/** * Determines the action method and assures that the method exists. * * @return string The action method name * @throws \F3\FLOW3\MVC\Exception\NoSuchActionException if the action specified in the request object does not exist (and if there's no default action either). * @author Robert Lemke <*****@*****.**> */ protected function resolveActionMethodName() { if ($this->request->getControllerActionName() === 'index') { $actionName = 'index'; switch ($this->request->getMethod()) { case 'GET': $actionName = $this->request->hasArgument('id') ? 'show' : 'list'; break; case 'POST': $actionName = 'create'; break; case 'PUT': if (!$this->request->hasArgument('id')) { $this->throwStatus(400, NULL, 'Missing identifier'); } $actionName = 'update'; break; case 'DELETE': if (!$this->request->hasArgument('id')) { $this->throwStatus(400, NULL, 'Missing identifier'); } $actionName = 'delete'; break; } $this->request->setControllerActionName($actionName); } return parent::resolveActionMethodName(); }
/** * Verify the request. Checks if there is an __hmac argument, and if yes, tries to validate and verify it. * * In the end, $request->setHmacVerified is set depending on the value. * @param \F3\FLOW3\MVC\Web\Request $request The request to verify * @return void * @author Sebastian Kurfürst <*****@*****.**> */ public function verifyRequest(\F3\FLOW3\MVC\Web\Request $request) { if (!$request->hasArgument('__hmac')) { $request->setHmacVerified(FALSE); return; } $hmac = $request->getArgument('__hmac'); if (strlen($hmac) < 40) { throw new \F3\FLOW3\Security\Exception\SyntacticallyWrongRequestHashException('Request hash too short. This is a probably manipulation attempt!', 1255089361); } $serializedFieldNames = substr($hmac, 0, -40); // TODO: Constant for hash length needs to be introduced $hash = substr($hmac, -40); if ($this->hashService->validateHmac($serializedFieldNames, $hash)) { $requestArguments = $request->getArguments(); // Unset framework arguments unset($requestArguments['__referrer']); unset($requestArguments['__hmac']); if ($this->checkFieldNameInclusion($requestArguments, unserialize($serializedFieldNames))) { $request->setHmacVerified(TRUE); } else { $request->setHmacVerified(FALSE); } } else { $request->setHmacVerified(FALSE); } }
/** * Takes the raw request data and - depending on the request method * maps them into the request object. Afterwards all mapped arguments * can be retrieved by the getArgument(s) method, no matter if they * have been GET, POST or PUT arguments before. * * @param \F3\FLOW3\MVC\Web\Request $request The web request which will contain the arguments * @return void * @author Robert Lemke <*****@*****.**> */ protected function setArgumentsFromRawRequestData(\F3\FLOW3\MVC\Web\Request $request) { foreach ($request->getRequestUri()->getArguments() as $argumentName => $argumentValue) { $request->setArgument($argumentName, $argumentValue); } switch ($request->getMethod()) { case 'POST': foreach ($this->environment->getRawPostArguments() as $argumentName => $argumentValue) { $request->setArgument($argumentName, $argumentValue); } foreach ($this->environment->getUploadedFiles() as $argumentName => $argumentValue) { if ($request->hasArgument($argumentName)) { $existingArgumentValue = $request->getArgument($argumentName); if (is_array($existingArgumentValue)) { $request->setArgument($argumentName, \F3\FLOW3\Utility\Arrays::arrayMergeRecursiveOverrule($existingArgumentValue, $argumentValue)); } } else { $request->setArgument($argumentName, $argumentValue); } } break; # case 'PUT' : # $putArguments = array(); # parse_str(file_get_contents("php://input"), $putArguments); # foreach ($putArguments as $argumentName => $argumentValue) { # $request->setArgument($argumentName, $argumentValue); # } # break; } }