if (isset($_SESSION['retrievedZips']) && basename($_SERVER['PHP_SELF']) != 'metadataStatus.php') {
unset($_SESSION['retrievedZips']);
}
if (WorkbenchContext::isEstablished() && isset($_REQUEST['clearCache'])) {
WorkbenchContext::get()->clearCache();
$cacheCleared = true;
}
// PATH_INFO can include malicious scripts and never used purposely in Workbench.
if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != "") {
httpError("400 Bad Request", "Path info trailing script name in URI not allowed.");
}
if (WorkbenchConfig::get()->value("requireSSL") && !usingSslEndToEnd()) {
if (WorkbenchContext::isEstablished()) {
WorkbenchContext::get()->release();
}
httpError("403.4 SSL Required", "Secure connection to Workbench and Salesforce required");
//TODO: what do we want to do here?
}
//kick user back to login page for any page that requires a session and one isn't established
$myPage = getMyPage();
if (!isLoggedIn() && $myPage->requiresSfdcSession) {
session_unset();
session_destroy();
header('Location: login.php');
exit;
}
if (!$myPage->isReadOnly && isReadOnlyMode()) {
throw new WorkbenchHandledException("This page is not accessible in read-only mode");
}
if (WorkbenchContext::isEstablished() && !$myPage->isReadOnly && $_SERVER['REQUEST_METHOD'] == 'POST') {
validateCsrfToken();
<?php
require_once 'shared.php';
require_once 'config/constants.php';
require_once 'config/WorkbenchConfig.php';
require_once 'context/WorkbenchContext.php';
require_once 'soxl/QueryObjects.php';
foreach (scandir('async') as $f) {
if ($f == "." || $f == "..") {
continue;
}
require_once "async/{$f}";
}
// block direct web access
if (php_sapi_name() != 'cli') {
httpError(404, "Not Found");
}
$_SERVER['REMOTE_ADDR'] = 'CLI-' . getmypid();
$_SERVER['REQUEST_METHOD'] = 'ASYNC';
// future result gc
$frKeys = redis()->keys(FutureResult::RESULT . "*");
foreach ($frKeys as $frKey) {
$asyncId = substr($frKey, strlen(FutureResult::RESULT));
if (!redis()->exists(FUTURE_LOCK . $asyncId)) {
redis()->del($frKey);
workbenchLog(LOG_INFO, "FutureResultGC", array("async_id" => $asyncId, "request_id" => $task->requestId, "measure.async.gc.result" => 1 . "result"));
}
}
workbenchLog(LOG_INFO, "FutureTaskQueueDepth", array("measure.async.queue_depth" => redis()->llen(FutureTask::QUEUE) . "task"));
while (true) {
try {
<?php
require_once "context/WorkbenchContext.php";
require_once "util/PhpReverseProxy.php";
require_once "session.php";
if (!WorkbenchContext::isEstablished()) {
httpError("401 Unauthorized", "CometD Proxy only available if Workbench Context has been established.");
exit;
}
// dereference session-based vars so we can close the session before entering the proxy
// this will allow concurrent long requests on the same session to work better
$host = WorkbenchContext::get()->getHost();
$apiVersion = WorkbenchContext::get()->getApiVersion();
$forceSSL = WorkbenchContext::get()->isSecure();
$sessionId = WorkbenchContext::get()->getSessionId();
session_write_close();
$proxy = new PhpReverseProxy();
$proxy->headers[] = "Authorization: OAuth {$sessionId}";
$proxy->host = $host;
$proxy->forceSSL = $forceSSL;
$proxy->forward_path = "/cometd/{$apiVersion}";
$proxy->cookie_whitelist = array("sfdc-stream", "BAYEUX_BROWSER");
$proxy->proxy_settings = getProxySettings();
$proxy->is_forward_path_static = true;
$proxy->connect();
$proxy->output();
function validateCsrfToken($doError = true)
{
if (isset($GLOBALS['SKIP_CSRF_VALIDATION'])) {
return true;
}
if (!isset($_REQUEST['CSRF_TOKEN']) || $_REQUEST['CSRF_TOKEN'] != getCsrfToken()) {
if ($doError) {
httpError("403 Forbidden", "Invalid or missing required CSRF token");
} else {
return false;
}
}
return true;
}
<?php
include_once "session.php";
include_once "shared.php";
include_once "async/futures.php";
session_write_close();
set_exception_handler('handleAllExceptionsNoHeaders');
try {
echo FutureResult::fromId($_REQUEST['async_id'])->get((int) $_REQUEST['wait_for']);
} catch (TimeoutException $te) {
httpError("202", "Accepted");
} catch (UnknownAsyncIdException $ue) {
httpError("404", "Not Found");
}