public function httpError($code, $message = null)
{
$response = new SS_HTTPResponse();
$response->setStatusCode($code);
$response->addHeader('Content-Type', 'text/html');
return $response;
}
/**
* Action to handle upload of a single file
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
* @return SS_HTTPResponse
*/
public function upload(SS_HTTPRequest $request)
{
if ($this->isDisabled() || $this->isReadonly() || !$this->canUpload()) {
return $this->httpError(403);
}
// Protect against CSRF on destructive action
$token = $this->getForm()->getSecurityToken();
if (!$token->checkRequest($request)) {
return $this->httpError(400);
}
// Get form details
$name = $this->getName();
$postVars = $request->postVar($name);
// Save the temporary file into a File object
$uploadedFiles = $this->extractUploadedFileData($postVars);
$firstFile = reset($uploadedFiles);
$file = $this->saveTemporaryFile($firstFile, $error);
if (empty($file)) {
$return = array('error' => $error);
} else {
$return = $this->encodeFileAttributes($file);
}
// Format response with json
$response = new SS_HTTPResponse(Convert::raw2json(array($return)));
$response->addHeader('Content-Type', 'text/plain');
if (!empty($return['error'])) {
$response->setStatusCode(200);
}
return $response;
}
public function handleRequest(SS_HTTPRequest $request, DataModel $model = NULL)
{
$body = null;
$lang = i18n::get_locale();
$path = Config::inst()->get('UniversalErrorPage', 'DefaultPath');
if (!$path) {
$path = $this->defaultErrorPagePath;
}
$forCode = Config::inst()->get('UniversalErrorPage', $this->ErrorCode);
$localeForCode = preg_replace('/\\.([a-z]+)$/i', '-' . $lang . '.$1', $forCode);
$errorPages = array($localeForCode, $forCode, $path . "error-{$this->ErrorCode}-{$lang}.html", $path . "error-{$this->ErrorCode}-{$lang}.php", $path . "error-{$lang}.html", $path . "error-{$lang}.php", $path . 'error.html', $path . 'error.php');
$this->extend('updateHandleRequest', $errorPages);
// now check if any of the pages exist
foreach ($errorPages as $errorPage) {
if (!$body && file_exists($errorPage)) {
$ext = pathinfo($errorPage, PATHINFO_EXTENSION);
if ($ext == 'php') {
ob_start();
include $errorPage;
$body = ob_get_clean();
} else {
$body = file_get_contents($errorPage);
}
break;
}
}
if ($body) {
$response = new SS_HTTPResponse();
$response->setStatusCode($this->ErrorCode);
$response->setBody($body);
return $response;
}
return parent::handleRequest($request, $model);
}
public function OnSitePhoneForm()
{
$request = Session::get('Current.PresentationSpeakerSummitAssistanceConfirmationRequest');
if (is_null($request)) {
$response = new SS_HTTPResponse();
$response->setStatusCode(404);
return $response;
}
$form = new OnSitePhoneForm($this, 'OnSitePhoneForm', $request);
$form->loadDataFrom($request);
return $form;
}
public function handleAssignBulkAction($gridField, $request)
{
$entity_id = $request->param('EntityID');
$controller = $gridField->getForm()->Controller();
$this->gridField = $gridField;
$ids = $this->getRecordIDList();
$this->processRecordIds($ids, $entity_id, $gridField, $request);
$response = new SS_HTTPResponse(Convert::raw2json(array('done' => true, 'records' => $ids)));
$response->addHeader('Content-Type', 'text/json');
$response->setStatusCode(200);
return $response;
}
public function member()
{
$EmailAddress = "";
$Member = "";
// Make sure the access is POST, not GET
if (!$this->request->isPOST()) {
return $this->httpError(403, 'Access Denied.');
}
if (!defined('APPSEC')) {
return $this->httpError(403, 'Access Denied.');
}
// Make sure the APPSEC shared secret matches
if ($this->request->postVar('APPSEC') != APPSEC) {
return $this->httpError(403, 'Access Denied.');
}
// Pull email address from POST variables
$EmailAddress = $this->request->postVar('email');
// Sanitize the input
$EmailAddress = convert::raw2sql($EmailAddress);
// If an email address was provided, try to find a member with it
if ($EmailAddress) {
$Member = Member::get()->filter('Email', $EmailAddress)->first();
}
$response = new SS_HTTPResponse();
// If a member was found return status 200 and 'OK'
if ($Member && $Member->isFoundationMember()) {
$response->setStatusCode(200);
$response->setBody('OK');
$response->output();
} elseif ($EmailAddress) {
$response->setStatusCode(404);
$response->setBody('No Member Found.');
$response->output();
} else {
$response->setStatusCode(500);
$response->setBody('An error has occurred retrieving a member.');
$response->output();
}
}
protected function write(array $record)
{
ini_set('display_errors', 0);
// TODO: This coupling isn't ideal
// See https://github.com/silverstripe/silverstripe-framework/issues/4484
if (\Controller::has_curr()) {
$response = \Controller::curr()->getResponse();
} else {
$response = new SS_HTTPResponse();
}
// If headers have been sent then these won't be used, and may throw errors that we wont' want to see.
if (!headers_sent()) {
$response->setStatusCode($this->statusCode);
$response->addHeader("Content-Type", $this->contentType);
} else {
// To supress errors aboot errors
$response->setStatusCode(200);
}
$response->setBody($record['formatted']);
$response->output();
return false === $this->bubble;
}
public function handleDeleteAllSummitEntityEventsAction($gridField, $request)
{
$summit_id = intval($request->param("ID"));
$controller = $gridField->getForm()->Controller();
$this->gridField = $gridField;
$summit = Summit::get()->byID($summit_id);
$status = 404;
if (!is_null($summit)) {
$status = 200;
DB::query("DELETE FROM SummitEntityEvent WHERE SummitID = {$summit_id} ;");
}
$response = new SS_HTTPResponse();
$response->setStatusCode($status);
return $response;
}
/**
* Get a {@link SS_HTTPResponse} to response to a HTTP error code if an {@link ErrorPage} for that code is present.
*
* @param int $statusCode
* @return SS_HTTPResponse
*/
public static function response_for($statusCode)
{
// first attempt to dynamically generate the error page
if ($errorPage = DataObject::get_one('ErrorPage', "\"ErrorCode\" = {$statusCode}")) {
return ModelAsController::controller_for($errorPage)->handleRequest(new SS_HTTPRequest('GET', ''), DataModel::inst());
}
// then fall back on a cached version
$cachedPath = self::get_filepath_for_errorcode($statusCode, class_exists('Translatable') ? Translatable::get_current_locale() : null);
if (file_exists($cachedPath)) {
$response = new SS_HTTPResponse();
$response->setStatusCode($statusCode);
$response->setBody(file_get_contents($cachedPath));
return $response;
}
}
/**
* Filter executed AFTER a request
*
* @param SS_HTTPRequest $request Request container object
* @param SS_HTTPResponse $response Response output object
* @param DataModel $model Current DataModel
* @return boolean Whether to continue processing other filters. Null or true will continue processing (optional)
*/
public function postRequest(SS_HTTPRequest $request, SS_HTTPResponse $response, DataModel $model)
{
$code = $response->getStatusCode();
$error_page_path = Director::baseFolder() . "/errors_pages/ui/{$code}/index.html";
if (!$request->isAjax() && file_exists($error_page_path)) {
//clean buffer
ob_clean();
$page_file = fopen($error_page_path, "r") or die("Unable to open file!");
$body = fread($page_file, filesize($error_page_path));
fclose($page_file);
// set content type
$response->addHeader('Content-Type', 'text/html');
$response->setBody($body);
$response->setStatusCode(200);
return true;
}
return true;
}
public function processform(SS_HTTPRequest $r)
{
$entry = BlogEntry::create();
if ($this->request->postVar('Title') != null) {
$entry->Title = $this->request->postVar('Title');
$entry->Content = $this->request->postVar('Content');
$entry->Tags = $this->request->postVar('Tags');
$entry->Date = $this->request->postVar('Date');
$entry->ParentID = $this->request->postVar('ParentID');
$entry->write();
$entry->publish('Stage', 'Live');
$response = new SS_HTTPResponse(_t('Dashboard.Success', 'Successfully Published'), '200');
$response->setStatusCode(200, _t('Dashboard.Posted', 'Blog Post Published'));
return $response;
} else {
user_error('Blog Title and Content must be present', E_USER_ERROR);
}
}
/**
* Get a {@link SS_HTTPResponse} to response to a HTTP error code if an
* {@link ErrorPage} for that code is present. First tries to serve it
* through the standard SilverStripe request method. Falls back to a static
* file generated when the user hit's save and publish in the CMS
*
* @param int $statusCode
*
* @return SS_HTTPResponse
*/
public static function response_for($statusCode)
{
// first attempt to dynamically generate the error page
$errorPage = ErrorPage::get()->filter(array("ErrorCode" => $statusCode))->first();
if ($errorPage) {
Requirements::clear();
Requirements::clear_combined_files();
return ModelAsController::controller_for($errorPage)->handleRequest(new SS_HTTPRequest('GET', ''), DataModel::inst());
}
// then fall back on a cached version
$cachedPath = self::get_filepath_for_errorcode($statusCode, class_exists('Translatable') ? Translatable::get_current_locale() : null);
if (file_exists($cachedPath)) {
$response = new SS_HTTPResponse();
$response->setStatusCode($statusCode);
$response->setBody(file_get_contents($cachedPath));
return $response;
}
}
public function handleGetAttendeesAction($gridField, $request)
{
if (!Permission::check('ADMIN')) {
return new SS_HTTPResponse(null, 403);
}
$term = Convert::raw2sql($request->getVar('term'));
$summit_id = intval($request->param("ID"));
$result = array();
$sql = <<<SQL
SELECT A.ID, CONCAT(M.FirstName,' ',M.Surname) AS FullName, M.Email FROM SummitAttendee A INNER JOIN
Member M on M.ID = A.MemberID
WHERE A.SummitID = {$summit_id}
HAVING FullName LIKE '%{$term}%' OR M.Email LIKE '%{$term}% LIMIT 10;';
SQL;
foreach (DB::query($sql) as $row) {
array_push($result, array('id' => $row['ID'], 'label' => $row['FullName'] . ' ( ' . $row['Email'] . ' )'));
}
$response = new SS_HTTPResponse(Convert::raw2json($result));
$response->addHeader('Content-Type', 'text/json');
$response->setStatusCode(200);
return $response;
}
/**
* Display an error page on invalid request.
*
* @parameter <{ERROR_CODE}> integer
* @parameter <{ERROR_MESSAGE}> string
*/
public function httpError($code, $message = null)
{
// Determine the error page for the given status code.
$errorPages = ClassInfo::exists('SiteTree') ? ErrorPage::get()->filter('ErrorCode', $code) : null;
// Allow extension customisation.
$this->extend('updateErrorPages', $errorPages);
// Retrieve the error page response.
if ($errorPages && ($errorPage = $errorPages->first())) {
Requirements::clear();
Requirements::clear_combined_files();
$response = ModelAsController::controller_for($errorPage)->handleRequest(new SS_HTTPRequest('GET', ''), DataModel::inst());
throw new SS_HTTPResponse_Exception($response, $code);
} else {
if ($errorPages && file_exists($cachedPage = ErrorPage::get_filepath_for_errorcode($code, class_exists('Translatable') ? Translatable::get_current_locale() : null))) {
$response = new SS_HTTPResponse();
$response->setStatusCode($code);
$response->setBody(file_get_contents($cachedPage));
throw new SS_HTTPResponse_Exception($response, $code);
} else {
return parent::httpError($code, $message);
}
}
}
/**
* Copied and adjusted from HTTP::add_cache_headers
*
* @param Object $originator
* @param SS_HTTPRequest $request
* @param SS_HTTPResponse $response
* @param DataModel $model
*/
public function applyToResponse($originator, SS_HTTPRequest $request, SS_HTTPResponse $response, DataModel $model)
{
$cacheAge = $this->cacheAge;
// Development sites have frequently changing templates; this can get stuffed up by the code
// below.
if (Director::isDev()) {
$cacheAge = 0;
}
// Populate $responseHeaders with all the headers that we want to build
$responseHeaders = array();
if (function_exists('apache_request_headers')) {
$requestHeaders = apache_request_headers();
if (isset($requestHeaders['X-Requested-With']) && $requestHeaders['X-Requested-With'] == 'XMLHttpRequest') {
$cacheAge = 0;
}
// bdc: now we must check for DUMB IE6:
if (isset($requestHeaders['x-requested-with']) && $requestHeaders['x-requested-with'] == 'XMLHttpRequest') {
$cacheAge = 0;
}
}
if ($cacheAge > 0) {
$responseHeaders["Cache-Control"] = "max-age=" . $cacheAge . ", must-revalidate, no-transform";
$responseHeaders["Pragma"] = "";
$responseHeaders['Vary'] = $this->vary;
} else {
if ($response) {
// Grab header for checking. Unfortunately HTTPRequest until 3.1 uses a mistyped variant.
$contentDisposition = $response->getHeader('Content-disposition');
if (!$contentDisposition) {
$contentDisposition = $response->getHeader('Content-Disposition');
}
}
if ($response && Director::is_https() && strstr($_SERVER["HTTP_USER_AGENT"], 'MSIE') == true && strstr($contentDisposition, 'attachment;') == true) {
// IE6-IE8 have problems saving files when https and no-cache are used
// (http://support.microsoft.com/kb/323308)
// Note: this is also fixable by ticking "Do not save encrypted pages to disk" in advanced options.
$responseHeaders["Cache-Control"] = "max-age=3, must-revalidate, no-transform";
$responseHeaders["Pragma"] = "";
} else {
$responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate, no-transform";
}
}
if (self::$modification_date && $cacheAge > 0) {
$responseHeaders["Last-Modified"] = self::gmt_date(self::$modification_date);
// Chrome ignores Varies when redirecting back (http://code.google.com/p/chromium/issues/detail?id=79758)
// which means that if you log out, you get redirected back to a page which Chrome then checks against
// last-modified (which passes, getting a 304)
// when it shouldn't be trying to use that page at all because it's the "logged in" version.
// By also using and etag that includes both the modification date and all the varies
// values which we also check against we can catch this and not return a 304
$etagParts = array(self::$modification_date, serialize($_COOKIE));
$etagParts[] = Director::is_https() ? 'https' : 'http';
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$etagParts[] = $_SERVER['HTTP_USER_AGENT'];
}
if (isset($_SERVER['HTTP_ACCEPT'])) {
$etagParts[] = $_SERVER['HTTP_ACCEPT'];
}
$etag = sha1(implode(':', $etagParts));
$responseHeaders["ETag"] = $etag;
// 304 response detection
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
$ifModifiedSince = strtotime(stripslashes($_SERVER['HTTP_IF_MODIFIED_SINCE']));
// As above, only 304 if the last request had all the same varies values
// (or the etag isn't passed as part of the request - but with chrome it always is)
$matchesEtag = !isset($_SERVER['HTTP_IF_NONE_MATCH']) || $_SERVER['HTTP_IF_NONE_MATCH'] == $etag;
if ($ifModifiedSince >= self::$modification_date && $matchesEtag) {
if ($response) {
$response->setStatusCode(304);
$response->setBody('');
} else {
header('HTTP/1.0 304 Not Modified');
die;
}
}
}
$expires = time() + $cacheAge;
$responseHeaders["Expires"] = self::gmt_date($expires);
}
if (self::$etag) {
$responseHeaders['ETag'] = self::$etag;
}
// Now that we've generated them, either output them or attach them to the SS_HTTPResponse as appropriate
foreach ($responseHeaders as $k => $v) {
$response->addHeader($k, $v);
}
}
public function sendSignupConfirmation($request)
{
$body = $this->request->getBody();
$json = json_decode($body, true);
if (!$this->securityToken->checkRequest($request)) {
$response = new SS_HTTPResponse();
$response->setStatusCode(403);
$response->addHeader('Content-Type', 'application/json');
$response->setBody(json_encode("Error"));
return $response;
}
$this->securityToken->reset();
$to = $json['email'];
$news_update_email_from = defined('NEWS_UPDATE_EMAIL_FROM') ? NEWS_UPDATE_EMAIL_FROM : '*****@*****.**';
$user_name = sprintf('%s %s', $json['first_name'], $json['last_name']);
$email = EmailFactory::getInstance()->buildEmail('*****@*****.**', $to, 'Thank you for subscribing to OpenStack Foundation News updates');
$email->setTemplate('NewsPageSignupConfirmationEMail');
$email->populateTemplate(array('UserName' => $user_name, 'NewsUpdateEmailFrom' => $news_update_email_from));
$email->send();
return 'OK';
}
/**
* Handles formatting and output error message
* then exit.
*
* @param RESTfulAPI_Error $error Error object to return
*/
public function error(RESTfulAPI_Error $error)
{
$answer = new SS_HTTPResponse();
$body = $this->serializer->serialize($error->body);
$answer->setBody($body);
$answer->setStatusCode($error->code, $error->message);
$answer->addHeader('Content-Type', $this->serializer->getcontentType());
$answer = $this->setAnswerCORS($answer);
// save controller's response then return/output
$this->response = $answer;
return $answer;
}
/**
* Determines if a specified file exists
*
* @param SS_HTTPRequest $request
*/
public function fileexists(SS_HTTPRequest $request)
{
// Assert that requested filename doesn't attempt to escape the directory
$originalFile = $request->requestVar('filename');
if ($originalFile !== basename($originalFile)) {
$return = array('error' => _t('File.NOVALIDUPLOAD', 'File is not a valid upload'));
} else {
$return = array('exists' => $this->checkFileExists($originalFile));
}
// Encode and present response
$response = new SS_HTTPResponse(Convert::raw2json($return));
$response->addHeader('Content-Type', 'application/json');
if (!empty($return['error'])) {
$response->setStatusCode(400);
}
return $response;
}
/**
* Once the file has been uploaded to S3, the CMS will callback this action
* and pass along details about the file that we'll use to create an S3File
* DataObject.
*
* Will respond with an some JSON data about the new S3File DataObject so it
* can be added to the Form to which our S3FileUploadField is attached.
*
* Most of this has been adapted from the uplaod action of the UploadField.
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
*/
public function upload(SS_HTTPRequest $request)
{
if ($this->isDisabled() || $this->isReadonly() || !$this->canUpload()) {
return $this->httpError(403);
}
// Protect against CSRF on destructive action
$token = $this->getForm()->getSecurityToken();
if (!$token->checkRequest($request)) {
return $this->httpError(400);
}
// Get form details
$postVars = $request->postVars();
$postVars['LastModified'] = date("Y-m-d H:i:s", $postVars['LastModified']);
$postVars['ETag'] = str_replace('"', '', $postVars['ETag']);
$postVars['Region'] = $this->getRegion();
// Create our S3File
$s3File = new S3File($postVars);
$s3File->write();
$s3File->customise(array('UploadFieldDeleteLink' => $this->getItemHandler($s3File->ID)->DeleteLink()));
// Format response with json
$response = new SS_HTTPResponse(Convert::raw2json(array(array('bucket' => $s3File->Bucket, 'etag' => $s3File->ETag, 'id' => $s3File->ID, 'key' => $s3File->Key, 'last_modified' => $s3File->LastModified, 'location' => $s3File->Location, 'name' => $s3File->Name, 'size' => $s3File->Size, 'type' => $s3File->Type, 'fieldname' => $this->getName(), 'buttons' => (string) $s3File->renderWith($this->getTemplateFileButtons()), 'edit_url' => $this->getItemHandler($s3File->ID)->EditLink(), 'thumbnail_url' => $s3File->Icon()))));
$response->addHeader('Content-Type', 'application/json');
if (!empty($return['error'])) {
$response->setStatusCode(403);
}
return $response;
}
public function getNavigationMenu()
{
$menu_html = $this->renderWith('Navigation_menu', array('WidgetCall' => true))->getValue();
$data = array('html' => $menu_html);
$jsonp = "jsonCallback(" . json_encode($data) . ")";
$response = new SS_HTTPResponse();
$response->setStatusCode(200);
$response->addHeader('Content-Type', 'application/javascript');
$response->setBody($jsonp);
return $response;
}
/**
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse|void
*/
public function upload(SS_HTTPRequest $request)
{
if ($this->isDisabled() || $this->isReadonly() || !$this->canUpload()) {
return $this->httpError(403);
}
// Protect against CSRF on destructive action
$token = $this->getForm()->getSecurityToken();
if (!$token->checkRequest($request)) {
return $this->httpError(400);
}
// Get form details
$name = $this->getName();
$postVars = $request->postVar($name);
// Save the temporary file into a File object
$uploadedFiles = $this->extractUploadedFileData($postVars);
$return = array('error' => 'The file upload was not successful');
$uploadedFile = reset($uploadedFiles);
$strClass = CloudinaryFile::GetCloudinaryFileForFile($uploadedFile['name']);
$arrOptions = array();
if ($strClass == 'CloudinaryVideo') {
$arrOptions['resource_type'] = 'video';
} elseif ($strClass == 'CloudinaryFile') {
$arrOptions['resource_type'] = 'raw';
$arrOptions['format'] = File::get_file_extension($uploadedFile['name']);
}
$arrUploaderDetails = \Cloudinary\Uploader::upload($uploadedFile['tmp_name'], $arrOptions);
if ($arrUploaderDetails && is_array($arrUploaderDetails)) {
if ($strClass == 'CloudinaryFile') {
$arrPieces = explode('.', $arrUploaderDetails['public_id']);
$strPublicID = isset($arrPieces[0]) ? $arrPieces[0] : '';
$strFormat = isset($arrPieces[1]) ? $arrPieces[1] : '';
} else {
$strPublicID = $arrUploaderDetails['public_id'];
$strFormat = $arrUploaderDetails['format'];
}
$arrData = array('Title' => $uploadedFile['name'], 'FileName' => $uploadedFile['name'], 'PublicID' => $strPublicID, 'Version' => $arrUploaderDetails['version'], 'Signature' => $arrUploaderDetails['signature'], 'URL' => $arrUploaderDetails['url'], 'SecureURL' => $arrUploaderDetails['secure_url'], 'FileType' => $arrUploaderDetails['resource_type'], 'FileSize' => $arrUploaderDetails['bytes'], 'Format' => $strFormat);
if ($strClass == 'CloudinaryImage') {
$arrData = array_merge($arrData, array('Width' => $arrUploaderDetails['width'], 'Height' => $arrUploaderDetails['height']));
} else {
if ($strClass == 'CloudinaryVideo') {
$arrData = array_merge($arrData, array('Width' => $arrUploaderDetails['width'], 'Height' => $arrUploaderDetails['height'], 'Duration' => $arrUploaderDetails['duration'], 'BitRate' => $arrUploaderDetails['bit_rate'], 'FrameRate' => $arrUploaderDetails['frame_rate']));
}
}
$file = new $strClass($arrData);
$file->write();
$return = $this->encodeCloudinaryAttributes($file);
}
$response = new SS_HTTPResponse(Convert::raw2json(array($return)));
$response->addHeader('Content-Type', 'text/plain');
if (!empty($return['error'])) {
$response->setStatusCode(403);
}
return $response;
}
/**
* Action to handle upload of a single file
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
* @return SS_HTTPResponse
*/
public function upload(SS_HTTPRequest $request)
{
if ($this->isDisabled() || $this->isReadonly() || !$this->canUpload()) {
return $this->httpError(403);
}
// Protect against CSRF on destructive action
$token = $this->getForm()->getSecurityToken();
if (!$token->checkRequest($request)) {
return $this->httpError(400);
}
// Get form details (name of the relation)
$name = $this->getName();
$postVars = $request->postVar($name);
$uploadedFiles = $this->extractUploadedFileData($postVars);
//
// append all multiparts to one file here before proceeding
//
if ($request->getHeader('X-File-Name')) {
// if chunked, get name from header
//return Debug::dump($request->getHeader('X-File-Name'));
$originalFileName = $request->getHeader('X-File-Name');
$totalSize = $request->getHeader('X-File-Size');
$uploadedChunkPath = $uploadedFiles[0]['tmp_name'];
// We (mis)use the security ID as a way of 'unique-ifying' the temporary upload paths
// so that we don't just depend on the original filename for this (or a scenario might
// be possible to overwrite files based on an identical original name)
// Added benefit it that the security ID will be different between form loads, which
// makes the risk of appending to the same file over and over, a bit smaller
$securityID = $request->postVar('SecurityID') ? $request->postVar('SecurityID') : 'none';
// hash to prevent directory traversal etc posibilities based on original file name
$temphash = sha1($securityID . $originalFileName);
// eg /tmp/123somelonghash456 instead of $originalFileName.'.part'
$tmpFilePath = dirname($uploadedChunkPath) . DIRECTORY_SEPARATOR . $temphash;
$append = file_exists($tmpFilePath);
// If it is the first chunk we have to create the file, othewise we append...
// Note file_put_contents with FILE_APPEND produces overlapping chunks for some reason...
$out_fp = fopen($tmpFilePath, $append ? "ab" : "wb");
//append or write mode
$in_fp = fopen($uploadedChunkPath, "rb");
while ($buff = fread($in_fp, 4096)) {
fwrite($out_fp, $buff);
}
fclose($out_fp);
fclose($in_fp);
// test if we're done with all chunks yet...
// $done = (filesize($tmpFilePath)==$totalSize ? true : false);
if (filesize($tmpFilePath) == $totalSize) {
// move file to last uploaded chunks tmp_filename
// & set size etc for regular upload handling as if uploaded normally
rename($tmpFilePath, $uploadedChunkPath);
$uploadedFiles[0]['name'] = $originalFileName;
} else {
// not done yet, return for now...
$return = array('ok' => '(' . $uploadedChunkPath . ' - ' . $tmpFilePath . ': ' . filesize($tmpFilePath) . '/' . $totalSize . ')');
// Format response with json
$response = new SS_HTTPResponse(Convert::raw2json(array($return)));
$response->addHeader('Content-Type', 'text/plain');
return $response;
}
} else {
$originalFile = $request->requestVar('filename');
}
// Multipart done (or small enough to have been done in one chunk)...
// Save the temporary file into a File object
$firstFile = reset($uploadedFiles);
$file = $this->saveTemporaryFile($firstFile, $error);
if (empty($file)) {
$return = array('error' => $error);
} else {
$return = $this->encodeFileAttributes($file);
}
// Format response with json
$response = new SS_HTTPResponse(Convert::raw2json(array($return)));
$response->addHeader('Content-Type', 'text/plain');
if (!empty($return['error'])) {
$response->setStatusCode(403);
}
return $response;
}
/**
* @param Object $originator
* @param SS_HTTPRequest $request
* @param SS_HTTPResponse $response
* @param DataModel $model
*/
public function applyToResponse($originator, SS_HTTPRequest $request, SS_HTTPResponse $response, DataModel $model)
{
$cacheAge = $this->cacheAge;
$vary = $this->vary;
$responseHeaders = array();
// Allow overriding max-age from the object hooked up to the policed controller.
if ($originator->hasMethod('getCacheAge')) {
$extendedCacheAge = $originator->getCacheAge($cacheAge);
if ($extendedCacheAge !== null) {
$cacheAge = $extendedCacheAge;
}
}
// Same for vary, but probably less useful.
if ($originator->hasMethod('getVary')) {
$extendedVary = $originator->getVary($vary);
if ($extendedVary !== null) {
$vary = $extendedVary;
}
}
if ($cacheAge > 0) {
// Note: must-revalidate means that the cache must revalidate AFTER the entry has gone stale.
$responseHeaders["Cache-Control"] = "max-age=" . $cacheAge . ", must-revalidate, no-transform";
$responseHeaders["Pragma"] = "";
$responseHeaders['Vary'] = $vary;
// Find out when the URI was last modified. Allows customisation, but fall back HTTP timestamp collector.
if ($originator->hasMethod('getModificationTimestamp')) {
$timestamp = $originator->getModificationTimestamp();
} else {
$timestamp = HTTP::$modification_date;
}
if ($timestamp) {
$responseHeaders["Last-Modified"] = self::gmt_date($timestamp);
// Chrome ignores Varies when redirecting back (http://code.google.com/p/chromium/issues/detail?id=79758)
// which means that if you log out, you get redirected back to a page which Chrome then checks against
// last-modified (which passes, getting a 304)
// when it shouldn't be trying to use that page at all because it's the "logged in" version.
// By also using and etag that includes both the modification date and all the varies
// values which we also check against we can catch this and not return a 304
$etagParts = array($timestamp, serialize($_COOKIE));
$etagParts[] = Director::is_https() ? 'https' : 'http';
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$etagParts[] = $_SERVER['HTTP_USER_AGENT'];
}
if (isset($_SERVER['HTTP_ACCEPT'])) {
$etagParts[] = $_SERVER['HTTP_ACCEPT'];
}
$etag = sha1(implode(':', $etagParts));
$responseHeaders['ETag'] = $etag;
// 304 response detection
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
$ifModifiedSince = strtotime(stripslashes($_SERVER['HTTP_IF_MODIFIED_SINCE']));
// As above, only 304 if the last request had all the same varies values
// (or the etag isn't passed as part of the request - but with chrome it always is)
$matchesEtag = !isset($_SERVER['HTTP_IF_NONE_MATCH']) || $_SERVER['HTTP_IF_NONE_MATCH'] == $etag;
if ($ifModifiedSince >= $timestamp && $matchesEtag) {
$response->setStatusCode(304);
$response->setBody('');
}
}
$expires = time() + $cacheAge;
$responseHeaders['Expires'] = self::gmt_date($expires);
}
}
if (self::$etag) {
$responseHeaders['ETag'] = self::$etag;
}
// Now that we've generated them, either output them or attach them to the SS_HTTPResponse as appropriate
foreach ($responseHeaders as $k => $v) {
$response->addHeader($k, $v);
}
}
/**
* @param string $meta_tags
* @return SS_HTTPResponse
*/
private function buildOnlyMetaTagsResponse($meta_tags)
{
$response = new SS_HTTPResponse();
$response->setStatusCode(200);
$html = <<<APP_LINKS
<html>
<head>
{$meta_tags}
</head>
<body>
</body>
</html>
APP_LINKS;
$response->setBody($html);
return $response;
}
/**
* Attempt to redirect towards the highest priority link mapping that may have been defined.
*
* @URLparameter direct <{BYPASS_LINK_MAPPINGS}> boolean
*/
public function postRequest(SS_HTTPRequest $request, SS_HTTPResponse $response, DataModel $model)
{
// Bypass the request filter when requesting specific director rules such as "/admin" or "/dev".
$requestURL = $request->getURL();
$configuration = Config::inst();
foreach ($configuration->get('Director', 'rules') as $segment => $controller) {
// Retrieve the specific director rules.
if (($position = strpos($segment, '$')) !== false) {
$segment = rtrim(substr($segment, 0, $position), '/');
}
// Determine if the current request matches a specific director rule.
if ($segment && strpos($requestURL, $segment) === 0) {
// Continue processing the response.
return true;
}
}
// Bypass the request filter when using the direct GET parameter.
if ($request->getVar('direct')) {
// Continue processing the response.
return true;
}
// Determine the default automated URL handling response status.
$status = $response->getStatusCode();
$success = $status >= 200 && $status < 300;
$error = $status === 404;
// Either hook into a page not found, or when enforced, replace the default automated URL handling.
$enforce = $configuration->get('MisdirectionRequestFilter', 'enforce_misdirection');
$replace = $configuration->get('MisdirectionRequestFilter', 'replace_default');
if (($error || $enforce || $replace) && ($map = $this->service->getMappingByRequest($request))) {
// Update the response code where appropriate.
$responseCode = $map->ResponseCode;
if ($responseCode == 0) {
$responseCode = 303;
} else {
if ($responseCode == 301 && $map->ForwardPOSTRequest) {
$responseCode = 308;
} else {
if ($responseCode == 303 && $map->ForwardPOSTRequest) {
$responseCode = 307;
}
}
}
// Update the response using the link mapping redirection.
$response->redirect($map->getLink(), $responseCode);
} else {
if ($error && ($fallback = $this->service->determineFallback($requestURL))) {
// Update the response code where appropriate.
$responseCode = $fallback['code'];
if ($responseCode === 0) {
$responseCode = 303;
}
// Update the response using the fallback, enforcing no further redirection.
$response->redirect(HTTP::setGetVar('direct', true, Controller::join_links(Director::absoluteBaseURL(), $fallback['link'])), $responseCode);
} else {
if (!$error && !$success && $replace) {
$response->setStatusCode(404);
// Retrieve the appropriate page not found response.
ClassInfo::exists('SiteTree') && ($page = ErrorPage::response_for(404)) ? $response->setBody($page->getBody()) : $response->setBody('No URL was matched!');
}
}
}
// Continue processing the response.
return true;
}
/**
* Action to handle removing a single file from the db relation
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
*/
public function remove(SS_HTTPRequest $request)
{
// Check form field state
if ($this->parent->isDisabled() || $this->parent->isReadonly()) {
return $this->httpError(403);
}
// Protect against CSRF on destructive action
$token = $this->parent->getForm()->getSecurityToken();
if (!$token->checkRequest($request)) {
return $this->httpError(400);
}
$response = new SS_HTTPResponse();
$response->setStatusCode(500);
$fieldName = $this->parent->getName();
$record = $this->parent->getRecord();
$id = $this->getItem()->ID;
if ($id && $record && $record->exists()) {
if (($record->has_many($fieldName) || $record->many_many($fieldName)) && ($file = $record->{$fieldName}()->byID($id))) {
$record->{$fieldName}()->remove($file);
$response->setStatusCode(200);
} elseif ($record->has_one($fieldName) && $record->{$fieldName . 'ID'} == $id) {
$record->{$fieldName . 'ID'} = 0;
$record->write();
$response->setStatusCode(200);
}
}
if ($response->getStatusCode() != 200) {
$response->setStatusDescription(_t('UploadField.REMOVEERROR', 'Error removing file'));
}
return $response;
}
/**
* @param $request
* @return SS_HTTPResponse
*/
public function searchOrg($request)
{
if (!Director::is_ajax()) {
return $this->forbiddenError();
}
$term = $request->getVar('term');
$term = Convert::raw2sql($term);
$organizations = Org::get()->filter('Name:PartialMatch', $term)->limit(10);
if ($organizations) {
$suggestions = array();
foreach ($organizations as $org) {
array_push($suggestions, array('id' => $org->ID, 'label' => $org->Name, 'value' => $org->Name));
}
$response = new SS_HTTPResponse();
$response->setStatusCode(200);
$response->addHeader('Content-Type', 'application/json');
$response->setBody(json_encode($suggestions));
return $response;
}
}
protected function addingDuplicate($msg)
{
// return a 401
$response = new SS_HTTPResponse();
$response->setStatusCode(409);
$response->addHeader('Content-Type', 'application/json');
$response->setBody(json_encode($msg));
return $response;
}
/**
* @return SS_HTTPResponse
*/
function index()
{
$response = new SS_HTTPResponse();
$result = EnvironmentCheckSuite::inst($this->checkSuiteName)->run();
if (!$result->ShouldPass()) {
$response->setStatusCode($this->errorCode);
}
$resultText = $result->customise(array("URL" => Director::absoluteBaseURL(), "Title" => $this->title, "Name" => $this->checkSuiteName, "ErrorCode" => $this->errorCode))->renderWith("EnvironmentChecker");
if (self::$email_results && !$result->ShouldPass()) {
$email = new Email(self::$from_email_address, self::$to_email_address, $this->title, $resultText);
$email->send();
}
// output the result as JSON if requested
if ($this->getRequest()->getExtension() == 'json' || strpos($this->getRequest()->getHeader('Accept'), 'application/json') !== false) {
$response->setBody($result->toJSON());
$response->addHeader('Content-Type', 'application/json');
return $response;
}
$response->setBody($resultText);
return $response;
}
