PageRenderTime 63ms CodeModel.GetById 17ms RepoModel.GetById 1ms app.codeStats 0ms

/library/XenForo/Controller.php

https://github.com/hanguyenhuu/DTUI_201105
PHP | 1097 lines | 560 code | 122 blank | 415 comment | 81 complexity | fab11069466d9def1945267c68d90de4 MD5 | raw file
Possible License(s): LGPL-2.1, GPL-2.0, BSD-3-Clause 
    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4. * General base class for controllers. Controllers should implement methods named
    5. 

  5. * actionX with no arguments. These will be called by the dispatcher based on the
    6. 

  6. * requested route. They should return the object returned by {@link responseReroute()},
    7. 

  7. * {@link responseError()}, or {@link responseView()},.
    8. 

  8. *
    9. 

  9. * All responses can take paramaters that will be passed to the container view
    10. 

  10. * (ie, two-phase view), if there is one.
    11. 

  11. *
    12. 

  12. * @package XenForo_Mvc
    13. 

  13. */
    14. 

  14. abstract class XenForo_Controller
    15. 

  15. {
    16. 

  16. 	/**
    17. 

  17. 	* Request object.
    18. 

  18. 	*
    19. 

  19. 	* @var Zend_Controller_Request_Http
    20. 

  20. 	*/
    21. 

  21. 	protected $_request;
    22. 

  22. 

  23. 	/**
    24. 

  24. 	* Response object.
    25. 

  25. 	*
    26. 

  26. 	* @var Zend_Controller_Response_Http
    27. 

  27. 	*/
    28. 

  28. 	protected $_response;
    29. 

  29. 

  30. 	/**
    31. 

  31. 	 * The route match object for this request.
    32. 

  32. 	 *
    33. 

  33. 	 * @var XenForo_RouteMatch
    34. 

  34. 	 */
    35. 

  35. 	protected $_routeMatch;
    36. 

  36. 

  37. 	/**
    38. 

  38. 	* Input object.
    39. 

  39. 	*
    40. 

  40. 	* @var XenForo_Input
    41. 

  41. 	*/
    42. 

  42. 	protected $_input;
    43. 

  43. 

  44. 	/**
    45. 

  45. 	 * Standard approach to caching model objects for the lifetime of the controller.
    46. 

  46. 	 *
    47. 

  47. 	 * @var array
    48. 

  48. 	 */
    49. 

  49. 	protected $_modelCache = array();
    50. 

  50. 

  51. 	/**
    52. 

  52. 	 * List of explicit changes to the view state. View state changes are specific
    53. 

  53. 	 * to the dependency manager, but may include things like changing the styleId.
    54. 

  54. 	 *
    55. 

  55. 	 * @var array Key-value pairs
    56. 

  56. 	 */
    57. 

  57. 	protected $_viewStateChanges = array();
    58. 

  58. 

  59. 	/**
    60. 

  60. 	 * Container for various items that have been "executed" in one controller and
    61. 

  61. 	 * shouldn't be executed again in this request.
    62. 

  62. 	 *
    63. 

  63. 	 * @var array
    64. 

  64. 	 */
    65. 

  65. 	protected static $_executed = array();
    66. 

  66. 

  67. 	/**
    68. 

  68. 	 * Gets the response for a generic no permission page.
    69. 

  69. 	 *
    70. 

  70. 	 * @return XenForo_ControllerResponse_Error
    71. 

  71. 	 */
    72. 

  72. 	abstract public function responseNoPermission();
    73. 

  73. 

  74. 	/**
    75. 

  75. 	* Constructor
    76. 

  76. 	*
    77. 

  77. 	* @param Zend_Controller_Request_Http
    78. 

  78. 	* @param Zend_Controller_Response_Http
    79. 

  79. 	* @param XenForo_RouteMatch
    80. 

  80. 	*/
    81. 

  81. 	public function __construct(Zend_Controller_Request_Http $request, Zend_Controller_Response_Http $response, XenForo_RouteMatch $routeMatch)
    82. 

  82. 	{
    83. 

  83. 		$this->_request = $request;
    84. 

  84. 		$this->_response = $response;
    85. 

  85. 		$this->_routeMatch = $routeMatch;
    86. 

  86. 		$this->_input = new XenForo_Input($this->_request);
    87. 

  87. 	}
    88. 

  88. 

  89. 	/**
    90. 

  90. 	 * Gets the specified model object from the cache. If it does not exist,
    91. 

  91. 	 * it will be instantiated.
    92. 

  92. 	 *
    93. 

  93. 	 * @param string $class Name of the class to load
    94. 

  94. 	 *
    95. 

  95. 	 * @return XenForo_Model
    96. 

  96. 	 */
    97. 

  97. 	public function getModelFromCache($class)
    98. 

  98. 	{
    99. 

  99. 		if (!isset($this->_modelCache[$class]))
    100. 

  100. 		{
    101. 

  101. 			$this->_modelCache[$class] = XenForo_Model::create($class);
    102. 

  102. 		}
    103. 

  103. 

  104. 		return $this->_modelCache[$class];
    105. 

  105. 	}
    106. 

  106. 

  107. 	/**
    108. 

  108. 	 * Gets the request object.
    109. 

  109. 	 *
    110. 

  110. 	 * @return Zend_Controller_Request_Http
    111. 

  111. 	 */
    112. 

  112. 	public function getRequest()
    113. 

  113. 	{
    114. 

  114. 		return $this->_request;
    115. 

  115. 	}
    116. 

  116. 

  117. 	/**
    118. 

  118. 	 * Gets the input object.
    119. 

  119. 	 *
    120. 

  120. 	 * @return XenForo_Input
    121. 

  121. 	 */
    122. 

  122. 	public function getInput()
    123. 

  123. 	{
    124. 

  124. 		return $this->_input;
    125. 

  125. 	}
    126. 

  126. 

  127. 	/**
    128. 

  128. 	 * Sets a change to the view state.
    129. 

  129. 	 *
    130. 

  130. 	 * @param string $state Name of state to change
    131. 

  131. 	 * @param mixed $data
    132. 

  132. 	 */
    133. 

  133. 	public function setViewStateChange($state, $data)
    134. 

  134. 	{
    135. 

  135. 		$this->_viewStateChanges[$state] = $data;
    136. 

  136. 	}
    137. 

  137. 

  138. 	/**
    139. 

  139. 	 * Gets all the view state changes.
    140. 

  140. 	 *
    141. 

  141. 	 * @return array Key-value pairs
    142. 

  142. 	 */
    143. 

  143. 	public function getViewStateChanges()
    144. 

  144. 	{
    145. 

  145. 		return $this->_viewStateChanges;
    146. 

  146. 	}
    147. 

  147. 

  148. 	/**
    149. 

  149. 	 * Gets the type of response that has been requested.
    150. 

  150. 	 *
    151. 

  151. 	 * @return string
    152. 

  152. 	 */
    153. 

  153. 	public function getResponseType()
    154. 

  154. 	{
    155. 

  155. 		return $this->_routeMatch->getResponseType();
    156. 

  156. 	}
    157. 

  157. 

  158. 	/**
    159. 

  159. 	 * Gets the route match for this request. This can be modified to change
    160. 

  160. 	 * the response type, and the major/minor sections that will be used to
    161. 

  161. 	 * setup navigation.
    162. 

  162. 	 *
    163. 

  163. 	 * @return XenForo_RouteMatch
    164. 

  164. 	 */
    165. 

  165. 	public function getRouteMatch()
    166. 

  166. 	{
    167. 

  167. 		return $this->_routeMatch;
    168. 

  168. 	}
    169. 

  169. 

  170. 	/**
    171. 

  171. 	 * Checks a request for CSRF issues. This is only checked for POST requests
    172. 

  172. 	 * (with session info) that aren't Ajax requests (relies on browser-level
    173. 

  173. 	 * cross-domain policies).
    174. 

  174. 	 *
    175. 

  175. 	 * The token is retrieved from the "_xfToken" request param.
    176. 

  176. 	 *
    177. 

  177. 	 * @param string $action
    178. 

  178. 	 */
    179. 

  179. 	protected function _checkCsrf($action)
    180. 

  180. 	{
    181. 

  181. 		if (isset(self::$_executed['csrf']))
    182. 

  182. 		{
    183. 

  183. 			return;
    184. 

  184. 		}
    185. 

  185. 		self::$_executed['csrf'] = true;
    186. 

  186. 

  187. 		if (!XenForo_Application::isRegistered('session'))
    188. 

  188. 		{
    189. 

  189. 			return;
    190. 

  190. 		}
    191. 

  191. 

  192. 		if ($this->_request->isPost() || substr($this->getResponseType(), 0, 2) == 'js')
    193. 

  193. 		{
    194. 

  194. 			// post and all json requests require a token
    195. 

  195. 			$this->_checkCsrfFromToken($this->_request->getParam('_xfToken'));
    196. 

  196. 		}
    197. 

  197. 	}
    198. 

  198. 

  199. 	/**
    200. 

  200. 	 * Performs particular actions if the request method is POST
    201. 

  201. 	 *
    202. 

  202. 	 * @param string $action
    203. 

  203. 	 */
    204. 

  204. 	protected function _handlePost($action)
    205. 

  205. 	{
    206. 

  206. 		if ($this->_request->isPost() && $delay = XenForo_Application::get('options')->delayPostResponses)
    207. 

  207. 		{
    208. 

  208. 			usleep($delay * 1000000);
    209. 

  209. 		}
    210. 

  210. 	}
    211. 

  211. 

  212. 	/**
    213. 

  213. 	 * Gets for a CSRF issue using a standard formatted token.
    214. 

  214. 	 * Throws an exception if a CSRF issue is detected.
    215. 

  215. 	 *
    216. 

  216. 	 * @param string $token Format: <user id>,<request time>,<token>
    217. 

  217. 	 * @param boolean $throw If true, an exception is thrown when failing; otherwise, a return is used
    218. 

  218. 	 *
    219. 

  219. 	 * @return boolean True if passed, false otherwise; only applies when $throw is false
    220. 

  220. 	 */
    221. 

  221. 	protected function _checkCsrfFromToken($token, $throw = true)
    222. 

  222. 	{
    223. 

  223. 		$visitingUser = XenForo_Visitor::getInstance();
    224. 

  224. 		$visitingUserId = $visitingUser['user_id'];
    225. 

  225. 		if (!$visitingUserId)
    226. 

  226. 		{
    227. 

  227. 			// don't check for guests
    228. 

  228. 			return true;
    229. 

  229. 		}
    230. 

  230. 

  231. 		$token = strval($token);
    232. 

  232. 

  233. 		$csrfAttempt = 'invalid';
    234. 

  234. 		if ($token === '')
    235. 

  235. 		{
    236. 

  236. 			$csrfAttempt = 'missing';
    237. 

  237. 		}
    238. 

  238. 

  239. 		$tokenParts = explode(',', $token);
    240. 

  240. 		if (count($tokenParts) == 3)
    241. 

  241. 		{
    242. 

  242. 			list($tokenUserId, $tokenTime, $tokenValue) = $tokenParts;
    243. 

  243. 

  244. 			if (strval($tokenUserId) === strval($visitingUserId))
    245. 

  245. 			{
    246. 

  246. 				if (($tokenTime + 86400) < XenForo_Application::$time)
    247. 

  247. 				{
    248. 

  248. 					$csrfAttempt = 'expired';
    249. 

  249. 				}
    250. 

  250. 				else if (sha1($tokenTime . $visitingUser['csrf_token']) == $tokenValue)
    251. 

  251. 				{
    252. 

  252. 					$csrfAttempt = false;
    253. 

  253. 				}
    254. 

  254. 			}
    255. 

  255. 		}
    256. 

  256. 

  257. 		if ($csrfAttempt)
    258. 

  258. 		{
    259. 

  259. 			if ($throw)
    260. 

  260. 			{
    261. 

  261. 				throw $this->responseException(
    262. 

  262. 					$this->responseError(new XenForo_Phrase('security_error_occurred'))
    263. 

  263. 				);
    264. 

  264. 			}
    265. 

  265. 			else
    266. 

  266. 			{
    267. 

  267. 				return false;
    268. 

  268. 			}
    269. 

  269. 		}
    270. 

  270. 

  271. 		return true;
    272. 

  272. 	}
    273. 

  273. 

  274. 	/**
    275. 

  275. 	* Setup the session.
    276. 

  276. 	*
    277. 

  277. 	* @param string $action
    278. 

  278. 	*/
    279. 

  279. 	protected function _setupSession($action)
    280. 

  280. 	{
    281. 

  281. 		if (XenForo_Application::isRegistered('session'))
    282. 

  282. 		{
    283. 

  283. 			return;
    284. 

  284. 		}
    285. 

  285. 

  286. 		$session = XenForo_Session::startPublicSession($this->_request);
    287. 

  287. 	}
    288. 

  288. 

  289. 	/**
    290. 

  290. 	* This function is called immediately before an action is dispatched.
    291. 

  291. 	*
    292. 

  292. 	* @param string Action that is requested
    293. 

  293. 	*/
    294. 

  294. 	final public function preDispatch($action)
    295. 

  295. 	{
    296. 

  296. 		$this->_preDispatchFirst($action);
    297. 

  297. 

  298. 		$this->_setupSession($action);
    299. 

  299. 		$this->_checkCsrf($action);
    300. 

  300. 		$this->_handlePost($action);
    301. 

  301. 

  302. 		$this->_preDispatchType($action);
    303. 

  303. 		$this->_preDispatch($action);
    304. 

  304. 

  305. 		XenForo_CodeEvent::fire('controller_pre_dispatch', array($this, $action));
    306. 

  306. 	}
    307. 

  307. 

  308. 	/**
    309. 

  309. 	 * Method designed to be overridden by child classes to add pre-dispatch behaviors
    310. 

  310. 	 * before any other pre-dispatch checks are called.
    311. 

  311. 	 *
    312. 

  312. 	 * @param string $action
    313. 

  313. 	 */
    314. 

  314. 	protected function _preDispatchFirst($action)
    315. 

  315. 	{
    316. 

  316. 	}
    317. 

  317. 

  318. 	/**
    319. 

  319. 	 * Method designed to be overridden by child classes to add pre-dispatch
    320. 

  320. 	 * behaviors. This differs from {@link _preDispatch()} in that it is designed
    321. 

  321. 	 * for abstract controller type classes to override. Specific controllers
    322. 

  322. 	 * should override preDispatch instead.
    323. 

  323. 	 *
    324. 

  324. 	 * @param string $action Action that is requested
    325. 

  325. 	 */
    326. 

  326. 	protected function _preDispatchType($action)
    327. 

  327. 	{
    328. 

  328. 	}
    329. 

  329. 

  330. 	/**
    331. 

  331. 	* Method designed to be overridden by child classes to add pre-dispatch
    332. 

  332. 	* behaviors. This method should only be overridden by specific, concrete
    333. 

  333. 	* controllers.
    334. 

  334. 	*
    335. 

  335. 	* @param string Action that is requested
    336. 

  336. 	*/
    337. 

  337. 	protected function _preDispatch($action)
    338. 

  338. 	{
    339. 

  339. 	}
    340. 

  340. 

  341. 	/**
    342. 

  342. 	* This function is called immediately after an action is dispatched.
    343. 

  343. 	*
    344. 

  344. 	* @param mixed The response from the controller. Generally, a XenForo_ControllerResponse_Abstract object.
    345. 

  345. 	* @param string The name of the final controller that was invoked
    346. 

  346. 	* @param string The name of the final action that was invoked
    347. 

  347. 	*/
    348. 

  348. 	final public function postDispatch($controllerResponse, $controllerName, $action)
    349. 

  349. 	{
    350. 

  350. 		$this->updateSession($controllerResponse, $controllerName, $action);
    351. 

  351. 		$this->updateSessionActivity($controllerResponse, $controllerName, $action);
    352. 

  352. 		$this->_postDispatch($controllerResponse, $controllerName, $action);
    353. 

  353. 	}
    354. 

  354. 

  355. 	/**
    356. 

  356. 	* Method designed to be overridden by child classes to add post-dispatch behaviors
    357. 

  357. 	*
    358. 

  358. 	* @param mixed The response from the controller. Generally, a XenForo_ControllerResponse_Abstract object.
    359. 

  359. 	* @param string The name of the final controller that was invoked
    360. 

  360. 	* @param string The name of the final action that was invoked
    361. 

  361. 	*/
    362. 

  362. 	protected function _postDispatch($controllerResponse, $controllerName, $action)
    363. 

  363. 	{
    364. 

  364. 	}
    365. 

  365. 

  366. 	/**
    367. 

  367. 	 * Updates the session records. This should run on all pages, provided they not rerouting
    368. 

  368. 	 * to another controller. Session saving should handle double calls, if they happen.
    369. 

  369. 	 *
    370. 

  370. 	 * @param mixed $controllerResponse The response from the controller. Generally, a XenForo_ControllerResponse_Abstract object.
    371. 

  371. 	 * @param string $controllerName
    372. 

  372. 	 * @param string $action
    373. 

  373. 	 */
    374. 

  374. 	public function updateSession($controllerResponse, $controllerName, $action)
    375. 

  375. 	{
    376. 

  376. 		if (!XenForo_Application::isRegistered('session'))
    377. 

  377. 		{
    378. 

  378. 			return;
    379. 

  379. 		}
    380. 

  380. 

  381. 		if (!$controllerResponse || $controllerResponse instanceof XenForo_ControllerResponse_Reroute)
    382. 

  382. 		{
    383. 

  383. 			return;
    384. 

  384. 		}
    385. 

  385. 

  386. 		XenForo_Application::get('session')->save();
    387. 

  387. 	}
    388. 

  388. 

  389. 	/**
    390. 

  390. 	 * Update a user's session activity.
    391. 

  391. 	 *
    392. 

  392. 	 * @param mixed $controllerResponse The response from the controller. Generally, a XenForo_ControllerResponse_Abstract object.
    393. 

  393. 	 * @param string $controllerName
    394. 

  394. 	 * @param string $action
    395. 

  395. 	 */
    396. 

  396. 	public function updateSessionActivity($controllerResponse, $controllerName, $action)
    397. 

  397. 	{
    398. 

  398. 		if (!XenForo_Application::isRegistered('session'))
    399. 

  399. 		{
    400. 

  400. 			return;
    401. 

  401. 		}
    402. 

  402. 

  403. 		if ($controllerResponse instanceof XenForo_ControllerResponse_Abstract)
    404. 

  404. 		{
    405. 

  405. 			switch (get_class($controllerResponse))
    406. 

  406. 			{
    407. 

  407. 				case 'XenForo_ControllerResponse_Redirect':
    408. 

  408. 				case 'XenForo_ControllerResponse_Reroute':
    409. 

  409. 					return; // don't update anything, assume the next page will do it
    410. 

  410. 

  411. 				case 'XenForo_ControllerResponse_Message':
    412. 

  412. 				case 'XenForo_ControllerResponse_View':
    413. 

  413. 					$newState = 'valid';
    414. 

  414. 					break;
    415. 

  415. 

  416. 				default:
    417. 

  417. 					$newState = 'error';
    418. 

  418. 			}
    419. 

  419. 		}
    420. 

  420. 		else
    421. 

  421. 		{
    422. 

  422. 			$newState = 'error';
    423. 

  423. 		}
    424. 

  424. 

  425. 		if ($this->canUpdateSessionActivity($controllerName, $action, $newState))
    426. 

  426. 		{
    427. 

  427. 			$this->getModelFromCache('XenForo_Model_User')->updateSessionActivity(
    428. 

  428. 				XenForo_Visitor::getUserId(), $this->_request->getClientIp(false),
    429. 

  429. 				$controllerName, $action, $newState, $this->_request->getUserParams()
    430. 

  430. 			);
    431. 

  431. 		}
    432. 

  432. 	}
    433. 

  433. 

  434. 	/**
    435. 

  435. 	 * Can this controller update the session activity? Returns false by default for AJAX requests.
    436. 

  436. 	 * Override this in specific controllers if you want action-specific behaviour.
    437. 

  437. 	 *
    438. 

  438. 	 * @param string $controllerName
    439. 

  439. 	 * @param string $action
    440. 

  440. 	 * @param string $newState
    441. 

  441. 	 *
    442. 

  442. 	 * @return boolean
    443. 

  443. 	 */
    444. 

  444. 	public function canUpdateSessionActivity($controllerName, $action, &$newState)
    445. 

  445. 	{
    446. 

  446. 		// don't update session activity for an AJAX request
    447. 

  447. 		if ($this->_request->isXmlHttpRequest())
    448. 

  448. 		{
    449. 

  449. 			return false;
    450. 

  450. 		}
    451. 

  451. 

  452. 		return true;
    453. 

  453. 	}
    454. 

  454. 

  455. 	/**
    456. 

  456. 	 * Gets session activity details of activity records that are pointing to this controller.
    457. 

  457. 	 * This must check the visiting user's permissions before returning item info.
    458. 

  458. 	 * Return value may be:
    459. 

  459. 	 * 		* false - means page is unknown
    460. 

  460. 	 * 		* string/XenForo_Phrase - gives description for all, but no item details
    461. 

  461. 	 * 		* array (keyed by activity keys) of strings/XenForo_Phrase objects - individual description, no item details
    462. 

  462. 	 * 		* array (keyed by activity keys) of arrays. Sub-arrays keys: 0 = description, 1 = specific item title, 2 = specific item url.
    463. 

  463. 	 *
    464. 

  464. 	 * @param array $activities List of activity records
    465. 

  465. 	 *
    466. 

  466. 	 * @return mixed See above.
    467. 

  467. 	 */
    468. 

  468. 	public static function getSessionActivityDetailsForList(array $activities)
    469. 

  469. 	{
    470. 

  470. 		return false;
    471. 

  471. 	}
    472. 

  472. 

  473. 	/**
    474. 

  474. 	 * Checks for the presence of the _xfNoRedirect parameter that is sent by AutoValidator forms when they submit via AJAX
    475. 

  475. 	 *
    476. 

  476. 	 * @return boolean
    477. 

  477. 	 */
    478. 

  478. 	protected function _noRedirect()
    479. 

  479. 	{
    480. 

  480. 		return ($this->_input->filterSingle('_xfNoRedirect', XenForo_Input::UINT) ? true : false);
    481. 

  481. 	}
    482. 

  482. 

  483. 	/**
    484. 

  484. 	 * Canonicalizes the request URL based on the given link URL. Canonicalization will
    485. 

  485. 	 * only happen when requesting an HTML page, as it is primarily an SEO benefit.
    486. 

  486. 	 *
    487. 

  487. 	 * A response exception will be thrown is redirection is required.
    488. 

  488. 	 *
    489. 

  489. 	 * @param string $linkUrl
    490. 

  490. 	 */
    491. 

  491. 	public function canonicalizeRequestUrl($linkUrl)
    492. 

  492. 	{
    493. 

  493. 		if ($this->getResponseType() != 'html')
    494. 

  494. 		{
    495. 

  495. 			return;
    496. 

  496. 		}
    497. 

  497. 

  498. 		if (!$this->_request->isGet())
    499. 

  499. 		{
    500. 

  500. 			return;
    501. 

  501. 		}
    502. 

  502. 

  503. 		$linkUrl = strval($linkUrl);
    504. 

  504. 

  505. 		if (strlen($linkUrl) == 0)
    506. 

  506. 		{
    507. 

  507. 			return;
    508. 

  508. 		}
    509. 

  509. 

  510. 		if ($linkUrl[0] == '.')
    511. 

  511. 		{
    512. 

  512. 			$linkUrl = substr($linkUrl, 1);
    513. 

  513. 		}
    514. 

  514. 

  515. 		$basePath = $this->_request->getBasePath();
    516. 

  516. 		$requestUri = $this->_request->getRequestUri();
    517. 

  517. 

  518. 		if (substr($requestUri, 0, strlen($basePath)) != $basePath)
    519. 

  519. 		{
    520. 

  520. 			return;
    521. 

  521. 		}
    522. 

  522. 

  523. 		$routeBase = substr($requestUri, strlen($basePath));
    524. 

  524. 		if (isset($routeBase[0]) && $routeBase[0] === '/')
    525. 

  525. 		{
    526. 

  526. 			$routeBase = substr($routeBase, 1);
    527. 

  527. 		}
    528. 

  528. 

  529. 		if (preg_match('#^([^?]*\?[^=&]*)(&(.*))?$#U', $routeBase, $match))
    530. 

  530. 		{
    531. 

  531. 			$requestUrlPrefix = $match[1];
    532. 

  532. 			$requestParams = isset($match[3]) ? $match[3] : false;
    533. 

  533. 		}
    534. 

  534. 		else
    535. 

  535. 		{
    536. 

  536. 			$parts = explode('?', $routeBase);
    537. 

  537. 			$requestUrlPrefix = $parts[0];
    538. 

  538. 			$requestParams = isset($parts[1]) ? $parts[1]: false;
    539. 

  539. 		}
    540. 

  540. 

  541. 		if (preg_match('#^([^?]*\?[^=&]*)(&(.*))?$#U', $linkUrl, $match))
    542. 

  542. 		{
    543. 

  543. 			$linkUrlPrefix = $match[1];
    544. 

  544. 			//$linkParams = isset($match[3]) ? $match[3] : false;
    545. 

  545. 		}
    546. 

  546. 		else
    547. 

  547. 		{
    548. 

  548. 			$parts = explode('?', $linkUrl);
    549. 

  549. 			$linkUrlPrefix = $parts[0];
    550. 

  550. 			//$linkParams = isset($parts[1]) ? $parts[1]: false;
    551. 

  551. 		}
    552. 

  552. 

  553. 		if (urldecode($requestUrlPrefix) != urldecode($linkUrlPrefix))
    554. 

  554. 		{
    555. 

  555. 			$redirectUrl = $linkUrlPrefix;
    556. 

  556. 			if ($requestParams !== false)
    557. 

  557. 			{
    558. 

  558. 				$redirectUrl .= (strpos($redirectUrl, '?') === false ? '?' : '&') . $requestParams;
    559. 

  559. 			}
    560. 

  560. 

  561. 			throw $this->responseException($this->responseRedirect(
    562. 

  562. 				XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL_PERMANENT,
    563. 

  563. 				$redirectUrl
    564. 

  564. 			));
    565. 

  565. 		}
    566. 

  566. 	}
    567. 

  567. 

  568. 	/**
    569. 

  569. 	 * Ensures that the page that has been requested is valid based on the total
    570. 

  570. 	 * number of results. If it's not valid, the page is redirected to the last
    571. 

  571. 	 * valid page (via a response exception).
    572. 

  572. 	 *
    573. 

  573. 	 * @param integer $page
    574. 

  574. 	 * @param integer $perPage
    575. 

  575. 	 * @param integer $total
    576. 

  576. 	 * @param string $linkType
    577. 

  577. 	 * @param mixed $linkData
    578. 

  578. 	 */
    579. 

  579. 	public function canonicalizePageNumber($page, $perPage, $total, $linkType, $linkData = null)
    580. 

  580. 	{
    581. 

  581. 		if ($this->getResponseType() != 'html' || !$this->_request->isGet())
    582. 

  582. 		{
    583. 

  583. 			return;
    584. 

  584. 		}
    585. 

  585. 

  586. 		if ($perPage < 1 || $total < 1)
    587. 

  587. 		{
    588. 

  588. 			return;
    589. 

  589. 		}
    590. 

  590. 

  591. 		$page = max(1, $page);
    592. 

  592. 		$maxPage = ceil($total / $perPage);
    593. 

  593. 

  594. 		if ($page <= $maxPage)
    595. 

  595. 		{
    596. 

  596. 			return; // within the range
    597. 

  597. 		}
    598. 

  598. 

  599. 		$params = $_GET;
    600. 

  600. 		if ($maxPage <= 1)
    601. 

  601. 		{
    602. 

  602. 			unset($params['page']);
    603. 

  603. 		}
    604. 

  604. 		else
    605. 

  605. 		{
    606. 

  606. 			$params['page'] = $maxPage;
    607. 

  607. 		}
    608. 

  608. 

  609. 		$redirectUrl = $this->_buildLink($linkType, $linkData, $params);
    610. 

  610. 

  611. 		throw $this->responseException($this->responseRedirect(
    612. 

  612. 			XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL,
    613. 

  613. 			$redirectUrl
    614. 

  614. 		));
    615. 

  615. 	}
    616. 

  616. 

  617. 	/**
    618. 

  618. 	 * If the controller needs to build a link in a type-specific way (when the type isn't
    619. 

  619. 	 * known), this function can be used. As of this writing, only canonicalizePageNumber
    620. 

  620. 	 * uses this function.
    621. 

  621. 	 *
    622. 

  622. 	 * @param string $type
    623. 

  623. 	 * @param mixed $data
    624. 

  624. 	 * @param array $params
    625. 

  625. 	 *
    626. 

  626. 	 * @return string URL for link
    627. 

  627. 	 */
    628. 

  628. 	protected function _buildLink($type, $data = null, array $params = array())
    629. 

  629. 	{
    630. 

  630. 		throw new XenForo_Exception('_buildLink must be overridden in the abstract controller for the specified type.');
    631. 

  631. 	}
    632. 

  632. 

  633. 	/**
    634. 

  634. 	* Controller response for when you want to reroute to a different controller/action.
    635. 

  635. 	*
    636. 

  636. 	* @param string Name of the controller to reroute to
    637. 

  637. 	* @param string Name of the action to reroute to
    638. 

  638. 	* @param array  Key-value pairs of parameters to pass to the container view
    639. 

  639. 	*
    640. 

  640. 	* @return XenForo_ControllerResponse_Reroute
    641. 

  641. 	*/
    642. 

  642. 	public function responseReroute($controllerName, $action, array $containerParams = array())
    643. 

  643. 	{
    644. 

  644. 		$controllerResponse = new XenForo_ControllerResponse_Reroute();
    645. 

  645. 		$controllerResponse->controllerName = $controllerName;
    646. 

  646. 		$controllerResponse->action = $action;
    647. 

  647. 		$controllerResponse->containerParams = $containerParams;
    648. 

  648. 

  649. 		return $controllerResponse;
    650. 

  650. 	}
    651. 

  651. 

  652. 	/**
    653. 

  653. 	* Controller response for when you want to redirect to a different URL. This will
    654. 

  654. 	* happen in a separate request.
    655. 

  655. 	*
    656. 

  656. 	* @param integer See {@link XenForo_ControllerResponse_Redirect}
    657. 

  657. 	* @param string Target to redirect to
    658. 

  658. 	* @param mixed Message with which to redirect
    659. 

  659. 	* @param array Extra parameters for the redirect
    660. 

  660. 	*
    661. 

  661. 	* @return XenForo_ControllerResponse_Redirect
    662. 

  662. 	*/
    663. 

  663. 	public function responseRedirect($redirectType, $redirectTarget, $redirectMessage = null, array $redirectParams = array())
    664. 

  664. 	{
    665. 

  665. 		switch ($redirectType)
    666. 

  666. 		{
    667. 

  667. 			case XenForo_ControllerResponse_Redirect::RESOURCE_CREATED:
    668. 

  668. 			case XenForo_ControllerResponse_Redirect::RESOURCE_UPDATED:
    669. 

  669. 			case XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL:
    670. 

  670. 			case XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL_PERMANENT:
    671. 

  671. 			case XenForo_ControllerResponse_Redirect::SUCCESS:
    672. 

  672. 				break;
    673. 

  673. 

  674. 			default:
    675. 

  675. 				throw new XenForo_Exception('Unknown redirect type');
    676. 

  676. 		}
    677. 

  677. 

  678. 		$controllerResponse = new XenForo_ControllerResponse_Redirect();
    679. 

  679. 		$controllerResponse->redirectType = $redirectType;
    680. 

  680. 		$controllerResponse->redirectTarget = $redirectTarget;
    681. 

  681. 		$controllerResponse->redirectMessage = $redirectMessage;
    682. 

  682. 		$controllerResponse->redirectParams = $redirectParams;
    683. 

  683. 

  684. 		return $controllerResponse;
    685. 

  685. 	}
    686. 

  686. 

  687. 	/**
    688. 

  688. 	* Controller response for when you want to throw an error and display it to the user.
    689. 

  689. 	*
    690. 

  690. 	* @param string|array  Error text to be use
    691. 

  691. 	* @param integer An optional HTTP response code to output
    692. 

  692. 	* @param array   Key-value pairs of parameters to pass to the container view
    693. 

  693. 	*
    694. 

  694. 	* @return XenForo_ControllerResponse_Error
    695. 

  695. 	*/
    696. 

  696. 	public function responseError($error, $responseCode = 200, array $containerParams = array())
    697. 

  697. 	{
    698. 

  698. 		$controllerResponse = new XenForo_ControllerResponse_Error();
    699. 

  699. 		$controllerResponse->errorText = $error;
    700. 

  700. 		$controllerResponse->responseCode = $responseCode;
    701. 

  701. 		$controllerResponse->containerParams = $containerParams;
    702. 

  702. 

  703. 		return $controllerResponse;
    704. 

  704. 	}
    705. 

  705. 

  706. 	/**
    707. 

  707. 	* Controller response for when you want to display a message to a user.
    708. 

  708. 	*
    709. 

  709. 	* @param string  Error text to be use
    710. 

  710. 	* @param array   Key-value pairs of parameters to pass to the container view
    711. 

  711. 	*
    712. 

  712. 	* @return XenForo_ControllerResponse_Message
    713. 

  713. 	*/
    714. 

  714. 	public function responseMessage($message, array $containerParams = array())
    715. 

  715. 	{
    716. 

  716. 		$controllerResponse = new XenForo_ControllerResponse_Message();
    717. 

  717. 		$controllerResponse->message = $message;
    718. 

  718. 		$controllerResponse->containerParams = $containerParams;
    719. 

  719. 

  720. 		return $controllerResponse;
    721. 

  721. 	}
    722. 

  722. 

  723. 	/**
    724. 

  724. 	 * Gets the exception object for controller response-style behavior. This object
    725. 

  725. 	 * cannot be returned from the controller; an exception must be thrown with it.
    726. 

  726. 	 *
    727. 

  727. 	 * This allows any type of controller response to be invoked via an exception.
    728. 

  728. 	 *
    729. 

  729. 	 * @param XenForo_ControllerResponse_Abstract $controllerResponse Type of response to invoke
    730. 

  730. 	 * @param integer HTTP response code
    731. 

  731. 	 *
    732. 

  732. 	 * @return XenForo_ControllerResponse_Exception
    733. 

  733. 	 */
    734. 

  734. 	public function responseException(XenForo_ControllerResponse_Abstract $controllerResponse, $responseCode = null)
    735. 

  735. 	{
    736. 

  736. 		if ($responseCode)
    737. 

  737. 		{
    738. 

  738. 			$controllerResponse->responseCode = $responseCode;
    739. 

  739. 		}
    740. 

  740. 		return new XenForo_ControllerResponse_Exception($controllerResponse);
    741. 

  741. 	}
    742. 

  742. 

  743. 	/**
    744. 

  744. 	 * Gets the response for a generic CAPTCHA failed error.
    745. 

  745. 	 *
    746. 

  746. 	 * @return XenForo_ControllerResponse_Error
    747. 

  747. 	 */
    748. 

  748. 	public function responseCaptchaFailed()
    749. 

  749. 	{
    750. 

  750. 		return $this->responseError(new XenForo_Phrase('did_not_complete_the_captcha_verification_properly'));
    751. 

  751. 	}
    752. 

  752. 

  753. 	/**
    754. 

  754. 	 * Gets a general no permission error wrapped in an exception response.
    755. 

  755. 	 *
    756. 

  756. 	 * @return XenForo_ControllerResponse_Exception
    757. 

  757. 	 */
    758. 

  758. 	public function getNoPermissionResponseException()
    759. 

  759. 	{
    760. 

  760. 		return $this->responseException($this->responseNoPermission());
    761. 

  761. 	}
    762. 

  762. 

  763. 	/**
    764. 

  764. 	 * Gets a specific error or a general no permission response exception.
    765. 

  765. 	 * If the first param is a string and $stringToPhrase is true, it will be treated
    766. 

  766. 	 * as a phrase key and turned into a phrase.
    767. 

  767. 	 *
    768. 

  768. 	 * If a specific phrase is requested, a general error will be thrown. Otherwise,
    769. 

  769. 	 * a generic no permission error will be shown.
    770. 

  770. 	 *
    771. 

  771. 	 * @param string|XenForo_Phrase|mixed $errorPhraseKey A phrase key, a phrase object, or hard coded text. Or, may be empty.
    772. 

  772. 	 * @param boolean $stringToPhrase If true and the $errorPhraseKey is a string, $errorPhraseKey is treated as the name of a phrase.
    773. 

  773. 	 *
    774. 

  774. 	 * @return XenForo_ControllerResponse_Exception
    775. 

  775. 	 */
    776. 

  776. 	public function getErrorOrNoPermissionResponseException($errorPhraseKey, $stringToPhrase = true)
    777. 

  777. 	{
    778. 

  778. 		if ($errorPhraseKey && (is_string($errorPhraseKey) || is_array($errorPhraseKey)) && $stringToPhrase)
    779. 

  779. 		{
    780. 

  780. 			$error = new XenForo_Phrase($errorPhraseKey);
    781. 

  781. 		}
    782. 

  782. 		else
    783. 

  783. 		{
    784. 

  784. 			$error = $errorPhraseKey;
    785. 

  785. 		}
    786. 

  786. 

  787. 		if ($errorPhraseKey)
    788. 

  788. 		{
    789. 

  789. 			return $this->responseException($this->responseError($error));
    790. 

  790. 		}
    791. 

  791. 		else
    792. 

  792. 		{
    793. 

  793. 			return $this->getNoPermissionResponseException();
    794. 

  794. 		}
    795. 

  795. 	}
    796. 

  796. 

  797. 	/**
    798. 

  798. 	 * Gets the response for a generic flooding page.
    799. 

  799. 	 *
    800. 

  800. 	 * @param integer $floodSeconds Numbers of seconds the user must wait to perform the action
    801. 

  801. 	 *
    802. 

  802. 	 * @return XenForo_ControllerResponse_Error
    803. 

  803. 	 */
    804. 

  804. 	public function responseFlooding($floodSeconds)
    805. 

  805. 	{
    806. 

  806. 		return $this->responseError(new XenForo_Phrase('must_wait_x_seconds_before_performing_this_action', array('count' => $floodSeconds)));
    807. 

  807. 	}
    808. 

  808. 

  809. 	/**
    810. 

  810. 	 * Helper to assert that this action is available over POST only. Throws
    811. 

  811. 	 * an exception if the request is not via POST.
    812. 

  812. 	 */
    813. 

  813. 	protected function _assertPostOnly()
    814. 

  814. 	{
    815. 

  815. 		if (!$this->_request->isPost())
    816. 

  816. 		{
    817. 

  817. 			throw $this->responseException(
    818. 

  818. 				$this->responseError(new XenForo_Phrase('action_available_via_post_only'), 500)
    819. 

  819. 			);
    820. 

  820. 		}
    821. 

  821. 	}
    822. 

  822. 

  823. 	/**
    824. 

  824. 	 * Fetches name/value/existingDataKey from input. Primarily used for AJAX autovalidation actions of single fields.
    825. 

  825. 	 *
    826. 

  826. 	 * @return array [name, value, existingDataKey]
    827. 

  827. 	 */
    828. 

  828. 	protected function _getFieldValidationInputParams()
    829. 

  829. 	{
    830. 

  830. 		return $this->_input->filter(array(
    831. 

  831. 			'name'            => XenForo_Input::STRING,
    832. 

  832. 			'value'           => XenForo_Input::STRING,
    833. 

  833. 			'existingDataKey' => XenForo_Input::STRING,
    834. 

  834. 		));
    835. 

  835. 	}
    836. 

  836. 

  837. 	/**
    838. 

  838. 	 * Validates a field against a DataWriter.
    839. 

  839. 	 * Expects 'name' and 'value' keys to be present in the request.
    840. 

  840. 	 *
    841. 

  841. 	 * @param string Name of DataWriter against which this field will be validated
    842. 

  842. 	 * @param array Array containing name, value or existingDataKey, which will override those fetched from _getFieldValidationInputParams
    843. 

  843. 	 *
    844. 

  844. 	 * @return XenForo_ControllerResponse_Redirect|XenForo_ControllerResponse_Error
    845. 

  845. 	 */
    846. 

  846. 	protected function _validateField($dataWriterName, array $data = array())
    847. 

  847. 	{
    848. 

  848. 		$data = array_merge($this->_getFieldValidationInputParams(), $data);
    849. 

  849. 

  850. 		$writer = XenForo_DataWriter::create($dataWriterName);
    851. 

  851. 

  852. 		if (!empty($data['existingDataKey']) || $data['existingDataKey'] === '0')
    853. 

  853. 		{
    854. 

  854. 			$writer->setExistingData($data['existingDataKey']);
    855. 

  855. 		}
    856. 

  856. 

  857. 		$writer->set($data['name'], $data['value']);
    858. 

  858. 

  859. 		if ($errors = $writer->getErrors())
    860. 

  860. 		{
    861. 

  861. 			return $this->responseError($errors);
    862. 

  862. 		}
    863. 

  863. 

  864. 		return $this->responseRedirect(
    865. 

  865. 			XenForo_ControllerResponse_Redirect::SUCCESS,
    866. 

  866. 			'',
    867. 

  867. 			new XenForo_Phrase('redirect_field_validated', array('name' => $data['name'], 'value' => $data['value']))
    868. 

  868. 		);
    869. 

  869. 	}
    870. 

  870. 

  871. 	/**
    872. 

  872. 	 * Instructs a DataWriter to delete data based on a POST input parameter.
    873. 

  873. 	 *
    874. 

  874. 	 * @param string Name of DataWriter class that will perform the deletion
    875. 

  875. 	 * @param string|array Name of input parameter that contains the existing data key OR array containing the keys for a multi-key parameter
    876. 

  876. 	 * @param string URL to which to redirect on success
    877. 

  877. 	 * @param string Redirection message to show on successful deletion
    878. 

  878. 	 */
    879. 

  879. 	protected function _deleteData($dataWriterName, $existingDataKeyName, $redirectLink, $redirectMessage = null)
    880. 

  880. 	{
    881. 

  881. 		$this->_assertPostOnly();
    882. 

  882. 

  883. 		$dw = XenForo_DataWriter::create($dataWriterName);
    884. 

  884. 

  885. 		$dw->setExistingData((is_array($existingDataKeyName)
    886. 

  886. 			? $existingDataKeyName
    887. 

  887. 			: $this->_input->filterSingle($existingDataKeyName, XenForo_Input::STRING)
    888. 

  888. 		));
    889. 

  889. 

  890. 		$dw->delete();
    891. 

  891. 

  892. 		if (is_null($redirectMessage))
    893. 

  893. 		{
    894. 

  894. 			$redirectMessage = new XenForo_Phrase('deletion_successful');
    895. 

  895. 		}
    896. 

  896. 

  897. 		return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirectLink, $redirectMessage);
    898. 

  898. 	}
    899. 

  899. 

  900. 	/**
    901. 

  901. 	 * Returns true if the request method is POST and an _xfConfirm parameter exists and is true
    902. 

  902. 	 *
    903. 

  903. 	 * @return boolean
    904. 

  904. 	 */
    905. 

  905. 	public function isConfirmedPost()
    906. 

  906. 	{
    907. 

  907. 		return ($this->_request->isPost() && $this->_input->filterSingle('_xfConfirm', XenForo_Input::UINT));
    908. 

  908. 	}
    909. 

  909. 

  910. 	/**
    911. 

  911. 	* Controller response for when you want to output using a view class.
    912. 

  912. 	*
    913. 

  913. 	* @param string Name of the view class to be rendered
    914. 

  914. 	* @param string Name of the template that should be displayed (may be ignored by view)
    915. 

  915. 	* @param array  Key-value pairs of parameters to pass to the view
    916. 

  916. 	* @param array  Key-value pairs of parameters to pass to the container view
    917. 

  917. 	*
    918. 

  918. 	* @return XenForo_ControllerResponse_View
    919. 

  919. 	*/
    920. 

  920. 	public function responseView($viewName, $templateName = 'DEFAULT', array $params = array(), array $containerParams = array())
    921. 

  921. 	{
    922. 

  922. 		$controllerResponse = new XenForo_ControllerResponse_View();
    923. 

  923. 		$controllerResponse->viewName = $viewName;
    924. 

  924. 		$controllerResponse->templateName = $templateName;
    925. 

  925. 		$controllerResponse->params = $params;
    926. 

  926. 		$controllerResponse->containerParams = $containerParams;
    927. 

  927. 

  928. 		return $controllerResponse;
    929. 

  929. 	}
    930. 

  930. 

  931. 	/**
    932. 

  932. 	 * Creates the specified helper class. If no underscore is present in the class
    933. 

  933. 	 * name, "XenForo_ControllerHelper_" is prefixed. Otherwise, a full class name
    934. 

  934. 	 * is assumed.
    935. 

  935. 	 *
    936. 

  936. 	 * @param string $class Full class name, or partial suffix (if no underscore)
    937. 

  937. 	 *
    938. 

  938. 	 * @return XenForo_ControllerHelper_Abstract
    939. 

  939. 	 */
    940. 

  940. 	public function getHelper($class)
    941. 

  941. 	{
    942. 

  942. 		if (strpos($class, '_') === false)
    943. 

  943. 		{
    944. 

  944. 			$class = 'XenForo_ControllerHelper_' . $class;
    945. 

  945. 		}
    946. 

  946. 

  947. 		return new $class($this);
    948. 

  948. 	}
    949. 

  949. 

  950. 	/**
    951. 

  951. 	 * Gets a valid record or throws an exception.
    952. 

  952. 	 *
    953. 

  953. 	 * @param mixed $id ID of the record to get
    954. 

  954. 	 * @param XenForo_Model $model Model object to request from
    955. 

  955. 	 * @param string $method Method to call in the model object
    956. 

  956. 	 * @param string $errorPhraseKey Key of error phrase to use when not found
    957. 

  957. 	 *
    958. 

  958. 	 * @return array
    959. 

  959. 	 */
    960. 

  960. 	public function getRecordOrError($id, $model, $method, $errorPhraseKey)
    961. 

  961. 	{
    962. 

  962. 		$info = $model->$method($id);
    963. 

  963. 		if (!$info)
    964. 

  964. 		{
    965. 

  965. 			throw $this->responseException($this->responseError(new XenForo_Phrase($errorPhraseKey), 404));
    966. 

  966. 		}
    967. 

  967. 

  968. 		return $info;
    969. 

  969. 	}
    970. 

  970. 

  971. 	/**
    972. 

  972. 	 * Gets a dynamic redirect target based on a redirect param or the referrer.
    973. 

  973. 	 *
    974. 

  974. 	 * @param string|false $fallbackUrl Fallback if no redirect or referrer is available; if false, uses index
    975. 

  975. 	 * @param boolean $useReferrer True uses the referrer if no redirect param is available
    976. 

  976. 	 *
    977. 

  977. 	 * @return string
    978. 

  978. 	 */
    979. 

  979. 	public function getDynamicRedirect($fallbackUrl = false, $useReferrer = true)
    980. 

  980. 	{
    981. 

  981. 		$redirect = $this->_input->filterSingle('redirect', XenForo_Input::STRING);
    982. 

  982. 		if (!$redirect && $useReferrer)
    983. 

  983. 		{
    984. 

  984. 			$redirect = $this->_request->getServer('HTTP_REFERER');
    985. 

  985. 		}
    986. 

  986. 

  987. 		if ($redirect)
    988. 

  988. 		{
    989. 

  989. 			$redirectParts = @parse_url(XenForo_Link::convertUriToAbsoluteUri($redirect, true));
    990. 

  990. 			if ($redirectParts)
    991. 

  991. 			{
    992. 

  992. 				$paths = XenForo_Application::get('requestPaths');
    993. 

  993. 				$pageParts = @parse_url($paths['fullUri']);
    994. 

  994. 

  995. 				if ($pageParts && $pageParts['host'] == $redirectParts['host'])
    996. 

  996. 				{
    997. 

  997. 					return $redirect;
    998. 

  998. 				}
    999. 

  999. 			}
    1000. 

  1000. 		}
    1001. 

  1001. 

  1002. 		if ($fallbackUrl === false)
    1003. 

  1003. 		{
    1004. 

  1004. 			if ($this instanceof XenForo_ControllerAdmin_Abstract)
    1005. 

  1005. 			{
    1006. 

  1006. 				$fallbackUrl = XenForo_Link::buildAdminLink('index');
    1007. 

  1007. 			}
    1008. 

  1008. 			else
    1009. 

  1009. 			{
    1010. 

  1010. 				$fallbackUrl = XenForo_Link::buildPublicLink('index');
    1011. 

  1011. 			}
    1012. 

  1012. 		}
    1013. 

  1013. 

  1014. 		return $fallbackUrl;
    1015. 

  1015. 	}
    1016. 

  1016. 

  1017. 	/**
    1018. 

  1018. 	 * Turns a serialized (by jQuery) query string from input into a XenForo_Input object.
    1019. 

  1019. 	 *
    1020. 

  1020. 	 * @param string Name of index to fetch from $this->_input
    1021. 

  1021. 	 * @param boolean On error, throw an exception or return false
    1022. 

  1022. 	 * @param string
    1023. 

  1023. 	 *
    1024. 

  1024. 	 * @return XenForo_Input|false
    1025. 

  1025. 	 */
    1026. 

  1026. 	protected function _getInputFromSerialized($varname, $throw = true, &$errorPhraseKey = null)
    1027. 

  1027. 	{
    1028. 

  1028. 		if ($inputString = $this->_input->filterSingle($varname, XenForo_Input::STRING))
    1029. 

  1029. 		{
    1030. 

  1030. 			try
    1031. 

  1031. 			{
    1032. 

  1032. 				return new XenForo_Input(XenForo_Application::parseQueryString($inputString));
    1033. 

  1033. 			}
    1034. 

  1034. 			catch (Exception $e)
    1035. 

  1035. 			{
    1036. 

  1036. 				$errorPhraseKey = 'string_could_not_be_converted_to_input';
    1037. 

  1037. 

  1038. 				if ($throw)
    1039. 

  1039. 				{
    1040. 

  1040. 					throw $this->responseException(
    1041. 

  1041. 						$this->responseError(new XenForo_Phrase($errorPhraseKey))
    1042. 

  1042. 					);
    1043. 

  1043. 				}
    1044. 

  1044. 			}
    1045. 

  1045. 		}
    1046. 

  1046. 

  1047. 		return false;
    1048. 

  1048. 	}
    1049. 

  1049. 

  1050. 	/**
    1051. 

  1051. 	 * Checks for a match of one or more IPs against a list of IP and IP fragments
    1052. 

  1052. 	 *
    1053. 

  1053. 	 * @param string|array IP address(es)
    1054. 

  1054. 	 * @param array List of IP addresses
    1055. 

  1055. 	 *
    1056. 

  1056. 	 * @return boolean
    1057. 

  1057. 	 */
    1058. 

  1058. 	public function ipMatch($checkIps, array $ipList)
    1059. 

  1059. 	{
    1060. 

  1060. 		if (!is_array($checkIps))
    1061. 

  1061. 		{
    1062. 

  1062. 			$checkIps = array($checkIps);
    1063. 

  1063. 		}
    1064. 

  1064. 

  1065. 		foreach ($checkIps AS $ip)
    1066. 

  1066. 		{
    1067. 

  1067. 			$ipClassABlock = intval($ip);
    1068. 

  1068. 			$long = sprintf('%u', ip2long($ip));
    1069. 

  1069. 

  1070. 			if (isset($ipList[$ipClassABlock]))
    1071. 

  1071. 			{
    1072. 

  1072. 				foreach ($ipList[$ipClassABlock] AS $range)
    1073. 

  1073. 				{
    1074. 

  1074. 					if ($long >= $range[0] && $long <= $range[1])
    1075. 

  1075. 					{
    1076. 

  1076. 						return true;
    1077. 

  1077. 					}
    1078. 

  1078. 				}
    1079. 

  1079. 			}
    1080. 

  1080. 		}
    1081. 

  1081. 

  1082. 		return false;
    1083. 

  1083. 	}
    1084. 

  1084. 

  1085. 	/**
    1086. 

  1086. 	 * Returns an array of IPs for the current client
    1087. 

  1087. 	 *
    1088. 

  1088. 	 * @return
    1089. 

  1089. 	 */
    1090. 

  1090. 	protected function _getClientIps()
    1091. 

  1091. 	{
    1092. 

  1092. 		$ips = preg_split('/,\s*/', $this->_request->getClientIp(true));
    1093. 

  1093. 		$ips[] = $this->_request->getClientIp(false);
    1094. 

  1094. 

  1095. 		return array_unique($ips);
    1096. 

  1096. 	}
    1097. 

  1097. }
    1098.