function se_framework_exception_handler($e) { if (!DEBUG) { page_not_found(); } // display Profiler include SYSPATH . '/core/Profiler' . EXT; Profiler::displayTrace($e); Profiler::display(); }
/** * Dispathes the execution control to correct controller * * @return nothing */ function fn_dispatch() { Profiler::checkpoint('After init'); fn_set_hook('before_dispatch'); $regexp = "/^[a-zA-Z0-9_\\+]+\$/"; $view =& Registry::get('view'); $run_controllers = true; $external = false; $status = CONTROLLER_STATUS_NO_PAGE; // Security if (Registry::get('config.tweaks.anti_csfr') == true) { if ($_SERVER['REQUEST_METHOD'] == 'POST' && (empty($_SESSION['security_hash']) || empty($_REQUEST['security_hash']) || $_REQUEST['security_hash'] != $_SESSION['security_hash'])) { die('Access denied: CSRF attack'); } } //If $config['http_host'] was different from the domain name, there was redirection to $config['http_host'] value. if ((defined('HTTPS') ? Registry::get('config.https_host') : Registry::get('config.http_host')) != REAL_HOST && $_SERVER['REQUEST_METHOD'] == 'GET' && !defined('CONSOLE')) { fn_redirect((defined('HTTPS') ? Registry::get('config.https_location') : Registry::get('config.http_location')) . '/' . Registry::get('config.current_url')); } if (isset($_SERVER['CONTENT_LENGTH']) && ($_SERVER['CONTENT_LENGTH'] > fn_return_bytes(ini_get('upload_max_filesize')) || $_SERVER['CONTENT_LENGTH'] > fn_return_bytes(ini_get('post_max_size')))) { $max_size = fn_return_bytes(ini_get('upload_max_filesize')) < fn_return_bytes(ini_get('post_max_size')) ? ini_get('upload_max_filesize') : ini_get('post_max_size'); $msg = fn_get_lang_var('text_forbidden_uploaded_file_size'); $msg = str_replace('[size]', $max_size, $msg); fn_set_notification('E', fn_get_lang_var('error'), $msg); fn_redirect($_SERVER['HTTP_REFERER'], false); } // If URL contains session ID, remove it if (!empty($_REQUEST[SESS_NAME]) && $_SERVER['REQUEST_METHOD'] == 'GET') { fn_redirect(fn_query_remove(Registry::get('config.current_url'), SESS_NAME)); } if (!preg_match($regexp, CONTROLLER) || !preg_match($regexp, MODE)) { $status = CONTROLLER_STATUS_NO_PAGE; $run_controllers = false; } // If demo mode is enabled, check permissions FIX ME - why did we need one more user login check? if (AREA == 'A') { if (Registry::get('config.demo_mode') == true) { $run_controllers = fn_check_permissions(CONTROLLER, MODE, 'demo'); if ($run_controllers == false) { fn_set_notification('W', fn_get_lang_var('demo_mode'), fn_get_lang_var('demo_mode_content_text')); if (defined('AJAX_REQUEST')) { exit; } $status = CONTROLLER_STATUS_REDIRECT; $_REQUEST['redirect_url'] = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : INDEX_SCRIPT; } } elseif (!empty($_SESSION['auth']['usergroup_ids']) || defined('COMPANY_ID')) { $run_controllers = fn_check_permissions(CONTROLLER, MODE, 'admin', '', $_REQUEST); if ($run_controllers == false) { if (defined('AJAX_REQUEST')) { $ajax =& Registry::get('ajax'); $force_redirection = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; //$ajax->assign('force_redirection', $force_redirection); $_info = defined('DEVELOPMENT') ? ' ' . CONTROLLER . '.' . MODE : ''; fn_set_notification('W', fn_get_lang_var('warning'), fn_get_lang_var('access_denied') . $_info, true); exit; } $status = CONTROLLER_STATUS_DENIED; } } } // Check if request was rewritten and not handled // In this case this means that request was incorrect if (isset($_REQUEST['sef_rewrite'])) { $status = CONTROLLER_STATUS_NO_PAGE; $run_controllers = false; } if (AREA == 'A' && Registry::get('settings.General.secure_admin') == 'Y' && !defined('HTTPS') && $_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST') && empty($_REQUEST['keep_location']) && !defined('CONSOLE')) { fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url')); } elseif (AREA == 'C' && $_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST')) { $secure_controllers = fn_get_secure_controllers(); // if we are not on https but controller is secure, redirect to https if (isset($secure_controllers[CONTROLLER]) && $secure_controllers[CONTROLLER] == 'active' && !defined('HTTPS')) { fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url')); } // if we are on https and the controller is insecure, redirect to http if (!isset($secure_controllers[CONTROLLER]) && defined('HTTPS') && Registry::get('settings.General.keep_https') != 'Y') { fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url')); } } if (AREA == 'A') { fn_init_last_view($_REQUEST); } $controllers_cascade = array(); $controllers_list = array('init'); if ($run_controllers == true) { $controllers_list[] = CONTROLLER; $controllers_list = array_unique($controllers_list); } foreach ($controllers_list as $ctrl) { $core_controllers = fn_init_core_controllers($ctrl); list($addon_controllers) = fn_init_addon_controllers($ctrl); if (empty($core_controllers) && empty($addon_controllers)) { $controllers_cascade = array(); $status = CONTROLLER_STATUS_NO_PAGE; break; } if (count($core_controllers) + count($addon_controllers) > 1) { die('Duplicate controller ' . CONTROLLER . fn_print_r(array_merge($core_controllers, $addon_controllers), 1)); } $core_pre_controllers = fn_init_core_controllers($ctrl, GET_PRE_CONTROLLERS); $core_post_controllers = fn_init_core_controllers($ctrl, GET_POST_CONTROLLERS); list($addon_pre_controllers) = fn_init_addon_controllers($ctrl, GET_PRE_CONTROLLERS); list($addon_post_controllers, $addons) = fn_init_addon_controllers($ctrl, GET_POST_CONTROLLERS); // we put addon post-controller to the top of post-controller cascade if current addon serves this request if (count($addon_controllers)) { $addon_post_controllers = fn_reorder_post_controllers($addon_post_controllers, $addon_controllers[0]); } $controllers_cascade = array_merge($controllers_cascade, $addon_pre_controllers, $core_pre_controllers, $core_controllers, $addon_controllers, $core_post_controllers, $addon_post_controllers); if (empty($controllers_cascade)) { die("No controllers for: {$controller}"); } } if (MODE == 'add') { $tpl = 'update.tpl'; } elseif (strpos(MODE, 'add_') === 0) { $tpl = str_replace('add_', 'update_', MODE) . '.tpl'; } else { $tpl = MODE . '.tpl'; } $view =& Registry::get('view'); if ($view->template_exists('views/' . CONTROLLER . '/' . $tpl)) { // try to find template in base views $view->assign('content_tpl', 'views/' . CONTROLLER . '/' . $tpl); } elseif (defined('LOADED_ADDON_PATH') && $view->template_exists('addons/' . LOADED_ADDON_PATH . '/views/' . CONTROLLER . '/' . $tpl)) { // try to find template in addon views $view->assign('content_tpl', 'addons/' . LOADED_ADDON_PATH . '/views/' . CONTROLLER . '/' . $tpl); } elseif (!empty($addons)) { // try to find template in addon views that extend base views foreach ($addons as $addon => $_v) { if ($view->template_exists('addons/' . $addon . '/views/' . CONTROLLER . '/' . $tpl)) { $view->assign('content_tpl', 'addons/' . $addon . '/views/' . CONTROLLER . '/' . $tpl); break; } } } foreach ($controllers_cascade as $item) { $_res = fn_run_controller($item); // 0 - status, 1 - url $external = !empty($_res[2]) ? $_res[2] : false; $url = !empty($_res[1]) ? $_res[1] : ''; // Status could be changed only if we allow to run controllers despite of init controller if ($run_controllers == true) { $status = !empty($_res[0]) ? $_res[0] : CONTROLLER_STATUS_OK; } if ($status == CONTROLLER_STATUS_OK && !empty($url)) { $redirect_url = $url; } elseif ($status == CONTROLLER_STATUS_REDIRECT && !empty($url)) { $redirect_url = $url; break; } elseif ($status == CONTROLLER_STATUS_DENIED || $status == CONTROLLER_STATUS_NO_PAGE) { break; } } if (AREA == 'A') { fn_init_view_tools($_REQUEST); } // In console mode, just stop here if (defined('CONSOLE')) { exit; } // Redirect if controller returned successful/redirect status only if (in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT)) && !empty($_REQUEST['redirect_url']) && !$external) { $redirect_url = $_REQUEST['redirect_url']; } // If controller returns "Redirect" status, check if redirect url exists if ($status == CONTROLLER_STATUS_REDIRECT && empty($redirect_url)) { $status = CONTROLLER_STATUS_NO_PAGE; } // Attach params and redirect if needed if (in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT)) && !empty($redirect_url)) { $params = array('page', 'selected_section'); $url_params = array(); foreach ($params as $param) { if (!empty($_REQUEST[$param])) { $url_params[] = "{$param}=" . $_REQUEST[$param]; } } if (!empty($url_params)) { $redirect_url .= (strpos($redirect_url, '?') === false ? '?' : '&') . implode('&', $url_params); } if (!isset($external)) { $external = false; } fn_redirect($redirect_url, false, $external); } if (!$view->get_var('content_tpl') && $status == CONTROLLER_STATUS_OK) { // FIXME $status = CONTROLLER_STATUS_NO_PAGE; } if ($status != CONTROLLER_STATUS_OK) { if ($status == CONTROLLER_STATUS_NO_PAGE) { header(' ', true, 404); } $view->assign('exception_status', $status); $view->assign('content_tpl', 'exception.tpl'); if ($status == CONTROLLER_STATUS_DENIED) { $view->assign('page_title', fn_get_lang_var('access_denied')); } elseif ($status == CONTROLLER_STATUS_NO_PAGE) { $view->assign('page_title', fn_get_lang_var('page_not_found')); } if (AREA != 'A') { Registry::set('root_template', 'exception.tpl'); } } Profiler::checkpoint('Before TPL'); Registry::get('view')->display(Registry::get('root_template')); Profiler::checkpoint('After TPL'); Profiler::display(); fn_set_hook('complete'); exit; // stop execution }