/** * refuseIfRequested * * Convenience method to halt the PHP engine if certain files are included * which should not be served directly by the HTTP server to the connected * client. This method calls die() after formally delivering an HTTP error * response to the client. */ static function refuseIfRequested($status = null, $message = '') { // Fetch filename of caller $bt = debug_backtrace(false); if (0 === strcasecmp(basename($_SERVER['SCRIPT_NAME']), basename($bt[0]['file']))) { $ex = new static($message, $status); $request = Request::getCurrent() ?: new Request(null); $resp = $ex->getResponse($request); $resp->output($request); die; } }
function processException($hander, $ex) { $request = Request::getCurrent(); foreach ($this as $mw) { $response = $mw->processException($request, $ex); if ($response && $response instanceof Response) { return $response; } } if (method_exists($ex, 'getResponse')) { return $ex->getResponse($request); } }
function isValid() { $settings = Request::getCurrent()->getSettings(); // 1. Check for consistent remote address (for IP binding) if (isset($this->internal['ip']) && $this->internal['ip'] != $request->getRemoteAddress()) { throw new Exception\InvalidSession(); } // 2. If the current request is HTTPS and if that differs from what // the session was created for if (isset($this->internal['https']) && $this->internal['https'] != $request->isHttps()) { throw new Exception\InvalidSession(); } // 3. Check for idle timeout $deadband = $settings->get('SESSION_IDLE', static::$idle_time); if (isset($this->internal['idle']) && time() - $this->internal['idle'] > $deadband) { throw new Exception\IdleTimeout(); } }