|
1
|
|
|
<?php |
|
2
|
|
|
namespace Redaxscript\Router; |
|
3
|
|
|
|
|
4
|
|
|
use Redaxscript\Controller; |
|
5
|
|
|
use Redaxscript\Filter; |
|
6
|
|
|
use Redaxscript\Header; |
|
7
|
|
|
use Redaxscript\Model; |
|
8
|
|
|
use Redaxscript\Module; |
|
9
|
|
|
use Redaxscript\Validator; |
|
10
|
|
|
use Redaxscript\View; |
|
11
|
|
|
|
|
12
|
|
|
/** |
|
13
|
|
|
* parent class to provide the router |
|
14
|
|
|
* |
|
15
|
|
|
* @since 3.3.0 |
|
16
|
|
|
* |
|
17
|
|
|
* @package Redaxscript |
|
18
|
|
|
* @category Router |
|
19
|
|
|
* @author Henry Ruhs |
|
20
|
|
|
*/ |
|
21
|
|
|
|
|
22
|
|
|
class Router extends RouterAbstract |
|
23
|
|
|
{ |
|
24
|
|
|
/** |
|
25
|
|
|
* route the header |
|
26
|
|
|
* |
|
27
|
|
|
* @since 3.3.0 |
|
28
|
|
|
* |
|
29
|
|
|
* @return bool |
|
30
|
|
|
*/ |
|
31
|
|
|
|
|
32
|
3 |
|
public function routeHeader() : bool |
|
33
|
|
|
{ |
|
34
|
3 |
|
Module\Hook::trigger('routeHeader'); |
|
35
|
|
|
|
|
36
|
|
|
/* handle break */ |
|
37
|
|
|
|
|
38
|
3 |
|
if ($this->_registry->get('routerBreak')) |
|
39
|
|
|
{ |
|
40
|
1 |
|
Header::responseCode(202); |
|
41
|
|
|
} |
|
42
|
|
|
|
|
43
|
|
|
/* handle guard */ |
|
44
|
|
|
|
|
45
|
3 |
|
if ($this->_tokenGuard()) |
|
46
|
|
|
{ |
|
47
|
1 |
|
Header::responseCode(403); |
|
48
|
|
|
} |
|
49
|
3 |
|
if ($this->_authGuard()) |
|
50
|
|
|
{ |
|
51
|
|
|
Header::responseCode(403); |
|
52
|
|
|
} |
|
53
|
|
|
|
|
54
|
|
|
/* handle validator */ |
|
55
|
|
|
|
|
56
|
3 |
|
if ($this->_aliasValidator()) |
|
57
|
|
|
{ |
|
58
|
|
|
Header::responseCode(202); |
|
59
|
|
|
} |
|
60
|
3 |
|
else if (!$this->_contentValidator()) |
|
61
|
|
|
{ |
|
62
|
|
|
Header::responseCode(404); |
|
63
|
|
|
} |
|
64
|
|
|
|
|
65
|
|
|
/* handle post */ |
|
66
|
|
|
|
|
67
|
3 |
|
if ($this->_request->getPost('Redaxscript\View\SearchForm')) |
|
68
|
|
|
{ |
|
69
|
1 |
|
return $this->_redirectSearch(); |
|
70
|
|
|
} |
|
71
|
2 |
|
return (bool)$this->_registry->get('routerBreak'); |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
/** |
|
75
|
|
|
* route the content |
|
76
|
|
|
* |
|
77
|
|
|
* @since 3.3.0 |
|
78
|
|
|
* |
|
79
|
|
|
* @return string|null |
|
80
|
|
|
*/ |
|
81
|
|
|
|
|
82
|
17 |
|
public function routeContent() : ?string |
|
83
|
|
|
{ |
|
84
|
17 |
|
Module\Hook::trigger('routeContent'); |
|
85
|
17 |
|
$firstParameter = $this->getFirst(); |
|
86
|
17 |
|
$fileInstall = $this->_registry->get('file') === 'install.php' && $this->_config->get('env') !== 'production'; |
|
87
|
|
|
|
|
88
|
|
|
/* handle break */ |
|
89
|
|
|
|
|
90
|
17 |
|
if ($this->_registry->get('routerBreak')) |
|
91
|
|
|
{ |
|
92
|
|
|
return '<!-- routerBreak -->'; |
|
93
|
|
|
} |
|
94
|
|
|
|
|
95
|
|
|
/* handle guard */ |
|
96
|
|
|
|
|
97
|
17 |
|
if ($this->_tokenGuard()) |
|
98
|
|
|
{ |
|
99
|
1 |
|
return $this->_errorToken(); |
|
100
|
|
|
} |
|
101
|
16 |
|
if ($this->_authGuard()) |
|
102
|
|
|
{ |
|
103
|
|
|
return $this->_errorAccess(); |
|
104
|
|
|
} |
|
105
|
|
|
|
|
106
|
|
|
/* handle post */ |
|
107
|
|
|
|
|
108
|
16 |
|
if ($this->_request->getPost('Redaxscript\View\CommentForm')) |
|
109
|
|
|
{ |
|
110
|
1 |
|
return $this->_processComment(); |
|
111
|
|
|
} |
|
112
|
15 |
|
if ($this->_request->getPost('Redaxscript\View\LoginForm')) |
|
113
|
|
|
{ |
|
114
|
1 |
|
return $this->_processLogin(); |
|
115
|
|
|
} |
|
116
|
14 |
|
if ($this->_request->getPost('Redaxscript\View\ResetForm')) |
|
117
|
|
|
{ |
|
118
|
1 |
|
return $this->_processReset(); |
|
119
|
|
|
} |
|
120
|
13 |
|
if ($this->_request->getPost('Redaxscript\View\RecoverForm')) |
|
121
|
|
|
{ |
|
122
|
1 |
|
return $this->_processRecover(); |
|
123
|
|
|
} |
|
124
|
12 |
|
if ($this->_request->getPost('Redaxscript\View\RegisterForm')) |
|
125
|
|
|
{ |
|
126
|
1 |
|
return $this->_processRegister(); |
|
127
|
|
|
} |
|
128
|
11 |
|
if ($fileInstall && $this->_request->getPost('Redaxscript\View\InstallForm')) |
|
129
|
|
|
{ |
|
130
|
1 |
|
return $this->_processInstall(); |
|
131
|
|
|
} |
|
132
|
|
|
|
|
133
|
|
|
/* handle route */ |
|
134
|
|
|
|
|
135
|
10 |
|
if ($firstParameter === 'search') |
|
136
|
|
|
{ |
|
137
|
1 |
|
return $this->_processSearch(); |
|
138
|
|
|
} |
|
139
|
9 |
|
if ($firstParameter === 'login') |
|
140
|
|
|
{ |
|
141
|
4 |
|
return $this->_renderLogin(); |
|
142
|
|
|
} |
|
143
|
5 |
|
if ($firstParameter === 'logout') |
|
144
|
|
|
{ |
|
145
|
1 |
|
return $this->_processLogout(); |
|
146
|
|
|
} |
|
147
|
4 |
|
if ($firstParameter === 'register') |
|
148
|
|
|
{ |
|
149
|
2 |
|
return $this->_renderRegister(); |
|
150
|
|
|
} |
|
151
|
2 |
|
if ($fileInstall) |
|
152
|
|
|
{ |
|
153
|
1 |
|
return $this->_renderInstall(); |
|
154
|
|
|
} |
|
155
|
1 |
|
return null; |
|
156
|
|
|
} |
|
157
|
|
|
|
|
158
|
|
|
/** |
|
159
|
|
|
* token guard |
|
160
|
|
|
* |
|
161
|
|
|
* @since 3.3.0 |
|
162
|
|
|
* |
|
163
|
|
|
* @return bool |
|
164
|
|
|
*/ |
|
165
|
|
|
|
|
166
|
20 |
|
protected function _tokenGuard() : bool |
|
167
|
|
|
{ |
|
168
|
20 |
|
return $this->_request->get('post') && $this->_request->getPost('token') !== $this->_registry->get('token'); |
|
169
|
|
|
} |
|
170
|
|
|
|
|
171
|
|
|
/** |
|
172
|
|
|
* auth guard |
|
173
|
|
|
* |
|
174
|
|
|
* @since 3.3.0 |
|
175
|
|
|
* |
|
176
|
|
|
* @return bool |
|
177
|
|
|
*/ |
|
178
|
|
|
|
|
179
|
19 |
|
protected function _authGuard() : bool |
|
180
|
|
|
{ |
|
181
|
19 |
|
return $this->_registry->get('token') !== $this->_registry->get('loggedIn') && $this->_registry->get('firstParameter') === 'admin'; |
|
182
|
|
|
} |
|
183
|
|
|
|
|
184
|
|
|
/** |
|
185
|
|
|
* alias validator |
|
186
|
|
|
* |
|
187
|
|
|
* @since 4.0.0 |
|
188
|
|
|
* |
|
189
|
|
|
* @return bool |
|
190
|
|
|
*/ |
|
191
|
|
|
|
|
192
|
3 |
|
protected function _aliasValidator() : bool |
|
193
|
|
|
{ |
|
194
|
3 |
|
$aliasValidator = new Validator\Alias(); |
|
195
|
3 |
|
return $aliasValidator->matchSystem($this->_registry->get('firstParameter')); |
|
|
|
|
|
|
196
|
|
|
} |
|
197
|
|
|
|
|
198
|
|
|
/** |
|
199
|
|
|
* content validator |
|
200
|
|
|
* |
|
201
|
|
|
* @since 4.0.0 |
|
202
|
|
|
* |
|
203
|
|
|
* @return bool |
|
204
|
|
|
*/ |
|
205
|
|
|
|
|
206
|
3 |
|
protected function _contentValidator() : bool |
|
207
|
|
|
{ |
|
208
|
3 |
|
return $this->_registry->get('lastId') > 0; |
|
209
|
|
|
} |
|
210
|
|
|
|
|
211
|
|
|
/** |
|
212
|
|
|
* redirect the search |
|
213
|
|
|
* |
|
214
|
|
|
* @since 3.3.0 |
|
215
|
|
|
* |
|
216
|
|
|
* @return bool |
|
217
|
|
|
*/ |
|
218
|
|
|
|
|
219
|
1 |
|
protected function _redirectSearch() : bool |
|
220
|
|
|
{ |
|
221
|
1 |
|
$aliasFilter = new Filter\Alias(); |
|
222
|
1 |
|
$root = $this->_registry->get('root'); |
|
223
|
1 |
|
$parameterRoute = $this->_registry->get('parameterRoute'); |
|
224
|
|
|
|
|
225
|
|
|
/* handle post */ |
|
226
|
|
|
|
|
227
|
1 |
|
$table = $aliasFilter->sanitize($this->_request->getPost('table')); |
|
|
|
|
|
|
228
|
1 |
|
$search = $aliasFilter->sanitize($this->_request->getPost('search')); |
|
|
|
|
|
|
229
|
1 |
|
$tableString = $table ? '/' . $table : null; |
|
230
|
1 |
|
$searchString = $search ? '/' . $search : null; |
|
231
|
|
|
|
|
232
|
|
|
/* redirect */ |
|
233
|
|
|
|
|
234
|
1 |
|
return Header::doRedirect($root . '/' . $parameterRoute . 'search' . $tableString . $searchString); |
|
235
|
|
|
} |
|
236
|
|
|
|
|
237
|
|
|
/** |
|
238
|
|
|
* process the search |
|
239
|
|
|
* |
|
240
|
|
|
* @since 3.3.0 |
|
241
|
|
|
* |
|
242
|
|
|
* @return string |
|
243
|
|
|
*/ |
|
244
|
|
|
|
|
245
|
1 |
|
protected function _processSearch() : string |
|
246
|
|
|
{ |
|
247
|
1 |
|
$searchController = new Controller\Search($this->_registry, $this->_request, $this->_language, $this->_config); |
|
248
|
1 |
|
return $searchController->process(); |
|
249
|
|
|
} |
|
250
|
|
|
|
|
251
|
|
|
/** |
|
252
|
|
|
* process the comment |
|
253
|
|
|
* |
|
254
|
|
|
* @since 3.3.0 |
|
255
|
|
|
* |
|
256
|
|
|
* @return string |
|
257
|
|
|
*/ |
|
258
|
|
|
|
|
259
|
1 |
|
protected function _processComment() : string |
|
260
|
|
|
{ |
|
261
|
1 |
|
$commentController = new Controller\Comment($this->_registry, $this->_request, $this->_language, $this->_config); |
|
262
|
1 |
|
return $commentController->process(); |
|
263
|
|
|
} |
|
264
|
|
|
|
|
265
|
|
|
/** |
|
266
|
|
|
* process the login |
|
267
|
|
|
* |
|
268
|
|
|
* @since 3.3.0 |
|
269
|
|
|
* |
|
270
|
|
|
* @return string |
|
271
|
|
|
*/ |
|
272
|
|
|
|
|
273
|
1 |
|
protected function _processLogin() : string |
|
274
|
|
|
{ |
|
275
|
1 |
|
$loginController = new Controller\Login($this->_registry, $this->_request, $this->_language, $this->_config); |
|
276
|
1 |
|
return $loginController->process(); |
|
277
|
|
|
} |
|
278
|
|
|
|
|
279
|
|
|
/** |
|
280
|
|
|
* process the reset |
|
281
|
|
|
* |
|
282
|
|
|
* @since 3.3.0 |
|
283
|
|
|
* |
|
284
|
|
|
* @return string |
|
285
|
|
|
*/ |
|
286
|
|
|
|
|
287
|
1 |
|
protected function _processReset() : string |
|
288
|
|
|
{ |
|
289
|
1 |
|
$resetController = new Controller\Reset($this->_registry, $this->_request, $this->_language, $this->_config); |
|
290
|
1 |
|
return $resetController->process(); |
|
291
|
|
|
} |
|
292
|
|
|
|
|
293
|
|
|
/** |
|
294
|
|
|
* process the recover |
|
295
|
|
|
* |
|
296
|
|
|
* @since 3.3.0 |
|
297
|
|
|
* |
|
298
|
|
|
* @return string |
|
299
|
|
|
*/ |
|
300
|
|
|
|
|
301
|
1 |
|
protected function _processRecover() : string |
|
302
|
|
|
{ |
|
303
|
1 |
|
$recoverController = new Controller\Recover($this->_registry, $this->_request, $this->_language, $this->_config); |
|
304
|
1 |
|
return $recoverController->process(); |
|
305
|
|
|
} |
|
306
|
|
|
|
|
307
|
|
|
/** |
|
308
|
|
|
* process the register |
|
309
|
|
|
* |
|
310
|
|
|
* @since 3.3.0 |
|
311
|
|
|
* |
|
312
|
|
|
* @return string |
|
313
|
|
|
*/ |
|
314
|
|
|
|
|
315
|
1 |
|
protected function _processRegister() : string |
|
316
|
|
|
{ |
|
317
|
1 |
|
$registerController = new Controller\Register($this->_registry, $this->_request, $this->_language, $this->_config); |
|
318
|
1 |
|
return $registerController->process(); |
|
319
|
|
|
} |
|
320
|
|
|
|
|
321
|
|
|
/** |
|
322
|
|
|
* process the logout |
|
323
|
|
|
* |
|
324
|
|
|
* @since 3.3.0 |
|
325
|
|
|
* |
|
326
|
|
|
* @return string |
|
327
|
|
|
*/ |
|
328
|
|
|
|
|
329
|
1 |
|
protected function _processLogout() : string |
|
330
|
|
|
{ |
|
331
|
1 |
|
$logoutController = new Controller\Logout($this->_registry, $this->_request, $this->_language, $this->_config); |
|
332
|
1 |
|
return $logoutController->process(); |
|
333
|
|
|
} |
|
334
|
|
|
|
|
335
|
|
|
/** |
|
336
|
|
|
* process the install |
|
337
|
|
|
* |
|
338
|
|
|
* @since 3.3.0 |
|
339
|
|
|
* |
|
340
|
|
|
* @return string |
|
341
|
|
|
*/ |
|
342
|
|
|
|
|
343
|
1 |
|
protected function _processInstall() : string |
|
344
|
|
|
{ |
|
345
|
1 |
|
$emailFilter = new Filter\Email(); |
|
346
|
1 |
|
$passwordFilter = new Filter\Password(); |
|
347
|
1 |
|
$textFilter = new Filter\Text(); |
|
348
|
1 |
|
$userFilter = new Filter\User(); |
|
349
|
1 |
|
$this->_request->setSession('installArray', |
|
350
|
|
|
[ |
|
351
|
1 |
|
'dbType' => $this->_request->getPost('db-type'), |
|
352
|
1 |
|
'dbHost' => $this->_request->getPost('db-host'), |
|
353
|
1 |
|
'dbName' => $this->_request->getPost('db-name'), |
|
354
|
1 |
|
'dbUser' => $this->_request->getPost('db-user'), |
|
355
|
1 |
|
'dbPassword' => $this->_request->getPost('db-password'), |
|
356
|
1 |
|
'dbPrefix' => $this->_request->getPost('db-prefix'), |
|
357
|
1 |
|
'adminName' => $textFilter->sanitize($this->_request->getPost('admin-name')), |
|
|
|
|
|
|
358
|
1 |
|
'adminUser' => $userFilter->sanitize($this->_request->getPost('admin-user')), |
|
|
|
|
|
|
359
|
1 |
|
'adminPassword' => $passwordFilter->sanitize($this->_request->getPost('admin-password')), |
|
|
|
|
|
|
360
|
1 |
|
'adminEmail' => $emailFilter->sanitize($this->_request->getPost('admin-email')), |
|
|
|
|
|
|
361
|
|
|
]); |
|
362
|
1 |
|
$installController = new Controller\Install($this->_registry, $this->_request, $this->_language, $this->_config); |
|
363
|
1 |
|
return $installController->process(); |
|
364
|
|
|
} |
|
365
|
|
|
|
|
366
|
|
|
/** |
|
367
|
|
|
* render the login |
|
368
|
|
|
* |
|
369
|
|
|
* @since 3.3.0 |
|
370
|
|
|
* |
|
371
|
|
|
* @return string |
|
372
|
|
|
*/ |
|
373
|
|
|
|
|
374
|
4 |
|
protected function _renderLogin() : string |
|
375
|
|
|
{ |
|
376
|
4 |
|
$secondParameter = $this->getSecond(); |
|
377
|
4 |
|
$thirdParameter = $this->getThird(); |
|
378
|
4 |
|
$thirdSubParameter = $this->getThirdSub(); |
|
379
|
4 |
|
$settingModel = new Model\Setting(); |
|
380
|
|
|
|
|
381
|
|
|
/* handle login */ |
|
382
|
|
|
|
|
383
|
4 |
|
if ($settingModel->get('recovery')) |
|
|
|
|
|
|
384
|
|
|
{ |
|
385
|
2 |
|
if ($secondParameter === 'recover') |
|
386
|
|
|
{ |
|
387
|
1 |
|
$recoverForm = new View\RecoverForm($this->_registry, $this->_language); |
|
388
|
1 |
|
return $recoverForm->render(); |
|
389
|
|
|
} |
|
390
|
1 |
|
if ($secondParameter === 'reset' && $thirdParameter && $thirdSubParameter) |
|
|
|
|
|
|
391
|
|
|
{ |
|
392
|
1 |
|
$resetForm = new View\ResetForm($this->_registry, $this->_language); |
|
393
|
1 |
|
return $resetForm->render(); |
|
394
|
|
|
} |
|
395
|
|
|
} |
|
396
|
2 |
|
if (!$secondParameter) |
|
|
|
|
|
|
397
|
|
|
{ |
|
398
|
1 |
|
$loginForm = new View\LoginForm($this->_registry, $this->_language); |
|
399
|
1 |
|
return $loginForm->render(); |
|
400
|
|
|
} |
|
401
|
1 |
|
return $this->_errorAccess(); |
|
402
|
|
|
} |
|
403
|
|
|
|
|
404
|
|
|
/** |
|
405
|
|
|
* render the register |
|
406
|
|
|
* |
|
407
|
|
|
* @since 3.3.0 |
|
408
|
|
|
* |
|
409
|
|
|
* @return string |
|
410
|
|
|
*/ |
|
411
|
|
|
|
|
412
|
2 |
|
protected function _renderRegister() : string |
|
413
|
|
|
{ |
|
414
|
2 |
|
$settingModel = new Model\Setting(); |
|
415
|
2 |
|
if ($settingModel->get('registration')) |
|
|
|
|
|
|
416
|
|
|
{ |
|
417
|
1 |
|
$registerForm = new View\RegisterForm($this->_registry, $this->_language); |
|
418
|
1 |
|
return $registerForm->render(); |
|
419
|
|
|
} |
|
420
|
1 |
|
return $this->_errorAccess(); |
|
421
|
|
|
} |
|
422
|
|
|
|
|
423
|
|
|
/** |
|
424
|
|
|
* render the install |
|
425
|
|
|
* |
|
426
|
|
|
* @since 3.3.0 |
|
427
|
|
|
* |
|
428
|
|
|
* @return string |
|
429
|
|
|
*/ |
|
430
|
|
|
|
|
431
|
1 |
|
protected function _renderInstall() : string |
|
432
|
|
|
{ |
|
433
|
1 |
|
$installArray = $this->_request->getSession('installArray'); |
|
434
|
1 |
|
$systemStatus = new View\SystemStatus($this->_registry, $this->_language); |
|
435
|
1 |
|
$installForm = new View\InstallForm($this->_registry, $this->_language); |
|
436
|
1 |
|
return $systemStatus->render() . $installForm->render($installArray ? : []); |
|
|
|
|
|
|
437
|
|
|
} |
|
438
|
|
|
|
|
439
|
|
|
/** |
|
440
|
|
|
* messenger factory |
|
441
|
|
|
* |
|
442
|
|
|
* @since 4.0.0 |
|
443
|
|
|
* |
|
444
|
|
|
* @return View\Helper\Messenger |
|
445
|
|
|
*/ |
|
446
|
|
|
|
|
447
|
3 |
|
protected function _messengerFactory() : View\Helper\Messenger |
|
448
|
|
|
{ |
|
449
|
3 |
|
return new View\Helper\Messenger($this->_registry); |
|
450
|
|
|
} |
|
451
|
|
|
|
|
452
|
|
|
/** |
|
453
|
|
|
* show the token error |
|
454
|
|
|
* |
|
455
|
|
|
* @since 3.3.0 |
|
456
|
|
|
* |
|
457
|
|
|
* @return string |
|
458
|
|
|
*/ |
|
459
|
|
|
|
|
460
|
1 |
|
protected function _errorToken() : string |
|
461
|
|
|
{ |
|
462
|
1 |
|
$messenger = $this->_messengerFactory(); |
|
463
|
|
|
return $messenger |
|
464
|
1 |
|
->setUrl($this->_language->get('home'), $this->_registry->get('root')) |
|
|
|
|
|
|
465
|
1 |
|
->error($this->_language->get('token_incorrect'), $this->_language->get('error_occurred')); |
|
|
|
|
|
|
466
|
|
|
} |
|
467
|
|
|
|
|
468
|
|
|
/** |
|
469
|
|
|
* show the access error |
|
470
|
|
|
* |
|
471
|
|
|
* @since 3.3.0 |
|
472
|
|
|
* |
|
473
|
|
|
* @return string |
|
474
|
|
|
*/ |
|
475
|
|
|
|
|
476
|
2 |
|
protected function _errorAccess() : string |
|
477
|
|
|
{ |
|
478
|
2 |
|
$messenger = $this->_messengerFactory(); |
|
479
|
|
|
return $messenger |
|
480
|
2 |
|
->setUrl($this->_language->get('home'), $this->_registry->get('root')) |
|
|
|
|
|
|
481
|
2 |
|
->error($this->_language->get('access_no'), $this->_language->get('error_occurred')); |
|
|
|
|
|
|
482
|
|
|
} |
|
483
|
|
|
} |
|
484
|
|
|
|
redaxscript /
redaxscript
Loading history...
This check looks at variables that are passed out again to other methods.
If the outgoing method call has stricter type requirements than the method itself, an issue is raised.
An additional type check may prevent trouble.