public function testConfigVary() { $body = "<html><head></head><body><h1>Mysite</h1></body></html>"; $response = new HTTPResponse($body, 200); Director::config()->update('environment_type', 'live'); HTTP::set_cache_age(30); HTTP::add_cache_headers($response); $v = $response->getHeader('Vary'); $this->assertNotEmpty($v); $this->assertContains("Cookie", $v); $this->assertContains("X-Forwarded-Protocol", $v); $this->assertContains("User-Agent", $v); $this->assertContains("Accept", $v); HTTP::config()->update('vary', ''); $response = new HTTPResponse($body, 200); HTTP::add_cache_headers($response); $v = $response->getHeader('Vary'); $this->assertEmpty($v); }
/** * Return the attributes of the form tag - used by the templates. * * @param array $attrs Custom attributes to process. Falls back to {@link getAttributes()}. * If at least one argument is passed as a string, all arguments act as excludes by name. * * @return string HTML attributes, ready for insertion into an HTML tag */ public function getAttributesHTML($attrs = null) { $exclude = is_string($attrs) ? func_get_args() : null; // Figure out if we can cache this form // - forms with validation shouldn't be cached, cos their error messages won't be shown // - forms with security tokens shouldn't be cached because security tokens expire $needsCacheDisabled = false; if ($this->getSecurityToken()->isEnabled()) { $needsCacheDisabled = true; } if ($this->FormMethod() != 'GET') { $needsCacheDisabled = true; } if (!$this->validator instanceof RequiredFields || count($this->validator->getRequired())) { $needsCacheDisabled = true; } // If we need to disable cache, do it if ($needsCacheDisabled) { HTTP::set_cache_age(0); } $attrs = $this->getAttributes(); // Remove empty $attrs = array_filter((array) $attrs, create_function('$v', 'return ($v || $v === 0);')); // Remove excluded if ($exclude) { $attrs = array_diff_key($attrs, array_flip($exclude)); } // Prepare HTML-friendly 'method' attribute (lower-case) if (isset($attrs['method'])) { $attrs['method'] = strtolower($attrs['method']); } // Create markup $parts = array(); foreach ($attrs as $name => $value) { $parts[] = $value === true ? "{$name}=\"{$name}\"" : "{$name}=\"" . Convert::raw2att($value) . "\""; } return implode(' ', $parts); }
/** * Redirect back. Uses either the HTTP-Referer or a manually set request-variable called "BackURL". * This variable is needed in scenarios where HTTP-Referer is not sent (e.g when calling a page by * location.href in IE). If none of the two variables is available, it will redirect to the base * URL (see {@link Director::baseURL()}). * * @uses redirect() * * @return bool|HTTPResponse */ public function redirectBack() { // Don't cache the redirect back ever HTTP::set_cache_age(0); $url = null; // In edge-cases, this will be called outside of a handleRequest() context; in that case, // redirect to the homepage - don't break into the global state at this stage because we'll // be calling from a test context or something else where the global state is inappropraite if ($this->getRequest()) { if ($this->getRequest()->requestVar('BackURL')) { $url = $this->getRequest()->requestVar('BackURL'); } else { if ($this->getRequest()->isAjax() && $this->getRequest()->getHeader('X-Backurl')) { $url = $this->getRequest()->getHeader('X-Backurl'); } else { if ($this->getRequest()->getHeader('Referer')) { $url = $this->getRequest()->getHeader('Referer'); } } } } if (!$url) { $url = Director::baseURL(); } // absolute redirection URLs not located on this site may cause phishing if (Director::is_site_url($url)) { $url = Director::absoluteURL($url, true); return $this->redirect($url); } else { return false; } }