/**
* [remove all unwanted characters from request and args]
* @return [void]
*/
protected function sanitizeInputs()
{
/**
* GET & POST
* TODO: improve ?
*/
foreach ($_POST as &$post) {
$key = preg_replace($GLOBALS['config']['security']['allowed_characters']['inputs'], "", array_search($post, $_POST));
self::$post[$key] = htmlspecialchars(preg_replace($GLOBALS['config']['security']['allowed_characters']['inputs'], "", urldecode($post)), ENT_QUOTES, "utf-8", false);
unset($_POST[array_search($post, $_POST)]);
}
foreach ($_GET as &$get) {
$key = preg_replace($GLOBALS['config']['security']['allowed_characters']['inputs'], "", array_search($get, $_GET));
self::$get[$key] = htmlspecialchars(preg_replace($GLOBALS['config']['security']['allowed_characters']['inputs'], "", urldecode($get)), ENT_QUOTES, "utf-8", false);
unset($_GET[array_search($get, $_GET)]);
}
//TODO : sanitize cookie & session
/**
* Deleting $_REQUEST variables : elements are already in self::$get & self::$post
*/
foreach ($_REQUEST as &$req) {
unset($_REQUEST[array_search($req, $_REQUEST)]);
}
/**
* REQUEST_URI
*/
self::$request = preg_replace($GLOBALS['config']['security']['allowed_characters']['request_uri'], "", urldecode($_SERVER['REQUEST_URI']));
unset($_SERVER['REQUEST_URI']);
Debug::write("Request_URI requested (after sanitizing) : '" . self::$request . "' from IP : '" . $_SERVER["REMOTE_ADDR"] . "'", 0);
}
public static function parseRequest()
{
Site::$request = $_SERVER['REQUEST_URI'];
Site::$args = explode('/', Site::$request);
array_shift(Site::$args);
if (strstr(Site::$args[0], 'search?')) {
Site::$args[0] = "search";
}
}
public function getRoute()
{
$route = \Site::urlManager()->parseUrl(\Site::request());
if (($route = trim($route, '/')) === '') {
$route = $this->defaultController;
}
if (!\Site::urlManager()->caseSensitive) {
$route = strtolower($route);
}
return $route;
}
/**
* Action that needs to be called for the page to let the user recover
* the password.
*/
public function actionRecoverPassword()
{
if (\GO\Base\Util\Http::isPostRequest()) {
$user = \GO\Base\Model\User::model()->findSingleByAttribute('email', $_POST['email']);
if ($user == null) {
\Site::notifier()->setMessage('error', \GO::t("invaliduser", "site"));
} else {
$siteTitle = \Site::model()->name;
$url = \Site::request()->getHostInfo() . \Site::urlManager()->createUrl('/site/account/resetpassword', array(), false);
$fromName = \Site::model()->name;
$fromEmail = '*****@*****.**';
$user->sendResetPasswordMail($siteTitle, $url, $fromName, $fromEmail);
\Site::notifier()->setMessage('success', \GO::t('recoverEmailSent', 'site') . " " . $user->email);
}
}
echo $this->render('recoverPassword');
}
public function run($action = '', $params = array(), $render = true, $checkPermissions = true)
{
try {
if (empty($action)) {
$this->_action = $action = strtolower($this->defaultAction);
} else {
$this->_action = $action = strtolower($action);
}
$ignoreAcl = in_array($action, $this->ignoreAclPermissions()) || in_array('*', $this->ignoreAclPermissions());
if ($ignoreAcl) {
$oldIgnore = \GO::setIgnoreAclPermissions(true);
}
$this->beforeAction();
if (!$this->_checkPermission($action)) {
throw new \GO\Base\Exception\AccessDenied();
}
$methodName = 'action' . $action;
//$this->$methodName($_REQUEST);
$this->callActionMethod($methodName, $params);
//restore old value for acl permissions if this method was allowed for guests.
if (isset($oldIgnore)) {
\GO::setIgnoreAclPermissions($oldIgnore);
}
} catch (\GO\Base\Exception\MissingParameter $e) {
echo $this->render('/site/404', array('error' => $e));
} catch (\GO\Base\Exception\AccessDenied $e) {
\GO::debug($e->getMessage());
\GO::debug($e->getTraceAsString());
if (!\GO::user()) {
//Path the page you tried to visit into lastPath session for redirecting after login
\GO::session()->values['sites']['returnUrl'] = \Site::request()->getRequestUri();
$loginpath = array('site/account/login');
$this->redirect($loginpath);
} else {
// $controller = new \GO\Site\Controller\SiteController();
echo $this->render('/site/error', array('error' => $e));
}
//echo $this->render('error', array('error'=>$e));
} catch (\GO\Base\Exception\NotFound $e) {
header("HTTP/1.0 404 Not Found");
header("Status: 404 Not Found");
echo $this->render('/site/404', array('error' => $e));
} catch (\Exception $e) {
echo $this->render('/site/error', array('error' => $e));
}
}
/**
* Returns the base URL of the application.
* @return string the base URL of the application (the part after host name and before query string).
* If {@link showScriptName} is true, it will include the script name part.
* Otherwise, it will not, and the ending slashes are stripped off.
*/
public function getBaseUrl()
{
if ($this->_baseUrl !== null) {
return $this->_baseUrl;
} else {
$this->_baseUrl = \Site::request()->getBaseUrl();
if ($this->showScriptName && $this->_urlFormat === self::GET_FORMAT) {
$this->_baseUrl .= '/index.php';
}
return $this->_baseUrl;
}
}
