/** * Does the user authentication. */ protected function initAuth() { // this is a work-around since neither RequestHandler // nor RouteHandler are populated right now $pathInfo = RouteHandler::getPathInfo(); if (empty($pathInfo) || !preg_match('~^/?(acp-?captcha|login|logout)/~i', $pathInfo)) { if (WCF::getUser()->userID == 0) { // work-around for AJAX-requests within ACP if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') { throw new AJAXException(WCF::getLanguage()->get('wcf.ajax.error.sessionExpired'), AJAXException::SESSION_EXPIRED, ''); } // build redirect path $application = ApplicationHandler::getInstance()->getActiveApplication(); if ($application === null) { throw new SystemException("You have aborted the installation, therefore this installation is unusable. You are required to reinstall the software."); } // fallback for unknown host (rescue mode) if ($application->domainName != $_SERVER['HTTP_HOST']) { $pageURL = RouteHandler::getProtocol() . $_SERVER['HTTP_HOST'] . RouteHandler::getPath(array('acp')); } else { $pageURL = $application->getPageURL(); } // drop session id $redirectURI = preg_replace('~[&\\?]s=[a-f0-9]{40}(&|$)~', '', WCF::getSession()->requestURI); $path = $pageURL . 'acp/index.php?login/' . SID_ARG_2ND_NOT_ENCODED . '&url=' . rawurlencode(RouteHandler::getProtocol() . $_SERVER['HTTP_HOST'] . $redirectURI); HeaderUtil::redirect($path); exit; } else { // work-around for AJAX-requests within ACP if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') { try { WCF::getSession()->checkPermissions(array('admin.general.canUseAcp')); } catch (PermissionDeniedException $e) { throw new AJAXException(self::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS, $e->getTraceAsString()); } } else { WCF::getSession()->checkPermissions(array('admin.general.canUseAcp')); } // force debug mode if in ACP and authenticated self::$overrideDebugMode = true; } } }
/** * Returns the URI of the current page. * * @return string */ public static function getRequestURI() { if (URL_LEGACY_MODE) { // resolve path and query components $scriptName = $_SERVER['SCRIPT_NAME']; $pathInfo = RouteHandler::getPathInfo(); if (empty($pathInfo)) { // bug fix if URL omits script name and path $scriptName = substr($scriptName, 0, strrpos($scriptName, '/')); } $path = str_replace('/index.php', '', str_replace($scriptName, '', $_SERVER['REQUEST_URI'])); if (!StringUtil::isUTF8($path)) { $path = StringUtil::convertEncoding('ISO-8859-1', 'UTF-8', $path); } $path = FileUtil::removeLeadingSlash($path); $baseHref = self::getTPL()->get('baseHref'); if (!empty($path) && mb_strpos($path, '?') !== 0) { $baseHref .= 'index.php/'; } return $baseHref . $path; } else { $url = preg_replace('~^(https?://[^/]+)(?:/.*)?$~', '$1', self::getTPL()->get('baseHref')); $url .= $_SERVER['REQUEST_URI']; return $url; } }
/** * Builds a new request. * * @param string $application */ protected function buildRequest($application) { try { $routeData = RouteHandler::getInstance()->getRouteData(); // handle landing page for frontend requests if (!$this->isACPRequest()) { $this->handleDefaultController($application, $routeData); // check if accessing from the wrong domain (e.g. "www." omitted but domain was configured with) if (!defined('WCF_RUN_MODE') || WCF_RUN_MODE != 'embedded') { $applicationObject = ApplicationHandler::getInstance()->getApplication($application); if ($applicationObject->domainName != $_SERVER['HTTP_HOST']) { // build URL, e.g. http://example.net/forum/ $url = FileUtil::addTrailingSlash(RouteHandler::getProtocol() . $applicationObject->domainName . RouteHandler::getPath()); if (URL_LEGACY_MODE) { // add path info, e.g. index.php/Board/2/ $pathInfo = RouteHandler::getPathInfo(); if (!empty($pathInfo)) { $url .= 'index.php' . $pathInfo; } } // query string, e.g. ?foo=bar if (!empty($_SERVER['QUERY_STRING'])) { $url .= '?' . $_SERVER['QUERY_STRING']; } HeaderUtil::redirect($url, true); exit; } } // handle controller aliasing if (empty($routeData['isImplicitController']) && !URL_LEGACY_MODE && isset($routeData['controller'])) { $ciController = mb_strtolower($routeData['controller']); // aliased controller, redirect to new URL $alias = $this->getAliasByController($ciController); if ($alias !== null) { $this->redirect($routeData, $application); } $controller = $this->getControllerByAlias($ciController); if ($controller !== null) { // check if controller was provided explicitly as it should $alias = $this->getAliasByController($controller); if ($alias != $routeData['controller']) { $routeData['controller'] = $controller; $this->redirect($routeData, $application); } $routeData['controller'] = $controller; } } } else { if (empty($routeData['controller'])) { $routeData['controller'] = 'Index'; } } $controller = $routeData['controller']; // validate class name if (!preg_match('~^[a-z0-9-]+$~i', $controller)) { throw new SystemException("Illegal class name '" . $controller . "'"); } // work-around for WCFSetup if (!PACKAGE_ID) { $parts = explode('-', $controller); $parts = array_map(function ($part) { return ucfirst($part); }, $parts); $controller = implode('', $parts); } // find class $classData = $this->getClassData($controller, 'page', $application); if ($classData === null) { $classData = $this->getClassData($controller, 'form', $application); } if ($classData === null) { $classData = $this->getClassData($controller, 'action', $application); } if ($classData === null) { throw new SystemException("unable to find class for controller '" . $controller . "'"); } else { if (!class_exists($classData['className'])) { throw new SystemException("unable to find class '" . $classData['className'] . "'"); } } // check if controller was provided exactly as it should if (!URL_LEGACY_MODE && !$this->isACPRequest()) { if (preg_match('~([A-Za-z0-9]+)(?:Action|Form|Page)$~', $classData['className'], $matches)) { $realController = self::getTokenizedController($matches[1]); if ($controller != $realController) { $this->redirect($routeData, $application, $matches[1]); } } } $this->activeRequest = new Request($classData['className'], $classData['controller'], $classData['pageType']); } catch (SystemException $e) { throw new IllegalLinkException(); } }