The class tries to read and validate the request token from the user session
and creates a new token if there is none.
Usage:
echo RequestToken::get();
if (!RequestToken::validate('TOKEN'))
{
throw new Exception("Invalid request token");
}
/**
* Initialize the object
*
* @param string $strTable
* @param array $arrModule
*/
public function __construct($strTable, $arrModule = array())
{
parent::__construct();
/** @var SessionInterface $objSession */
$objSession = \System::getContainer()->get('session');
// Check the request token (see #4007)
if (isset($_GET['act'])) {
if (!isset($_GET['rt']) || !\RequestToken::validate(\Input::get('rt'))) {
$objSession->set('INVALID_TOKEN_URL', \Environment::get('request'));
$this->redirect('contao/confirm.php');
}
}
$this->intId = \Input::get('id');
// Clear the clipboard
if (isset($_GET['clipboard'])) {
$objSession->set('CLIPBOARD', array());
$this->redirect($this->getReferer());
}
// Check whether the table is defined
if ($strTable == '' || !isset($GLOBALS['TL_DCA'][$strTable])) {
$this->log('Could not load the data container configuration for "' . $strTable . '"', __METHOD__, TL_ERROR);
trigger_error('Could not load the data container configuration', E_USER_ERROR);
}
// Set IDs and redirect
if (\Input::post('FORM_SUBMIT') == 'tl_select') {
$ids = \Input::post('IDS');
if (empty($ids) || !is_array($ids)) {
$this->reload();
}
$session = $objSession->all();
$session['CURRENT']['IDS'] = $ids;
$objSession->replace($session);
if (isset($_POST['edit'])) {
$this->redirect(str_replace('act=select', 'act=editAll', \Environment::get('request')));
} elseif (isset($_POST['delete'])) {
$this->redirect(str_replace('act=select', 'act=deleteAll', \Environment::get('request')));
} elseif (isset($_POST['override'])) {
$this->redirect(str_replace('act=select', 'act=overrideAll', \Environment::get('request')));
} elseif (isset($_POST['cut']) || isset($_POST['copy'])) {
$arrClipboard = $objSession->get('CLIPBOARD');
$arrClipboard[$strTable] = array('id' => $ids, 'mode' => isset($_POST['cut']) ? 'cutAll' : 'copyAll');
$objSession->set('CLIPBOARD', $arrClipboard);
// Support copyAll in the list view (see #7499)
if (isset($_POST['copy']) && $GLOBALS['TL_DCA'][$strTable]['list']['sorting']['mode'] < 4) {
$this->redirect(str_replace('act=select', 'act=copyAll', \Environment::get('request')));
}
$this->redirect($this->getReferer());
}
}
$this->strTable = $strTable;
$this->ptable = $GLOBALS['TL_DCA'][$this->strTable]['config']['ptable'];
$this->ctable = $GLOBALS['TL_DCA'][$this->strTable]['config']['ctable'];
$this->treeView = in_array($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['mode'], array(5, 6));
$this->root = null;
$this->arrModule = $arrModule;
// Call onload_callback (e.g. to check permissions)
if (is_array($GLOBALS['TL_DCA'][$this->strTable]['config']['onload_callback'])) {
foreach ($GLOBALS['TL_DCA'][$this->strTable]['config']['onload_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$this->{$callback[0]}->{$callback[1]}($this);
} elseif (is_callable($callback)) {
$callback($this);
}
}
}
// Get the IDs of all root records (tree view)
if ($this->treeView) {
$table = $GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['mode'] == 6 ? $this->ptable : $this->strTable;
// Unless there are any root records specified, use all records with parent ID 0
if (!isset($GLOBALS['TL_DCA'][$table]['list']['sorting']['root']) || $GLOBALS['TL_DCA'][$table]['list']['sorting']['root'] === false) {
$objIds = $this->Database->prepare("SELECT id FROM " . $table . " WHERE pid=?" . ($this->Database->fieldExists('sorting', $table) ? ' ORDER BY sorting' : ''))->execute(0);
if ($objIds->numRows > 0) {
$this->root = $objIds->fetchEach('id');
}
} elseif (is_array($GLOBALS['TL_DCA'][$table]['list']['sorting']['root'])) {
$this->root = $this->eliminateNestedPages($GLOBALS['TL_DCA'][$table]['list']['sorting']['root'], $table, $this->Database->fieldExists('sorting', $table));
}
} elseif (is_array($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['root'])) {
$this->root = array_unique($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['root']);
}
$request = \System::getContainer()->get('request_stack')->getCurrentRequest();
$route = $request->attributes->get('_route');
// Store the current referer
if (!empty($this->ctable) && !\Input::get('act') && !\Input::get('key') && !\Input::get('token') && $route == 'contao_backend' && !\Environment::get('isAjaxRequest')) {
$session = $objSession->get('referer');
$session[TL_REFERER_ID][$this->strTable] = substr(\Environment::get('requestUri'), strlen(\Environment::get('path')) + 1);
$objSession->set('referer', $session);
}
}
/**
* Generate the module
*
* @return string
*/
public function run()
{
if (!\Config::get('enableSearch')) {
return '';
}
$time = time();
/** @var BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_rebuild_index');
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->indexHeadline = $GLOBALS['TL_LANG']['tl_maintenance']['searchIndex'];
$objTemplate->isActive = $this->isActive();
// Add the error message
if ($_SESSION['REBUILD_INDEX_ERROR'] != '') {
$objTemplate->indexMessage = $_SESSION['REBUILD_INDEX_ERROR'];
$_SESSION['REBUILD_INDEX_ERROR'] = '';
}
// Rebuild the index
if (\Input::get('act') == 'index') {
// Check the request token (see #4007)
if (!isset($_GET['rt']) || !\RequestToken::validate(\Input::get('rt'))) {
/** @var SessionInterface $objSession */
$objSession = \System::getContainer()->get('session');
$objSession->set('INVALID_TOKEN_URL', \Environment::get('request'));
$this->redirect('contao/confirm.php');
}
$arrPages = $this->findSearchablePages();
// HOOK: take additional pages
if (isset($GLOBALS['TL_HOOKS']['getSearchablePages']) && is_array($GLOBALS['TL_HOOKS']['getSearchablePages'])) {
foreach ($GLOBALS['TL_HOOKS']['getSearchablePages'] as $callback) {
$this->import($callback[0]);
$arrPages = $this->{$callback[0]}->{$callback[1]}($arrPages);
}
}
// Return if there are no pages
if (empty($arrPages)) {
$_SESSION['REBUILD_INDEX_ERROR'] = $GLOBALS['TL_LANG']['tl_maintenance']['noSearchable'];
$this->redirect($this->getReferer());
}
// Truncate the search tables
$this->import('Automator');
$this->Automator->purgeSearchTables();
// Hide unpublished elements
$this->setCookie('FE_PREVIEW', 0, $time - 86400);
// Calculate the hash
$strHash = $this->getSessionHash('FE_USER_AUTH');
// Remove old sessions
$this->Database->prepare("DELETE FROM tl_session WHERE tstamp<? OR hash=?")->execute($time - \Config::get('sessionTimeout'), $strHash);
// Log in the front end user
if (is_numeric(\Input::get('user')) && \Input::get('user') > 0) {
// Insert a new session
$this->Database->prepare("INSERT INTO tl_session (pid, tstamp, name, sessionID, ip, hash) VALUES (?, ?, ?, ?, ?, ?)")->execute(\Input::get('user'), $time, 'FE_USER_AUTH', \System::getContainer()->get('session')->getId(), \Environment::get('ip'), $strHash);
// Set the cookie
$this->setCookie('FE_USER_AUTH', $strHash, $time + \Config::get('sessionTimeout'), null, null, false, true);
} else {
// Unset the cookies
$this->setCookie('FE_USER_AUTH', $strHash, $time - 86400, null, null, false, true);
$this->setCookie('FE_AUTO_LOGIN', \Input::cookie('FE_AUTO_LOGIN'), $time - 86400, null, null, false, true);
}
$strBuffer = '';
$rand = rand();
// Display the pages
for ($i = 0, $c = count($arrPages); $i < $c; $i++) {
$strBuffer .= '<span class="page_url" data-url="' . $arrPages[$i] . '#' . $rand . $i . '">' . \StringUtil::substr($arrPages[$i], 100) . '</span><br>';
unset($arrPages[$i]);
// see #5681
}
$objTemplate->content = $strBuffer;
$objTemplate->note = $GLOBALS['TL_LANG']['tl_maintenance']['indexNote'];
$objTemplate->loading = $GLOBALS['TL_LANG']['tl_maintenance']['indexLoading'];
$objTemplate->complete = $GLOBALS['TL_LANG']['tl_maintenance']['indexComplete'];
$objTemplate->indexContinue = $GLOBALS['TL_LANG']['MSC']['continue'];
$objTemplate->theme = \Backend::getTheme();
$objTemplate->isRunning = true;
return $objTemplate->parse();
}
$arrUser = array('' => '-');
// Get active front end users
$objUser = $this->Database->execute("SELECT id, username FROM tl_member WHERE disable!='1' AND (start='' OR start<='{$time}') AND (stop='' OR stop>'" . ($time + 60) . "') ORDER BY username");
while ($objUser->next()) {
$arrUser[$objUser->id] = $objUser->username . ' (' . $objUser->id . ')';
}
// Default variables
$objTemplate->user = $arrUser;
$objTemplate->indexLabel = $GLOBALS['TL_LANG']['tl_maintenance']['frontendUser'][0];
$objTemplate->indexHelp = \Config::get('showHelp') && strlen($GLOBALS['TL_LANG']['tl_maintenance']['frontendUser'][1]) ? $GLOBALS['TL_LANG']['tl_maintenance']['frontendUser'][1] : '';
$objTemplate->indexSubmit = $GLOBALS['TL_LANG']['tl_maintenance']['indexSubmit'];
return $objTemplate->parse();
}
/**
* Initialize the object
*
* @param string $strTable
*
* @throws AccessDeniedException
*/
public function __construct($strTable)
{
parent::__construct();
/** @var SessionInterface $objSession */
$objSession = \System::getContainer()->get('session');
// Check the request token (see #4007)
if (isset($_GET['act'])) {
if (!isset($_GET['rt']) || !\RequestToken::validate(\Input::get('rt'))) {
$objSession->set('INVALID_TOKEN_URL', \Environment::get('request'));
$this->redirect('contao/confirm.php');
}
}
$this->intId = \Input::get('id', true);
// Clear the clipboard
if (isset($_GET['clipboard'])) {
$objSession->set('CLIPBOARD', array());
$this->redirect($this->getReferer());
}
// Check whether the table is defined
if ($strTable == '' || !isset($GLOBALS['TL_DCA'][$strTable])) {
$this->log('Could not load data container configuration for "' . $strTable . '"', __METHOD__, TL_ERROR);
trigger_error('Could not load data container configuration', E_USER_ERROR);
}
// Check permission to create new folders
if (\Input::get('act') == 'paste' && \Input::get('mode') == 'create' && isset($GLOBALS['TL_DCA'][$strTable]['list']['new'])) {
throw new AccessDeniedException('Attempt to create a new folder although the method has been overwritten in the data container.');
}
// Set IDs and redirect
if (\Input::post('FORM_SUBMIT') == 'tl_select') {
$ids = \Input::post('IDS');
if (empty($ids) || !is_array($ids)) {
$this->reload();
}
// Decode the values (see #5764)
$ids = array_map('rawurldecode', $ids);
$session = $objSession->all();
$session['CURRENT']['IDS'] = $ids;
$objSession->replace($session);
if (isset($_POST['edit'])) {
$this->redirect(str_replace('act=select', 'act=editAll', \Environment::get('request')));
} elseif (isset($_POST['delete'])) {
$this->redirect(str_replace('act=select', 'act=deleteAll', \Environment::get('request')));
} elseif (isset($_POST['cut']) || isset($_POST['copy'])) {
$arrClipboard = $objSession->get('CLIPBOARD');
$arrClipboard[$strTable] = array('id' => $ids, 'mode' => isset($_POST['cut']) ? 'cutAll' : 'copyAll');
$objSession->set('CLIPBOARD', $arrClipboard);
$this->redirect($this->getReferer());
}
}
$this->strTable = $strTable;
$this->blnIsDbAssisted = $GLOBALS['TL_DCA'][$strTable]['config']['databaseAssisted'];
// Check for valid file types
if ($GLOBALS['TL_DCA'][$this->strTable]['config']['validFileTypes']) {
$this->arrValidFileTypes = trimsplit(',', $GLOBALS['TL_DCA'][$this->strTable]['config']['validFileTypes']);
}
// Call onload_callback (e.g. to check permissions)
if (is_array($GLOBALS['TL_DCA'][$this->strTable]['config']['onload_callback'])) {
foreach ($GLOBALS['TL_DCA'][$this->strTable]['config']['onload_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$this->{$callback[0]}->{$callback[1]}($this);
} elseif (is_callable($callback)) {
$callback($this);
}
}
}
// Get all filemounts (root folders)
if (is_array($GLOBALS['TL_DCA'][$strTable]['list']['sorting']['root'])) {
$this->arrFilemounts = $this->eliminateNestedPaths($GLOBALS['TL_DCA'][$strTable]['list']['sorting']['root']);
}
}
public function upload()
{
// check for the request token
if (!\Input::post('requestToken') || !RequestToken::validate(\Input::post('requestToken'))) {
$objResponse = new ResponseError();
$objResponse->setMessage('Invalid Request Token!');
$objResponse->output();
}
$objTmpFolder = new \Folder(MultiFileUpload::UPLOAD_TMP);
$arrUuids = null;
$varReturn = null;
// Dropzone Upload
if (!empty($_FILES)) {
if (!isset($_FILES[$this->name])) {
return;
}
$strField = $this->name;
$varFile = $_FILES[$strField];
// Multi-files upload at once
if (is_array($varFile['name'])) {
for ($i = 0; $i < count($varFile['name']); $i++) {
$arrFiles = array();
foreach (array_keys($varFile) as $strKey) {
$arrFiles[$strKey] = $varFile[$strKey][$i];
}
$arrFile = $this->uploadFile($arrFiles, $objTmpFolder->path, $strField);
$varReturn[] = $arrFile;
$arrUuids[] = $arrFile['uuid'];
}
} else {
$varReturn = $this->uploadFile($varFile, $objTmpFolder->path, $strField);
$arrUuids[] = $varReturn['uuid'];
}
if ($varReturn !== null) {
$this->varValue = $arrUuids;
$objResponse = new ResponseSuccess();
$objResult = new ResponseData();
$objResult->setData($varReturn);
$objResponse->setResult($objResult);
return $objResponse;
}
}
}