/** * Ensure we populate these fields before a save. */ public function onBeforeWrite() { // Run other beforewrites first. parent::onBeforeWrite(); if (!$this->isBrowser()) { return false; } // If this is the first save... if (!$this->ID) { // Ensure the session exists before querying it. if (!Session::request_contains_session_id()) { Session::start(); } // Store the sesion and has information in the database. $this->SessionID = SecurityToken::getSecurityID(); if (is_null($this->SessionID)) { return false; } $gen = new RandomGenerator(); $uniqueurl = substr($gen->randomToken(), 0, 32); while (ShortList::get()->filter('URL', $uniqueurl)->count() > 0) { $uniqueurl = substr($gen->randomToken(), 0, 32); } $this->URL = $uniqueurl; $this->UserAgent = Controller::curr()->getRequest()->getHeader('User-Agent'); } }
public function signup() { Requirements::javascript('news/code/ui/frontend/js/news.signup.js'); return $this->render(array('SecurityID' => SecurityToken::getSecurityID())); }
public function testCoreGlobalVariableCalls() { $this->assertEquals(Director::absoluteBaseURL(), $this->render('{$absoluteBaseURL}'), 'Director::absoluteBaseURL can be called from within template'); $this->assertEquals(Director::absoluteBaseURL(), $this->render('{$AbsoluteBaseURL}'), 'Upper-case %AbsoluteBaseURL can be called from within template'); $this->assertEquals(Director::is_ajax(), $this->render('{$isAjax}'), 'All variations of is_ajax result in the correct call'); $this->assertEquals(Director::is_ajax(), $this->render('{$IsAjax}'), 'All variations of is_ajax result in the correct call'); $this->assertEquals(Director::is_ajax(), $this->render('{$is_ajax}'), 'All variations of is_ajax result in the correct call'); $this->assertEquals(Director::is_ajax(), $this->render('{$Is_ajax}'), 'All variations of is_ajax result in the correct call'); $this->assertEquals(i18n::get_locale(), $this->render('{$i18nLocale}'), 'i18n template functions result correct result'); $this->assertEquals(i18n::get_locale(), $this->render('{$get_locale}'), 'i18n template functions result correct result'); $this->assertEquals((string) Member::currentUser(), $this->render('{$CurrentMember}'), 'Member template functions result correct result'); $this->assertEquals((string) Member::currentUser(), $this->render('{$CurrentUser}'), 'Member template functions result correct result'); $this->assertEquals((string) Member::currentUser(), $this->render('{$currentMember}'), 'Member template functions result correct result'); $this->assertEquals((string) Member::currentUser(), $this->render('{$currentUser}'), 'Member template functions result correct result'); $this->assertEquals(SecurityToken::getSecurityID(), $this->render('{$getSecurityID}'), 'SecurityToken template functions result correct result'); $this->assertEquals(SecurityToken::getSecurityID(), $this->render('{$SecurityID}'), 'SecurityToken template functions result correct result'); $this->assertEquals(Permission::check("ADMIN"), (bool) $this->render('{$HasPerm(\'ADMIN\')}'), 'Permissions template functions result correct result'); $this->assertEquals(Permission::check("ADMIN"), (bool) $this->render('{$hasPerm(\'ADMIN\')}'), 'Permissions template functions result correct result'); }
/** * Activate caching on a given url * * @param string $url */ public function run($url) { // First make sure we have session if (!isset($_SESSION)) { Session::start(); } // Forces the session to be regenerated from $_SESSION Session::clear_all(); // This prevents a new user's security token from being regenerated incorrectly $_SESSION['SecurityID'] = SecurityToken::getSecurityID(); // Get cache and cache details $responseHeader = self::config()->responseHeader; $cache = $this->getCache(); $cacheKey = $this->getCacheKey($url); // Check if caching should be short circuted $enabled = $this->enabled($url); $this->extend('updateEnabled', $enabled); if (!$enabled) { if ($responseHeader) { header("{$responseHeader}: skipped"); } $this->yieldControl(); return; } // Check if cached value can be returned $cachedValue = $cache->load($cacheKey); if ($this->presentCachedResult($cachedValue)) { return; } // Run this page, caching output and capturing data if ($responseHeader) { header("{$responseHeader}: miss at " . @date('r')); } ob_start(); $this->yieldControl(); $headers = headers_list(); $result = ob_get_flush(); $responseCode = http_response_code(); // Skip blank copy unless redirecting $locationHeaderMatches = preg_grep('/^Location/i', $headers); if (empty($result) && empty($locationHeaderMatches)) { return; } // Skip excluded status codes $optInResponseCodes = self::config()->optInResponseCodes; $optOutResponseCodes = self::config()->optOutResponseCodes; if (is_array($optInResponseCodes) && !in_array($responseCode, $optInResponseCodes)) { return; } if (is_array($optOutResponseCodes) && in_array($responseCode, $optInResponseCodes)) { return; } // Check if any headers match the specified rules forbidding caching if (!$this->headersAllowCaching($headers)) { return; } // Include any "X-Header" sent with this request. This is necessary to // ensure that additional CSS, JS, and other files are retained $saveHeaders = $this->getCacheableHeaders($headers); // Save data along with sent headers $this->cacheResult($cache, $result, $saveHeaders, $cacheKey, $responseCode); }
/** * Sends the cached value to the browser, including any necessary headers * * @param string $cachedValue Serialised cached value * @param boolean Flag indicating whether the cache was successful */ protected function presentCachedResult($cachedValue) { // Check for empty cache if (empty($cachedValue)) { return false; } $deserialisedValue = unserialize($cachedValue); // Set response code http_response_code($deserialisedValue['response_code']); // Present cached headers foreach ($deserialisedValue['headers'] as $header) { header($header); } // Send success header $responseHeader = self::config()->responseHeader; if ($responseHeader) { header("{$responseHeader}: hit at " . @date('r')); } // Substitute security id in forms $securityID = SecurityToken::getSecurityID(); $outputBody = preg_replace('/\\<input type="hidden" name="SecurityID" value="\\w+"/', "<input type=\"hidden\" name=\"SecurityID\" value=\"{$securityID}\"", $deserialisedValue['content']); // Present content echo $outputBody; return true; }
/** * @return string */ public function getFacebookLoginLink() { // save the url that this page is on to session. The user will be // redirected back here. Session::set(self::SESSION_REDIRECT_URL_FLAG, $this->getCurrentPageUrl()); $cache = SS_Cache::factory('facebookloginurl'); $cachekey = SecurityToken::getSecurityID(); if (!($result = $cache->load($cachekey))) { $scope = Config::inst()->get('FacebookControllerExtension', 'permissions'); if (!$scope) { $scope = array(); } if ($helper = $this->getFacebookHelper()) { $result = $helper->getLoginUrl($scope); $cache->save($result, $cachekey); } } return $result; }
public function CreatePageLink() { return Injector::inst()->get("CMSPagesController")->Link("add/AddForm") . "?action_doAdd=1&ParentID={$this->ParentID}&PageType={$this->Subject}&SecurityID=" . SecurityToken::getSecurityID(); }
function getCMSFields() { $fields = parent::getCMSFields(); $fields->addFieldToTab('Root.Main', new LiteralField("addnew", "<p><a href='" . Director::absoluteBaseURL() . "admin/pages/add/AddForm?action_doAdd=1&ParentID=" . $this->ID . "&PageType=PhotoGalleryPage&SecurityID=" . SecurityToken::getSecurityID() . "' class='ss-ui-button ss-ui-action-constructive ui-button' style='font-size:130%' data-icon=add''>New Photo Gallery</span></a></p>"), 'Title'); return $fields; }