ORIG_PATH_INFO'])) { $uri .= $_SERVER['ORIG_PATH_INFO']; if (!empty($_SERVER['QUERY_STRING'])) { $uri .= $_SERVER['QUERY_STRING']; } } } return $uri; }
/** * Create response string for problem during request and set HTTP error code * * @param \Exception $exception * @param \Zend_Controller_Response_Http $response OPTIONAL If NULL - will use internal getter * @return array */ public function prepareErrorResponse(\Exception $exception, \Zend_Controller_Response_Http $response = null) { $errorMsg = $exception->getMessage(); if ($exception instanceof \Magento\Framework\Oauth\Exception) { $responseCode = self::HTTP_UNAUTHORIZED; } elseif ($exception instanceof \Magento\Framework\Oauth\OauthInputException) { $responseCode = self::HTTP_BAD_REQUEST; } else { $errorMsg = 'internal_error&message=' . ($errorMsg ? $errorMsg : 'empty_message'); $responseCode = self::HTTP_INTERNAL_ERROR; } $response->setHttpResponseCode($responseCode); return array('oauth_problem' => $errorMsg); }
protected function _sendResponse($httpCode, $code, $message) { // TODO Why is sometimes sending response twice??? :S if (self::$responseSent) { return; } if (!($response = Zend_Controller_Front::getInstance()->getResponse())) { $response = new Zend_Controller_Response_Http(); } $response->setHttpResponseCode($httpCode); if (!$response->getBody()) { $body = array('code' => $code, 'message' => $message); $response->setBody(Zend_Json::encode($body)); } if ($response->canSendHeaders()) { $response->clearHeaders(); $response->setHeader('Content-Type', 'application/json'); $response->sendResponse(); self::$responseSent = true; } exit; }
<?php $startTime = microtime(true); $fileDir = dirname(__FILE__); require $fileDir . '/library/XenForo/Autoloader.php'; XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library'); XenForo_Application::initialize($fileDir . '/library', $fileDir); XenForo_Application::set('page_start_time', $startTime); $deps = new XenForo_Dependencies_Public(); $deps->preLoadData(); $response = new Zend_Controller_Response_Http(); $processor = new XenForo_UserUpgradeProcessor_Paymentwall(); $processor->initCallbackHandling(new Zend_Controller_Request_Http()); $logExtra = array(); try { if (!($processor->validateRequest() && $processor->validatePreConditions())) { throw new Exception($processor->getLogMessage(), 500); } list($logType, $logMessage) = $processor->processTransaction(); } catch (Exception $e) { $response->setHttpResponseCode($e->getCode()); XenForo_Error::logException($e); $logType = 'error'; $logMessage = 'Exception: ' . $e->getMessage(); $logExtra['_e'] = $e; } $processor->log($logType, $logMessage, $logExtra); $response->setBody(htmlspecialchars($logMessage)); $response->sendResponse();
/** * @see AM_Handler_Export_Storage_Interface::sendPackage() * @throws AM_Handler_Export_Storage_Exception */ public function sendPackage() { $sFilePath = $this->_buildPackagePath() . DIRECTORY_SEPARATOR . $this->getPackage()->getPackageName(); $sFileName = $this->getPackage()->getPackageDownloadName(); if (!file_exists($sFilePath)) { throw new AM_Handler_Export_Storage_Exception(sprintf('File "%s" not found', $sFilePath)); } $oResponse = new Zend_Controller_Response_Http(); $oResponse->setHttpResponseCode(200); $oRequest = new Zend_Controller_Request_Http(); $iFileSize = filesize($sFilePath); $sFileMtime = @gmdate("D, d M Y H:i:s", @filemtime($sFilePath)) . " GMT"; $rFile = @fopen($sFilePath, 'rb'); $sRange = $oRequest->get('HTTP_RANGE'); //Trying to resume download according to the HTTP_RANGE header if (preg_match('/bytes=(\\d+)-(\\d*)/i', $sRange, $matches)) { $sRange = $matches[1]; } else { $sRange = false; } if ($sRange) { fseek($rFile, $sRange); $oResponse->setHttpResponseCode(206); $oResponse->setHeader('Content-Range', sprintf('bytes %d-%d/%d', $sRange, $iFileSize - 1, $iFileSize)); } $oResponse->setHeader('Content-Disposition', 'attachment; filename=' . $sFileName)->setHeader('Content-Length', $iFileSize - $sRange)->setHeader('Content-Type', 'application/octet-stream')->setHeader('Accept-Ranges', 'bytes')->setHeader('Last-Modified', $sFileMtime); while (!feof($rFile)) { $sBuffer = fread($rFile, 2048); $oResponse->appendBody($sBuffer); } fclose($rFile); $oResponse->sendResponse(); }
/** * Set response object * * @param Zend_Controller_Response_Http $response * @return Mage_Oauth_Model_Server */ public function setResponse(Zend_Controller_Response_Http $response) { $this->_response = $response; $this->_response->setHeader(Zend_Http_Client::CONTENT_TYPE, Zend_Http_Client::ENC_URLENCODED, true); $this->_response->setHttpResponseCode(self::HTTP_OK); return $this; }
/** * Digest Authentication * * @param string $header Client's Authorization header * @throws Zend_Auth_Adapter_Exception * @return Zend_Auth_Result Valid auth result only on successful auth */ protected function _digestAuth($header) { if (empty($header)) { /** * @see Zend_Auth_Adapter_Exception */ #require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('The value of the client Authorization header is required'); } if (empty($this->_digestResolver)) { /** * @see Zend_Auth_Adapter_Exception */ #require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('A digestResolver object must be set before doing Digest authentication'); } $data = $this->_parseDigestAuth($header); if ($data === false) { $this->_response->setHttpResponseCode(400); return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, array(), array('Invalid Authorization header format')); } // See ZF-1052. This code was a bit too unforgiving of invalid // usernames. Now, if the username is bad, we re-challenge the client. if ('::invalid::' == $data['username']) { return $this->_challengeClient(); } // Verify that the client sent back the same nonce if ($this->_calcNonce() != $data['nonce']) { return $this->_challengeClient(); } // The opaque value is also required to match, but of course IE doesn't // play ball. if (!$this->_ieNoOpaque && $this->_calcOpaque() != $data['opaque']) { return $this->_challengeClient(); } // Look up the user's password hash. If not found, deny access. // This makes no assumptions about how the password hash was // constructed beyond that it must have been built in such a way as // to be recreatable with the current settings of this object. $ha1 = $this->_digestResolver->resolve($data['username'], $data['realm']); if ($ha1 === false) { return $this->_challengeClient(); } // If MD5-sess is used, a1 value is made of the user's password // hash with the server and client nonce appended, separated by // colons. if ($this->_algo == 'MD5-sess') { $ha1 = hash('md5', $ha1 . ':' . $data['nonce'] . ':' . $data['cnonce']); } // Calculate h(a2). The value of this hash depends on the qop // option selected by the client and the supported hash functions switch ($data['qop']) { case 'auth': $a2 = $this->_request->getMethod() . ':' . $data['uri']; break; case 'auth-int': // Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body), // but this isn't supported yet, so fall through to default case // Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body), // but this isn't supported yet, so fall through to default case default: /** * @see Zend_Auth_Adapter_Exception */ #require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('Client requested an unsupported qop option'); } // Using hash() should make parameterizing the hash algorithm // easier $ha2 = hash('md5', $a2); // Calculate the server's version of the request-digest. This must // match $data['response']. See RFC 2617, section 3.2.2.1 $message = $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $ha2; $digest = hash('md5', $ha1 . ':' . $message); // If our digest matches the client's let them in, otherwise return // a 401 code and exit to prevent access to the protected resource. if ($this->_secureStringCompare($digest, $data['response'])) { $identity = array('username' => $data['username'], 'realm' => $data['realm']); return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity); } else { return $this->_challengeClient(); } }
$fileDir = dirname(__FILE__); require $fileDir . '/library/XenForo/Autoloader.php'; XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library'); XenForo_Application::initialize($fileDir . '/library', $fileDir); XenForo_Application::set('page_start_time', $startTime); $deps = new XenForo_Dependencies_Public(); $deps->preLoadData(); $response = new Zend_Controller_Response_Http(); $processor = new XenForo_UserUpgradeProcessor_PayPal(); $processor->initCallbackHandling(new Zend_Controller_Request_Http()); $logExtra = array(); $logMessage = false; try { if (!$processor->validateRequest($logMessage)) { $logType = 'error'; $response->setHttpResponseCode(500); } else { if (!$processor->validatePreConditions($logMessage)) { $logType = 'error'; } else { $logType = 'info'; $logMessage = $processor->processTransaction(); } } if (is_array($logMessage)) { $temp = $logMessage; list($logType, $logMessage) = $temp; } } catch (Exception $e) { $response->setHttpResponseCode(500); XenForo_Error::logException($e);
/** * Acts like a client sending the given Authenticate header value. * * @param string $clientHeader Authenticate header value * @param string $scheme Which authentication scheme to use * @return array Containing the result, the response headers, and the status */ public function _doAuth($clientHeader, $scheme) { // Set up stub request and response objects $request = $this->getMock('Zend_Controller_Request_Http'); $response = new Zend_Controller_Response_Http(); $response->setHttpResponseCode(200); $response->headersSentThrowsException = false; // Set stub method return values $request->expects($this->any())->method('getRequestUri')->will($this->returnValue('/')); $request->expects($this->any())->method('getMethod')->will($this->returnValue('GET')); $request->expects($this->any())->method('getServer')->will($this->returnValue('PHPUnit')); $request->expects($this->any())->method('getHeader')->will($this->returnValue($clientHeader)); // Select an Authentication scheme switch ($scheme) { case 'basic': $use = $this->_basicConfig; break; case 'digest': $use = $this->_digestConfig; break; case 'both': default: $use = $this->_bothConfig; } // Create the HTTP Auth adapter $a = new Zend_Auth_Adapter_Http($use); $a->setBasicResolver($this->_basicResolver); $a->setDigestResolver($this->_digestResolver); // Send the authentication request $a->setRequest($request); $a->setResponse($response); $result = $a->authenticate(); $return = array('result' => $result, 'status' => $response->getHttpResponseCode(), 'headers' => $response->getHeaders()); return $return; }
/** * Проверить не изменен ли файл с последней загрузки * Если не изменен, установить заголовок * * @param Zend_Controller_Request_Http $request * @param Zend_Controller_Response_Http $response * @return bool */ public function checkIfNotModified(Zend_Controller_Request_Http $request, Zend_Controller_Response_Http $response = null) { $mtime = $this->getModifiedTime(); if ($mtime) { $ifModSince = strtotime($request->getHeader('If-Modified-Since')); if ($ifModSince >= $mtime) { if ($response) { $response->setHttpResponseCode(304); } else { header($protocol . ' 304 Not Modified'); } return true; } } return false; }