/** * @param Ajde_Core_Route $route * * @return Ajde_Controller */ public static function fromRoute(Ajde_Core_Route $route) { if ($controller = $route->getController()) { $moduleController = ucfirst($route->getModule()) . ucfirst($controller) . 'Controller'; } else { $moduleController = ucfirst($route->getModule()) . 'Controller'; } if (!class_exists($moduleController)) { // Prevent resursive 404 routing $errorRoutes = config('routes.errors'); if (isset($errorRoutes[Ajde_Http_Response::RESPONSE_TYPE_NOTFOUND])) { $notFoundRoute = new Ajde_Core_Route($errorRoutes[Ajde_Http_Response::RESPONSE_TYPE_NOTFOUND]); if ($route->buildRoute() == $notFoundRoute->buildRoute()) { Ajde_Http_Response::setResponseType(404); die('<h2>Ouch, something broke.</h2><p>This is serious. We tried to give you a nice error page, but even that failed.</p><button onclick="location.href=\'' . config('app.rootUrl') . '\';">Go back to homepage</button>'); } } if (class_exists('Ajde_Exception')) { $exception = new Ajde_Core_Exception_Routing("Controller {$moduleController} for module {$route->getModule()} not found", 90008); } else { // Normal exception here to prevent [Class 'Ajde_Exception' not found] errors... $exception = new Exception("Controller {$moduleController} for module {$route->getModule()} not found"); } Ajde::routingError($exception); } $controller = new $moduleController($route->getAction(), $route->getFormat()); $controller->_route = $route; foreach ($route->values() as $part => $value) { $controller->set($part, $value); } return $controller; }
/** * @throws Ajde_Core_Exception_Security * * @return Ajde_Http_Request */ public static function fromGlobal() { $instance = new self(); $post = self::globalPost(); if (!empty($post) && self::requirePostToken() && !self::_isWhitelisted()) { // Measures against CSRF attacks $session = new Ajde_Session('AC.Form'); if (!isset($post['_token']) || !$session->has('formTime')) { $exception = new Ajde_Core_Exception_Security('No form token received or no form time set, bailing out to prevent CSRF attack'); if (config('app.debug') === true) { Ajde_Http_Response::setResponseType(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN); throw $exception; } else { // Prevent inf. loops unset($_POST); unset($_REQUEST); // Rewrite Ajde_Exception_Log::logException($exception); Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN); } } $formToken = $post['_token']; if (!self::verifyFormToken($formToken) || !self::verifyFormTime()) { // TODO: if (!self::verifyFormToken($formToken)) { $exception = new Ajde_Core_Exception_Security('No matching form token (got ' . self::_getHashFromSession($formToken) . ', expected ' . self::_tokenHash($formToken) . '), bailing out to prevent CSRF attack'); } else { $exception = new Ajde_Core_Exception_Security('Form token timed out, bailing out to prevent CSRF attack'); } if (config('app.debug') === true) { Ajde_Http_Response::setResponseType(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN); throw $exception; } else { // Prevent inf. loops unset($_POST); unset($_REQUEST); // Rewrite Ajde_Exception_Log::logException($exception); Ajde_Http_Response::dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_FORBIDDEN); } } } // Security measure, protect $_POST $global = self::globalGet(); foreach ($global as $key => $value) { $instance->set($key, $value); } $instance->_postData = self::globalPost(); if (!empty($instance->_postData)) { Ajde_Cache::getInstance()->disable(); } return $instance; }