/** * Get current mobile mode * * @return bool */ function _isFromMobilePhone() { if ($this->ismobile !== NULL) { return $this->ismobile; } if (Mobile::isMobileEnabled() === false || Context::get('full_browse') || $_COOKIE["FullBrowse"]) { return $this->ismobile = false; } $xe_web_path = Context::pathToUrl(_XE_PATH_); // default setting. if there is cookie for a device, XE do not have to check if it is mobile or not and it will enhance performace of the server. $this->ismobile = FALSE; $m = Context::get('m'); if (strlen($m) == 1) { if ($m == "1") { $this->ismobile = TRUE; } elseif ($m == "0") { $this->ismobile = FALSE; } } elseif (isset($_COOKIE['mobile'])) { if ($_COOKIE['user-agent'] == md5($_SERVER['HTTP_USER_AGENT'])) { if ($_COOKIE['mobile'] == 'true') { $this->ismobile = TRUE; } else { $this->ismobile = FALSE; } } else { $this->ismobile = FALSE; setcookie("mobile", FALSE, 0, $xe_web_path); setcookie("user-agent", FALSE, 0, $xe_web_path); if (!$this->isMobilePadCheckByAgent() && $this->isMobileCheckByAgent()) { $this->ismobile = TRUE; } } } else { if ($this->isMobilePadCheckByAgent()) { $this->ismobile = FALSE; } else { if ($this->isMobileCheckByAgent()) { $this->ismobile = TRUE; } } } if ($this->ismobile !== NULL) { if ($this->ismobile == TRUE) { if ($_COOKIE['mobile'] != 'true') { $_COOKIE['mobile'] = 'true'; setcookie("mobile", 'true', 0, $xe_web_path); } } elseif ($_COOKIE['mobile'] != 'false') { $_COOKIE['mobile'] = 'false'; setcookie("mobile", 'false', 0, $xe_web_path); } if ($_COOKIE['user-agent'] != md5($_SERVER['HTTP_USER_AGENT'])) { setcookie("user-agent", md5($_SERVER['HTTP_USER_AGENT']), 0, $xe_web_path); } } return $this->ismobile; }
/** * get a module instance and execute an action * @return ModuleObject executed module instance * */ function procModule() { $oModuleModel = getModel('module'); $display_mode = Mobile::isFromMobilePhone() ? 'mobile' : 'view'; // If error occurred while preparation, return a message instance if ($this->error) { $this->_setInputErrorToContext(); $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage($this->error); $oMessageObject->dispMessage(); if ($this->httpStatusCode) { $oMessageObject->setHttpStatusCode($this->httpStatusCode); } return $oMessageObject; } // Get action information with conf/module.xml $xml_info = $oModuleModel->getModuleActionXml($this->module); // If not installed yet, modify act if ($this->module == "install") { if (!$this->act || !$xml_info->action->{$this->act}) { $this->act = $xml_info->default_index_act; } } // if act exists, find type of the action, if not use default index act if (!$this->act) { $this->act = $xml_info->default_index_act; } // still no act means error if (!$this->act) { $this->error = 'msg_module_is_not_exists'; $this->httpStatusCode = '404'; $this->_setInputErrorToContext(); $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage($this->error); $oMessageObject->dispMessage(); if ($this->httpStatusCode) { $oMessageObject->setHttpStatusCode($this->httpStatusCode); } return $oMessageObject; } // get type, kind $type = $xml_info->action->{$this->act}->type; $ruleset = $xml_info->action->{$this->act}->ruleset; $kind = stripos($this->act, 'admin') !== FALSE ? 'admin' : ''; if (!$kind && $this->module == 'admin') { $kind = 'admin'; } // check REQUEST_METHOD in controller if ($type == 'controller') { $allowedMethod = $xml_info->action->{$this->act}->method; if (!$allowedMethod) { $allowedMethodList[0] = 'POST'; } else { $allowedMethodList = explode('|', strtoupper($allowedMethod)); } if (!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList)) { $this->error = "msg_invalid_request"; $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage($this->error); $oMessageObject->dispMessage(); return $oMessageObject; } } if ($this->module_info->use_mobile != "Y") { Mobile::setMobile(FALSE); } $logged_info = Context::get('logged_info'); // check CSRF for POST actions if (Context::getRequestMethod() === 'POST' && Context::isInstalled() && $this->act !== 'procFileUpload' && !checkCSRF()) { $this->error = 'msg_invalid_request'; $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage($this->error); $oMessageObject->dispMessage(); return $oMessageObject; } // Admin ip if ($kind == 'admin' && $_SESSION['denied_admin'] == 'Y') { $this->_setInputErrorToContext(); $this->error = "msg_not_permitted_act"; $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage($this->error); $oMessageObject->dispMessage(); return $oMessageObject; } // if(type == view, and case for using mobilephone) if ($type == "view" && Mobile::isFromMobilePhone() && Context::isInstalled()) { $orig_type = "view"; $type = "mobile"; // create a module instance $oModule = $this->getModuleInstance($this->module, $type, $kind); if (!is_object($oModule) || !method_exists($oModule, $this->act)) { $type = $orig_type; Mobile::setMobile(FALSE); $oModule = $this->getModuleInstance($this->module, $type, $kind); } } else { // create a module instance $oModule = $this->getModuleInstance($this->module, $type, $kind); } if (!is_object($oModule)) { $this->_setInputErrorToContext(); $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage($this->error); $oMessageObject->dispMessage(); if ($this->httpStatusCode) { $oMessageObject->setHttpStatusCode($this->httpStatusCode); } return $oMessageObject; } // If there is no such action in the module object if (!isset($xml_info->action->{$this->act}) || !method_exists($oModule, $this->act)) { if (!Context::isInstalled()) { $this->_setInputErrorToContext(); $this->error = 'msg_invalid_request'; $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage($this->error); $oMessageObject->dispMessage(); if ($this->httpStatusCode) { $oMessageObject->setHttpStatusCode($this->httpStatusCode); } return $oMessageObject; } $forward = NULL; // 1. Look for the module with action name if (preg_match('/^([a-z]+)([A-Z])([a-z0-9\\_]+)(.*)$/', $this->act, $matches)) { $module = strtolower($matches[2] . $matches[3]); $xml_info = $oModuleModel->getModuleActionXml($module); if ($xml_info->action->{$this->act} && (stripos($this->act, 'admin') !== FALSE || $xml_info->action->{$this->act}->standalone != 'false')) { $forward = new stdClass(); $forward->module = $module; $forward->type = $xml_info->action->{$this->act}->type; $forward->ruleset = $xml_info->action->{$this->act}->ruleset; $forward->act = $this->act; } else { $this->error = 'msg_invalid_request'; $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage($this->error); $oMessageObject->dispMessage(); return $oMessageObject; } } if (!$forward) { $forward = $oModuleModel->getActionForward($this->act); } if ($forward->module && $forward->type && $forward->act && $forward->act == $this->act) { $kind = stripos($forward->act, 'admin') !== FALSE ? 'admin' : ''; $type = $forward->type; $ruleset = $forward->ruleset; $tpl_path = $oModule->getTemplatePath(); $orig_module = $oModule; $xml_info = $oModuleModel->getModuleActionXml($forward->module); // SECISSUE also check foward act method // check REQUEST_METHOD in controller if ($type == 'controller') { $allowedMethod = $xml_info->action->{$forward->act}->method; if (!$allowedMethod) { $allowedMethodList[0] = 'POST'; } else { $allowedMethodList = explode('|', strtoupper($allowedMethod)); } if (!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList)) { $this->error = "msg_invalid_request"; $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage($this->error); $oMessageObject->dispMessage(); return $oMessageObject; } } if ($type == "view" && Mobile::isFromMobilePhone()) { $orig_type = "view"; $type = "mobile"; // create a module instance $oModule = $this->getModuleInstance($forward->module, $type, $kind); if (!is_object($oModule) || !method_exists($oModule, $this->act)) { $type = $orig_type; Mobile::setMobile(FALSE); $oModule = $this->getModuleInstance($forward->module, $type, $kind); } } else { $oModule = $this->getModuleInstance($forward->module, $type, $kind); } if (!is_object($oModule)) { $this->_setInputErrorToContext(); $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage('msg_module_is_not_exists'); $oMessageObject->dispMessage(); if ($this->httpStatusCode) { $oMessageObject->setHttpStatusCode($this->httpStatusCode); } return $oMessageObject; } if ($this->module == "admin" && $type == "view") { if ($logged_info->is_admin == 'Y') { if ($this->act != 'dispLayoutAdminLayoutModify') { $oAdminView = getAdminView('admin'); $oAdminView->makeGnbUrl($forward->module); $oModule->setLayoutPath("./modules/admin/tpl"); $oModule->setLayoutFile("layout.html"); } } else { $this->_setInputErrorToContext(); $this->error = 'msg_is_not_administrator'; $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage($this->error); $oMessageObject->dispMessage(); return $oMessageObject; } } if ($kind == 'admin') { $grant = $oModuleModel->getGrant($this->module_info, $logged_info); if (!$grant->manager) { $this->_setInputErrorToContext(); $this->error = 'msg_is_not_manager'; $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage($this->error); $oMessageObject->dispMessage(); return $oMessageObject; } else { if (!$grant->is_admin && $this->module != $this->orig_module->module && $xml_info->permission->{$this->act} != 'manager') { $this->_setInputErrorToContext(); $this->error = 'msg_is_not_administrator'; $oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode); $oMessageObject->setError(-1); $oMessageObject->setMessage($this->error); $oMessageObject->dispMessage(); return $oMessageObject; } } } } else { if ($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act)) { $this->act = $xml_info->default_index_act; } else { $this->error = 'msg_invalid_request'; $oModule->setError(-1); $oModule->setMessage($this->error); return $oModule; } } } // ruleset check... if (!empty($ruleset)) { $rulesetModule = $forward->module ? $forward->module : $this->module; $rulesetFile = $oModuleModel->getValidatorFilePath($rulesetModule, $ruleset, $this->mid); if (!empty($rulesetFile)) { if ($_SESSION['XE_VALIDATOR_ERROR_LANG']) { $errorLang = $_SESSION['XE_VALIDATOR_ERROR_LANG']; foreach ($errorLang as $key => $val) { Context::setLang($key, $val); } unset($_SESSION['XE_VALIDATOR_ERROR_LANG']); } $Validator = new Validator($rulesetFile); $result = $Validator->validate(); if (!$result) { $lastError = $Validator->getLastError(); $returnUrl = Context::get('error_return_url'); $errorMsg = $lastError['msg'] ? $lastError['msg'] : 'validation error'; //for xml response $oModule->setError(-1); $oModule->setMessage($errorMsg); //for html redirect $this->error = $errorMsg; $_SESSION['XE_VALIDATOR_ERROR'] = -1; $_SESSION['XE_VALIDATOR_MESSAGE'] = $this->error; $_SESSION['XE_VALIDATOR_MESSAGE_TYPE'] = 'error'; $_SESSION['XE_VALIDATOR_RETURN_URL'] = $returnUrl; $_SESSION['XE_VALIDATOR_ID'] = Context::get('xe_validator_id'); $this->_setInputValueToSession(); return $oModule; } } } $oModule->setAct($this->act); $this->module_info->module_type = $type; $oModule->setModuleInfo($this->module_info, $xml_info); $skipAct = array('dispEditorConfigPreview' => 1, 'dispLayoutPreviewWithModule' => 1); $db_use_mobile = Mobile::isMobileEnabled(); if ($type == "view" && $this->module_info->use_mobile == "Y" && Mobile::isMobileCheckByAgent() && !isset($skipAct[Context::get('act')]) && $db_use_mobile === true) { global $lang; $header = '<style>div.xe_mobile{opacity:0.7;margin:1em 0;padding:.5em;background:#333;border:1px solid #666;border-left:0;border-right:0}p.xe_mobile{text-align:center;margin:1em 0}a.xe_mobile{color:#ff0;font-weight:bold;font-size:24px}@media only screen and (min-width:500px){a.xe_mobile{font-size:15px}}</style>'; $footer = '<div class="xe_mobile"><p class="xe_mobile"><a class="xe_mobile" href="' . getUrl('m', '1') . '">' . $lang->msg_pc_to_mobile . '</a></p></div>'; Context::addHtmlHeader($header); Context::addHtmlFooter($footer); } if ($type == "view" && $kind != 'admin') { $module_config = $oModuleModel->getModuleConfig('module'); if ($module_config->htmlFooter) { Context::addHtmlFooter($module_config->htmlFooter); } if ($module_config->siteTitle) { $siteTitle = Context::getBrowserTitle(); if (!$siteTitle) { Context::setBrowserTitle($module_config->siteTitle); } } } // if failed message exists in session, set context $this->_setInputErrorToContext(); $procResult = $oModule->proc(); $methodList = array('XMLRPC' => 1, 'JSON' => 1, 'JS_CALLBACK' => 1); if (!$oModule->stop_proc && !isset($methodList[Context::getRequestMethod()])) { $error = $oModule->getError(); $message = $oModule->getMessage(); $messageType = $oModule->getMessageType(); $redirectUrl = $oModule->getRedirectUrl(); if ($messageType == 'error') { debugPrint($message, 'ERROR'); } if (!$procResult) { $this->error = $message; if (!$redirectUrl && Context::get('error_return_url')) { $redirectUrl = Context::get('error_return_url'); } $this->_setInputValueToSession(); } else { } $_SESSION['XE_VALIDATOR_ERROR'] = $error; $_SESSION['XE_VALIDATOR_ID'] = Context::get('xe_validator_id'); if ($message != 'success') { $_SESSION['XE_VALIDATOR_MESSAGE'] = $message; } $_SESSION['XE_VALIDATOR_MESSAGE_TYPE'] = $messageType; if (Context::get('xeVirtualRequestMethod') != 'xml') { $_SESSION['XE_VALIDATOR_RETURN_URL'] = $redirectUrl; } } unset($logged_info); return $oModule; }
/** * insert module by men create value * @request value of client request * @args value for menu create * @return bool result of create module */ private function _insertModule(&$request, &$args) { $cmArgs = new stdClass(); switch ($request->module_type) { case 'WIDGET': case 'ARTICLE': case 'OUTSIDE': $cmArgs->module = 'page'; $cmArgs->page_type = $request->module_type; break; default: $cmArgs->module = $request->module_type; unset($cmArgs->page_type); } //module create $site_module_info = Context::get('site_module_info'); $cmArgs->site_srl = (int) $site_module_info->site_srl; $cmArgs->browser_title = $args->name; $cmArgs->menu_srl = $request->menu_srl; $cmArgs->layout_srl = -1; $cmArgs->mlayout_srl = -1; $cmArgs->is_skin_fix = 'N'; $cmArgs->is_mskin_fix = 'N'; if (Mobile::isMobileEnabled() === true) { $cmArgs->use_mobile = 'Y'; } // if mid is empty, auto create mid if (!$request->module_id) { $randomMid = $this->_makeRandomMid(); $request->module_id = $cmArgs->module . '_' . $randomMid; } $cmArgs->mid = $request->module_id; // check already created module instance $oModuleModel = getModel('module'); $output = $oModuleModel->getModuleInfoByMid($request->module_id); if ($output->module_srl) { return new Object(-1, 'msg_module_name_exists'); } $oModuleController = getController('module'); $output = $oModuleController->insertModule($cmArgs); return $output; }