/** * @return Ajde_Http_Request */ public static function fromGlobal() { $instance = new self(); if (!empty($_POST) && self::requirePostToken() && !self::_isWhitelisted()) { // Measures against CSRF attacks $session = new Session('AC.Form'); if (!isset($_POST['_token']) || !$session->has('formTime')) { // TODO: $exception = new Security('No form token received or no form time set, bailing out to prevent CSRF attack'); if (Config::getInstance()->debug === true) { Response::setResponseType(Response::RESPONSE_TYPE_FORBIDDEN); throw $exception; } else { // Prevent inf. loops unset($_POST); // Rewrite Log::logException($exception); Response::dieOnCode(Response::RESPONSE_TYPE_FORBIDDEN); } } $formToken = $_POST['_token']; if (!self::verifyFormToken($formToken) || !self::verifyFormTime()) { // TODO: if (!self::verifyFormToken($formToken)) { $exception = new Security('No matching form token (got ' . self::_getHashFromSession($formToken) . ', expected ' . self::_tokenHash($formToken) . '), bailing out to prevent CSRF attack'); } else { $exception = new Security('Form token timed out, bailing out to prevent CSRF attack'); } if (Config::getInstance()->debug === true) { Response::setResponseType(Response::RESPONSE_TYPE_FORBIDDEN); throw $exception; } else { // Prevent inf. loops unset($_POST); // Rewrite Log::logException($exception); Response::dieOnCode(Response::RESPONSE_TYPE_FORBIDDEN); } } } // Security measure, protect $_POST //$global = array_merge($_GET, $_POST); $global = $_GET; foreach ($global as $key => $value) { $instance->set($key, $value); } $instance->_postData = $_POST; if (!empty($instance->_postData)) { Cache::getInstance()->disable(); } return $instance; }
/** * * @return Ajde_Model */ public function getItem() { if ($this->isNew()) { $this->fireCrudLoadedOnModel($this->getModel()); return $this->getModel(); } if (!$this->getModel()->getPK()) { $model = $this->getModel(); if (!$model->loadByPK($this->getId())) { Response::redirectNotFound(); } else { if (!$model->getAutoloadParents()) { $model->loadParents(); } } $this->fireCrudLoadedOnModel($this->getModel()); } return $this->getModel(); }
/** * * @param Ajde_Core_Route $route * @return Ajde_Controller */ public static function fromRoute(Route $route) { if ($controller = $route->getController()) { $moduleController = ucfirst($route->getModule()) . ucfirst($controller) . 'Controller'; } else { $moduleController = ucfirst($route->getModule()) . 'Controller'; } if (!Autoloader::exists($moduleController)) { // Prevent resursive 404 routing if (isset(Config::getInstance()->responseCodeRoute[Response::RESPONSE_TYPE_NOTFOUND])) { $notFoundRoute = new Route(Config::getInstance()->responseCodeRoute[Response::RESPONSE_TYPE_NOTFOUND]); if ($route->buildRoute() == $notFoundRoute->buildRoute()) { Response::setResponseType(404); die('<h2>Ouch, something broke.</h2><p>This is serious. We tried to give you a nice error page, but even that failed.</p><button onclick="location.href=\'' . Config::get('site_root') . '\';">Go back to homepage</button>'); } } if (Autoloader::exists('Ajde_Exception')) { $exception = new Routing("Controller {$moduleController} for module {$route->getModule()} not found", 90008); } else { // Normal exception here to prevent [Class 'Ajde_Exception' not found] errors... $exception = new Exception("Controller {$moduleController} for module {$route->getModule()} not found"); } Ajde::routingError($exception); } $controller = new $moduleController($route->getAction(), $route->getFormat()); $controller->_route = $route; foreach ($route->values() as $part => $value) { $controller->set($part, $value); } return $controller; }
public static function routingError(Exception $exception) { if (Config::get("debug") === true) { throw $exception; } else { if (Autoloader::exists('Ajde_Exception_Log')) { Log::logException($exception); } Response::redirectNotFound(); } }