public function testGetMethod() { $_SERVER['REQUEST_METHOD'] = 'POST'; $this->assertEquals('POST', $this->_request->getMethod()); $_SERVER['REQUEST_METHOD'] = 'GET'; $this->assertEquals('GET', $this->_request->getMethod()); }
public function getMethod() { if (is_null($this->method)) { return parent::getMethod(); } return $this->method; }
public function handle() { if ($this->_logger instanceof Zend_Log) { $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' REQUEST METHOD: ' . $this->_request->getMethod()); } switch ($this->_request->getMethod()) { case 'OPTIONS': $this->_handleOptions(); break; case 'POST': $this->_handlePost(); break; case 'GET': echo "It works!<br>Your userid is: {$this->_userId} and your IP address is: {$_SERVER['REMOTE_ADDR']}."; break; } }
/** * See if the request has the proper method * * @param Zend_Controller_Request_Http $request The request to check * @return boolean */ public function isValid($request) { $this->_setValue($this->_method); // Does the method match ? if ($request->getMethod() != $this->_method) { $this->_error(self::MUSTBE); return false; } return true; }
public function setRouter() { // Подключение файла правил маршрутизации $router = new Zend_Controller_Router_Rewrite(); $request = new Zend_Controller_Request_Http(); $method = strtolower($request->getMethod()); if (!$router instanceof Zend_Controller_Router_Abstract) { throw new Exception('Incorrect config file: routes'); } return $router; }
public function dispatch() { $method = strtoupper($this->_request->getMethod()); if ($method === 'POST' && null !== ($extraMethod = $this->_request->getParam('_method', null))) { $extraMethod = strtoupper(filter_var($extraMethod, FILTER_SANITIZE_STRING)); if (in_array($extraMethod, array('PUT', 'DELETE'))) { $method = $extraMethod; } } $action = strtolower($method) . 'Action'; $aclResource = strtolower(get_called_class() . '_' . $method); if (method_exists($this, $action)) { if (Tools_Security_Acl::isAllowed($aclResource)) { return $this->_jsonHelper->direct($this->{$action}()); } else { $this->_error(null, self::REST_STATUS_FORBIDDEN); } } else { throw new Exceptions_SeotoasterPluginException(get_called_class() . ' doesn\'t have ' . $method . ' implemented'); } }
/** * Match the user submitted path. * * Via Omeka_Application_Resource_Router, this is the only available route * for API requests. * * @throws Omeka_Controller_Exception_Api * @param Zend_Controller_Request_Http $request * @return array|false */ public function match($request) { $front = Zend_Controller_Front::getInstance(); // Extract URL components. preg_match('#^/api/([a-z_]+)(.+)?$#', $request->getPathInfo(), $matches); if (!$matches) { return false; } // Throw an error if a key was given but there is no user identity. if (isset($_GET['key']) && !Zend_Auth::getInstance()->hasIdentity()) { throw new Omeka_Controller_Exception_Api('Invalid key.', 403); } // The API must be enabled. if (!get_option('api_enable')) { throw new Omeka_Controller_Exception_Api('API is disabled', 403); } $resource = $matches[1]; // Extract path parameters. Not to be confused with request parameters. $params = array(); if (isset($matches[2]) && '/' != $matches[2]) { $params = explode('/', $matches[2]); array_shift($params); } // Allow clients to override the HTTP method. This is helpful if the // server is configured to reject certain methods. if (!($method = $request->getHeader('X-HTTP-Method-Override'))) { $method = $request->getMethod(); } // Get all available API resources. $apiResources = $front->getParam('api_resources'); // Get and validate resource, record_type, module, controller, and action. $resource = $this->_getResource($resource, $apiResources); $recordType = $this->_getRecordType($resource, $apiResources); $module = $this->_getModule($resource, $apiResources); $controller = $this->_getController($resource, $apiResources); $action = $this->_getAction($method, $params, $resource, $apiResources); // Validate the GET parameters. $this->_validateParams($action, $resource, $apiResources); // Set the route variables. Namespace the API parameters to prevent // collisions with the request parameters. $routeVars = array('module' => $module, 'controller' => $controller, 'action' => $action, 'api_resource' => $resource, 'api_record_type' => $recordType, 'api_params' => $params); return $routeVars; }
/** * Digest Authentication * * @param string $header Client's Authorization header * @throws Zend_Auth_Adapter_Exception * @return Zend_Auth_Result Valid auth result only on successful auth */ protected function _digestAuth($header) { if (empty($header)) { /** * @see Zend_Auth_Adapter_Exception */ #require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('The value of the client Authorization header is required'); } if (empty($this->_digestResolver)) { /** * @see Zend_Auth_Adapter_Exception */ #require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('A digestResolver object must be set before doing Digest authentication'); } $data = $this->_parseDigestAuth($header); if ($data === false) { $this->_response->setHttpResponseCode(400); return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, array(), array('Invalid Authorization header format')); } // See ZF-1052. This code was a bit too unforgiving of invalid // usernames. Now, if the username is bad, we re-challenge the client. if ('::invalid::' == $data['username']) { return $this->_challengeClient(); } // Verify that the client sent back the same nonce if ($this->_calcNonce() != $data['nonce']) { return $this->_challengeClient(); } // The opaque value is also required to match, but of course IE doesn't // play ball. if (!$this->_ieNoOpaque && $this->_calcOpaque() != $data['opaque']) { return $this->_challengeClient(); } // Look up the user's password hash. If not found, deny access. // This makes no assumptions about how the password hash was // constructed beyond that it must have been built in such a way as // to be recreatable with the current settings of this object. $ha1 = $this->_digestResolver->resolve($data['username'], $data['realm']); if ($ha1 === false) { return $this->_challengeClient(); } // If MD5-sess is used, a1 value is made of the user's password // hash with the server and client nonce appended, separated by // colons. if ($this->_algo == 'MD5-sess') { $ha1 = hash('md5', $ha1 . ':' . $data['nonce'] . ':' . $data['cnonce']); } // Calculate h(a2). The value of this hash depends on the qop // option selected by the client and the supported hash functions switch ($data['qop']) { case 'auth': $a2 = $this->_request->getMethod() . ':' . $data['uri']; break; case 'auth-int': // Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body), // but this isn't supported yet, so fall through to default case // Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body), // but this isn't supported yet, so fall through to default case default: /** * @see Zend_Auth_Adapter_Exception */ #require_once 'Zend/Auth/Adapter/Exception.php'; throw new Zend_Auth_Adapter_Exception('Client requested an unsupported qop option'); } // Using hash() should make parameterizing the hash algorithm // easier $ha2 = hash('md5', $a2); // Calculate the server's version of the request-digest. This must // match $data['response']. See RFC 2617, section 3.2.2.1 $message = $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $ha2; $digest = hash('md5', $ha1 . ':' . $message); // If our digest matches the client's let them in, otherwise return // a 401 code and exit to prevent access to the protected resource. if ($this->_secureStringCompare($digest, $data['response'])) { $identity = array('username' => $data['username'], 'realm' => $data['realm']); return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity); } else { return $this->_challengeClient(); } }
/** * Auto-redirect to base url (without SID) if the requested url doesn't match it. * By default this feature is enabled in configuration. * * @param Zend_Controller_Request_Http $request */ protected function _checkBaseUrl($request) { if (!Mage::isInstalled() || $request->getPost() || strtolower($request->getMethod()) == 'post') { return; } $redirectCode = (int) Mage::getStoreConfig('web/url/redirect_to_base'); if (!$redirectCode) { return; } elseif ($redirectCode != 301) { $redirectCode = 302; } if ($this->_isAdminFrontNameMatched($request)) { return; } $baseUrl = Mage::getBaseUrl(Mage_Core_Model_Store::URL_TYPE_WEB, Mage::app()->getStore()->isCurrentlySecure()); if (!$baseUrl) { return; } $uri = @parse_url($baseUrl); $requestUri = $request->getRequestUri() ? $request->getRequestUri() : '/'; if (isset($uri['scheme']) && $uri['scheme'] != $request->getScheme() || isset($uri['host']) && $uri['host'] != $request->getHttpHost() || isset($uri['path']) && strpos($requestUri, $uri['path']) === false) { Mage::app()->getFrontController()->getResponse()->setRedirect($baseUrl, $redirectCode)->sendResponse(); exit; } }
/** * Matches a user submitted request. Assigns and returns an array of variables * on a successful match. * * If a request object is registered, it uses its setModuleName(), * setControllerName(), and setActionName() accessors to set those values. * Always returns the values as an array. * * @param Zend_Controller_Request_Http $request Request used to match against this routing ruleset * @return array An array of assigned values or a false on a mismatch */ public function match($request) { $this->_setRequestKeys(); $path = $request->getPathInfo(); $values = array(); $params = array(); $path = trim($path, self::URI_DELIMITER); if ($path != '') { $path = explode(self::URI_DELIMITER, $path); // Determine Module $moduleName = $this->_defaults[$this->_moduleKey]; if ($this->_dispatcher && $this->_dispatcher->isValidModule($path[0])) { $moduleName = $path[0]; if ($this->_checkRestfulModule($moduleName)) { $values[$this->_moduleKey] = array_shift($path); $this->_moduleValid = true; } } // Determine Controller $controllerName = $this->_defaults[$this->_controllerKey]; if (count($path) && !empty($path[0])) { if ($this->_checkRestfulController($moduleName, $path[0])) { $controllerName = $path[0]; $values[$this->_controllerKey] = array_shift($path); $values[$this->_actionKey] = 'get'; } else { // If Controller in URI is not found to be a RESTful // Controller, return false to fall back to other routes return false; } } //Store path count for method mapping $pathElementCount = count($path); // Check for leading "special get" URI's $specialGetTarget = false; if ($pathElementCount && array_search($path[0], array('index', 'new')) > -1) { $specialGetTarget = array_shift($path); } elseif ($pathElementCount == 1) { $params['id'] = array_shift($path); } elseif ($pathElementCount == 0 || $pathElementCount > 1) { $specialGetTarget = 'list'; } // Digest URI params if ($numSegs = count($path)) { for ($i = 0; $i < $numSegs; $i = $i + 2) { $key = urldecode($path[$i]); $val = isset($path[$i + 1]) ? urldecode($path[$i + 1]) : null; $params[$key] = $val; } } // Check for trailing "special get" URI if (array_key_exists('edit', $params)) { $specialGetTarget = 'edit'; } // Determine Action $requestMethod = strtolower($request->getMethod()); if ($requestMethod != 'get') { if ($request->getParam('_method')) { $values[$this->_actionKey] = strtolower($request->getParam('_method')); } elseif ($this->_request->getHeader('X-HTTP-Method-Override')) { $values[$this->_actionKey] = strtolower($this->_request->getHeader('X-HTTP-Method-Override')); } else { $values[$this->_actionKey] = $requestMethod; } //Map PUT and POST to actual create/update actions //based on parameter count (posting to resource or collection) switch ($values[$this->_actionKey]) { case 'post': if ($pathElementCount > 0) { $values[$this->_actionKey] = 'put'; } else { $values[$this->_actionKey] = 'post'; } break; case 'put': $values[$this->_actionKey] = 'put'; break; } } elseif ($specialGetTarget) { $values[$this->_actionKey] = $specialGetTarget; } } $this->_values = $values + $params; return $this->_values + $this->_defaults; }
/** * Returns the REQUEST_METHOD header. * * @return string */ public function getMethod() { return strtoupper(parent::getMethod()); }
public function getRequestMethod() { return $this->request->getMethod(); }
/** * Validate signature * * @throws Mage_Oauth_Exception */ protected function _validateSignature() { $util = new Zend_Oauth_Http_Utility(); $calculatedSign = $util->sign(array_merge($this->_params, $this->_protocolParams), $this->_protocolParams['oauth_signature_method'], $this->_consumer->getSecret(), !is_null($this->_token) ? $this->_token->getSecret() : null, $this->_request->getMethod(), $this->_request->getScheme() . '://' . $this->_request->getHttpHost() . $this->_request->getRequestUri()); if ($calculatedSign != $this->_protocolParams['oauth_signature']) { $this->_throwException('Invalid signature.', self::ERR_SIGNATURE_INVALID); } }
public function getMethod() { return $this->_method ? $this->_method : parent::getMethod(); }
public function getIntendedMethod() { require_once 'Sitengine/Env.php'; if (parent::getMethod() == Sitengine_Env::METHOD_POST) { if ($this->getPost(Sitengine_Env::PARAM_METHOD) == Sitengine_Env::METHOD_PUT) { return Sitengine_Env::METHOD_PUT; } else { if ($this->getPost(Sitengine_Env::PARAM_METHOD) == Sitengine_Env::METHOD_DELETE) { return Sitengine_Env::METHOD_DELETE; } } return Sitengine_Env::METHOD_POST; } else { if (parent::getMethod() == Sitengine_Env::METHOD_PUT) { return Sitengine_Env::METHOD_PUT; } else { if (parent::getMethod() == Sitengine_Env::METHOD_DELETE) { return Sitengine_Env::METHOD_DELETE; } else { return Sitengine_Env::METHOD_GET; } } } }
if ($http->getUri() === null) { $http->setUri($proxyingUrl . '/' . $request->getParam('proxyingUri')); unset($_GET['proxyingUri']); } $headers = array(); $headers[] = 'Accept-encoding: ' . $request->getHeader('Accept-encoding'); $headers[] = 'User-Agent: ' . $request->getHeader('User-Agent'); $headers[] = 'Accept: ' . $request->getHeader('Accept'); $headers[] = 'Cache-Control: ' . $request->getHeader('Cache-Control'); $headers[] = 'Connection: ' . $request->getHeader('Connection'); $headers[] = 'Keep-Alive: ' . $request->getHeader('Keep-Alive'); $headers[] = 'Accept-Charset: ' . $request->getHeader('Accept-Charset'); $headers[] = 'Accept-Language: ' . $request->getHeader('Accept-Language'); $http->setHeaders($headers); $request->getHeader('Content-Type') == 'application/x-www-form-urlencoded' ? $http->setEncType(Zend_Http_Client::ENC_URLENCODED) : $http->setEncType(Zend_Http_Client::ENC_FORMDATA); if ($request->getMethod() == 'PUT') { $fh = fopen('php://input', 'r'); if (!$fh) { echo 'Can\'t load PUT data'; die; } $data = ''; while (!feof($fh)) { $data .= fgets($fh); } fclose($fh); $http->setRawData($data); } foreach ($_POST as $k => $v) { $http->setParameterPost($k, $v); }