/**
* auth service callback
* @param Base $f3
* @param $params
*/
function callback(\Base $f3, $params)
{
$Opauth = new \Opauth($this->config, false);
switch ($Opauth->env['callback_transport']) {
case 'session':
$response = $f3->get('SESSION.opauth');
$f3->clear('SESSION.opauth');
break;
case 'post':
$response = unserialize(base64_decode($f3->get('POST.opauth')));
break;
case 'get':
$response = unserialize(base64_decode($f3->get('GET.opauth')));
break;
default:
$f3->error(400, 'Unsupported callback_transport');
break;
}
if (isset($response['error'])) {
$f3->call($this->abortFunc, array($response));
return;
}
$data = $response['auth'];
// validate
if (empty($data) || empty($response['timestamp']) || empty($response['signature']) || empty($data['provider']) || empty($data['uid'])) {
$f3->error(400, 'Invalid auth response: Missing key auth response components');
} elseif (!$Opauth->validate(sha1(print_r($data, true)), $response['timestamp'], $response['signature'], $reason)) {
$f3->error(400, 'Invalid auth response: ' . $reason);
} else {
// It's all good
$f3->call($this->successFunc, array($data));
}
}
/**
* @param \Base $f3
* @param array $params
*/
public function viewSingle(\Base $f3, $params)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'larfi_page.html';
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
$this->response->data['POST'] = $this->resource;
if ($this->resource->dry()) {
$f3->error(404, 'LFI Plugin not found');
} else {
$this->response->data['SUBPART'] = 'larfi_page.html';
$url = $f3->get('POST.url');
$blankurl = $f3->devoid('POST.url');
$lfi_type = $f3->get('POST.lType');
$payload = $f3->get('POST.lPayload');
$method = $f3->get('POST.lMethod');
switch ($lfi_type) {
case "Generic":
\Flash::instance()->addMessage('Exploited by injecting into the URL/Body where applicable', 'info');
return $this->uri_based_lfi($method, $blankurl, $url, $payload);
break;
case "Cookie":
\Flash::instance()->addMessage('Exploited by injecting into the cookie', 'info');
return $this->cookie_based_lfi($method, $blankurl, $url, $payload);
break;
default:
\Flash::instance()->addMessage('This is an invalid attack type', 'warning');
}
}
}
}
function contentsMain()
{
//テンプレートファイル読み込み
if (!($tempHTML = @file_get_contents($this->filename))) {
//テンプレートの内容を取得
Base::error("fileNotFound");
}
return $tempHTML;
}
/**
* GET|POST /logout
* @param \Base $fw
*/
function logout(\Base $fw)
{
if ($fw->get('COOKIE.session_token') == $fw->get('GET.session')) {
\Helper\Api\User::logout();
$fw->set('COOKIE.session_token', null);
$fw->reroute('/');
} else {
$fw->error(400);
}
}
public function run($event = 'before')
{
if (!isset($this->routes[$event])) {
return true;
}
foreach ($keys = array_keys($this->routes[$event]) as $key) {
$paths[] = str_replace('@', '*@', $key);
}
$vals = array_values($this->routes[$event]);
array_multisort($paths, SORT_DESC, $keys, $vals);
$this->routes[$event] = array_combine($keys, $vals);
// Convert to BASE-relative URL
$req = $this->f3->rel(urldecode($this->f3->URI));
foreach ($this->routes[$event] as $pattern => $routes) {
if (!($args = $this->f3->mask($pattern, $req))) {
continue;
}
ksort($args);
$route = NULL;
if (isset($routes[$ptr = $this->f3->AJAX + 1][$this->f3->VERB])) {
$route = $routes[$ptr];
} elseif (isset($routes[\Base::REQ_SYNC | \Base::REQ_AJAX])) {
$route = $routes[\Base::REQ_SYNC | \Base::REQ_AJAX];
}
if (!$route) {
continue;
}
if ($this->f3->VERB != 'OPTIONS' && isset($route[$this->f3->VERB])) {
$parts = parse_url($req);
if ($this->f3->VERB == 'GET' && preg_match('/.+\\/$/', $parts['path'])) {
$this->f3->reroute(substr($parts['path'], 0, -1) . (isset($parts['query']) ? '?' . $parts['query'] : ''));
}
$handler = $route[$this->f3->VERB][0];
if (is_bool(strpos($pattern, '/*'))) {
foreach (array_keys($args) as $key) {
if (is_numeric($key) && $key) {
unset($args[$key]);
}
}
}
if (is_string($handler)) {
// Replace route pattern tokens in handler if any
$handler = preg_replace_callback('/@(\\w+\\b)/', function ($id) use($args) {
return isset($args[$id[1]]) ? $args[$id[1]] : $id[0];
}, $handler);
if (preg_match('/(.+)\\h*(?:->|::)/', $handler, $match) && !class_exists($match[1])) {
$this->f3->error(500, 'PreRoute handler not found');
}
}
// Call route handler
return $this->f3->call($handler, array($this->f3, $args), 'beforeroute,afterroute') !== FALSE;
}
}
return true;
}
public function getSingle(\Base $f3, $params)
{
$this->response->data['SUBPART'] = 'user_edit.html';
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
if ($this->resource->dry()) {
$f3->error(404, 'User not found');
}
$this->response->data['POST'] = $this->resource;
}
}
public function viewSingle(\Base $f3, $params)
{
$this->response->data['SUBPART'] = 'payload_view.html';
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
if ($this->resource->dry()) {
$f3->error(404, 'Payload not found');
}
$this->response->data['POST'] = $this->resource;
}
}
/**
* Single tag route (/tag/@tag)
* @param \Base $f3
* @param array $params
*/
public function single($f3, $params)
{
$tag = new \Model\Issue\Tag();
$tag->load(array("tag = ?", $params["tag"]));
if (!$tag->id) {
$f3->error(404);
return;
}
$issue = new \Model\Issue\Detail();
$issue_ids = implode(',', $tag->issues());
$f3->set("title", "#" . $params["tag"] . " - " . $f3->get("dict.issue_tags"));
$f3->set("tag", $tag);
$f3->set("issues.subset", $issue->find("id IN ({$issue_ids})"));
$this->_render("tag/single.html");
}
/**
* @param \Base $f3
* @param array $params
*/
public function viewSingle(\Base $f3, $params)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'webot_control.html';
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
$this->response->data['POST'] = $this->resource;
if ($this->resource->dry()) {
$f3->error(404, 'Webot not found');
} else {
$this->response->data['SUBPART'] = 'webot_control.html';
$url = $f3->get('POST.zLoc');
$command_key = $f3->get('POST.zParam');
$instruction = $f3->get('POST.instruction');
return $this->bot_master($url, $command_key, $instruction);
}
}
}
/**
* add a comment from POST data to current blog post
*/
public function addComment(\Base $f3, $params)
{
if (isset($params['slug'])) {
// you may only comment published posts
$this->resource->load(array('slug = ? and publish_date <= ? and published = ?', $params['slug'], date('Y-m-d'), true));
if ($this->resource->dry()) {
// invalid post ID
$f3->error(404, 'Post not found.');
return false;
}
if (!$this->resource->enable_comments && !$this->resource->enable_comments === NULL) {
$f3->error(403, 'Comments are not allowed for this Post');
return false;
}
$comment = new \Model\Comment();
$comment->copyfrom('POST', 'author_name, author_email, message');
$comment->post = $this->resource->_id;
$comment->approved = \Config::instance()->get('auto_approve_comments') ? 1 : 0;
$comment->save();
if ($f3->get('ERROR')) {
// if posting failed, return to comment form
$this->getSingle($f3, $params);
} else {
// if posting was successful, reroute to the post view
if (\Config::instance()->get('auto_approve_comments')) {
\Flash::instance()->addMessage('Your comment has been added.', 'success');
} else {
\Flash::instance()->addMessage('Your comment has been added, but must be approved first before it becomes public.', 'success');
}
$f3->reroute('/' . $params['slug']);
}
} else {
// invalid URL, no post id given
\Flash::instance()->addMessage('No Post ID specified.', 'danger');
$f3->reroute('/');
}
}
/**
* Route controller code
* @param \Base $f3
* @param array $params
*/
function route($f3, $params)
{
if (PHP_SAPI == 'cli' ? !$this->cli : !$this->web) {
$f3->error(404);
}
if (isset($params['job'])) {
$this->execute($params['job'], FALSE);
} else {
$this->run();
}
}
/**
* get collection of records
* @param \Mth3l3m3nt $f3
* @param array $params
*/
public function getList(\Base $f3, $params)
{
$f3->error(403);
}
/**
* GET /user/@username/tree
*
* @param \Base $f3
* @param array $params
* @throws \Exception
*/
public function single_tree($f3, $params)
{
$this->_requireLogin();
$user = new \Model\User();
$user->load(array("username = ? AND deleted_date IS NULL", $params["username"]));
if ($user->id) {
$f3->set("title", $user->name);
$f3->set("this_user", $user);
$tree = \Helper\Dashboard::instance()->issue_tree();
$f3->set("issues", $tree);
$this->_render($f3->get("AJAX") ? "user/single/tree/ajax.html" : "user/single/tree.html");
} else {
$f3->error(404);
}
}
/**
* @param \Base $f3
* @param array $params
* @throws \Exception
*/
public function file($f3, $params)
{
$file = new \Model\Issue\File();
$file->load($params["id"]);
if (!$file->id) {
$f3->error(404);
return;
}
$force = true;
if (substr($file->content_type, 0, 5) == "image" || $file->content_type == "text/plain") {
// Don't force download on image and plain text files
// Eventually I'd like to have previews of files some way (more than the existing thumbnails), but for now this is how we do it - Alan
$force = false;
}
if (!$this->_sendFile($file->disk_filename, $file->content_type, $file->filename, $force)) {
$f3->error(404);
}
}
/**
* Route controller code
* @param \Base $f3
* @param array $params
*/
function route($f3, $params)
{
if (PHP_SAPI != 'cli' && !$this->web) {
$f3->error(404);
}
$exec = isset($params['job']) ? array($params['job'] => $this->execute($params['job'], FALSE)) : $this->run();
if (!$this->silent) {
if (PHP_SAPI != 'cli') {
header('Content-Type: text/plain');
}
if (!$exec) {
die('Nothing to do');
}
foreach ($exec as $job => $ok) {
echo sprintf('%s [%s]', $job, $ok ? 'OK' : 'async') . "\r\n";
}
}
}
/**
* GET /issues/parent_ajax
* Load all matching issues
*
* @param \Base $f3
*/
public function parent_ajax($f3)
{
if (!$f3->get("AJAX")) {
$f3->error(400);
}
$term = trim($f3->get('GET.q'));
$results = array();
$issue = new \Model\Issue();
if (substr($term, 0, 1) == '#' && is_numeric(substr($term, 1))) {
$id = (int) substr($term, 1);
$issues = $issue->find(array('id LIKE ?', $id . '%'), array('limit' => 20));
foreach ($issues as $row) {
$results[] = array('id' => $row->get('id'), 'text' => $row->get('name'));
}
} elseif (is_numeric($term)) {
$id = (int) $term;
$issues = $issue->find(array('(id LIKE ?) OR (name LIKE ?)', $id . '%', '%' . $id . '%'), array('limit' => 20));
foreach ($issues as $row) {
$results[] = array('id' => $row->get('id'), 'text' => $row->get('name'));
}
} else {
$issues = $issue->find(array('name LIKE ?', '%' . addslashes($term) . '%'), array('limit' => 20));
foreach ($issues as $row) {
$results[] = array('id' => $row->get('id'), 'text' => $row->get('name'));
}
}
$this->_printJson(array('results' => $results));
}
/**
* GET /atom.xml
*
* @param \Base $f3
* @throws \Exception
*/
public function atom($f3)
{
// Authenticate user
if ($f3->get("GET.key")) {
$user = new \Model\User();
$user->load(array("api_key = ?", $f3->get("GET.key")));
if (!$user->id) {
$f3->error(403);
return;
}
} else {
$f3->error(403);
return;
}
// Get requested array substituting defaults
$get = $f3->get("GET") + array("type" => "assigned", "user" => $user->username);
unset($user);
// Load target user
$user = new \Model\User();
$user->load(array("username = ?", $get["user"]));
if (!$user->id) {
$f3->error(404);
return;
}
// Load issues
$issue = new \Model\Issue\Detail();
$options = array("order" => "created_date DESC");
if ($get["type"] == "assigned") {
$issues = $issue->find(array("author_id = ? AND status_closed = 0 AND deleted_date IS NULL", $user->id), $options);
} elseif ($get["type"] == "created") {
$issues = $issue->find(array("owner = ? AND status_closed = 0 AND deleted_date IS NULL", $user->id), $options);
} elseif ($get["type"] == "all") {
$issues = $issue->find("status_closed = 0 AND deleted_date IS NULL", $options + array("limit" => 50));
} else {
$f3->error(400, "Invalid feed type");
return;
}
// Render feed
$f3->set("get", $get);
$f3->set("feed_user", $user);
$f3->set("issues", $issues);
$this->_render("index/atom.xml", "application/atom+xml");
}
/**
* Route controller code
* @param \Base $f3
* @param array $params
*/
function route($f3, $params)
{
if (PHP_SAPI == 'cli' ? !$this->cli : !$this->web) {
$f3->error(404);
}
if (isset($params['job'])) {
$this->execute($params['job'], FALSE);
} else {
// IMPORTANT! async does not work on Windows
// -> my development environment is Windows :((
$async = FALSE;
$this->run(NULL, $async);
}
}
/**
* Load the burndown chart data
*
* @param \Base $f3
* @param array $params
*/
public function burndown($f3, $params)
{
$sprint = new \Model\Sprint();
$sprint->load($params["id"]);
if (!$sprint->id) {
$f3->error(404);
return;
}
$visible_tasks = explode(",", $params["tasks"]);
// Visible tasks must have at least one key
if (empty($visible_tasks)) {
$visible_tasks = array(0);
}
// Get today's date
$today = date('Y-m-d');
$today = $today . " 23:59:59";
// Check to see if the sprint is completed
if ($today < strtotime($sprint->end_date . ' + 1 day')) {
$burnComplete = 0;
$burnDates = $this->_createDateRangeArray($sprint->start_date, $today);
$remainingDays = $this->_createDateRangeArray($today, $sprint->end_date);
} else {
$burnComplete = 1;
$burnDates = $this->_createDateRangeArray($sprint->start_date, $sprint->end_date);
$remainingDays = array();
}
$burnDays = array();
$burnDatesCount = count($burnDates);
$db = $f3->get("db.instance");
$visible_tasks_str = implode(",", $visible_tasks);
$query_initial = "SELECT SUM(IFNULL(i.hours_total, i.hours_remaining)) AS remaining\n\t\t\t\tFROM issue i\n\t\t\t\tWHERE i.created_date < :date\n\t\t\t\tAND i.id IN (" . implode(",", $visible_tasks) . ")";
$query_daily = "SELECT SUM(IF(f.id IS NULL, IFNULL(i.hours_total, i.hours_remaining), f.new_value)) AS remaining\n\t\t\t\tFROM issue_update_field f\n\t\t\t\tJOIN issue_update u ON u.id = f.issue_update_id\n\t\t\t\tJOIN (\n\t\t\t\t\tSELECT MAX(u.id) AS max_id\n\t\t\t\t\tFROM issue_update u\n\t\t\t\t\tJOIN issue_update_field f ON f.issue_update_id = u.id\n\t\t\t\t\tWHERE f.field = 'hours_remaining'\n\t\t\t\t\tAND u.created_date < :date\n\t\t\t\t\tAND u.issue_id IN ({$visible_tasks_str})\n\t\t\t\t\tGROUP BY u.issue_id\n\t\t\t\t) a ON a.max_id = u.id\n\t\t\t\tRIGHT JOIN issue i ON i.id = u.issue_id\n\t\t\t\tWHERE (f.field = 'hours_remaining' OR f.field IS NULL)\n\t\t\t\tAND i.created_date < :date\n\t\t\t\tAND i.id IN ({$visible_tasks_str})";
$i = 1;
foreach ($burnDates as $date) {
// Get total_hours, which is the initial amount entered on each task, and cache this query
if ($i == 1) {
$result = $db->exec($query_initial, array(":date" => $sprint->start_date), 2592000);
$burnDays[$date] = $result[0];
} elseif ($i < $burnDatesCount - 1 || $burnComplete) {
$result = $db->exec($query_daily, array(":date" => $date . " 23:59:59"), 2592000);
$burnDays[$date] = $result[0];
} else {
$result = $db->exec($query_daily, array(":date" => $date . " 23:59:59"));
$burnDays[$date] = $result[0];
}
$i++;
}
// Add in empty days
if (!$burnComplete) {
$i = 0;
foreach ($remainingDays as $day) {
if ($i != 0) {
$burnDays[$day] = NULL;
}
$i++;
}
}
// Reformat the date and remove weekends
$i = 0;
foreach ($burnDays as $burnKey => $burnDay) {
$weekday = date("D", strtotime($burnKey));
$weekendDays = array("Sat", "Sun");
if (!in_array($weekday, $weekendDays)) {
$newDate = date("M j", strtotime($burnKey));
$burnDays[$newDate] = $burnDays[$burnKey];
unset($burnDays[$burnKey]);
} else {
// Remove weekend days
unset($burnDays[$burnKey]);
}
$i++;
}
$this->_printJson($burnDays);
}
/**
* @param \Base $f3
* @param array $params
* @throws \Exception
*/
public function sprint_edit($f3, $params)
{
$f3->set("title", $f3->get("dict.sprints"));
$sprint = new \Model\Sprint();
$sprint->load($params["id"]);
if (!$sprint->id) {
$f3->error(404);
return;
}
if ($post = $f3->get("POST")) {
if (empty($post["start_date"]) || empty($post["end_date"])) {
$f3->set("error", "Start and end date are required");
$this->_render("admin/sprints/edit.html");
return;
}
$start = strtotime($post["start_date"]);
$end = strtotime($post["end_date"]);
if ($end <= $start) {
$f3->set("error", "End date must be after start date");
$this->_render("admin/sprints/edit.html");
return;
}
$sprint->name = trim($post["name"]);
$sprint->start_date = date("Y-m-d", $start);
$sprint->end_date = date("Y-m-d", $end);
$sprint->save();
$f3->reroute("/admin/sprints");
return;
}
$f3->set("sprint", $sprint);
$this->_render("admin/sprints/edit.html");
}
/**
* GET /user/@username
*
* @param \Base $f3
* @param array $params
* @throws \Exception
*/
public function single($f3, $params)
{
$this->_requireLogin();
$user = new \Model\User();
$user->load(array("username = ?", $params["username"]));
if ($user->id && (!$user->deleted_date || $f3->get("user.rank") >= 3)) {
$f3->set("title", $user->name);
$f3->set("this_user", $user);
// Extra arrays required for bulk update
$status = new \Model\Issue\Status();
$f3->set("statuses", $status->find(null, null, $f3->get("cache_expire.db")));
$f3->set("users", $user->getAll());
$f3->set("groups", $user->getAllGroups());
$priority = new \Model\Issue\Priority();
$f3->set("priorities", $priority->find(null, array("order" => "value DESC"), $f3->get("cache_expire.db")));
$type = new \Model\Issue\Type();
$f3->set("types", $type->find(null, null, $f3->get("cache_expire.db")));
$issue = new \Model\Issue\Detail();
$f3->set("created_issues", $issue->paginate(0, 200, array("status_closed = '0' AND deleted_date IS NULL AND author_id = ?", $user->id), array("order" => "priority DESC, due_date DESC")));
$f3->set("assigned_issues", $issue->paginate(0, 200, array("status_closed = '0' AND deleted_date IS NULL AND owner_id = ?", $user->id), array("order" => "priority DESC, due_date DESC")));
$f3->set("overdue_issues", $issue->paginate(0, 200, array("status_closed = '0' AND deleted_date IS NULL AND owner_id = ? AND due_date IS NOT NULL AND due_date < ?", $user->id, date("Y-m-d", \Helper\View::instance()->utc2local())), array("order" => "due_date ASC")));
$this->_render("user/single.html");
} else {
$f3->error(404);
}
}