/**
* Renders page-level debugging output and replaces the original view content
* with it. Alternatively, it could inject itself into the view content.
*
* @param string $originalContent Original, rendered view content
*
* @return string Replacement rendered view content
*/
public function renderDebugOutput($originalContent)
{
$this->_response->clearHeaders();
$this->_response->setHttpResponseCode(200);
$this->_response->setHeader('Content-Type', 'text/html; charset=UTF-8', true);
$this->_response->setHeader('Last-Modified', gmdate('D, d M Y H:i:s') . ' GMT', true);
return XenForo_Debug::getDebugPageWrapperHtml(XenForo_Debug::getDebugHtml());
}
/**
* Intercept a request for a cached image from the proxy and output it
*
* @param string|bool $error If non-false, an error that occurred when validating the request
*/
protected function _outputImage($error)
{
if (empty(XenForo_Application::getOptions()->imageLinkProxy['images'])) {
$error = 'disabled';
}
/* @var $proxyModel XenForo_Model_ImageProxy */
$proxyModel = XenForo_Model::create('XenForo_Model_ImageProxy');
$image = false;
if (!$error) {
$urlParts = parse_url($this->_url);
if ($this->_isLocalHost($urlParts['host']) && (empty($_SERVER['SERVER_NAME']) || !$this->_isLocalHost($_SERVER['SERVER_NAME']))) {
$error = 'local_url';
}
}
if (!$error) {
$image = $proxyModel->getImage($this->_url);
if ($image) {
$image = $proxyModel->prepareImage($image);
if ($image['use_file']) {
$proxyModel->logImageView($image);
$eTag = !empty($_SERVER['HTTP_IF_NONE_MATCH']) ? $_SERVER['HTTP_IF_NONE_MATCH'] : null;
if ($eTag && $eTag == '"' . $image['fetch_date'] . '"') {
$this->_response->setHttpResponseCode(304);
$this->_response->clearHeader('Last-Modified');
$this->_response->sendHeaders();
return;
}
} else {
$image = false;
$error = 'retrieve_failed';
}
}
}
if (!$image) {
$image = $proxyModel->getPlaceHolderImage();
}
$imageTypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png');
if (in_array($image['mime_type'], $imageTypes)) {
$this->_response->setHeader('Content-type', $image['mime_type'], true);
$this->_setDownloadFileName($image['file_name'], true);
} else {
$this->_response->setHeader('Content-type', 'application/octet-stream', true);
$this->_setDownloadFileName($image['file_name']);
}
if (!$error) {
$this->_response->setHeader('ETag', '"' . $image['fetch_date'] . '"', true);
}
if ($image['file_size']) {
$this->_response->setHeader('Content-Length', $image['file_size'], true);
}
$this->_response->setHeader('X-Content-Type-Options', 'nosniff');
if ($error) {
$this->_response->setHeader('X-Proxy-Error', $error);
}
$this->_response->sendHeaders();
$imageData = new XenForo_FileOutput($image['file_path']);
$imageData->output();
}
/**
* Challenge Client
*
* Sets a 401 Unauthorized response code, and creates the
* appropriate Authenticate header(s) to prompt for credentials.
*
* @return Zend_Auth_Result Always returns a non-identity Auth result
*/
protected function _challengeClient()
{
$this->_response->setHttpResponseCode(401);
// Send a challenge in each acceptable authentication scheme
foreach ($this->_schemes as $scheme => $callback) {
$this->_response->setHeader('WWW-Authenticate', $scheme);
}
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, array(), array('Invalid or absent credentials; challenging client'));
}
public function testPostDispatchDoesNothingOnRedirect()
{
$this->request->setModuleName('bar')->setControllerName('index')->setActionName('test')->setDispatched(true);
$this->response->setHttpResponseCode(302);
$controller = new Bar_IndexController($this->request, $this->response, array());
$this->helper->setActionController($controller);
$this->helper->postDispatch();
$content = $this->response->getBody();
$this->assertNotContains('Rendered index/test.phtml in bar module', $content);
$this->assertTrue(empty($content));
}
/**
* Challenge Client
*
* Sets a 401 or 407 Unauthorized response code, and creates the
* appropriate Authenticate header(s) to prompt for credentials.
*
* @return Zend_Auth_Result Always returns a non-identity Auth result
*/
protected function _challengeClient()
{
if ($this->_imaProxy) {
$statusCode = 407;
$headerName = 'Proxy-Authenticate';
} else {
$statusCode = 401;
$headerName = 'WWW-Authenticate';
}
$this->_response->setHttpResponseCode($statusCode);
$this->_response->setHeader($headerName, $this->_getAuthHeader());
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, array(), array('Invalid or absent credentials; challenging client'));
}
protected function _error($message = null, $statusCode = self::REST_STATUS_BAD_REQUEST)
{
if (is_numeric($statusCode)) {
$statusCode = intval($statusCode);
}
$this->_response->clearAllHeaders()->clearBody();
$this->_response->setHttpResponseCode(intval($statusCode))->setHeader('Content-Type', 'application/json', true);
if (!empty($message)) {
$this->_response->setBody(json_encode($message));
}
$this->_response->sendResponse();
exit;
}
/**
* Enter description here...
*
* @throws Zend_Auth_Adapter_Exception If authentication cannot be performed
* @return Zend_Auth_Result
*/
public function authenticate()
{
if ('' == ($authHeader = $this->_request->getServer("HTTP_X_WSSE"))) {
$this->_response->setHttpResponseCode(401, 'Unauthorized', true);
$this->_response->setHeader('WWW-Authenticate', 'WSSE realm="' . $this->_realm . '", profile="UsernameToken"');
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, array(), array('Missing WSSE Header'));
}
$headerParts = $this->parseWsseHeader($authHeader);
$passwordDigest = $this->createPasswordDigest($headerParts['nonce'], $headerParts['created'], $this->_credential);
if ($passwordDigest == $headerParts['digest'] && $this->_identity == $headerParts['username']) {
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_identity);
}
$this->_response->setHttpResponseCode(401, 'Unauthorized', true);
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, array(), array('Unauthorized'));
}
public function __construct($msg = '', $code = 0, Exception $previous = null)
{
// just pass ahead if it was throw from the CLI
if (php_sapi_name() == "cli") {
return parent::__construct($msg, (int) $code, $previous);
} else {
parent::__construct($msg, (int) $code, $previous);
$response = new Zend_Controller_Response_Http();
$response->setHttpResponseCode(500);
ob_get_clean();
ob_start();
require APPLICATION_PATH . "/layout/scripts/exception.phtml";
$outputBuffer = ob_get_clean();
$response->setBody($outputBuffer);
$response->sendResponse();
trigger_error($msg, E_USER_ERROR);
exit;
}
}
/**
* Retrieve HTTP HOST
*
* @param bool $trimPort
* @return string
*/
public function getHttpHost($trimPort = true)
{
if (!isset($_SERVER['HTTP_HOST'])) {
return false;
}
$host = $_SERVER['HTTP_HOST'];
if ($trimPort) {
$hostParts = explode(':', $_SERVER['HTTP_HOST']);
$host = $hostParts[0];
}
if (strpos($host, ',') !== false || strpos($host, ';') !== false) {
$response = new Zend_Controller_Response_Http();
$response->setHttpResponseCode(400)->sendHeaders();
exit;
}
return $host;
}
public function run(Zend_Controller_Response_Abstract $response = null)
{
$args = array($this);
$this->runCallback(self::CB_BEFORE_RUN, $args);
if ($response === null) {
$response = new Zend_Controller_Response_Http();
}
$this->response = $response;
$action = $this->getCurrentAction();
$this->request->setActionName($action);
ob_start();
$this->actionRun($action);
if ($this->response->isRedirect() && $this->completeRequest->isXmlHttpRequest()) {
$url = null;
foreach ($response->getHeaders() as $header) {
if ($header['name'] == 'Location') {
$url = $header['value'];
}
}
$code = $response->getHttpResponseCode();
// change request to ajax response
$response->clearAllHeaders();
$response->clearBody();
$response->setHttpResponseCode(200);
$response->setHeader("Content-Type", "application/json; charset=UTF-8", true);
$response->setBody(Am_Controller::getJson(array('ngrid-redirect' => $url, 'status' => $code)));
//throw new Am_Exception_Redirect($url);
} else {
$response->appendBody(ob_get_clean());
}
unset($this->response);
return $response;
}
/**
* Return current page base url
*
* @return string
*/
protected function _getFullPageUrl()
{
$uri = false;
/**
* Define server HTTP HOST
*/
if (isset($_SERVER['HTTP_HOST'])) {
if (strpos($_SERVER['HTTP_HOST'], ',') !== false || strpos($_SERVER['HTTP_HOST'], ';') !== false) {
$response = new Zend_Controller_Response_Http();
$response->setHttpResponseCode(400)->sendHeaders();
exit;
}
$uri = $_SERVER['HTTP_HOST'];
} elseif (isset($_SERVER['SERVER_NAME'])) {
$uri = $_SERVER['SERVER_NAME'];
}
/**
* Define request URI
*/
if ($uri) {
if (isset($_SERVER['REQUEST_URI'])) {
$uri .= $_SERVER['REQUEST_URI'];
} elseif (!empty($_SERVER['IIS_WasUrlRewritten']) && !empty($_SERVER['UNENCODED_URL'])) {
$uri .= $_SERVER['UNENCODED_URL'];
} elseif (isset($_SERVER['ORIG_PATH_INFO'])) {
$uri .= $_SERVER['ORIG_PATH_INFO'];
if (!empty($_SERVER['QUERY_STRING'])) {
$uri .= $_SERVER['QUERY_STRING'];
}
}
}
return $uri;
}
/**
* Create response string for problem during request and set HTTP error code
*
* @param \Exception $exception
* @param \Zend_Controller_Response_Http $response OPTIONAL If NULL - will use internal getter
* @return array
*/
public function prepareErrorResponse(\Exception $exception, \Zend_Controller_Response_Http $response = null)
{
$errorMsg = $exception->getMessage();
if ($exception instanceof \Magento\Framework\Oauth\Exception) {
$responseCode = self::HTTP_UNAUTHORIZED;
} elseif ($exception instanceof \Magento\Framework\Oauth\OauthInputException) {
$responseCode = self::HTTP_BAD_REQUEST;
} else {
$errorMsg = 'internal_error&message=' . ($errorMsg ? $errorMsg : 'empty_message');
$responseCode = self::HTTP_INTERNAL_ERROR;
}
$response->setHttpResponseCode($responseCode);
return array('oauth_problem' => $errorMsg);
}
protected function _sendResponse($httpCode, $code, $message)
{
// TODO Why is sometimes sending response twice??? :S
if (self::$responseSent) {
return;
}
if (!($response = Zend_Controller_Front::getInstance()->getResponse())) {
$response = new Zend_Controller_Response_Http();
}
$response->setHttpResponseCode($httpCode);
if (!$response->getBody()) {
$body = array('code' => $code, 'message' => $message);
$response->setBody(Zend_Json::encode($body));
}
if ($response->canSendHeaders()) {
$response->clearHeaders();
$response->setHeader('Content-Type', 'application/json');
$response->sendResponse();
self::$responseSent = true;
}
exit;
}
<?php
$startTime = microtime(true);
$fileDir = dirname(__FILE__);
require $fileDir . '/library/XenForo/Autoloader.php';
XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library');
XenForo_Application::initialize($fileDir . '/library', $fileDir);
XenForo_Application::set('page_start_time', $startTime);
$deps = new XenForo_Dependencies_Public();
$deps->preLoadData();
$response = new Zend_Controller_Response_Http();
$processor = new XenForo_UserUpgradeProcessor_Paymentwall();
$processor->initCallbackHandling(new Zend_Controller_Request_Http());
$logExtra = array();
try {
if (!($processor->validateRequest() && $processor->validatePreConditions())) {
throw new Exception($processor->getLogMessage(), 500);
}
list($logType, $logMessage) = $processor->processTransaction();
} catch (Exception $e) {
$response->setHttpResponseCode($e->getCode());
XenForo_Error::logException($e);
$logType = 'error';
$logMessage = 'Exception: ' . $e->getMessage();
$logExtra['_e'] = $e;
}
$processor->log($logType, $logMessage, $logExtra);
$response->setBody(htmlspecialchars($logMessage));
$response->sendResponse();
/**
* @see AM_Handler_Export_Storage_Interface::sendPackage()
* @throws AM_Handler_Export_Storage_Exception
*/
public function sendPackage()
{
$sFilePath = $this->_buildPackagePath() . DIRECTORY_SEPARATOR . $this->getPackage()->getPackageName();
$sFileName = $this->getPackage()->getPackageDownloadName();
if (!file_exists($sFilePath)) {
throw new AM_Handler_Export_Storage_Exception(sprintf('File "%s" not found', $sFilePath));
}
$oResponse = new Zend_Controller_Response_Http();
$oResponse->setHttpResponseCode(200);
$oRequest = new Zend_Controller_Request_Http();
$iFileSize = filesize($sFilePath);
$sFileMtime = @gmdate("D, d M Y H:i:s", @filemtime($sFilePath)) . " GMT";
$rFile = @fopen($sFilePath, 'rb');
$sRange = $oRequest->get('HTTP_RANGE');
//Trying to resume download according to the HTTP_RANGE header
if (preg_match('/bytes=(\\d+)-(\\d*)/i', $sRange, $matches)) {
$sRange = $matches[1];
} else {
$sRange = false;
}
if ($sRange) {
fseek($rFile, $sRange);
$oResponse->setHttpResponseCode(206);
$oResponse->setHeader('Content-Range', sprintf('bytes %d-%d/%d', $sRange, $iFileSize - 1, $iFileSize));
}
$oResponse->setHeader('Content-Disposition', 'attachment; filename=' . $sFileName)->setHeader('Content-Length', $iFileSize - $sRange)->setHeader('Content-Type', 'application/octet-stream')->setHeader('Accept-Ranges', 'bytes')->setHeader('Last-Modified', $sFileMtime);
while (!feof($rFile)) {
$sBuffer = fread($rFile, 2048);
$oResponse->appendBody($sBuffer);
}
fclose($rFile);
$oResponse->sendResponse();
}
/**
* Set response object
*
* @param Zend_Controller_Response_Http $response
* @return Mage_Oauth_Model_Server
*/
public function setResponse(Zend_Controller_Response_Http $response)
{
$this->_response = $response;
$this->_response->setHeader(Zend_Http_Client::CONTENT_TYPE, Zend_Http_Client::ENC_URLENCODED, true);
$this->_response->setHttpResponseCode(self::HTTP_OK);
return $this;
}
/**
* Digest Authentication
*
* @param string $header Client's Authorization header
* @throws Zend_Auth_Adapter_Exception
* @return Zend_Auth_Result Valid auth result only on successful auth
*/
protected function _digestAuth($header)
{
if (empty($header)) {
/**
* @see Zend_Auth_Adapter_Exception
*/
#require_once 'Zend/Auth/Adapter/Exception.php';
throw new Zend_Auth_Adapter_Exception('The value of the client Authorization header is required');
}
if (empty($this->_digestResolver)) {
/**
* @see Zend_Auth_Adapter_Exception
*/
#require_once 'Zend/Auth/Adapter/Exception.php';
throw new Zend_Auth_Adapter_Exception('A digestResolver object must be set before doing Digest authentication');
}
$data = $this->_parseDigestAuth($header);
if ($data === false) {
$this->_response->setHttpResponseCode(400);
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, array(), array('Invalid Authorization header format'));
}
// See ZF-1052. This code was a bit too unforgiving of invalid
// usernames. Now, if the username is bad, we re-challenge the client.
if ('::invalid::' == $data['username']) {
return $this->_challengeClient();
}
// Verify that the client sent back the same nonce
if ($this->_calcNonce() != $data['nonce']) {
return $this->_challengeClient();
}
// The opaque value is also required to match, but of course IE doesn't
// play ball.
if (!$this->_ieNoOpaque && $this->_calcOpaque() != $data['opaque']) {
return $this->_challengeClient();
}
// Look up the user's password hash. If not found, deny access.
// This makes no assumptions about how the password hash was
// constructed beyond that it must have been built in such a way as
// to be recreatable with the current settings of this object.
$ha1 = $this->_digestResolver->resolve($data['username'], $data['realm']);
if ($ha1 === false) {
return $this->_challengeClient();
}
// If MD5-sess is used, a1 value is made of the user's password
// hash with the server and client nonce appended, separated by
// colons.
if ($this->_algo == 'MD5-sess') {
$ha1 = hash('md5', $ha1 . ':' . $data['nonce'] . ':' . $data['cnonce']);
}
// Calculate h(a2). The value of this hash depends on the qop
// option selected by the client and the supported hash functions
switch ($data['qop']) {
case 'auth':
$a2 = $this->_request->getMethod() . ':' . $data['uri'];
break;
case 'auth-int':
// Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body),
// but this isn't supported yet, so fall through to default case
// Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body),
// but this isn't supported yet, so fall through to default case
default:
/**
* @see Zend_Auth_Adapter_Exception
*/
#require_once 'Zend/Auth/Adapter/Exception.php';
throw new Zend_Auth_Adapter_Exception('Client requested an unsupported qop option');
}
// Using hash() should make parameterizing the hash algorithm
// easier
$ha2 = hash('md5', $a2);
// Calculate the server's version of the request-digest. This must
// match $data['response']. See RFC 2617, section 3.2.2.1
$message = $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $ha2;
$digest = hash('md5', $ha1 . ':' . $message);
// If our digest matches the client's let them in, otherwise return
// a 401 code and exit to prevent access to the protected resource.
if ($this->_secureStringCompare($digest, $data['response'])) {
$identity = array('username' => $data['username'], 'realm' => $data['realm']);
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
} else {
return $this->_challengeClient();
}
}
$fileDir = dirname(__FILE__);
require $fileDir . '/library/XenForo/Autoloader.php';
XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library');
XenForo_Application::initialize($fileDir . '/library', $fileDir);
XenForo_Application::set('page_start_time', $startTime);
$deps = new XenForo_Dependencies_Public();
$deps->preLoadData();
$response = new Zend_Controller_Response_Http();
$processor = new XenForo_UserUpgradeProcessor_PayPal();
$processor->initCallbackHandling(new Zend_Controller_Request_Http());
$logExtra = array();
$logMessage = false;
try {
if (!$processor->validateRequest($logMessage)) {
$logType = 'error';
$response->setHttpResponseCode(500);
} else {
if (!$processor->validatePreConditions($logMessage)) {
$logType = 'error';
} else {
$logType = 'info';
$logMessage = $processor->processTransaction();
}
}
if (is_array($logMessage)) {
$temp = $logMessage;
list($logType, $logMessage) = $temp;
}
} catch (Exception $e) {
$response->setHttpResponseCode(500);
XenForo_Error::logException($e);
/**
* Acts like a client sending the given Authenticate header value.
*
* @param string $clientHeader Authenticate header value
* @param string $scheme Which authentication scheme to use
* @return array Containing the result, the response headers, and the status
*/
public function _doAuth($clientHeader, $scheme)
{
// Set up stub request and response objects
$request = $this->getMock('Zend_Controller_Request_Http');
$response = new Zend_Controller_Response_Http();
$response->setHttpResponseCode(200);
$response->headersSentThrowsException = false;
// Set stub method return values
$request->expects($this->any())->method('getRequestUri')->will($this->returnValue('/'));
$request->expects($this->any())->method('getMethod')->will($this->returnValue('GET'));
$request->expects($this->any())->method('getServer')->will($this->returnValue('PHPUnit'));
$request->expects($this->any())->method('getHeader')->will($this->returnValue($clientHeader));
// Select an Authentication scheme
switch ($scheme) {
case 'basic':
$use = $this->_basicConfig;
break;
case 'digest':
$use = $this->_digestConfig;
break;
case 'both':
default:
$use = $this->_bothConfig;
}
// Create the HTTP Auth adapter
$a = new Zend_Auth_Adapter_Http($use);
$a->setBasicResolver($this->_basicResolver);
$a->setDigestResolver($this->_digestResolver);
// Send the authentication request
$a->setRequest($request);
$a->setResponse($response);
$result = $a->authenticate();
$return = array('result' => $result, 'status' => $response->getHttpResponseCode(), 'headers' => $response->getHeaders());
return $return;
}
/**
* Проверить не изменен ли файл с последней загрузки
* Если не изменен, установить заголовок
*
* @param Zend_Controller_Request_Http $request
* @param Zend_Controller_Response_Http $response
* @return bool
*/
public function checkIfNotModified(Zend_Controller_Request_Http $request, Zend_Controller_Response_Http $response = null)
{
$mtime = $this->getModifiedTime();
if ($mtime) {
$ifModSince = strtotime($request->getHeader('If-Modified-Since'));
if ($ifModSince >= $mtime) {
if ($response) {
$response->setHttpResponseCode(304);
} else {
header($protocol . ' 304 Not Modified');
}
return true;
}
}
return false;
}
