/**
* Cross-Site Request Forgery (CSRF) form protection.
* @param string
* @param int
* @return void
*/
public function addProtection($message = NULL, $timeout = NULL)
{
$session = $this->getSession()->getNamespace('Nette.Forms.Form/CSRF');
$key = "key{$timeout}";
if (isset($session->{$key})) {
$token = $session->{$key};
} else {
$session->{$key} = $token = Nette\String::random();
}
$session->setExpiration($timeout, $key);
$this[self::PROTECTOR_ID] = new HiddenField($token);
$this[self::PROTECTOR_ID]->addRule(self::PROTECTION, $message, $token);
}
/**
* @return void
*/
public function __destruct()
{
if (self::$fixIE && isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE ') !== FALSE && in_array($this->code, array(400, 403, 404, 405, 406, 408, 409, 410, 500, 501, 505), TRUE) && $this->getHeader('Content-Type', 'text/html') === 'text/html') {
echo Nette\String::random(2000.0, " \t\r\n");
// sends invisible garbage for IE
self::$fixIE = FALSE;
}
}
/**
* Initializes parsing.
* @param LatteFilter
* @param string
* @return void
*/
public function initialize($filter, & $s)
{
$this->filter = $filter;
$this->nodes = array();
$this->blocks = array();
$this->namedBlocks = array();
$this->extends = NULL;
$this->uniq = String::random();
$this->cacheCounter = 0;
$filter->context = LatteFilter::CONTEXT_TEXT;
$filter->escape = 'Nette\Templates\TemplateHelpers::escapeHtml';
}
/**
* Returns encoded message.
* @return string
*/
public function generateMessage()
{
$output = '';
$boundary = '--------' . Nette\String::random();
foreach ($this->headers as $name => $value) {
$output .= $name . ': ' . $this->getEncodedHeader($name);
if ($this->parts && $name === 'Content-Type') {
$output .= ';' . self::EOL . "\tboundary=\"$boundary\"";
}
$output .= self::EOL;
}
$output .= self::EOL;
$body = (string) $this->body;
if ($body !== '') {
switch ($this->getEncoding()) {
case self::ENCODING_QUOTED_PRINTABLE:
$output .= function_exists('quoted_printable_encode') ? quoted_printable_encode($body) : self::encodeQuotedPrintable($body);
break;
case self::ENCODING_BASE64:
$output .= rtrim(chunk_split(base64_encode($body), self::LINE_LENGTH, self::EOL));
break;
case self::ENCODING_7BIT:
$body = preg_replace('#[\x80-\xFF]+#', '', $body);
// break intentionally omitted
case self::ENCODING_8BIT:
$body = str_replace(array("\x00", "\r"), '', $body);
$body = str_replace("\n", self::EOL, $body);
$output .= $body;
break;
default:
throw new \InvalidStateException('Unknown encoding.');
}
}
if ($this->parts) {
if (substr($output, -strlen(self::EOL)) !== self::EOL) $output .= self::EOL;
foreach ($this->parts as $part) {
$output .= '--' . $boundary . self::EOL . $part->generateMessage() . self::EOL;
}
$output .= '--' . $boundary.'--';
}
return $output;
}
/**
* Stores current request to session.
* @param mixed optional expiration time
* @return string key
*/
public function storeRequest($expiration = '+ 10 minutes')
{
$session = $this->getSession('Nette.Application/requests');
do {
$key = Nette\String::random(5);
} while (isset($session[$key]));
$session[$key] = end($this->requests);
$session->setExpiration($expiration, $key);
return $key;
}
/**
* Builds email.
* @return void
*/
protected function build()
{
$mail = clone $this;
$hostname = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'localhost');
$mail->setHeader('Message-ID', '<' . String::random() . "@$hostname>");
$mail->buildHtml();
$mail->buildText();
$cursor = $mail;
if ($mail->attachments) {
$tmp = $cursor->setContentType('multipart/mixed');
$cursor = $cursor->addPart();
foreach ($mail->attachments as $value) {
$tmp->addPart($value);
}
}
if ($mail->html != NULL) { // intentionally ==
$tmp = $cursor->setContentType('multipart/alternative');
$cursor = $cursor->addPart();
$alt = $tmp->addPart();
if ($mail->inlines) {
$tmp = $alt->setContentType('multipart/related');
$alt = $alt->addPart();
foreach ($mail->inlines as $name => $value) {
$tmp->addPart($value);
}
}
$alt->setContentType('text/html', 'UTF-8')
->setEncoding(preg_match('#[\x80-\xFF]#', $mail->html) ? self::ENCODING_8BIT : self::ENCODING_7BIT)
->setBody($mail->html);
}
$text = $mail->getBody();
$mail->setBody(NULL);
$cursor->setContentType('text/plain', 'UTF-8')
->setEncoding(preg_match('#[\x80-\xFF]#', $text) ? self::ENCODING_8BIT : self::ENCODING_7BIT)
->setBody($text);
return $mail;
}
/**
* Starts and initializes session data.
* @throws \InvalidStateException
* @return void
*/
public function start()
{
if (self::$started) {
return;
} elseif (self::$started === NULL && defined('SID')) {
throw new \InvalidStateException('A session had already been started by session.auto-start or session_start().');
}
$this->configure($this->options);
Nette\Debug::tryError();
session_start();
if (Nette\Debug::catchError($e)) {
@session_write_close(); // this is needed
throw new \InvalidStateException($e->getMessage());
}
self::$started = TRUE;
if ($this->regenerationNeeded) {
session_regenerate_id(TRUE);
$this->regenerationNeeded = FALSE;
}
/* structure:
__NF: Counter, BrowserKey, Data, Meta
DATA: namespace->variable = data
META: namespace->variable = Timestamp, Browser, Version
*/
unset($_SESSION['__NT'], $_SESSION['__NS'], $_SESSION['__NM']); // old unused structures
// initialize structures
$nf = & $_SESSION['__NF'];
if (empty($nf)) { // new session
$nf = array('C' => 0);
} else {
$nf['C']++;
}
// browser closing detection
$browserKey = $this->getHttpRequest()->getCookie('nette-browser');
if (!$browserKey) {
$browserKey = Nette\String::random();
}
$browserClosed = !isset($nf['B']) || $nf['B'] !== $browserKey;
$nf['B'] = $browserKey;
// resend cookie
$this->sendCookie();
// process meta metadata
if (isset($nf['META'])) {
$now = time();
// expire namespace variables
foreach ($nf['META'] as $namespace => $metadata) {
if (is_array($metadata)) {
foreach ($metadata as $variable => $value) {
if ((!empty($value['B']) && $browserClosed) || (!empty($value['T']) && $now > $value['T']) // whenBrowserIsClosed || Time
|| ($variable !== '' && is_object($nf['DATA'][$namespace][$variable]) && (isset($value['V']) ? $value['V'] : NULL) // Version
!== Nette\Reflection\ClassReflection::from($nf['DATA'][$namespace][$variable])->getAnnotation('serializationVersion'))) {
if ($variable === '') { // expire whole namespace
unset($nf['META'][$namespace], $nf['DATA'][$namespace]);
continue 2;
}
unset($nf['META'][$namespace][$variable], $nf['DATA'][$namespace][$variable]);
}
}
}
}
}
register_shutdown_function(array($this, 'clean'));
}
/**
* Returns session namespace provided to pass temporary data between redirects.
* @return Nette\Web\SessionNamespace
*/
public function getFlashSession()
{
if (empty($this->params[self::FLASH_KEY])) {
$this->params[self::FLASH_KEY] = Nette\String::random(4);
}
return $this->getSession('Nette.Application.Flash/' . $this->params[self::FLASH_KEY]);
}
