/**
* @return Ajde_Http_Request
*/
public static function fromGlobal()
{
$instance = new self();
if (!empty($_POST) && self::requirePostToken() && !self::_isWhitelisted()) {
// Measures against CSRF attacks
$session = new Session('AC.Form');
if (!isset($_POST['_token']) || !$session->has('formTime')) {
// TODO:
$exception = new Security('No form token received or no form time set, bailing out to prevent CSRF attack');
if (Config::getInstance()->debug === true) {
Response::setResponseType(Response::RESPONSE_TYPE_FORBIDDEN);
throw $exception;
} else {
// Prevent inf. loops
unset($_POST);
// Rewrite
Log::logException($exception);
Response::dieOnCode(Response::RESPONSE_TYPE_FORBIDDEN);
}
}
$formToken = $_POST['_token'];
if (!self::verifyFormToken($formToken) || !self::verifyFormTime()) {
// TODO:
if (!self::verifyFormToken($formToken)) {
$exception = new Security('No matching form token (got ' . self::_getHashFromSession($formToken) . ', expected ' . self::_tokenHash($formToken) . '), bailing out to prevent CSRF attack');
} else {
$exception = new Security('Form token timed out, bailing out to prevent CSRF attack');
}
if (Config::getInstance()->debug === true) {
Response::setResponseType(Response::RESPONSE_TYPE_FORBIDDEN);
throw $exception;
} else {
// Prevent inf. loops
unset($_POST);
// Rewrite
Log::logException($exception);
Response::dieOnCode(Response::RESPONSE_TYPE_FORBIDDEN);
}
}
}
// Security measure, protect $_POST
//$global = array_merge($_GET, $_POST);
$global = $_GET;
foreach ($global as $key => $value) {
$instance->set($key, $value);
}
$instance->_postData = $_POST;
if (!empty($instance->_postData)) {
Cache::getInstance()->disable();
}
return $instance;
}
/**
*
* @return Ajde_Model
*/
public function getItem()
{
if ($this->isNew()) {
$this->fireCrudLoadedOnModel($this->getModel());
return $this->getModel();
}
if (!$this->getModel()->getPK()) {
$model = $this->getModel();
if (!$model->loadByPK($this->getId())) {
Response::redirectNotFound();
} else {
if (!$model->getAutoloadParents()) {
$model->loadParents();
}
}
$this->fireCrudLoadedOnModel($this->getModel());
}
return $this->getModel();
}
/**
*
* @param Ajde_Core_Route $route
* @return Ajde_Controller
*/
public static function fromRoute(Route $route)
{
if ($controller = $route->getController()) {
$moduleController = ucfirst($route->getModule()) . ucfirst($controller) . 'Controller';
} else {
$moduleController = ucfirst($route->getModule()) . 'Controller';
}
if (!Autoloader::exists($moduleController)) {
// Prevent resursive 404 routing
if (isset(Config::getInstance()->responseCodeRoute[Response::RESPONSE_TYPE_NOTFOUND])) {
$notFoundRoute = new Route(Config::getInstance()->responseCodeRoute[Response::RESPONSE_TYPE_NOTFOUND]);
if ($route->buildRoute() == $notFoundRoute->buildRoute()) {
Response::setResponseType(404);
die('<h2>Ouch, something broke.</h2><p>This is serious. We tried to give you a nice error page, but even that failed.</p><button onclick="location.href=\'' . Config::get('site_root') . '\';">Go back to homepage</button>');
}
}
if (Autoloader::exists('Ajde_Exception')) {
$exception = new Routing("Controller {$moduleController} for module {$route->getModule()} not found", 90008);
} else {
// Normal exception here to prevent [Class 'Ajde_Exception' not found] errors...
$exception = new Exception("Controller {$moduleController} for module {$route->getModule()} not found");
}
Ajde::routingError($exception);
}
$controller = new $moduleController($route->getAction(), $route->getFormat());
$controller->_route = $route;
foreach ($route->values() as $part => $value) {
$controller->set($part, $value);
}
return $controller;
}
public static function routingError(Exception $exception)
{
if (Config::get("debug") === true) {
throw $exception;
} else {
if (Autoloader::exists('Ajde_Exception_Log')) {
Log::logException($exception);
}
Response::redirectNotFound();
}
}
