public function postrender()
{
if (!$this->used) {
return '';
}
// Go through all the inline scripts and sanitize
$sanitized_scripts = array();
if ($this->script_infos) {
foreach ($this->script_infos as $script_info) {
if (isset($script_info['inline'])) {
$sanitized_scripts[] = array('inline' => self::sanitize_code($script_info['inline'], $this->appid));
} else {
if (isset($script_info['src'])) {
// FBOPEN:NOTE - if js sources are fetched from outside, these will
// have to be fetched, cached, sanitized, and stored. Requests then
// would need to be directed to your cached version. The open source
// code at this point does not support such caching.
// $sanitized_scripts[] = array('src' => FBJSUrlRef::get_url($script_info['src'], $this->appid, 'js'));
}
}
}
}
// If this is our first postrender build some bootstrapping code
$bootstrap = false;
if (!$this->postrendered) {
$bootstrap = 'var app=new fbjs_sandbox(' . $this->appid . ');';
$profile = $this->fbml->get_env('profile', false, 0);
$validation_vars = get_fb_validation_vars(array('user' => $this->user), $this->appid, $profile ? array('profile' => $profile) : array());
$bootstrap .= 'app.validation_vars=' . json_encode($validation_vars) . ';';
$context = $this->fbml->add_context();
$bootstrap .= 'app.context=\'' . escape_js_quotes($context) . '\';';
$bootstrap .= 'app.contextd=\'' . escape_js_quotes($this->fbml->_contexts[$context]) . '\';';
$bootstrap .= 'app.data=' . json_encode(array('user' => $this->user, 'installed' => $this->user ? is_platform_app_installed($this->appid, $this->user) : false, 'loggedin' => $this->user ? (bool) api_get_valid_session_key($this->user, $this->appid) : false)) . ';';
}
// Render all inline scripts
$html = '';
if ($this->fbml->_flavor->allows('script_onload')) {
if (!$this->postrendered) {
$bootstrap .= 'app.bootstrap();';
}
foreach ($sanitized_scripts as $script) {
if (isset($script['inline'])) {
$html .= render_js_inline($script['inline']) . "\n";
} else {
$script_include = '<script src="' . $script['src'] . '"></script>';
$html .= $script_include;
}
}
} else {
foreach ($sanitized_scripts as $script) {
if (isset($script['inline'])) {
$bootstrap .= 'app.pending_bootstraps.push(\'' . escape_js_quotes($script['inline']) . '\');';
} else {
// We don't support script include for this flavor at this time.
throw new FBMLJSParseError('Cannot allow external script');
}
}
}
$this->used = false;
$this->postrendered = true;
return render_js_inline($bootstrap) . $html;
}
} else {
if (is_array($value)) {
render_fbjs_ajax_fbml_recursive($impl, $array[$key]);
}
}
}
}
$data = null;
try {
$impl = fbml_mock_ajax_get_impl($post_fb_mockajax_context, $post_fb_mockajax_context_hash);
$post_vars = array('user' => $user);
$others = array('is_ajax' => 1);
if ($profile = $impl->get_env('profile', false, 0)) {
$others['profile'] = $profile;
}
$post_vars = get_fb_validation_vars($post_vars, $app_id, $others, array(), $post_require_login);
try {
$response = http_post($post_url, array_merge($post_query, $post_vars));
} catch (HTTPNoDataException $e) {
$response = '';
} catch (HTTPException $e) {
// We die so that onerror will be called in JS on the user's browser
die('');
}
$fbml_env = array('user' => $user, 'app_id' => $app_id, 'unfiltered_css' => false, 'user_triggered' => true);
switch ($post_type) {
case $FBJS_TYPES['RAW']:
$data = $response;
break;
case $FBJS_TYPES['JSON']:
// We need `loose' decoding which accepts unquoted keys, etc. json_decode doesn't provide this,
public function open_form($node)
{
$hidden_inputs = array();
$flavor_codes = fbml_flavors_get_codes();
$page = 0;
if (($profile = $this->get_env('profile', false)) != null) {
$hidden_inputs['profile'] = $profile;
$page = obj_is_fbpage($profile) ? $profile : 0;
}
if ($this->_fbml_impl->_flavor->get_flavor_code() == $flavor_codes['CANVAS_PAGE']) {
$page = $this->get_env('fb_page_id', false);
}
$who = array('user' => $this->get_env('user'));
if ($page) {
$hidden_inputs += api_canvas_parameters_other_fbpage($page, $this->get_env('user'));
$who['page'] = $page;
}
$require_login = $node->attr_bool('requirelogin', true) && !$this->get_env('loggedout', false);
$hidden_inputs = get_fb_validation_vars($who, $this->get_env('app_id'), $hidden_inputs, array(), $require_login);
$attributes = $this->node_get_safe_attrs($node);
if (isset($attributes['name'])) {
unset($attributes['name']);
}
if (isset($attributes['action'])) {
$allow_rel = $this->allows('relative_urls');
$attributes['action'] = $this->validate_url($attributes['action'], true, $allow_rel, false);
}
if ($require_login) {
// check for a valid session
$session_key = api_get_valid_session_key($this->get_env('user'), $this->get_env('app_id'));
if (!$session_key && $this->_fbml_impl->_flavor->allows('script')) {
$onsubmit = 'var form = this; ';
$onsubmit .= 'FBML.requireLogin(' . $this->get_env('app_id') . ', function() { FBML.addHiddenInputs(form); form.submit(); });';
$onsubmit .= 'return false;';
$attributes['onsubmit'] = $onsubmit;
}
}
$html = $this->render_html_open_tag('form', $attributes);
foreach ($hidden_inputs as $name => $val) {
$html .= $this->render_hidden_input($name, $val);
}
return $html;
}
} else {
$in_post_tuples = php_input_raw_post_vars();
$post_tuples = array();
foreach ($in_post_tuples as $param_val) {
$post_tuples[] = $param_val;
}
}
list($others, $post_vars) = api_get_valid_fb_params($in_post_vars, $app_info['secret']);
// If we took POST tuples that we want to pass along raw, then we
// won't use the vars we got from $_POST
if ($post_tuples !== null) {
$post_vars = array();
}
$others += api_canvas_parameters();
$data_params = api_canvas_parameters_other($app_id, $user);
$post_vars += get_fb_validation_vars($user, $app_id, $others, $data_params);
$path_str = '/' . $url_suffix;
if (($char_pos = strpos($path_str, '?', 0)) !== false) {
$path_str = substr($path_str, 0, $char_pos);
}
$char_pos = strrpos($path_str, '/', 0);
if ($char_pos > 0) {
$path_str = substr($path_str, 0, $char_pos + 1);
}
try {
try {
$fbml_from_callback = http_post($url, $post_vars, array('post_tuples' => $post_tuples));
} catch (HTTPErrorException $e) {
print "got http exception: " . $e->getCode();
exit;
header('HTTP/1.x ' . $e->getCode());
