/**
* Serve individual views for Ajax.
*
* /ajax/view/<view_name>?<key/value params>
* /ajax/form/<action_name>?<key/value params>
*
* @param string[] $segments URL segments (not including "ajax")
* @return ResponseBuilder
*
* @see elgg_register_ajax_view()
* @elgg_pagehandler ajax
* @access private
*/
function _elgg_ajax_page_handler($segments)
{
elgg_ajax_gatekeeper();
if (count($segments) < 2) {
return false;
}
if ($segments[0] === 'view' || $segments[0] === 'form') {
if ($segments[0] === 'view') {
// ignore 'view/'
$view = implode('/', array_slice($segments, 1));
} else {
// form views start with "forms", not "form"
$view = 'forms/' . implode('/', array_slice($segments, 1));
}
$ajax_api = _elgg_services()->ajax;
$allowed_views = $ajax_api->getViews();
// cacheable views are always allowed
if (!in_array($view, $allowed_views) && !_elgg_services()->views->isCacheableView($view)) {
return elgg_error_response("Ajax view '{$view}' was not registered", REFERRER, ELGG_HTTP_FORBIDDEN);
}
// pull out GET parameters through filter
$vars = array();
foreach (_elgg_services()->request->query->keys() as $name) {
$vars[$name] = get_input($name);
}
if (isset($vars['guid'])) {
$vars['entity'] = get_entity($vars['guid']);
}
$content_type = '';
if ($segments[0] === 'view') {
$output = elgg_view($view, $vars);
// Try to guess the mime-type
switch ($segments[1]) {
case "js":
$content_type = 'text/javascript;charset=utf-8';
break;
case "css":
$content_type = 'text/css;charset=utf-8';
break;
default:
if (_elgg_services()->views->isCacheableView($view)) {
$file = _elgg_services()->views->findViewFile($view, elgg_get_viewtype());
$content_type = (new \Elgg\Filesystem\MimeTypeDetector())->getType($file, 'text/html');
}
break;
}
} else {
$action = implode('/', array_slice($segments, 1));
$output = elgg_view_form($action, array(), $vars);
}
if ($content_type) {
elgg_set_http_header("Content-Type: {$content_type}");
}
return elgg_ok_response($output);
}
return false;
}
public function testCanPrepareRedirectResponse()
{
$service = $this->createService();
elgg_set_http_header('X-Elgg-Testing: 2', true);
elgg_set_http_header('X-Elgg-Override: 1');
$url = 'http://localhost/foo';
$status_code = ELGG_HTTP_MOVED_PERMANENTLY;
$headers = ['X-Elgg-Response' => true, 'X-Elgg-Override' => '2'];
$response = $service->prepareRedirectResponse($url, $status_code, $headers);
$this->assertInstanceOf(RedirectResponse::class, $response);
$this->assertEquals($url, $response->getTargetURL());
$this->assertEquals($status_code, $response->getStatusCode());
$this->assertTrue($response->headers->get('X-Elgg-Response'));
$this->assertEquals('2', $response->headers->get('X-Elgg-Testing'));
$this->assertEquals('2', $response->headers->get('X-Elgg-Override'));
}
if (empty($vars['title'])) {
$title = elgg_get_config('sitename');
} else {
$title = elgg_get_config('sitename') . ": " . $vars['title'];
}
// Remove RSS from URL
$rssurl = current_page_url();
$url = elgg_http_remove_url_query_element($rssurl, 'view');
$rssurl = htmlspecialchars($url, ENT_NOQUOTES, 'UTF-8');
$url = htmlspecialchars($url, ENT_NOQUOTES, 'UTF-8');
$body = elgg_extract('body', $vars, '');
$description = elgg_extract('description', $vars, '');
$namespaces = elgg_view('extensions/xmlns');
$extensions = elgg_view('extensions/channel');
// allow caching as required by stupid MS products for https feeds.
elgg_set_http_header('Pragma: public');
elgg_set_http_header("Content-Type: text/xml;charset=utf-8");
echo "<?xml version='1.0'?>";
echo <<<END
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:georss="http://www.georss.org/georss" xmlns:atom="http://www.w3.org/2005/Atom" {$namespaces}>
<channel>
\t<title><![CDATA[{$title}]]></title>
\t<link>{$url}</link>
\t<atom:link href="{$rssurl}" rel="self" type="application/rss+xml" />
\t<description><![CDATA[{$description}]]></description>
\t{$extensions}
\t{$body}
</channel>
</rss>
END
;
<?php
$site = elgg_get_site_entity();
$message = $site->getPrivateSetting('elgg_maintenance_message');
if (!$message) {
$message = elgg_echo('admin:maintenance_mode:default_message');
}
elgg_load_css('maintenance');
elgg_set_http_header("HTTP/1.1 503 Service Unavailable");
$body = elgg_view_layout('maintenance', array('message' => $message, 'site' => $site));
echo elgg_view_page($site->name, $body, 'maintenance');
<?php
elgg_set_http_header("Content-type: application/json; charset=UTF-8");
echo json_encode(['foo' => 'bar']);
/**
* Send an updated CSRF token, provided the page's current tokens were not fake.
*
* @return ResponseBuilder
* @access private
*/
public function handleTokenRefreshRequest()
{
if (!elgg_is_xhr()) {
return false;
}
// the page's session_token might have expired (not matching __elgg_session in the session), but
// we still allow it to be given to validate the tokens in the page.
$session_token = get_input('session_token', null, false);
$pairs = (array) get_input('pairs', array(), false);
$valid_tokens = (object) array();
foreach ($pairs as $pair) {
list($ts, $token) = explode(',', $pair, 2);
if ($this->validateTokenOwnership($token, $ts, $session_token)) {
$valid_tokens->{$token} = true;
}
}
$ts = $this->getCurrentTime()->getTimestamp();
$token = $this->generateActionToken($ts);
$data = array('token' => array('__elgg_ts' => $ts, '__elgg_token' => $token, 'logged_in' => $this->session->isLoggedIn()), 'valid_tokens' => $valid_tokens, 'session_token' => $this->session->get('__elgg_session'), 'user_guid' => $this->session->getLoggedInUserGuid());
elgg_set_http_header("Content-Type: application/json;charset=utf-8");
return elgg_ok_response($data);
}
<?php
/**
* Elgg JSON output pageshell
*
* @package Elgg
* @subpackage Core
*
* @uses $vars['body']
*/
elgg_set_http_header("Content-Type: application/json;charset=utf-8");
echo $vars['body'];
// backward compatibility
global $jsonexport;
if (isset($jsonexport)) {
elgg_deprecated_notice("Using \$jsonexport to produce json output has been deprecated", 1.9);
echo json_encode($jsonexport);
}
<?php
/**
* Page shell for all HTML pages
*
* @uses $vars['head'] Parameters for the <head> element
* @uses $vars['body_attrs'] Attributes of the <body> tag
* @uses $vars['body'] The main content of the page
*/
// Set the content type
elgg_set_http_header("Content-type: text/html; charset=UTF-8");
$lang = get_current_language();
$attrs = "";
if (isset($vars['body_attrs'])) {
$attrs = elgg_format_attributes($vars['body_attrs']);
if ($attrs) {
$attrs = " {$attrs}";
}
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php
echo $lang;
?>
" lang="<?php
echo $lang;
?>
">
<head>
<?php
echo $vars["head"];
/**
* Elgg install pageshell
*
* @uses $vars['title'] The page title
* @uses $vars['body'] The main content of the page
* @uses $vars['sysmessages'] Array of system status messages
*/
use Elgg\Filesystem\Directory;
$title = elgg_echo('install:title');
$title .= " : {$vars['title']}";
// we won't trust server configuration but specify utf-8
elgg_set_http_header('Content-type: text/html; charset=utf-8');
// turn off browser caching
elgg_set_http_header('Pragma: public', TRUE);
elgg_set_http_header("Cache-Control: no-cache, must-revalidate", TRUE);
elgg_set_http_header('Expires: Fri, 05 Feb 1982 00:00:00 -0500', TRUE);
$isElggAtRoot = Elgg\Application::elggDir()->getPath() === Directory\Local::root()->getPath();
$elggSubdir = $isElggAtRoot ? '' : 'vendor/elgg/elgg/';
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title><?php
echo $title;
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0">
<link rel="icon" href="<?php
echo elgg_get_site_url() . $elggSubdir;
?>
<?php
/**
* Elgg failsafe pageshell
* Special viewtype for rendering exceptions. Includes minimal code so as not to
* create a "Exception thrown without a stack frame in Unknown on line 0" error
*
* @package Elgg
* @subpackage Core
*
* @uses $vars['title'] The page title
* @uses $vars['body'] The main content of the page
*/
// we won't trust server configuration but specify utf-8
elgg_set_http_header('Content-type: text/html; charset=utf-8');
?>
<!DOCTYPE html>
<html>
<head>
<title><?php
echo $vars['title'];
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
body {
text-align:left;
margin:0;
padding:0;
<?php
$type = elgg_extract('type', $vars);
$params = elgg_extract('params', $vars, []);
if (elgg_view_exists("errors/{$type}")) {
$title = elgg_echo("error:{$type}:title");
if ($title == "error:{$type}:title") {
// use default if there is no title for this error type
$title = elgg_echo("error:default:title");
}
$content = elgg_view("errors/{$type}", $params);
} else {
$title = elgg_echo("error:default:title");
$content = elgg_view("errors/default", $params);
}
$httpCodes = array('400' => 'Bad Request', '401' => 'Unauthorized', '403' => 'Forbidden', '404' => 'Not Found', '407' => 'Proxy Authentication Required', '500' => 'Internal Server Error', '503' => 'Service Unavailable');
if (isset($httpCodes[$type])) {
elgg_set_http_header("HTTP/1.1 {$type} {$httpCodes[$type]}");
}
$layout = elgg_in_context('admin') && elgg_is_admin_logged_in() ? 'admin' : 'error';
$body = elgg_view_layout($layout, array('title' => $title, 'content' => $content));
$shell = $layout;
if (!elgg_is_logged_in() && elgg_get_config('walled_garden')) {
$shell = 'walled_garden';
}
echo elgg_view_page($title, $body, $shell);
