/** * * @see BasicSecurityTokenDecoder::createToken() */ public function createToken($stringToken) { if (empty($stringToken) && !empty($_GET['authz'])) { throw new GadgetException('INVALID_GADGET_TOKEN'); } try { if (Shindig_Config::get('allow_plaintext_token') && count(explode(':', $stringToken)) == 6) { $tokens = explode(":", $stringToken); return new opShindigSecurityToken(null, null, urldecode($tokens[$this->OWNER_INDEX]), urldecode($tokens[$this->VIEWER_INDEX]), urldecode($tokens[$this->APP_ID_INDEX]), urldecode($tokens[$this->CONTAINER_INDEX]), urldecode($tokens[$this->APP_URL_INDEX]), urldecode($tokens[$this->MODULE_ID_INDEX])); } else { return opShindigSecurityToken::createFromToken($stringToken, Shindig_Config::get('token_max_age')); } } catch (Exception $e) { throw new GadgetException('INVALID_GADGET_TOKEN'); } }
/** * Executes set action * * @param sfWebRequest $request A request object */ public function executeSet(sfWebRequest $request) { $response = $this->getResponse(); if ($request->isMethod(sfRequest::POST) || !$request->hasParameter('st') || !$request->hasParameter('name') || !$request->hasParameter('value')) { $this->forward404(); } try { $st = urldecode(base64_decode($request->getParameter('st'))); $name = $request->getParameter('name'); $value = $request->getParameter('value'); $token = opShindigSecurityToken::createFromToken($st, 60); $modId = $token->getModuleId(); $owner = $token->getOwnerId(); $viewer = $token->getViewerId(); $this->forward404Unless($viewer == $owner); $memberApplication = Doctrine::getTable('MemberApplication')->find($modId); $this->forward404Unless($memberApplication); $memberApplication->setUserSetting($name, $value); } catch (Exception $e) { $this->forward404(); } return sfView::NONE; }