/** * Routes the specified web request by setting the controller name, action and possible * parameters. If the request could not be routed, it will be left untouched. * * @param \F3\FLOW3\MVC\Web\Request $request The web request to be analyzed. Will be modified by the router. * @return void * @author Robert Lemke <*****@*****.**> * @author Bastian Waidelich <*****@*****.**> * @author Karsten Dambekalns <*****@*****.**> */ public function route(\F3\FLOW3\MVC\Web\Request $request) { $this->request = $request; $requestPath = $this->request->getRequestPath(); $matchResults = $this->findMatchResults($requestPath); if ($matchResults !== NULL) { $this->setControllerKeysAndFormat($matchResults); foreach ($matchResults as $argumentName => $argumentValue) { if ($argumentName[0] !== '@') { $this->request->setArgument($argumentName, $argumentValue); } } } $this->setControllerKeysAndFormat($this->request->getArguments()); }
/** * Builds the URI * * @return string The URI * @api * @author Bastian Waidelich <*****@*****.**> */ public function build() { $arguments = array(); if ($this->addQueryString === TRUE) { $arguments = $this->request->getArguments(); foreach ($this->argumentsToBeExcludedFromQueryString as $argumentToBeExcluded) { unset($arguments[$argumentToBeExcluded]); } } $arguments = \F3\FLOW3\Utility\Arrays::arrayMergeRecursiveOverrule($arguments, $this->arguments); $uri = $this->router->resolve($arguments); $this->lastArguments = $arguments; if ($this->section !== '') { $uri .= '#' . $this->section; } if (!$this->environment->isRewriteEnabled()) { $uri = 'index.php/' . $uri; } if ($this->createAbsoluteUri === TRUE) { $uri = $this->request->getBaseUri() . $uri; } return $uri; }
/** * Verify the request. Checks if there is an __hmac argument, and if yes, tries to validate and verify it. * * In the end, $request->setHmacVerified is set depending on the value. * @param \F3\FLOW3\MVC\Web\Request $request The request to verify * @return void * @author Sebastian Kurfürst <*****@*****.**> */ public function verifyRequest(\F3\FLOW3\MVC\Web\Request $request) { if (!$request->hasArgument('__hmac')) { $request->setHmacVerified(FALSE); return; } $hmac = $request->getArgument('__hmac'); if (strlen($hmac) < 40) { throw new \F3\FLOW3\Security\Exception\SyntacticallyWrongRequestHashException('Request hash too short. This is a probably manipulation attempt!', 1255089361); } $serializedFieldNames = substr($hmac, 0, -40); // TODO: Constant for hash length needs to be introduced $hash = substr($hmac, -40); if ($this->hashService->validateHmac($serializedFieldNames, $hash)) { $requestArguments = $request->getArguments(); // Unset framework arguments unset($requestArguments['__referrer']); unset($requestArguments['__hmac']); if ($this->checkFieldNameInclusion($requestArguments, unserialize($serializedFieldNames))) { $request->setHmacVerified(TRUE); } else { $request->setHmacVerified(FALSE); } } else { $request->setHmacVerified(FALSE); } }