/**
* Redirect to given url
*
* @param string $url relative path or full url
* @param array $params associative array of query parameters
* @param array $flashData associative array of properties to be set in $_SESSION for one time use
* @param int $status http status code to send the response with ideally 301 or 302
*
* @return array
*/
public static function to($url, array $params = array(), array $flashData = array(), $status = 302)
{
$url = ltrim($url, '/');
/** @var $r Restler */
$r = Scope::get('Restler');
$base = $r->getBaseUrl() . '/';
if (0 !== strpos($url, 'http')) {
$url = $base . $url;
}
if (!empty($flashData) || $base . $r->url !== $url || Util::getRequestMethod() != 'GET') {
if ($r->responseFormat instanceof JsonFormat) {
return array('redirect' => $url);
}
if (!empty($params)) {
$url .= '?' . http_build_query($params);
}
Flash::set($flashData);
header("{$_SERVER['SERVER_PROTOCOL']} {$status} " . (isset(RestException::$codes[$status]) ? RestException::$codes[$status] : ''));
header("Location: {$url}");
die('');
}
return array();
}
/**
* An initialize function to allow use of the restler error generation
* functions for pre-processing and pre-routing of requests.
*/
public function init()
{
if (Defaults::$crossOriginResourceSharing && $this->requestMethod == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
header('Access-Control-Allow-Methods: ' . Defaults::$accessControlAllowMethods);
}
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
header('Access-Control-Allow-Headers: ' . $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']);
}
exit(0);
}
if (empty($this->formatMap)) {
$this->setSupportedFormats('JsonFormat');
}
$this->url = $this->getPath();
$this->requestMethod = Util::getRequestMethod();
$this->responseFormat = $this->getResponseFormat();
$this->requestFormat = $this->getRequestFormat();
$this->responseFormat->restler = $this;
if (is_null($this->requestFormat)) {
$this->requestFormat = $this->responseFormat;
} else {
$this->requestFormat->restler = $this;
}
if (isset($_SERVER['HTTP_ACCEPT_CHARSET'])) {
$found = false;
$charList = Util::sortByPriority($_SERVER['HTTP_ACCEPT_CHARSET']);
foreach ($charList as $charset => $quality) {
if (in_array($charset, Defaults::$supportedCharsets)) {
$found = true;
Defaults::$charset = $charset;
break;
}
}
if (!$found) {
if (strpos($_SERVER['HTTP_ACCEPT_CHARSET'], '*') !== false) {
//use default charset
} else {
$this->handleError(406, 'Content negotiation failed. ' . "Requested charset is not supported");
}
}
}
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$found = false;
$langList = Util::sortByPriority($_SERVER['HTTP_ACCEPT_LANGUAGE']);
foreach ($langList as $lang => $quality) {
foreach (Defaults::$supportedLanguages as $supported) {
if (strcasecmp($supported, $lang) == 0) {
$found = true;
Defaults::$language = $supported;
break;
}
}
}
if (!$found) {
if (strpos($_SERVER['HTTP_ACCEPT_LANGUAGE'], '*') !== false) {
//use default language
} else {
//ignore
}
}
}
}
/**
* read the request details
*
* Find out the following
* - baseUrl
* - url requested
* - version requested (if url based versioning)
* - http verb/method
* - negotiate content type
* - request data
* - set defaults
*/
protected function get()
{
$this->dispatch('get');
if (empty($this->formatMap)) {
$this->setSupportedFormats('JsonFormat');
}
$this->url = $this->getPath();
$this->requestMethod = Util::getRequestMethod();
$this->requestFormat = $this->getRequestFormat();
$this->requestData = $this->getRequestData(false);
//parse defaults
foreach ($_GET as $key => $value) {
if (isset(Defaults::$aliases[$key])) {
$_GET[Defaults::$aliases[$key]] = $value;
unset($_GET[$key]);
$key = Defaults::$aliases[$key];
}
if (in_array($key, Defaults::$overridables)) {
Defaults::setProperty($key, $value);
}
}
}
/**
* Access verification method.
*
* API access will be denied when this method returns false
*
* @return boolean true when api access is allowed false otherwise
*
* @throws RestException 403 security violation
*/
public function __isAllowed()
{
if (session_id() == '') {
session_start();
}
/** @var Restler $restler */
$restler = $this->restler;
$url = $restler->url;
foreach (static::$excludedPaths as $exclude) {
if (empty($exclude)) {
if ($url == $exclude) {
return true;
}
} elseif (String::beginsWith($url, $exclude)) {
return true;
}
}
$check = static::$filterFormRequestsOnly ? $restler->requestFormat instanceof UrlEncodedFormat || $restler->requestFormat instanceof UploadFormat : true;
if (!empty($_POST) && $check) {
if (isset($_POST[static::FORM_KEY]) && ($target = Util::getRequestMethod() . ' ' . $restler->url) && isset($_SESSION[static::FORM_KEY][$target]) && $_POST[static::FORM_KEY] == $_SESSION[static::FORM_KEY][$target]) {
return true;
}
throw new RestException(403, 'Insecure form submission');
}
return true;
}
