1 | <?php |
||||
2 | /** |
||||
3 | * Elgg Actions |
||||
4 | * |
||||
5 | * @see http://learn.elgg.org/en/latest/guides/actions.html |
||||
6 | * |
||||
7 | * @package Elgg.Core |
||||
8 | * @subpackage Actions |
||||
9 | */ |
||||
10 | |||||
11 | use Elgg\Http\ResponseBuilder; |
||||
12 | use Elgg\Database\SiteSecret; |
||||
13 | |||||
14 | /** |
||||
15 | * Handle a request for an action |
||||
16 | * |
||||
17 | * @param array $segments URL segments that make up action name |
||||
18 | * |
||||
19 | * @return ResponseBuilder|null |
||||
20 | * @access private |
||||
21 | */ |
||||
22 | function _elgg_action_handler(array $segments) { |
||||
23 | 23 | return _elgg_services()->actions->execute(implode('/', $segments)); |
|||
24 | } |
||||
25 | |||||
26 | /** |
||||
27 | * Perform an action. |
||||
28 | * |
||||
29 | * This function executes the action with name $action as registered |
||||
30 | * by {@link elgg_register_action()}. |
||||
31 | * |
||||
32 | * The plugin hook 'action', $action_name will be triggered before the action |
||||
33 | * is executed. If a handler returns false, it will prevent the action script |
||||
34 | * from being called. |
||||
35 | * |
||||
36 | * @note If an action isn't registered in the system or is registered |
||||
37 | * to an unavailable file the user will be forwarded to the site front |
||||
38 | * page and an error will be emitted via {@link register_error()}. |
||||
39 | * |
||||
40 | * @warning All actions require CSRF tokens. |
||||
41 | * |
||||
42 | * @param string $action The requested action |
||||
43 | * Name of the registered action |
||||
44 | * @param string $forwarder The location to forward to |
||||
45 | * Forwarding to this location will only take place if |
||||
46 | * action script file is not calling forward() |
||||
47 | * Defaults to index URL |
||||
48 | * Use REFERRER to forward to the referring page |
||||
49 | * @see elgg_register_action() |
||||
50 | * |
||||
51 | * @return void |
||||
52 | * @access private |
||||
53 | */ |
||||
54 | function action($action, $forwarder = "") { |
||||
55 | $response = _elgg_services()->actions->execute($action, $forwarder); |
||||
56 | if ($response instanceof ResponseBuilder) { |
||||
57 | // in case forward() wasn't called in the action |
||||
58 | _elgg_services()->responseFactory->respond($response); |
||||
59 | } |
||||
60 | _elgg_services()->responseFactory->redirect(REFERRER, 'csrf'); |
||||
61 | } |
||||
62 | |||||
63 | /** |
||||
64 | * Registers an action. |
||||
65 | * |
||||
66 | * Actions are registered to a script in the system and are executed |
||||
67 | * by the URL http://elggsite.org/action/action_name/. |
||||
68 | * |
||||
69 | * $filename must be the full path of the file to register or a path relative |
||||
70 | * to the core actions/ dir. |
||||
71 | * |
||||
72 | * Actions should be namedspaced for your plugin. Example: |
||||
73 | * <code> |
||||
74 | * elgg_register_action('myplugin/save_settings', ...); |
||||
75 | * </code> |
||||
76 | * |
||||
77 | * @tip Put action files under the actions/<plugin_name> directory of your plugin. |
||||
78 | * |
||||
79 | * @tip You don't need to use Elgg\Application in your action files. |
||||
80 | * |
||||
81 | * @param string $action The name of the action (eg "register", "account/settings/save") |
||||
82 | * @param string $filename Optionally, the filename where this action is located. If not specified, |
||||
83 | * will assume the action is in elgg/actions/<action>.php |
||||
84 | * @param string $access Who is allowed to execute this action: public, logged_in, admin. |
||||
85 | * (default: logged_in) |
||||
86 | * |
||||
87 | * @return bool |
||||
88 | */ |
||||
89 | function elgg_register_action($action, $filename = "", $access = 'logged_in') { |
||||
90 | 31 | return _elgg_services()->actions->register($action, $filename, $access); |
|||
91 | } |
||||
92 | |||||
93 | /** |
||||
94 | * Unregisters an action |
||||
95 | * |
||||
96 | * @param string $action Action name |
||||
97 | * @return bool |
||||
98 | * @since 1.8.1 |
||||
99 | */ |
||||
100 | function elgg_unregister_action($action) { |
||||
101 | return _elgg_services()->actions->unregister($action); |
||||
102 | } |
||||
103 | |||||
104 | /** |
||||
105 | * Get an HMAC token builder/validator object |
||||
106 | * |
||||
107 | * @param mixed $data HMAC data string or serializable data |
||||
108 | * @return \Elgg\Security\Hmac |
||||
109 | * @since 1.11 |
||||
110 | */ |
||||
111 | function elgg_build_hmac($data) { |
||||
112 | 5 | return _elgg_services()->hmac->getHmac($data); |
|||
113 | } |
||||
114 | |||||
115 | /** |
||||
116 | * Validate an action token. |
||||
117 | * |
||||
118 | * Calls to actions will automatically validate tokens. If tokens are not |
||||
119 | * present or invalid, the action will be denied and the user will be redirected. |
||||
120 | * |
||||
121 | * Plugin authors should never have to manually validate action tokens. |
||||
122 | * |
||||
123 | * @param bool $visible_errors Emit {@link register_error()} errors on failure? |
||||
124 | * @param mixed $token The token to test against. Default: $_REQUEST['__elgg_token'] |
||||
125 | * @param mixed $ts The time stamp to test against. Default: $_REQUEST['__elgg_ts'] |
||||
126 | * |
||||
127 | * @return bool |
||||
128 | * @see generate_action_token() |
||||
129 | * @access private |
||||
130 | */ |
||||
131 | function validate_action_token($visible_errors = true, $token = null, $ts = null) { |
||||
132 | return _elgg_services()->actions->validateActionToken($visible_errors, $token, $ts); |
||||
133 | } |
||||
134 | |||||
135 | /** |
||||
136 | * Validates the presence of action tokens. |
||||
137 | * |
||||
138 | * This function is called for all actions. If action tokens are missing, |
||||
139 | * the user will be forwarded to the site front page and an error emitted. |
||||
140 | * |
||||
141 | * This function verifies form input for security features (like a generated token), |
||||
142 | * and forwards if they are invalid. |
||||
143 | * |
||||
144 | * @param string $action The action being performed |
||||
145 | * |
||||
146 | * @return mixed True if valid or redirects. |
||||
147 | * @access private |
||||
148 | */ |
||||
149 | function action_gatekeeper($action) { |
||||
150 | return _elgg_services()->actions->gatekeeper($action); |
||||
151 | } |
||||
152 | |||||
153 | /** |
||||
154 | * Generate an action token. |
||||
155 | * |
||||
156 | * Action tokens are based on timestamps as returned by {@link time()}. |
||||
157 | * They are valid for one hour. |
||||
158 | * |
||||
159 | * Action tokens should be passed to all actions name __elgg_ts and __elgg_token. |
||||
160 | * |
||||
161 | * @warning Action tokens are required for all actions. |
||||
162 | * |
||||
163 | * @param int $timestamp Unix timestamp |
||||
164 | * |
||||
165 | * @see @elgg_view input/securitytoken |
||||
166 | * @see @elgg_view input/form |
||||
167 | * |
||||
168 | * @return string|false |
||||
169 | */ |
||||
170 | function generate_action_token($timestamp) { |
||||
171 | 1 | return _elgg_services()->actions->generateActionToken($timestamp); |
|||
172 | } |
||||
173 | |||||
174 | /** |
||||
175 | * Regenerate a new site key (32 bytes: "z" to indicate format + 186-bit key in Base64 URL). |
||||
176 | * |
||||
177 | * @return mixed The site secret hash |
||||
178 | * @access private |
||||
179 | */ |
||||
180 | function init_site_secret() { |
||||
181 | 2 | $secret = SiteSecret::regenerate(_elgg_services()->crypto, _elgg_services()->configTable); |
|||
182 | 2 | _elgg_services()->setValue('siteSecret', $secret); |
|||
183 | 2 | return $secret->get(); |
|||
184 | } |
||||
185 | |||||
186 | /** |
||||
187 | * Get the strength of the site secret |
||||
188 | * |
||||
189 | * @return string "strong", "moderate", or "weak" |
||||
190 | * @access private |
||||
191 | */ |
||||
192 | function _elgg_get_site_secret_strength() { |
||||
193 | return _elgg_services()->siteSecret->getStrength(); |
||||
194 | } |
||||
195 | |||||
196 | /** |
||||
197 | * Check if an action is registered and its script exists. |
||||
198 | * |
||||
199 | * @param string $action Action name |
||||
200 | * |
||||
201 | * @return bool |
||||
202 | * @since 1.8.0 |
||||
203 | */ |
||||
204 | function elgg_action_exists($action) { |
||||
205 | return _elgg_services()->actions->exists($action); |
||||
206 | } |
||||
207 | |||||
208 | /** |
||||
209 | * Checks whether the request was requested via ajax |
||||
210 | * |
||||
211 | * @return bool whether page was requested via ajax |
||||
212 | * @since 1.8.0 |
||||
213 | */ |
||||
214 | function elgg_is_xhr() { |
||||
215 | 23 | return _elgg_services()->request->isXmlHttpRequest(); |
|||
216 | } |
||||
217 | |||||
218 | /** |
||||
219 | * Send an updated CSRF token, provided the page's current tokens were not fake. |
||||
220 | * |
||||
221 | * @return ResponseBuilder |
||||
222 | * @access private |
||||
223 | */ |
||||
224 | function _elgg_csrf_token_refresh() { |
||||
225 | return _elgg_services()->actions->handleTokenRefreshRequest(); |
||||
226 | } |
||||
227 | |||||
228 | /** |
||||
229 | * @see \Elgg\Application::loadCore Do not do work here. Just register for events. |
||||
230 | */ |
||||
231 | return function(\Elgg\EventsService $events, \Elgg\HooksRegistrationService $hooks) { |
||||
1 ignored issue
–
show
The parameter
$hooks is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
|
|||||
232 | |||||
233 | }; |
||||
234 |
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.