/** * Processes the request. * * @throws HttpException * @return null */ public function processRequest() { // If this is a resource request, we should respond with the resource ASAP. $this->_processResourceRequest(); $configService = $this->config; // If we're not in devMode, or it's a 'dontExtendSession' request, we're going to remove some logging routes. if (!$configService->get('devMode') || craft()->isInstalled() && !$this->userSession->shouldExtendSession()) { $this->log->removeRoute('WebLogRoute'); $this->log->removeRoute('ProfileLogRoute'); } // Additionally, we don't want these in the log files at all. if (craft()->isInstalled() && !$this->userSession->shouldExtendSession()) { $this->log->removeRoute('FileLogRoute'); } // If this is a CP request, prevent robots from indexing/following the page // (see https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag) if ($this->request->isCpRequest()) { HeaderHelper::setHeader(array('X-Robots-Tag' => 'none')); HeaderHelper::setHeader(array('X-Frame-Options' => 'SAMEORIGIN')); HeaderHelper::setHeader(array('X-Content-Type-Options' => 'nosniff')); } // Send the X-Powered-By header? if ($configService->get('sendPoweredByHeader')) { HeaderHelper::setHeader(array('X-Powered-By' => 'Craft CMS')); } else { // In case PHP is already setting one HeaderHelper::removeHeader('X-Powered-By'); } // Validate some basics on the database configuration file. $this->validateDbConfigFile(); // Process install requests $this->_processInstallRequest(); // If the system in is maintenance mode and it's a site request, throw a 503. if ($this->isInMaintenanceMode() && $this->request->isSiteRequest()) { throw new HttpException(503); } // Check if the app path has changed. If so, run the requirements check again. $this->_processRequirementsCheck(); // Makes sure that the uploaded files are compatible with the current database schema if (!$this->updates->isSchemaVersionCompatible()) { if ($this->request->isCpRequest()) { $version = $this->getVersion(); $build = $this->getBuild(); $url = "https://download.craftcdn.com/craft/{$version}/{$version}.{$build}/Craft-{$version}.{$build}.zip"; throw new HttpException(200, Craft::t('Craft does not support backtracking to this version. Please upload Craft {url} or later.', array('url' => '[' . $build . '](' . $url . ')'))); } else { throw new HttpException(503); } } // isCraftDbMigrationNeeded will return true if we're in the middle of a manual or auto-update for Craft itself. // If we're in maintenance mode and it's not a site request, show the manual update template. if ($this->updates->isCraftDbMigrationNeeded() || $this->isInMaintenanceMode() && $this->request->isCpRequest() || $this->request->getActionSegments() == array('update', 'cleanUp') || $this->request->getActionSegments() == array('update', 'rollback')) { $this->_processUpdateLogic(); } // If there's a new version, but the schema hasn't changed, just update the info table if ($this->updates->hasCraftBuildChanged()) { $this->updates->updateCraftVersionInfo(); } // If the system is offline, make sure they have permission to be here $this->_enforceSystemStatusPermissions(); // Load the plugins $this->plugins->loadPlugins(); // Check if a plugin needs to update the database. if ($this->updates->isPluginDbUpdateNeeded()) { $this->_processUpdateLogic(); } // If this is a non-login, non-validate, non-setPassword CP request, make sure the user has access to the CP if ($this->request->isCpRequest() && !($this->request->isActionRequest() && $this->_isSpecialCaseActionRequest())) { // Make sure the user has access to the CP $this->userSession->requireLogin(); $this->userSession->requirePermission('accessCp'); // If they're accessing a plugin's section, make sure that they have permission to do so $firstSeg = $this->request->getSegment(1); if ($firstSeg) { $plugin = $plugin = $this->plugins->getPlugin($firstSeg); if ($plugin) { $this->userSession->requirePermission('accessPlugin-' . $plugin->getClassHandle()); } } } // If this is an action request, call the controller $this->_processActionRequest(); // If we're still here, finally let UrlManager do it's thing. parent::processRequest(); }