public function postrender()
{
if (!$this->used) {
return '';
}
// Go through all the inline scripts and sanitize
$sanitized_scripts = array();
if ($this->script_infos) {
foreach ($this->script_infos as $script_info) {
if (isset($script_info['inline'])) {
$sanitized_scripts[] = array('inline' => self::sanitize_code($script_info['inline'], $this->appid));
} else {
if (isset($script_info['src'])) {
// FBOPEN:NOTE - if js sources are fetched from outside, these will
// have to be fetched, cached, sanitized, and stored. Requests then
// would need to be directed to your cached version. The open source
// code at this point does not support such caching.
// $sanitized_scripts[] = array('src' => FBJSUrlRef::get_url($script_info['src'], $this->appid, 'js'));
}
}
}
}
// If this is our first postrender build some bootstrapping code
$bootstrap = false;
if (!$this->postrendered) {
$bootstrap = 'var app=new fbjs_sandbox(' . $this->appid . ');';
$profile = $this->fbml->get_env('profile', false, 0);
$validation_vars = get_fb_validation_vars(array('user' => $this->user), $this->appid, $profile ? array('profile' => $profile) : array());
$bootstrap .= 'app.validation_vars=' . json_encode($validation_vars) . ';';
$context = $this->fbml->add_context();
$bootstrap .= 'app.context=\'' . escape_js_quotes($context) . '\';';
$bootstrap .= 'app.contextd=\'' . escape_js_quotes($this->fbml->_contexts[$context]) . '\';';
$bootstrap .= 'app.data=' . json_encode(array('user' => $this->user, 'installed' => $this->user ? is_platform_app_installed($this->appid, $this->user) : false, 'loggedin' => $this->user ? (bool) api_get_valid_session_key($this->user, $this->appid) : false)) . ';';
}
// Render all inline scripts
$html = '';
if ($this->fbml->_flavor->allows('script_onload')) {
if (!$this->postrendered) {
$bootstrap .= 'app.bootstrap();';
}
foreach ($sanitized_scripts as $script) {
if (isset($script['inline'])) {
$html .= render_js_inline($script['inline']) . "\n";
} else {
$script_include = '<script src="' . $script['src'] . '"></script>';
$html .= $script_include;
}
}
} else {
foreach ($sanitized_scripts as $script) {
if (isset($script['inline'])) {
$bootstrap .= 'app.pending_bootstraps.push(\'' . escape_js_quotes($script['inline']) . '\');';
} else {
// We don't support script include for this flavor at this time.
throw new FBMLJSParseError('Cannot allow external script');
}
}
}
$this->used = false;
$this->postrendered = true;
return render_js_inline($bootstrap) . $html;
}
public function open_form($node)
{
$hidden_inputs = array();
$flavor_codes = fbml_flavors_get_codes();
$page = 0;
if (($profile = $this->get_env('profile', false)) != null) {
$hidden_inputs['profile'] = $profile;
$page = obj_is_fbpage($profile) ? $profile : 0;
}
if ($this->_fbml_impl->_flavor->get_flavor_code() == $flavor_codes['CANVAS_PAGE']) {
$page = $this->get_env('fb_page_id', false);
}
$who = array('user' => $this->get_env('user'));
if ($page) {
$hidden_inputs += api_canvas_parameters_other_fbpage($page, $this->get_env('user'));
$who['page'] = $page;
}
$require_login = $node->attr_bool('requirelogin', true) && !$this->get_env('loggedout', false);
$hidden_inputs = get_fb_validation_vars($who, $this->get_env('app_id'), $hidden_inputs, array(), $require_login);
$attributes = $this->node_get_safe_attrs($node);
if (isset($attributes['name'])) {
unset($attributes['name']);
}
if (isset($attributes['action'])) {
$allow_rel = $this->allows('relative_urls');
$attributes['action'] = $this->validate_url($attributes['action'], true, $allow_rel, false);
}
if ($require_login) {
// check for a valid session
$session_key = api_get_valid_session_key($this->get_env('user'), $this->get_env('app_id'));
if (!$session_key && $this->_fbml_impl->_flavor->allows('script')) {
$onsubmit = 'var form = this; ';
$onsubmit .= 'FBML.requireLogin(' . $this->get_env('app_id') . ', function() { FBML.addHiddenInputs(form); form.submit(); });';
$onsubmit .= 'return false;';
$attributes['onsubmit'] = $onsubmit;
}
}
$html = $this->render_html_open_tag('form', $attributes);
foreach ($hidden_inputs as $name => $val) {
$html .= $this->render_hidden_input($name, $val);
}
return $html;
}
