public function pageHeader() { // Import global variables into the local scope, for the theme’s header.php global $SEARCH_SPIDER, $TEXT_DIRECTION, $REQUIRE_AUTHENTICATION, $headerfile, $view; // The title often includes the names of records, which may have markup // that cannot be used in the page title. $title = html_entity_decode(strip_tags($this->page_title), ENT_QUOTES, 'UTF-8'); // Initialise variables for the theme’s header.php $LINK_CANONICAL = $this->canonical_url; $META_ROBOTS = $this->meta_robots; $META_DESCRIPTION = WT_GED_ID ? get_gedcom_setting(WT_GED_ID, 'META_DESCRIPTION') : ''; if (!$META_DESCRIPTION) { $META_DESCRIPTION = strip_tags(WT_TREE_TITLE); } $META_GENERATOR = WT_WEBTREES . ' ' . WT_VERSION . ' - ' . WT_WEBTREES_URL; $META_TITLE = WT_GED_ID ? get_gedcom_setting(WT_GED_ID, 'META_TITLE') : ''; if ($META_TITLE) { $title .= ' - ' . $META_TITLE; } // This javascript needs to be loaded in the header, *before* the CSS. // All other javascript should be defered until the end of the page $javascript = '<script src="' . WT_MODERNIZR_URL . '"></script>'; // Give Javascript access to some PHP constants $this->addInlineJavascript(' var WT_STATIC_URL = "' . WT_Filter::escapeJs(WT_STATIC_URL) . '"; var WT_THEME_DIR = "' . WT_Filter::escapeJs(WT_THEME_DIR) . '"; var WT_MODULES_DIR = "' . WT_Filter::escapeJs(WT_MODULES_DIR) . '"; var WT_GEDCOM = "' . WT_Filter::escapeJs(WT_GEDCOM) . '"; var WT_GED_ID = "' . WT_Filter::escapeJs(WT_GED_ID) . '"; var WT_USER_ID = "' . WT_Filter::escapeJs(WT_USER_ID) . '"; var textDirection = "' . WT_Filter::escapeJs($TEXT_DIRECTION) . '"; var WT_SCRIPT_NAME = "' . WT_Filter::escapeJs(WT_SCRIPT_NAME) . '"; var WT_LOCALE = "' . WT_Filter::escapeJs(WT_LOCALE) . '"; var WT_CSRF_TOKEN = "' . WT_Filter::escapeJs(WT_Filter::getCsrfToken()) . '"; ', self::JS_PRIORITY_HIGH); // Temporary fix for access to main menu hover elements on android/blackberry touch devices $this->addInlineJavascript(' if(navigator.userAgent.match(/Android|PlayBook/i)) { jQuery("#main-menu > li > a").attr("href", "#"); jQuery("a.icon_arrow").attr("href", "#"); } '); header('Content-Type: text/html; charset=UTF-8'); require WT_ROOT . $headerfile; // Flush the output, so the browser can render the header and load javascript // while we are preparing data for the page if (ini_get('output_buffering')) { ob_flush(); } flush(); // Once we've displayed the header, we should no longer write session data. Zend_Session::writeClose(); // We've displayed the header - display the footer automatically $this->page_header = true; return $this; }
public static function checkCsrf() { if (WT_Filter::post('csrf') !== WT_Filter::getCsrfToken()) { // Oops. Something is not quite right Log::addAuthenticationLog('CSRF mismatch - session expired or malicious attack'); WT_FlashMessages::addMessage(WT_I18N::translate('This form has expired. Try again.')); return false; } return true; }