/**
  * Renders page-level debugging output and replaces the original view content
  * with it. Alternatively, it could inject itself into the view content.
  *
  * @param string $originalContent Original, rendered view content
  *
  * @return string Replacement rendered view content
  */
 public function renderDebugOutput($originalContent)
 {
     $this->_response->clearHeaders();
     $this->_response->setHttpResponseCode(200);
     $this->_response->setHeader('Content-Type', 'text/html; charset=UTF-8', true);
     $this->_response->setHeader('Last-Modified', gmdate('D, d M Y H:i:s') . ' GMT', true);
     return XenForo_Debug::getDebugPageWrapperHtml(XenForo_Debug::getDebugHtml());
 }
Exemplo n.º 2
0
 /**
  * Intercept a request for a cached image from the proxy and output it
  *
  * @param string|bool $error If non-false, an error that occurred when validating the request
  */
 protected function _outputImage($error)
 {
     if (empty(XenForo_Application::getOptions()->imageLinkProxy['images'])) {
         $error = 'disabled';
     }
     /* @var $proxyModel XenForo_Model_ImageProxy */
     $proxyModel = XenForo_Model::create('XenForo_Model_ImageProxy');
     $image = false;
     if (!$error) {
         $urlParts = parse_url($this->_url);
         if ($this->_isLocalHost($urlParts['host']) && (empty($_SERVER['SERVER_NAME']) || !$this->_isLocalHost($_SERVER['SERVER_NAME']))) {
             $error = 'local_url';
         }
     }
     if (!$error) {
         $image = $proxyModel->getImage($this->_url);
         if ($image) {
             $image = $proxyModel->prepareImage($image);
             if ($image['use_file']) {
                 $proxyModel->logImageView($image);
                 $eTag = !empty($_SERVER['HTTP_IF_NONE_MATCH']) ? $_SERVER['HTTP_IF_NONE_MATCH'] : null;
                 if ($eTag && $eTag == '"' . $image['fetch_date'] . '"') {
                     $this->_response->setHttpResponseCode(304);
                     $this->_response->clearHeader('Last-Modified');
                     $this->_response->sendHeaders();
                     return;
                 }
             } else {
                 $image = false;
                 $error = 'retrieve_failed';
             }
         }
     }
     if (!$image) {
         $image = $proxyModel->getPlaceHolderImage();
     }
     $imageTypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png');
     if (in_array($image['mime_type'], $imageTypes)) {
         $this->_response->setHeader('Content-type', $image['mime_type'], true);
         $this->_setDownloadFileName($image['file_name'], true);
     } else {
         $this->_response->setHeader('Content-type', 'application/octet-stream', true);
         $this->_setDownloadFileName($image['file_name']);
     }
     if (!$error) {
         $this->_response->setHeader('ETag', '"' . $image['fetch_date'] . '"', true);
     }
     if ($image['file_size']) {
         $this->_response->setHeader('Content-Length', $image['file_size'], true);
     }
     $this->_response->setHeader('X-Content-Type-Options', 'nosniff');
     if ($error) {
         $this->_response->setHeader('X-Proxy-Error', $error);
     }
     $this->_response->sendHeaders();
     $imageData = new XenForo_FileOutput($image['file_path']);
     $imageData->output();
 }
Exemplo n.º 3
0
 /**
  * Challenge Client
  *
  * Sets a 401 Unauthorized response code, and creates the
  * appropriate Authenticate header(s) to prompt for credentials.
  *
  * @return Zend_Auth_Result Always returns a non-identity Auth result
  */
 protected function _challengeClient()
 {
     $this->_response->setHttpResponseCode(401);
     // Send a challenge in each acceptable authentication scheme
     foreach ($this->_schemes as $scheme => $callback) {
         $this->_response->setHeader('WWW-Authenticate', $scheme);
     }
     return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, array(), array('Invalid or absent credentials; challenging client'));
 }
 public function testPostDispatchDoesNothingOnRedirect()
 {
     $this->request->setModuleName('bar')->setControllerName('index')->setActionName('test')->setDispatched(true);
     $this->response->setHttpResponseCode(302);
     $controller = new Bar_IndexController($this->request, $this->response, array());
     $this->helper->setActionController($controller);
     $this->helper->postDispatch();
     $content = $this->response->getBody();
     $this->assertNotContains('Rendered index/test.phtml in bar module', $content);
     $this->assertTrue(empty($content));
 }
 /**
  * Challenge Client
  *
  * Sets a 401 or 407 Unauthorized response code, and creates the
  * appropriate Authenticate header(s) to prompt for credentials.
  *
  * @return Zend_Auth_Result Always returns a non-identity Auth result
  */
 protected function _challengeClient()
 {
     if ($this->_imaProxy) {
         $statusCode = 407;
         $headerName = 'Proxy-Authenticate';
     } else {
         $statusCode = 401;
         $headerName = 'WWW-Authenticate';
     }
     $this->_response->setHttpResponseCode($statusCode);
     $this->_response->setHeader($headerName, $this->_getAuthHeader());
     return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, array(), array('Invalid or absent credentials; challenging client'));
 }
Exemplo n.º 6
0
 protected function _error($message = null, $statusCode = self::REST_STATUS_BAD_REQUEST)
 {
     if (is_numeric($statusCode)) {
         $statusCode = intval($statusCode);
     }
     $this->_response->clearAllHeaders()->clearBody();
     $this->_response->setHttpResponseCode(intval($statusCode))->setHeader('Content-Type', 'application/json', true);
     if (!empty($message)) {
         $this->_response->setBody(json_encode($message));
     }
     $this->_response->sendResponse();
     exit;
 }
Exemplo n.º 7
0
 /**
  * Enter description here...
  *
  * @throws Zend_Auth_Adapter_Exception If authentication cannot be performed
  * @return Zend_Auth_Result
  */
 public function authenticate()
 {
     if ('' == ($authHeader = $this->_request->getServer("HTTP_X_WSSE"))) {
         $this->_response->setHttpResponseCode(401, 'Unauthorized', true);
         $this->_response->setHeader('WWW-Authenticate', 'WSSE realm="' . $this->_realm . '", profile="UsernameToken"');
         return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, array(), array('Missing WSSE Header'));
     }
     $headerParts = $this->parseWsseHeader($authHeader);
     $passwordDigest = $this->createPasswordDigest($headerParts['nonce'], $headerParts['created'], $this->_credential);
     if ($passwordDigest == $headerParts['digest'] && $this->_identity == $headerParts['username']) {
         return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_identity);
     }
     $this->_response->setHttpResponseCode(401, 'Unauthorized', true);
     return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, array(), array('Unauthorized'));
 }
Exemplo n.º 8
0
 public function __construct($msg = '', $code = 0, Exception $previous = null)
 {
     // just pass ahead if it was throw from the CLI
     if (php_sapi_name() == "cli") {
         return parent::__construct($msg, (int) $code, $previous);
     } else {
         parent::__construct($msg, (int) $code, $previous);
         $response = new Zend_Controller_Response_Http();
         $response->setHttpResponseCode(500);
         ob_get_clean();
         ob_start();
         require APPLICATION_PATH . "/layout/scripts/exception.phtml";
         $outputBuffer = ob_get_clean();
         $response->setBody($outputBuffer);
         $response->sendResponse();
         trigger_error($msg, E_USER_ERROR);
         exit;
     }
 }
 /**
  * Retrieve HTTP HOST
  *
  * @param bool $trimPort
  * @return string
  */
 public function getHttpHost($trimPort = true)
 {
     if (!isset($_SERVER['HTTP_HOST'])) {
         return false;
     }
     $host = $_SERVER['HTTP_HOST'];
     if ($trimPort) {
         $hostParts = explode(':', $_SERVER['HTTP_HOST']);
         $host = $hostParts[0];
     }
     if (strpos($host, ',') !== false || strpos($host, ';') !== false) {
         $response = new Zend_Controller_Response_Http();
         $response->setHttpResponseCode(400)->sendHeaders();
         exit;
     }
     return $host;
 }
Exemplo n.º 10
0
 public function run(Zend_Controller_Response_Abstract $response = null)
 {
     $args = array($this);
     $this->runCallback(self::CB_BEFORE_RUN, $args);
     if ($response === null) {
         $response = new Zend_Controller_Response_Http();
     }
     $this->response = $response;
     $action = $this->getCurrentAction();
     $this->request->setActionName($action);
     ob_start();
     $this->actionRun($action);
     if ($this->response->isRedirect() && $this->completeRequest->isXmlHttpRequest()) {
         $url = null;
         foreach ($response->getHeaders() as $header) {
             if ($header['name'] == 'Location') {
                 $url = $header['value'];
             }
         }
         $code = $response->getHttpResponseCode();
         // change request to ajax response
         $response->clearAllHeaders();
         $response->clearBody();
         $response->setHttpResponseCode(200);
         $response->setHeader("Content-Type", "application/json; charset=UTF-8", true);
         $response->setBody(Am_Controller::getJson(array('ngrid-redirect' => $url, 'status' => $code)));
         //throw new Am_Exception_Redirect($url);
     } else {
         $response->appendBody(ob_get_clean());
     }
     unset($this->response);
     return $response;
 }
Exemplo n.º 11
0
 /**
  * Return current page base url
  *
  * @return string
  */
 protected function _getFullPageUrl()
 {
     $uri = false;
     /**
      * Define server HTTP HOST
      */
     if (isset($_SERVER['HTTP_HOST'])) {
         if (strpos($_SERVER['HTTP_HOST'], ',') !== false || strpos($_SERVER['HTTP_HOST'], ';') !== false) {
             $response = new Zend_Controller_Response_Http();
             $response->setHttpResponseCode(400)->sendHeaders();
             exit;
         }
         $uri = $_SERVER['HTTP_HOST'];
     } elseif (isset($_SERVER['SERVER_NAME'])) {
         $uri = $_SERVER['SERVER_NAME'];
     }
     /**
      * Define request URI
      */
     if ($uri) {
         if (isset($_SERVER['REQUEST_URI'])) {
             $uri .= $_SERVER['REQUEST_URI'];
         } elseif (!empty($_SERVER['IIS_WasUrlRewritten']) && !empty($_SERVER['UNENCODED_URL'])) {
             $uri .= $_SERVER['UNENCODED_URL'];
         } elseif (isset($_SERVER['ORIG_PATH_INFO'])) {
             $uri .= $_SERVER['ORIG_PATH_INFO'];
             if (!empty($_SERVER['QUERY_STRING'])) {
                 $uri .= $_SERVER['QUERY_STRING'];
             }
         }
     }
     return $uri;
 }
Exemplo n.º 12
0
 /**
  * Create response string for problem during request and set HTTP error code
  *
  * @param \Exception $exception
  * @param \Zend_Controller_Response_Http $response OPTIONAL If NULL - will use internal getter
  * @return array
  */
 public function prepareErrorResponse(\Exception $exception, \Zend_Controller_Response_Http $response = null)
 {
     $errorMsg = $exception->getMessage();
     if ($exception instanceof \Magento\Framework\Oauth\Exception) {
         $responseCode = self::HTTP_UNAUTHORIZED;
     } elseif ($exception instanceof \Magento\Framework\Oauth\OauthInputException) {
         $responseCode = self::HTTP_BAD_REQUEST;
     } else {
         $errorMsg = 'internal_error&message=' . ($errorMsg ? $errorMsg : 'empty_message');
         $responseCode = self::HTTP_INTERNAL_ERROR;
     }
     $response->setHttpResponseCode($responseCode);
     return array('oauth_problem' => $errorMsg);
 }
Exemplo n.º 13
0
 protected function _sendResponse($httpCode, $code, $message)
 {
     // TODO Why is sometimes sending response twice??? :S
     if (self::$responseSent) {
         return;
     }
     if (!($response = Zend_Controller_Front::getInstance()->getResponse())) {
         $response = new Zend_Controller_Response_Http();
     }
     $response->setHttpResponseCode($httpCode);
     if (!$response->getBody()) {
         $body = array('code' => $code, 'message' => $message);
         $response->setBody(Zend_Json::encode($body));
     }
     if ($response->canSendHeaders()) {
         $response->clearHeaders();
         $response->setHeader('Content-Type', 'application/json');
         $response->sendResponse();
         self::$responseSent = true;
     }
     exit;
 }
Exemplo n.º 14
0
<?php

$startTime = microtime(true);
$fileDir = dirname(__FILE__);
require $fileDir . '/library/XenForo/Autoloader.php';
XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library');
XenForo_Application::initialize($fileDir . '/library', $fileDir);
XenForo_Application::set('page_start_time', $startTime);
$deps = new XenForo_Dependencies_Public();
$deps->preLoadData();
$response = new Zend_Controller_Response_Http();
$processor = new XenForo_UserUpgradeProcessor_Paymentwall();
$processor->initCallbackHandling(new Zend_Controller_Request_Http());
$logExtra = array();
try {
    if (!($processor->validateRequest() && $processor->validatePreConditions())) {
        throw new Exception($processor->getLogMessage(), 500);
    }
    list($logType, $logMessage) = $processor->processTransaction();
} catch (Exception $e) {
    $response->setHttpResponseCode($e->getCode());
    XenForo_Error::logException($e);
    $logType = 'error';
    $logMessage = 'Exception: ' . $e->getMessage();
    $logExtra['_e'] = $e;
}
$processor->log($logType, $logMessage, $logExtra);
$response->setBody(htmlspecialchars($logMessage));
$response->sendResponse();
Exemplo n.º 15
0
 /**
  * @see AM_Handler_Export_Storage_Interface::sendPackage()
  * @throws AM_Handler_Export_Storage_Exception
  */
 public function sendPackage()
 {
     $sFilePath = $this->_buildPackagePath() . DIRECTORY_SEPARATOR . $this->getPackage()->getPackageName();
     $sFileName = $this->getPackage()->getPackageDownloadName();
     if (!file_exists($sFilePath)) {
         throw new AM_Handler_Export_Storage_Exception(sprintf('File "%s" not found', $sFilePath));
     }
     $oResponse = new Zend_Controller_Response_Http();
     $oResponse->setHttpResponseCode(200);
     $oRequest = new Zend_Controller_Request_Http();
     $iFileSize = filesize($sFilePath);
     $sFileMtime = @gmdate("D, d M Y H:i:s", @filemtime($sFilePath)) . " GMT";
     $rFile = @fopen($sFilePath, 'rb');
     $sRange = $oRequest->get('HTTP_RANGE');
     //Trying to resume download according to the HTTP_RANGE header
     if (preg_match('/bytes=(\\d+)-(\\d*)/i', $sRange, $matches)) {
         $sRange = $matches[1];
     } else {
         $sRange = false;
     }
     if ($sRange) {
         fseek($rFile, $sRange);
         $oResponse->setHttpResponseCode(206);
         $oResponse->setHeader('Content-Range', sprintf('bytes %d-%d/%d', $sRange, $iFileSize - 1, $iFileSize));
     }
     $oResponse->setHeader('Content-Disposition', 'attachment; filename=' . $sFileName)->setHeader('Content-Length', $iFileSize - $sRange)->setHeader('Content-Type', 'application/octet-stream')->setHeader('Accept-Ranges', 'bytes')->setHeader('Last-Modified', $sFileMtime);
     while (!feof($rFile)) {
         $sBuffer = fread($rFile, 2048);
         $oResponse->appendBody($sBuffer);
     }
     fclose($rFile);
     $oResponse->sendResponse();
 }
Exemplo n.º 16
0
 /**
  * Set response object
  *
  * @param Zend_Controller_Response_Http $response
  * @return Mage_Oauth_Model_Server
  */
 public function setResponse(Zend_Controller_Response_Http $response)
 {
     $this->_response = $response;
     $this->_response->setHeader(Zend_Http_Client::CONTENT_TYPE, Zend_Http_Client::ENC_URLENCODED, true);
     $this->_response->setHttpResponseCode(self::HTTP_OK);
     return $this;
 }
Exemplo n.º 17
0
 /**
  * Digest Authentication
  *
  * @param  string $header Client's Authorization header
  * @throws Zend_Auth_Adapter_Exception
  * @return Zend_Auth_Result Valid auth result only on successful auth
  */
 protected function _digestAuth($header)
 {
     if (empty($header)) {
         /**
          * @see Zend_Auth_Adapter_Exception
          */
         #require_once 'Zend/Auth/Adapter/Exception.php';
         throw new Zend_Auth_Adapter_Exception('The value of the client Authorization header is required');
     }
     if (empty($this->_digestResolver)) {
         /**
          * @see Zend_Auth_Adapter_Exception
          */
         #require_once 'Zend/Auth/Adapter/Exception.php';
         throw new Zend_Auth_Adapter_Exception('A digestResolver object must be set before doing Digest authentication');
     }
     $data = $this->_parseDigestAuth($header);
     if ($data === false) {
         $this->_response->setHttpResponseCode(400);
         return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, array(), array('Invalid Authorization header format'));
     }
     // See ZF-1052. This code was a bit too unforgiving of invalid
     // usernames. Now, if the username is bad, we re-challenge the client.
     if ('::invalid::' == $data['username']) {
         return $this->_challengeClient();
     }
     // Verify that the client sent back the same nonce
     if ($this->_calcNonce() != $data['nonce']) {
         return $this->_challengeClient();
     }
     // The opaque value is also required to match, but of course IE doesn't
     // play ball.
     if (!$this->_ieNoOpaque && $this->_calcOpaque() != $data['opaque']) {
         return $this->_challengeClient();
     }
     // Look up the user's password hash. If not found, deny access.
     // This makes no assumptions about how the password hash was
     // constructed beyond that it must have been built in such a way as
     // to be recreatable with the current settings of this object.
     $ha1 = $this->_digestResolver->resolve($data['username'], $data['realm']);
     if ($ha1 === false) {
         return $this->_challengeClient();
     }
     // If MD5-sess is used, a1 value is made of the user's password
     // hash with the server and client nonce appended, separated by
     // colons.
     if ($this->_algo == 'MD5-sess') {
         $ha1 = hash('md5', $ha1 . ':' . $data['nonce'] . ':' . $data['cnonce']);
     }
     // Calculate h(a2). The value of this hash depends on the qop
     // option selected by the client and the supported hash functions
     switch ($data['qop']) {
         case 'auth':
             $a2 = $this->_request->getMethod() . ':' . $data['uri'];
             break;
         case 'auth-int':
             // Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body),
             // but this isn't supported yet, so fall through to default case
         // Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body),
         // but this isn't supported yet, so fall through to default case
         default:
             /**
              * @see Zend_Auth_Adapter_Exception
              */
             #require_once 'Zend/Auth/Adapter/Exception.php';
             throw new Zend_Auth_Adapter_Exception('Client requested an unsupported qop option');
     }
     // Using hash() should make parameterizing the hash algorithm
     // easier
     $ha2 = hash('md5', $a2);
     // Calculate the server's version of the request-digest. This must
     // match $data['response']. See RFC 2617, section 3.2.2.1
     $message = $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $ha2;
     $digest = hash('md5', $ha1 . ':' . $message);
     // If our digest matches the client's let them in, otherwise return
     // a 401 code and exit to prevent access to the protected resource.
     if ($this->_secureStringCompare($digest, $data['response'])) {
         $identity = array('username' => $data['username'], 'realm' => $data['realm']);
         return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
     } else {
         return $this->_challengeClient();
     }
 }
Exemplo n.º 18
0
$fileDir = dirname(__FILE__);
require $fileDir . '/library/XenForo/Autoloader.php';
XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library');
XenForo_Application::initialize($fileDir . '/library', $fileDir);
XenForo_Application::set('page_start_time', $startTime);
$deps = new XenForo_Dependencies_Public();
$deps->preLoadData();
$response = new Zend_Controller_Response_Http();
$processor = new XenForo_UserUpgradeProcessor_PayPal();
$processor->initCallbackHandling(new Zend_Controller_Request_Http());
$logExtra = array();
$logMessage = false;
try {
    if (!$processor->validateRequest($logMessage)) {
        $logType = 'error';
        $response->setHttpResponseCode(500);
    } else {
        if (!$processor->validatePreConditions($logMessage)) {
            $logType = 'error';
        } else {
            $logType = 'info';
            $logMessage = $processor->processTransaction();
        }
    }
    if (is_array($logMessage)) {
        $temp = $logMessage;
        list($logType, $logMessage) = $temp;
    }
} catch (Exception $e) {
    $response->setHttpResponseCode(500);
    XenForo_Error::logException($e);
Exemplo n.º 19
0
 /**
  * Acts like a client sending the given Authenticate header value.
  *
  * @param  string $clientHeader Authenticate header value
  * @param  string $scheme       Which authentication scheme to use
  * @return array Containing the result, the response headers, and the status
  */
 public function _doAuth($clientHeader, $scheme)
 {
     // Set up stub request and response objects
     $request = $this->getMock('Zend_Controller_Request_Http');
     $response = new Zend_Controller_Response_Http();
     $response->setHttpResponseCode(200);
     $response->headersSentThrowsException = false;
     // Set stub method return values
     $request->expects($this->any())->method('getRequestUri')->will($this->returnValue('/'));
     $request->expects($this->any())->method('getMethod')->will($this->returnValue('GET'));
     $request->expects($this->any())->method('getServer')->will($this->returnValue('PHPUnit'));
     $request->expects($this->any())->method('getHeader')->will($this->returnValue($clientHeader));
     // Select an Authentication scheme
     switch ($scheme) {
         case 'basic':
             $use = $this->_basicConfig;
             break;
         case 'digest':
             $use = $this->_digestConfig;
             break;
         case 'both':
         default:
             $use = $this->_bothConfig;
     }
     // Create the HTTP Auth adapter
     $a = new Zend_Auth_Adapter_Http($use);
     $a->setBasicResolver($this->_basicResolver);
     $a->setDigestResolver($this->_digestResolver);
     // Send the authentication request
     $a->setRequest($request);
     $a->setResponse($response);
     $result = $a->authenticate();
     $return = array('result' => $result, 'status' => $response->getHttpResponseCode(), 'headers' => $response->getHeaders());
     return $return;
 }
Exemplo n.º 20
0
 /**
  * Проверить не изменен ли файл с последней загрузки
  * Если не изменен, установить заголовок
  * 
  * @param Zend_Controller_Request_Http $request
  * @param Zend_Controller_Response_Http $response
  * @return bool 
  */
 public function checkIfNotModified(Zend_Controller_Request_Http $request, Zend_Controller_Response_Http $response = null)
 {
     $mtime = $this->getModifiedTime();
     if ($mtime) {
         $ifModSince = strtotime($request->getHeader('If-Modified-Since'));
         if ($ifModSince >= $mtime) {
             if ($response) {
                 $response->setHttpResponseCode(304);
             } else {
                 header($protocol . ' 304 Not Modified');
             }
             return true;
         }
     }
     return false;
 }