protected function __construct() { $this->Profiler = new Profiler(); if (get_magic_quotes_gpc()) { General::cleanArray($_SERVER); General::cleanArray($_COOKIE); General::cleanArray($_GET); General::cleanArray($_POST); } include CONFIG; self::$Configuration = new Configuration(true); self::$Configuration->setArray($settings); DateTimeObj::setDefaultTimezone(self::$Configuration->get('timezone', 'region')); self::$_lang = self::$Configuration->get('lang', 'symphony') ? self::$Configuration->get('lang', 'symphony') : 'en'; // Legacy support for __LANG__ constant define_safe('__LANG__', self::lang()); define_safe('__SYM_DATE_FORMAT__', self::$Configuration->get('date_format', 'region')); define_safe('__SYM_TIME_FORMAT__', self::$Configuration->get('time_format', 'region')); define_safe('__SYM_DATETIME_FORMAT__', __SYM_DATE_FORMAT__ . ' ' . __SYM_TIME_FORMAT__); $this->initialiseLog(); GenericExceptionHandler::initialise(); GenericErrorHandler::initialise(self::$Log); $this->initialiseCookie(); $this->initialiseDatabase(); $this->initialiseExtensionManager(); if (!self::isLoggedIn()) { GenericExceptionHandler::$enabled = false; } Lang::loadAll($this->ExtensionManager); }
/** * The constructor for the `XSLTPage` ensures that an `XSLTProcessor` * is available, and then sets an instance of it to `$this->Proc`, otherwise * it will throw a `SymphonyErrorPage` exception. */ public function __construct() { if (!XsltProcess::isXSLTProcessorAvailable()) { GenericExceptionHandler::$enabled = true; throw new SymphonyErrorPage(__('No suitable XSLT processor was found.')); } $this->Proc = new XsltProcess(); }
public function setPage($context) { // Check to see if the page has 'etf' page type if (is_array($context['page_data']['type']) && in_array('etf', $context['page_data']['type'])) { // Check to see that the page has been requested by someone who is logged in // or someone who has passed the ETF header if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'EmailTemplateFilter' || Frontend::instance()->isLoggedIn() && Frontend::instance()->Author->isDeveloper()) { // All good! self::$page = $context['page']; } else { $row = Symphony::Database()->fetchRow(0, "\n\t\t\t\t\t\tSELECT `tbl_pages`.*\n\t\t\t\t\t\tFROM `tbl_pages`, `tbl_pages_types`\n\t\t\t\t\t\tWHERE `tbl_pages_types`.page_id = `tbl_pages`.id\n\t\t\t\t\t\tAND tbl_pages_types.`type` = '403'\n\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t"); if ($row) { $row['type'] = FrontendPage::fetchPageTypes($row['id']); $row['filelocation'] = FrontendPage::resolvePageFileLocation($row['path'], $row['handle']); $context['page_data'] = $row; return; } else { GenericExceptionHandler::$enabled = true; throw new SymphonyErrorPage(__('Please <a href="%s">login</a> to view this page.', array(SYMPHONY_URL . '/login/')), __('Forbidden'), 'error', array('header' => 'HTTP/1.0 403 Forbidden')); } } } }
/** * A wrapper for throwing a new Symphony Error page. * * @see core.SymphonyErrorPage * @param string $heading * A heading for the error page * @param string|XMLElement $message * A description for this error, which can be provided as a string * or as an XMLElement. * @param string $template * A string for the error page template to use, defaults to 'generic'. This * can be the name of any template file in the `TEMPLATES` directory. * A template using the naming convention of `tpl.*.php`. * @param array $additional * Allows custom information to be passed to the Symphony Error Page * that the template may want to expose, such as custom Headers etc. */ public function customError($heading, $message, $template = 'generic', array $additional = array()) { GenericExceptionHandler::$enabled = true; throw new SymphonyErrorPage($message, $heading, $template, $additional); }
/** * A wrapper for throwing a new Symphony Error page. * * This methods sets the `GenericExceptionHandler::$enabled` value to `true`. * * @see core.SymphonyErrorPage * @param string|XMLElement $message * A description for this error, which can be provided as a string * or as an XMLElement. * @param string $heading * A heading for the error page * @param integer $status * Properly sets the HTTP status code for the response. Defaults to * `Page::HTTP_STATUS_ERROR`. Use `Page::HTTP_STATUS_XXX` to set this value. * @param string $template * A string for the error page template to use, defaults to 'generic'. This * can be the name of any template file in the `TEMPLATES` directory. * A template using the naming convention of `tpl.*.php`. * @param array $additional * Allows custom information to be passed to the Symphony Error Page * that the template may want to expose, such as custom Headers etc. * @throws SymphonyErrorPage */ public static function throwCustomError($message, $heading = 'Symphony Fatal Error', $status = Page::HTTP_STATUS_ERROR, $template = 'generic', array $additional = array()) { GenericExceptionHandler::$enabled = true; throw new SymphonyErrorPage($message, $heading, $template, $additional, $status); }
/** * This function attempts to resolve the given page in to it's Symphony page. If no * page is given, it is assumed the 'index' is being requested. Before a page row is * returned, it is checked to see that if it has the 'admin' type, that the requesting * user is authenticated as a Symphony author. If they are not, the Symphony 403 * page is returned (whether that be set as a user defined page using the page type * of 403, or just returning the Default Symphony 403 error page). Any URL parameters * set on the page are added to the `$env` variable before the function returns an * associative array of page details such as Title, Content Type etc. * * @uses FrontendPrePageResolve * @see __isSchemaValid() * @param string $page * The URL of the current page that is being Rendered as returned by `getCurrentPage()`. * If no URL is provided, Symphony assumes the Page with the type 'index' is being * requested. * @return array * An associative array of page details */ public function resolvePage($page = null) { if ($page) { $this->_page = $page; } $row = null; /** * Before page resolve. Allows manipulation of page without redirection * @delegate FrontendPrePageResolve * @param string $context * '/frontend/' * @param mixed $row * @param FrontendPage $page * An instance of this FrontendPage */ Symphony::ExtensionManager()->notifyMembers('FrontendPrePageResolve', '/frontend/', array('row' => &$row, 'page' => &$this->_page)); // Default to the index page if no page has been specified if ((!$this->_page || $this->_page == '//') && is_null($row)) { $row = PageManager::fetchPageByType('index'); } else { if (is_null($row)) { $page_extra_bits = array(); $pathArr = preg_split('/\\//', trim($this->_page, '/'), -1, PREG_SPLIT_NO_EMPTY); $handle = array_pop($pathArr); do { $path = implode('/', $pathArr); if ($row = PageManager::resolvePageByPath($handle, $path)) { $pathArr[] = $handle; break 1; } else { $page_extra_bits[] = $handle; } } while ($handle = array_pop($pathArr)); if (empty($pathArr)) { return false; } if (!$this->__isSchemaValid($row['params'], $page_extra_bits)) { return false; } } } // Process the extra URL params $url_params = preg_split('/\\//', $row['params'], -1, PREG_SPLIT_NO_EMPTY); foreach ($url_params as $var) { $this->_env['url'][$var] = NULL; } if (isset($page_extra_bits)) { if (!empty($page_extra_bits)) { $page_extra_bits = array_reverse($page_extra_bits); } for ($i = 0, $ii = count($page_extra_bits); $i < $ii; $i++) { $this->_env['url'][$url_params[$i]] = str_replace(' ', '+', $page_extra_bits[$i]); } } if (!is_array($row) || empty($row)) { return false; } $row['type'] = PageManager::fetchPageTypes($row['id']); // Make sure the user has permission to access this page if (!$this->is_logged_in && in_array('admin', $row['type'])) { $row = PageManager::fetchPageByType('403'); if (empty($row)) { GenericExceptionHandler::$enabled = true; throw new SymphonyErrorPage(__('Please login to view this page.') . ' <a href="' . SYMPHONY_URL . '/login/">' . __('Take me to the login page') . '</a>.', __('Forbidden'), 'generic', array('header' => 'HTTP/1.0 403 Forbidden')); } $row['type'] = PageManager::fetchPageTypes($row['id']); } $row['filelocation'] = PageManager::resolvePageFileLocation($row['path'], $row['handle']); return $row; }
public static function initialise() { self::$enabled = true; set_exception_handler(array(__CLASS__, 'handler')); }
/** * This function attempts to resolve the given page in to it's Symphony page. If no * page is given, it is assumed the 'index' is being requested. Before a page row is * returned, it is checked to see that if it has the 'admin' type, that the requesting * user is authenticated as a Symphony author. If they are not, the Symphony 403 * page is returned (whether that be set as a user defined page using the page type * of 403, or just returning the Default Symphony 403 error page). Any URL parameters * set on the page are added to the `$env` variable before the function returns an * associative array of page details such as Title, Content Type etc. * * @uses FrontendPrePageResolve * @see __isSchemaValid() * @param string $page * The URL of the current page that is being Rendered as returned by `getCurrentPage()`. * If no URL is provided, Symphony assumes the Page with the type 'index' is being * requested. * @return array * An associative array of page details */ public function resolvePage($page = null) { if ($page) { $this->_page = $page; } $row = null; /** * Before page resolve. Allows manipulation of page without redirection * @delegate FrontendPrePageResolve * @param string $context * '/frontend/' * @param mixed $row * @param FrontendPage $page * An instance of this FrontendPage */ $this->ExtensionManager->notifyMembers('FrontendPrePageResolve', '/frontend/', array('row' => &$row, 'page' => &$this->_page)); ## Default to the index page if no page has been specified if ((!$this->_page || $this->_page == '//') && is_null($row)) { $row = Symphony::Database()->fetchRow(0, "\n\t\t\t\t\tSELECT `tbl_pages`.* FROM `tbl_pages`, `tbl_pages_types`\n\t\t\t\t\tWHERE `tbl_pages_types`.page_id = `tbl_pages`.id\n\t\t\t\t\tAND tbl_pages_types.`type` = 'index'\n\t\t\t\t\t LIMIT 1\n\t\t\t\t"); } elseif (is_null($row)) { $pathArr = preg_split('/\\//', trim($this->_page, '/'), -1, PREG_SPLIT_NO_EMPTY); $prevPage = NULL; $valid_page_path = array(); $page_extra_bits = array(); $handle = array_pop($pathArr); do { $path = implode('/', $pathArr); $sql = sprintf("SELECT * FROM `tbl_pages` WHERE `path` %s AND `handle` = '%s' LIMIT 1", $path ? " = '" . Symphony::Database()->cleanValue($path) . "'" : 'IS NULL', Symphony::Database()->cleanValue($handle)); if ($row = Symphony::Database()->fetchRow(0, $sql)) { array_push($pathArr, $handle); $valid_page_path = $pathArr; break 1; } else { $page_extra_bits[] = $handle; } } while ($handle = array_pop($pathArr)); if (empty($valid_page_path)) { return false; } if (!$this->__isSchemaValid($row['params'], $page_extra_bits)) { return false; } } ##Process the extra URL params $url_params = preg_split('/\\//', $row['params'], -1, PREG_SPLIT_NO_EMPTY); foreach ($url_params as $var) { $this->_env['url'][$var] = NULL; } if (isset($page_extra_bits)) { if (is_array($page_extra_bits) && !empty($page_extra_bits)) { $page_extra_bits = array_reverse($page_extra_bits); } for ($ii = 0; $ii < count($page_extra_bits); $ii++) { $this->_env['url'][$url_params[$ii]] = str_replace(' ', '+', $page_extra_bits[$ii]); } } if (!is_array($row) || empty($row)) { return false; } $row['type'] = FrontendPage::fetchPageTypes($row['id']); ## Make sure the user has permission to access this page if (!$this->is_logged_in && in_array('admin', $row['type'])) { $row = Symphony::Database()->fetchRow(0, "\n\t\t\t\t\tSELECT `tbl_pages`.*\n\t\t\t\t\tFROM `tbl_pages`, `tbl_pages_types`\n\t\t\t\t\tWHERE `tbl_pages_types`.page_id = `tbl_pages`.id\n\t\t\t\t\tAND tbl_pages_types.`type` = '403'\n\t\t\t\t\tLIMIT 1\n\t\t\t\t"); if (empty($row)) { GenericExceptionHandler::$enabled = true; throw new SymphonyErrorPage(__('Please <a href="%s">login</a> to view this page.', array(SYMPHONY_URL . '/login/')), __('Forbidden'), 'error', array('header' => 'HTTP/1.0 403 Forbidden')); } $row['type'] = FrontendPage::fetchPageTypes($row['id']); } $row['filelocation'] = FrontendPage::resolvePageFileLocation($row['path'], $row['handle']); return $row; }
public function checkFrontendPagePermissions($context) { $isLoggedIn = false; $errors = array(); $action = null; // Checks $_REQUEST to see if a Member Action has been requested, // member-action['login'] and member-action['logout']/?member-action=logout // are the only two supported at this stage. if (isset($_REQUEST['member-action']) && is_array($_REQUEST['member-action'])) { list($action) = array_keys($_REQUEST['member-action']); } else { if (isset($_REQUEST['member-action'])) { $action = $_REQUEST['member-action']; } } // Check to see a Member is already logged in. $isLoggedIn = $this->getMemberDriver()->isLoggedIn($errors); // Logout if (trim($action) == 'logout') { /** * Fired just before a member is logged out (and page redirection), * this delegate provides the current Member ID * * @delegate MembersPreLogout * @param string $context * '/frontend/' * @param integer $member_id * The Member ID of the member who is about to logged out */ Symphony::ExtensionManager()->notifyMembers('MembersPreLogout', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID())); $this->getMemberDriver()->logout(); // If a redirect is provided, redirect to that, otherwise return the user // to the index of the site. Issue #51 & #121 if (isset($_REQUEST['redirect'])) { redirect($_REQUEST['redirect']); } redirect(URL); } else { if (trim($action) == 'login' && !is_null($_POST['fields'])) { // If a Member is already logged in and another Login attempt is requested // log the Member out first before trying to login with new details. if ($isLoggedIn) { $this->getMemberDriver()->logout(); } if ($this->getMemberDriver()->login($_POST['fields'])) { /** * Fired just after a Member has successfully logged in, this delegate * provides the current Member ID. This delegate is fired just before * the page redirection (if it is provided) * * @delegate MembersPostLogin * @param string $context * '/frontend/' * @param integer $member_id * The Member ID of the member who just logged in. * @param Entry $member * The Entry object of the logged in Member. */ Symphony::ExtensionManager()->notifyMembers('MembersPostLogin', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID(), 'member' => $this->getMemberDriver()->getMember())); if (isset($_POST['redirect'])) { redirect($_POST['redirect']); } } else { self::$_failed_login_attempt = true; /** * A failed Member login attempt * * @delegate MembersLoginFailure * @param string $context * '/frontend/' * @param string $username * The username of the Member who attempted to login. */ Symphony::ExtensionManager()->notifyMembers('MembersLoginFailure', '/frontend/', array('username' => Symphony::Database()->cleanValue($_POST['fields'][extension_Members::getFieldHandle('identity')]))); } } } $this->Member->initialiseMemberObject(); $hasRoles = FieldManager::isFieldUsed(extension_Members::getFieldType('role')); if ($isLoggedIn && $this->getMemberDriver()->getMember() instanceof Entry) { $this->getMemberDriver()->updateSystemTimezoneOffset(); if ($hasRoles) { $role_field = extension_Members::getField('role'); if ($role_field) { $role_data = $this->getMemberDriver()->getMember()->getData($role_field->get('id')); } } } // If there is no role field, or a Developer is logged in, return, as Developers // should be able to access every page. Handles Symphony 2.4 or Symphony 2.5 $isDeveloper = method_exists(Symphony::Engine(), 'Author') ? Symphony::Engine()->Author() instanceof Author && Symphony::Engine()->Author()->isDeveloper() : Symphony::Engine()->Author instanceof Author && Symphony::Engine()->Author->isDeveloper(); if (!$hasRoles || $isDeveloper) { return; } $role_id = $isLoggedIn ? $role_data['role_id'] : Role::PUBLIC_ROLE; $role = RoleManager::fetch($role_id); if ($role instanceof Role && !$role->canAccessPage((int) $context['page_data']['id'])) { // User has no access to this page, so look for a custom 403 page if ($row = PageManager::fetchPageByType('403')) { $row['type'] = PageManager::fetchPageTypes($row['id']); $row['filelocation'] = PageManager::resolvePageFileLocation($row['path'], $row['handle']); $context['page_data'] = $row; return; } else { // No custom 403, just throw default 403 GenericExceptionHandler::$enabled = true; Frontend::instance()->throwCustomError(__('The page you have requested has restricted access permissions.'), __('Forbidden'), Page::HTTP_STATUS_FORBIDDEN); } } }
public function frontendPageResolved($context) { if (!(int) ($page_id = $context['page_data']['id'])) { return; } // Don't show prototype pages to normal visitors if (!Frontend::instance()->isLoggedIn() && PagePrototypes::isPagePrototype($page_id)) { $forbidden = PageManager::fetchPageByType('403'); // User has no access to this page, so look for a custom 403 page if (!empty($forbidden)) { $forbidden['type'] = FrontendPage::fetchPageTypes($forbidden['id']); $forbidden['filelocation'] = FrontendPage::resolvePageFileLocation($forbidden['path'], $forbidden['handle']); $context['page_data'] = $forbidden; return; } else { GenericExceptionHandler::$enabled = true; throw new SymphonyErrorPage(__('The page you have requested has restricted access permissions.'), __('Forbidden'), 'generic', array('header' => 'HTTP/1.0 403 Forbidden')); } } // Override context if the page is connected to a prototype. // This is not really necesary because when a prototype gets changed in the backend, the referenced pages get changed as well. $prototype = PagePrototypes::fetchPrototypeOfPage($page_id); if (!empty($prototype)) { $context['page_data']['params'] = $prototype['params']; $context['page_data']['data_sources'] = $prototype['data_sources']; $context['page_data']['events'] = $prototype['events']; $context['page_data']['type'] = $prototype['type']; $context['page_data']['filelocation'] = PageManager::resolvePageFileLocation($prototype['path'], $prototype['handle']); } }
public function checkFrontendPagePermissions($context) { $isLoggedIn = false; $errors = array(); // Checks $_REQUEST to see if a Member Action has been requested, // member-action['login'] and member-action['logout']/?member-action=logout // are the only two supported at this stage. if (is_array($_REQUEST['member-action'])) { list($action) = array_keys($_REQUEST['member-action']); } else { $action = $_REQUEST['member-action']; } // Check to see a Member is already logged in. $isLoggedIn = $this->getMemberDriver()->isLoggedIn($errors); // Logout if (trim($action) == 'logout') { /** * Fired just before a member is logged out (and page redirection), * this delegate provides the current Member ID * * @delegate MembersPreLogout * @param string $context * '/frontend/' * @param integer $member_id * The Member ID of the member who is about to logged out */ Symphony::ExtensionManager()->notifyMembers('MembersPreLogout', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID())); $this->getMemberDriver()->logout(); // If a redirect is provided, redirect to that, otherwise return the user // to the index of the site. Issue #51 & #121 if (isset($_REQUEST['redirect'])) { redirect($_REQUEST['redirect']); } redirect(URL); } else { if (trim($action) == 'login' && !is_null($_POST['fields'])) { // If a Member is already logged in and another Login attempt is requested // log the Member out first before trying to login with new details. if ($isLoggedIn) { $this->getMemberDriver()->logout(); } if ($this->getMemberDriver()->login($_POST['fields'])) { /** * Fired just after a Member has successfully logged in, this delegate * provides the current Member ID. This delegate is fired just before * the page redirection (if it is provided) * * @delegate MembersPostLogin * @param string $context * '/frontend/' * @param integer $member_id * The Member ID of the member who just logged in. * @param Entry $member * The Entry object of the logged in Member. */ Symphony::ExtensionManager()->notifyMembers('MembersPostLogin', '/frontend/', array('member_id' => $this->getMemberDriver()->getMemberID(), 'member' => $this->getMemberDriver()->getMember())); if (isset($_POST['redirect'])) { redirect($_POST['redirect']); } } else { self::$_failed_login_attempt = true; } } } $this->Member->initialiseMemberObject(); if ($isLoggedIn && $this->getMemberDriver()->getMember() instanceof Entry) { $this->updateSystemTimezoneOffset($this->getMemberDriver()->getMemberID()); if (!is_null(extension_Members::getFieldHandle('role'))) { $role_data = $this->getMemberDriver()->getMember()->getData(extension_Members::getField('role')->get('id')); } } // If there is no role field, or a Developer is logged in, return, as Developers // should be able to access every page. if (is_null(extension_Members::getFieldHandle('role')) || Frontend::instance()->Author instanceof Author && Frontend::instance()->Author->isDeveloper()) { return; } $role_id = $isLoggedIn ? $role_data['role_id'] : Role::PUBLIC_ROLE; $role = RoleManager::fetch($role_id); if ($role instanceof Role && !$role->canAccessPage((int) $context['page_data']['id'])) { // User has no access to this page, so look for a custom 403 page if ($row = Symphony::Database()->fetchRow(0, "\n\t\t\t\t\tSELECT `p`.*\n\t\t\t\t\tFROM `tbl_pages` as `p`\n\t\t\t\t\tLEFT JOIN `tbl_pages_types` AS `pt` ON(`p`.id = `pt`.page_id)\n\t\t\t\t\tWHERE `pt`.type = '403'\n\t\t\t\t")) { $row['type'] = FrontendPage::fetchPageTypes($row['id']); $row['filelocation'] = FrontendPage::resolvePageFileLocation($row['path'], $row['handle']); $context['page_data'] = $row; return; } else { // No custom 403, just throw default 403 GenericExceptionHandler::$enabled = true; throw new SymphonyErrorPage(__('The page you have requested has restricted access permissions.'), __('Forbidden'), 'error', array('header' => 'HTTP/1.0 403 Forbidden')); } } }