Exemplo n.º 1
0
 public function redirect($url, Request $request, Response $response, $code = 302)
 {
     // prevent header attacks
     $url = str_replace(array("\n", "\r"), '', $url);
     if (!preg_match('|^[a-z]+://|', $url)) {
         $base = rtrim($request->getBaseUrl(), '/');
         if ($base && '/' != $base) {
             $url = $base . '/' . ltrim($url, '/');
         } else {
             $url = '/' . ltrim($url, '/');
         }
     }
     if (!preg_match('#^(https?|ftp)://#', $url)) {
         $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
         $proto = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== "off" ? 'https' : 'http';
         $port = isset($_SERVER['SERVER_PORT']) ? $_SERVER['SERVER_PORT'] : 80;
         $uri = $proto . '://' . $host;
         if ('http' == $proto && 80 != $port || 'https' == $proto && 443 != $port) {
             // do not append if HTTP_HOST already contains port
             if (strrchr($host, ':') === false) {
                 $uri .= ':' . $port;
             }
         }
         $url = $uri . '/' . ltrim($url, '/');
     }
     $response->setRedirect($url, $code);
     $response->sendHeaders();
     exit;
 }
Exemplo n.º 2
0
 public function handle(Request $request, Response $response, array $config)
 {
     $view = new View(__DIR__ . '/../View');
     $view->page = $request->getRequestUri();
     header("Status: 404 Not Found");
     echo $view->render('404');
 }
Exemplo n.º 3
0
 public function run()
 {
     try {
         $request = new Request();
         $response = new Response();
         $matches = $this->config->get('mapper')->match($this->urlPath ? $this->urlPath : $request->getRequestUri());
         if ($matches === false) {
             $error = new \Error\Pages\Index();
             $error->doHandle($request, $response, $this->config->all());
         } else {
             if (!class_exists($matches['class'])) {
                 throw new \RuntimeException($matches['class'] . ' class does not exist');
             }
             /**
              * Class to module - page map
              * 
              * 		Test\Pages\Index
              * 		\__/       \___/ 
              * 	   module       page
              */
             // figure out module
             $module = substr($matches['class'], 0, stripos($matches['class'], '\\'));
             // add module to request
             $request->setModule($module);
             // add page to request
             $request->setPage(substr($matches['class'], strrpos($matches['class'], '\\') + 1));
             // set the request params
             $request->setParams($matches['matches']);
             // initiate the page
             $page = new $matches['class']();
             // if module config is enabled, merge it with the main config
             if ($page->isConfigEnabled() && file_exists($file = BASE_PATH . '/app/' . $module . '/Config/module.ini')) {
                 $moduleConfig = new Configuration($file);
                 $this->config->merge($moduleConfig);
             }
             // start output buffering
             $level = ob_get_level();
             ob_start();
             // execute page code
             $page->doHandle($request, $response, $this->config->all());
             $content = ob_get_clean();
             $response->appendBody($content);
             $response->sendResponse();
         }
     } catch (\Exception $e) {
         if ($this->config->get('env') == 'development') {
             $level = ob_get_level();
             while (ob_get_level() > $level) {
                 ob_end_clean();
             }
             $exc = new \Error\Pages\Exc();
             $exc->debug($e);
         }
     }
 }
Exemplo n.º 4
0
 /**
  * Check to see if the user is allowed for the request.
  * 
  * @param Request $request
  * @return boolean
  */
 public function isAllowed(Request $request)
 {
     $mod = $request->getModule();
     $page = $request->getPage();
     foreach ($this->resources as $res) {
         if ($res['module'] === $mod && $res['page'] === $page) {
             $request->setResourceParams($res['params']);
             return true;
         }
     }
     return false;
 }
Exemplo n.º 5
0
 /**
  * Each request needs to be checked against CSRF. 
  * 
  * @param Request $request
  * @param Response $response
  * @param array $config
  */
 public function doHandle(Request $request, Response $response, array $config)
 {
     $isAjax = $request->isXmlHttpRequest();
     $acl = Acl::getInstance();
     // bail out if user doesn't have permissions
     if (!$acl->isAllowed($request)) {
         $this->forward($request, $response, $isAjax);
         return;
     }
     $user = $acl->getUser();
     // bail out if the user is locked
     if ($user && $user['is_locked'] == 1) {
         $this->forward($request, $response);
         return;
     }
     /**
      * Ajax - check CSRF.
      */
     if ($isAjax && ($headers = apache_request_headers()) && (!isset($headers['X-CSRF-Token']) || $headers['X-CSRF-Token'] !== $_SESSION['__token'])) {
         $this->forward($request, $response, true);
         return;
     }
     /**
      * Don't deliver sensitive data against GET request.
      * 
      * POST - check CSRF.
      * 
      * @TODO IMPROVE / FIND AN EFFICIENT WAY TO CHECK AGAINST GET REQUESTS
      */
     if (!$isAjax && $request->isPost() && (($sec = $request->getParam('sec')) === null || (!isset($_SESSION['__token']) || $_SESSION['__token'] !== $sec))) {
         var_dump($_SESSION);
         exit;
         $this->forward($request, $response);
         return;
     }
     return $this->handle($request, $response, $config);
 }