The class tries to read and validate the request token from the user session and creates a new token if there is none. Usage: echo RequestToken::get(); if (!RequestToken::validate('TOKEN')) { throw new Exception("Invalid request token"); }
Inheritance: extends System
Exemplo n.º 1
0
 /**
  * Initialize the object
  *
  * @param string $strTable
  * @param array  $arrModule
  */
 public function __construct($strTable, $arrModule = array())
 {
     parent::__construct();
     /** @var SessionInterface $objSession */
     $objSession = \System::getContainer()->get('session');
     // Check the request token (see #4007)
     if (isset($_GET['act'])) {
         if (!isset($_GET['rt']) || !\RequestToken::validate(\Input::get('rt'))) {
             $objSession->set('INVALID_TOKEN_URL', \Environment::get('request'));
             $this->redirect('contao/confirm.php');
         }
     }
     $this->intId = \Input::get('id');
     // Clear the clipboard
     if (isset($_GET['clipboard'])) {
         $objSession->set('CLIPBOARD', array());
         $this->redirect($this->getReferer());
     }
     // Check whether the table is defined
     if ($strTable == '' || !isset($GLOBALS['TL_DCA'][$strTable])) {
         $this->log('Could not load the data container configuration for "' . $strTable . '"', __METHOD__, TL_ERROR);
         trigger_error('Could not load the data container configuration', E_USER_ERROR);
     }
     // Set IDs and redirect
     if (\Input::post('FORM_SUBMIT') == 'tl_select') {
         $ids = \Input::post('IDS');
         if (empty($ids) || !is_array($ids)) {
             $this->reload();
         }
         $session = $objSession->all();
         $session['CURRENT']['IDS'] = $ids;
         $objSession->replace($session);
         if (isset($_POST['edit'])) {
             $this->redirect(str_replace('act=select', 'act=editAll', \Environment::get('request')));
         } elseif (isset($_POST['delete'])) {
             $this->redirect(str_replace('act=select', 'act=deleteAll', \Environment::get('request')));
         } elseif (isset($_POST['override'])) {
             $this->redirect(str_replace('act=select', 'act=overrideAll', \Environment::get('request')));
         } elseif (isset($_POST['cut']) || isset($_POST['copy'])) {
             $arrClipboard = $objSession->get('CLIPBOARD');
             $arrClipboard[$strTable] = array('id' => $ids, 'mode' => isset($_POST['cut']) ? 'cutAll' : 'copyAll');
             $objSession->set('CLIPBOARD', $arrClipboard);
             // Support copyAll in the list view (see #7499)
             if (isset($_POST['copy']) && $GLOBALS['TL_DCA'][$strTable]['list']['sorting']['mode'] < 4) {
                 $this->redirect(str_replace('act=select', 'act=copyAll', \Environment::get('request')));
             }
             $this->redirect($this->getReferer());
         }
     }
     $this->strTable = $strTable;
     $this->ptable = $GLOBALS['TL_DCA'][$this->strTable]['config']['ptable'];
     $this->ctable = $GLOBALS['TL_DCA'][$this->strTable]['config']['ctable'];
     $this->treeView = in_array($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['mode'], array(5, 6));
     $this->root = null;
     $this->arrModule = $arrModule;
     // Call onload_callback (e.g. to check permissions)
     if (is_array($GLOBALS['TL_DCA'][$this->strTable]['config']['onload_callback'])) {
         foreach ($GLOBALS['TL_DCA'][$this->strTable]['config']['onload_callback'] as $callback) {
             if (is_array($callback)) {
                 $this->import($callback[0]);
                 $this->{$callback[0]}->{$callback[1]}($this);
             } elseif (is_callable($callback)) {
                 $callback($this);
             }
         }
     }
     // Get the IDs of all root records (tree view)
     if ($this->treeView) {
         $table = $GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['mode'] == 6 ? $this->ptable : $this->strTable;
         // Unless there are any root records specified, use all records with parent ID 0
         if (!isset($GLOBALS['TL_DCA'][$table]['list']['sorting']['root']) || $GLOBALS['TL_DCA'][$table]['list']['sorting']['root'] === false) {
             $objIds = $this->Database->prepare("SELECT id FROM " . $table . " WHERE pid=?" . ($this->Database->fieldExists('sorting', $table) ? ' ORDER BY sorting' : ''))->execute(0);
             if ($objIds->numRows > 0) {
                 $this->root = $objIds->fetchEach('id');
             }
         } elseif (is_array($GLOBALS['TL_DCA'][$table]['list']['sorting']['root'])) {
             $this->root = $this->eliminateNestedPages($GLOBALS['TL_DCA'][$table]['list']['sorting']['root'], $table, $this->Database->fieldExists('sorting', $table));
         }
     } elseif (is_array($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['root'])) {
         $this->root = array_unique($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['root']);
     }
     $request = \System::getContainer()->get('request_stack')->getCurrentRequest();
     $route = $request->attributes->get('_route');
     // Store the current referer
     if (!empty($this->ctable) && !\Input::get('act') && !\Input::get('key') && !\Input::get('token') && $route == 'contao_backend' && !\Environment::get('isAjaxRequest')) {
         $session = $objSession->get('referer');
         $session[TL_REFERER_ID][$this->strTable] = substr(\Environment::get('requestUri'), strlen(\Environment::get('path')) + 1);
         $objSession->set('referer', $session);
     }
 }
Exemplo n.º 2
0
 /**
  * Generate the module
  *
  * @return string
  */
 public function run()
 {
     if (!\Config::get('enableSearch')) {
         return '';
     }
     $time = time();
     /** @var BackendTemplate|object $objTemplate */
     $objTemplate = new \BackendTemplate('be_rebuild_index');
     $objTemplate->action = ampersand(\Environment::get('request'));
     $objTemplate->indexHeadline = $GLOBALS['TL_LANG']['tl_maintenance']['searchIndex'];
     $objTemplate->isActive = $this->isActive();
     // Add the error message
     if ($_SESSION['REBUILD_INDEX_ERROR'] != '') {
         $objTemplate->indexMessage = $_SESSION['REBUILD_INDEX_ERROR'];
         $_SESSION['REBUILD_INDEX_ERROR'] = '';
     }
     // Rebuild the index
     if (\Input::get('act') == 'index') {
         // Check the request token (see #4007)
         if (!isset($_GET['rt']) || !\RequestToken::validate(\Input::get('rt'))) {
             /** @var SessionInterface $objSession */
             $objSession = \System::getContainer()->get('session');
             $objSession->set('INVALID_TOKEN_URL', \Environment::get('request'));
             $this->redirect('contao/confirm.php');
         }
         $arrPages = $this->findSearchablePages();
         // HOOK: take additional pages
         if (isset($GLOBALS['TL_HOOKS']['getSearchablePages']) && is_array($GLOBALS['TL_HOOKS']['getSearchablePages'])) {
             foreach ($GLOBALS['TL_HOOKS']['getSearchablePages'] as $callback) {
                 $this->import($callback[0]);
                 $arrPages = $this->{$callback[0]}->{$callback[1]}($arrPages);
             }
         }
         // Return if there are no pages
         if (empty($arrPages)) {
             $_SESSION['REBUILD_INDEX_ERROR'] = $GLOBALS['TL_LANG']['tl_maintenance']['noSearchable'];
             $this->redirect($this->getReferer());
         }
         // Truncate the search tables
         $this->import('Automator');
         $this->Automator->purgeSearchTables();
         // Hide unpublished elements
         $this->setCookie('FE_PREVIEW', 0, $time - 86400);
         // Calculate the hash
         $strHash = $this->getSessionHash('FE_USER_AUTH');
         // Remove old sessions
         $this->Database->prepare("DELETE FROM tl_session WHERE tstamp<? OR hash=?")->execute($time - \Config::get('sessionTimeout'), $strHash);
         // Log in the front end user
         if (is_numeric(\Input::get('user')) && \Input::get('user') > 0) {
             // Insert a new session
             $this->Database->prepare("INSERT INTO tl_session (pid, tstamp, name, sessionID, ip, hash) VALUES (?, ?, ?, ?, ?, ?)")->execute(\Input::get('user'), $time, 'FE_USER_AUTH', \System::getContainer()->get('session')->getId(), \Environment::get('ip'), $strHash);
             // Set the cookie
             $this->setCookie('FE_USER_AUTH', $strHash, $time + \Config::get('sessionTimeout'), null, null, false, true);
         } else {
             // Unset the cookies
             $this->setCookie('FE_USER_AUTH', $strHash, $time - 86400, null, null, false, true);
             $this->setCookie('FE_AUTO_LOGIN', \Input::cookie('FE_AUTO_LOGIN'), $time - 86400, null, null, false, true);
         }
         $strBuffer = '';
         $rand = rand();
         // Display the pages
         for ($i = 0, $c = count($arrPages); $i < $c; $i++) {
             $strBuffer .= '<span class="page_url" data-url="' . $arrPages[$i] . '#' . $rand . $i . '">' . \StringUtil::substr($arrPages[$i], 100) . '</span><br>';
             unset($arrPages[$i]);
             // see #5681
         }
         $objTemplate->content = $strBuffer;
         $objTemplate->note = $GLOBALS['TL_LANG']['tl_maintenance']['indexNote'];
         $objTemplate->loading = $GLOBALS['TL_LANG']['tl_maintenance']['indexLoading'];
         $objTemplate->complete = $GLOBALS['TL_LANG']['tl_maintenance']['indexComplete'];
         $objTemplate->indexContinue = $GLOBALS['TL_LANG']['MSC']['continue'];
         $objTemplate->theme = \Backend::getTheme();
         $objTemplate->isRunning = true;
         return $objTemplate->parse();
     }
     $arrUser = array('' => '-');
     // Get active front end users
     $objUser = $this->Database->execute("SELECT id, username FROM tl_member WHERE disable!='1' AND (start='' OR start<='{$time}') AND (stop='' OR stop>'" . ($time + 60) . "') ORDER BY username");
     while ($objUser->next()) {
         $arrUser[$objUser->id] = $objUser->username . ' (' . $objUser->id . ')';
     }
     // Default variables
     $objTemplate->user = $arrUser;
     $objTemplate->indexLabel = $GLOBALS['TL_LANG']['tl_maintenance']['frontendUser'][0];
     $objTemplate->indexHelp = \Config::get('showHelp') && strlen($GLOBALS['TL_LANG']['tl_maintenance']['frontendUser'][1]) ? $GLOBALS['TL_LANG']['tl_maintenance']['frontendUser'][1] : '';
     $objTemplate->indexSubmit = $GLOBALS['TL_LANG']['tl_maintenance']['indexSubmit'];
     return $objTemplate->parse();
 }
Exemplo n.º 3
0
 /**
  * Initialize the object
  *
  * @param string $strTable
  *
  * @throws AccessDeniedException
  */
 public function __construct($strTable)
 {
     parent::__construct();
     /** @var SessionInterface $objSession */
     $objSession = \System::getContainer()->get('session');
     // Check the request token (see #4007)
     if (isset($_GET['act'])) {
         if (!isset($_GET['rt']) || !\RequestToken::validate(\Input::get('rt'))) {
             $objSession->set('INVALID_TOKEN_URL', \Environment::get('request'));
             $this->redirect('contao/confirm.php');
         }
     }
     $this->intId = \Input::get('id', true);
     // Clear the clipboard
     if (isset($_GET['clipboard'])) {
         $objSession->set('CLIPBOARD', array());
         $this->redirect($this->getReferer());
     }
     // Check whether the table is defined
     if ($strTable == '' || !isset($GLOBALS['TL_DCA'][$strTable])) {
         $this->log('Could not load data container configuration for "' . $strTable . '"', __METHOD__, TL_ERROR);
         trigger_error('Could not load data container configuration', E_USER_ERROR);
     }
     // Check permission to create new folders
     if (\Input::get('act') == 'paste' && \Input::get('mode') == 'create' && isset($GLOBALS['TL_DCA'][$strTable]['list']['new'])) {
         throw new AccessDeniedException('Attempt to create a new folder although the method has been overwritten in the data container.');
     }
     // Set IDs and redirect
     if (\Input::post('FORM_SUBMIT') == 'tl_select') {
         $ids = \Input::post('IDS');
         if (empty($ids) || !is_array($ids)) {
             $this->reload();
         }
         // Decode the values (see #5764)
         $ids = array_map('rawurldecode', $ids);
         $session = $objSession->all();
         $session['CURRENT']['IDS'] = $ids;
         $objSession->replace($session);
         if (isset($_POST['edit'])) {
             $this->redirect(str_replace('act=select', 'act=editAll', \Environment::get('request')));
         } elseif (isset($_POST['delete'])) {
             $this->redirect(str_replace('act=select', 'act=deleteAll', \Environment::get('request')));
         } elseif (isset($_POST['cut']) || isset($_POST['copy'])) {
             $arrClipboard = $objSession->get('CLIPBOARD');
             $arrClipboard[$strTable] = array('id' => $ids, 'mode' => isset($_POST['cut']) ? 'cutAll' : 'copyAll');
             $objSession->set('CLIPBOARD', $arrClipboard);
             $this->redirect($this->getReferer());
         }
     }
     $this->strTable = $strTable;
     $this->blnIsDbAssisted = $GLOBALS['TL_DCA'][$strTable]['config']['databaseAssisted'];
     // Check for valid file types
     if ($GLOBALS['TL_DCA'][$this->strTable]['config']['validFileTypes']) {
         $this->arrValidFileTypes = trimsplit(',', $GLOBALS['TL_DCA'][$this->strTable]['config']['validFileTypes']);
     }
     // Call onload_callback (e.g. to check permissions)
     if (is_array($GLOBALS['TL_DCA'][$this->strTable]['config']['onload_callback'])) {
         foreach ($GLOBALS['TL_DCA'][$this->strTable]['config']['onload_callback'] as $callback) {
             if (is_array($callback)) {
                 $this->import($callback[0]);
                 $this->{$callback[0]}->{$callback[1]}($this);
             } elseif (is_callable($callback)) {
                 $callback($this);
             }
         }
     }
     // Get all filemounts (root folders)
     if (is_array($GLOBALS['TL_DCA'][$strTable]['list']['sorting']['root'])) {
         $this->arrFilemounts = $this->eliminateNestedPaths($GLOBALS['TL_DCA'][$strTable]['list']['sorting']['root']);
     }
 }
 public function upload()
 {
     // check for the request token
     if (!\Input::post('requestToken') || !RequestToken::validate(\Input::post('requestToken'))) {
         $objResponse = new ResponseError();
         $objResponse->setMessage('Invalid Request Token!');
         $objResponse->output();
     }
     $objTmpFolder = new \Folder(MultiFileUpload::UPLOAD_TMP);
     $arrUuids = null;
     $varReturn = null;
     // Dropzone Upload
     if (!empty($_FILES)) {
         if (!isset($_FILES[$this->name])) {
             return;
         }
         $strField = $this->name;
         $varFile = $_FILES[$strField];
         // Multi-files upload at once
         if (is_array($varFile['name'])) {
             for ($i = 0; $i < count($varFile['name']); $i++) {
                 $arrFiles = array();
                 foreach (array_keys($varFile) as $strKey) {
                     $arrFiles[$strKey] = $varFile[$strKey][$i];
                 }
                 $arrFile = $this->uploadFile($arrFiles, $objTmpFolder->path, $strField);
                 $varReturn[] = $arrFile;
                 $arrUuids[] = $arrFile['uuid'];
             }
         } else {
             $varReturn = $this->uploadFile($varFile, $objTmpFolder->path, $strField);
             $arrUuids[] = $varReturn['uuid'];
         }
         if ($varReturn !== null) {
             $this->varValue = $arrUuids;
             $objResponse = new ResponseSuccess();
             $objResult = new ResponseData();
             $objResult->setData($varReturn);
             $objResponse->setResult($objResult);
             return $objResponse;
         }
     }
 }