/** * Redirect to given url * * @param string $url relative path or full url * @param array $params associative array of query parameters * @param array $flashData associative array of properties to be set in $_SESSION for one time use * @param int $status http status code to send the response with ideally 301 or 302 * * @return array */ public static function to($url, array $params = array(), array $flashData = array(), $status = 302) { $url = ltrim($url, '/'); /** @var $r Restler */ $r = Scope::get('Restler'); $base = $r->getBaseUrl() . '/'; if (0 !== strpos($url, 'http')) { $url = $base . $url; } if (!empty($flashData) || $base . $r->url !== $url || Util::getRequestMethod() != 'GET') { if ($r->responseFormat instanceof JsonFormat) { return array('redirect' => $url); } if (!empty($params)) { $url .= '?' . http_build_query($params); } Flash::set($flashData); header("{$_SERVER['SERVER_PROTOCOL']} {$status} " . (isset(RestException::$codes[$status]) ? RestException::$codes[$status] : '')); header("Location: {$url}"); die(''); } return array(); }
/** * An initialize function to allow use of the restler error generation * functions for pre-processing and pre-routing of requests. */ public function init() { if (Defaults::$crossOriginResourceSharing && $this->requestMethod == 'OPTIONS') { if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) { header('Access-Control-Allow-Methods: ' . Defaults::$accessControlAllowMethods); } if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) { header('Access-Control-Allow-Headers: ' . $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']); } exit(0); } if (empty($this->formatMap)) { $this->setSupportedFormats('JsonFormat'); } $this->url = $this->getPath(); $this->requestMethod = Util::getRequestMethod(); $this->responseFormat = $this->getResponseFormat(); $this->requestFormat = $this->getRequestFormat(); $this->responseFormat->restler = $this; if (is_null($this->requestFormat)) { $this->requestFormat = $this->responseFormat; } else { $this->requestFormat->restler = $this; } if (isset($_SERVER['HTTP_ACCEPT_CHARSET'])) { $found = false; $charList = Util::sortByPriority($_SERVER['HTTP_ACCEPT_CHARSET']); foreach ($charList as $charset => $quality) { if (in_array($charset, Defaults::$supportedCharsets)) { $found = true; Defaults::$charset = $charset; break; } } if (!$found) { if (strpos($_SERVER['HTTP_ACCEPT_CHARSET'], '*') !== false) { //use default charset } else { $this->handleError(406, 'Content negotiation failed. ' . "Requested charset is not supported"); } } } if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $found = false; $langList = Util::sortByPriority($_SERVER['HTTP_ACCEPT_LANGUAGE']); foreach ($langList as $lang => $quality) { foreach (Defaults::$supportedLanguages as $supported) { if (strcasecmp($supported, $lang) == 0) { $found = true; Defaults::$language = $supported; break; } } } if (!$found) { if (strpos($_SERVER['HTTP_ACCEPT_LANGUAGE'], '*') !== false) { //use default language } else { //ignore } } } }
/** * read the request details * * Find out the following * - baseUrl * - url requested * - version requested (if url based versioning) * - http verb/method * - negotiate content type * - request data * - set defaults */ protected function get() { $this->dispatch('get'); if (empty($this->formatMap)) { $this->setSupportedFormats('JsonFormat'); } $this->url = $this->getPath(); $this->requestMethod = Util::getRequestMethod(); $this->requestFormat = $this->getRequestFormat(); $this->requestData = $this->getRequestData(false); //parse defaults foreach ($_GET as $key => $value) { if (isset(Defaults::$aliases[$key])) { $_GET[Defaults::$aliases[$key]] = $value; unset($_GET[$key]); $key = Defaults::$aliases[$key]; } if (in_array($key, Defaults::$overridables)) { Defaults::setProperty($key, $value); } } }
/** * Access verification method. * * API access will be denied when this method returns false * * @return boolean true when api access is allowed false otherwise * * @throws RestException 403 security violation */ public function __isAllowed() { if (session_id() == '') { session_start(); } /** @var Restler $restler */ $restler = $this->restler; $url = $restler->url; foreach (static::$excludedPaths as $exclude) { if (empty($exclude)) { if ($url == $exclude) { return true; } } elseif (String::beginsWith($url, $exclude)) { return true; } } $check = static::$filterFormRequestsOnly ? $restler->requestFormat instanceof UrlEncodedFormat || $restler->requestFormat instanceof UploadFormat : true; if (!empty($_POST) && $check) { if (isset($_POST[static::FORM_KEY]) && ($target = Util::getRequestMethod() . ' ' . $restler->url) && isset($_SESSION[static::FORM_KEY][$target]) && $_POST[static::FORM_KEY] == $_SESSION[static::FORM_KEY][$target]) { return true; } throw new RestException(403, 'Insecure form submission'); } return true; }