PageRenderTime 44ms CodeModel.GetById 12ms RepoModel.GetById 0ms app.codeStats 0ms

/core/model/modx/modconnectorresponse.class.php

http://github.com/modxcms/revolution
PHP | 278 lines | 167 code | 14 blank | 97 comment | 49 complexity | f49a23070dcf4b945c51df92acae3200 MD5 | raw file
Possible License(s): GPL-2.0, Apache-2.0, BSD-3-Clause, LGPL-2.1 
    

  1. <?php
    2. 

  2. /*
    3. 

  3.  * This file is part of MODX Revolution.
    4. 

  4.  *
    5. 

  5.  * Copyright (c) MODX, LLC. All Rights Reserved.
    6. 

  6.  *
    7. 

  7.  * For complete copyright and license information, see the COPYRIGHT and LICENSE
    8. 

  8.  * files found in the top-level directory of this distribution.
    9. 

  9.  */
    10. 

  10. 

  11. require_once MODX_CORE_PATH . 'model/modx/modresponse.class.php';
    12. 

  12. /**
    13. 

  13.  * Encapsulates an HTTP response from the MODX manager.
    14. 

  14.  *
    15. 

  15.  * {@inheritdoc}
    16. 

  16.  *
    17. 

  17.  * @package modx
    18. 

  18.  * @extends modResponse
    19. 

  19.  */
    20. 

  20. class modConnectorResponse extends modResponse {
    21. 

  21.     /**
    22. 

  22.      * The base location of the processors called by the connectors.
    23. 

  23.      *
    24. 

  24.      * @var string
    25. 

  25.      * @access private
    26. 

  26.      */
    27. 

  27.     protected $_directory;
    28. 

  28. 

  29.     public $responseCode = 200;
    30. 

  30. 

  31.     protected $_responseCodes = array(
    32. 

  32.         100 => 'Continue',
    33. 

  33.         101 => 'Switching Protocols',
    34. 

  34.         200 => 'OK',
    35. 

  35.         201 => 'Created',
    36. 

  36.         202 => 'Accepted',
    37. 

  37.         203 => 'Non-Authoritative Information',
    38. 

  38.         204 => 'No Content',
    39. 

  39.         205 => 'Reset Content',
    40. 

  40.         206 => 'Partial Content',
    41. 

  41.         300 => 'Multiple Choices',
    42. 

  42.         301 => 'Moved Permanently',
    43. 

  43.         302 => 'Found',
    44. 

  44.         303 => 'See Other',
    45. 

  45.         304 => 'Not Modified',
    46. 

  46.         305 => 'Use Proxy',
    47. 

  47.         306 => '(Unused)',
    48. 

  48.         307 => 'Temporary Redirect',
    49. 

  49.         400 => 'Bad Request',
    50. 

  50.         401 => 'Unauthorized',
    51. 

  51.         402 => 'Payment Required',
    52. 

  52.         403 => 'Forbidden',
    53. 

  53.         404 => 'Not Found',
    54. 

  54.         405 => 'Method Not Allowed',
    55. 

  55.         406 => 'Not Acceptable',
    56. 

  56.         407 => 'Proxy Authentication Required',
    57. 

  57.         408 => 'Request Timeout',
    58. 

  58.         409 => 'Conflict',
    59. 

  59.         410 => 'Gone',
    60. 

  60.         411 => 'Length Required',
    61. 

  61.         412 => 'Precondition Failed',
    62. 

  62.         413 => 'Request Entity Too Large',
    63. 

  63.         414 => 'Request-URI Too Long',
    64. 

  64.         415 => 'Unsupported Media Type',
    65. 

  65.         416 => 'Requested Range Not Satisfiable',
    66. 

  66.         417 => 'Expectation Failed',
    67. 

  67.         500 => 'Internal Server Error',
    68. 

  68.         501 => 'Not Implemented',
    69. 

  69.         502 => 'Bad Gateway',
    70. 

  70.         503 => 'Service Unavailable',
    71. 

  71.         504 => 'Gateway Timeout',
    72. 

  72.         505 => 'HTTP Version Not Supported'
    73. 

  73.     );
    74. 

  74.     /**
    75. 

  75.      * Creates a modConnectorResponse object.
    76. 

  76.      *
    77. 

  77.      * {@inheritdoc}
    78. 

  78.      */
    79. 

  79.     function __construct(modX & $modx) {
    80. 

  80.         parent :: __construct($modx);
    81. 

  81.         $this->setDirectory();
    82. 

  82.     }
    83. 

  83. 

  84.     /**
    85. 

  85.      * Overrides modResponse::outputContent to provide connector-specific
    86. 

  86.      * processing.
    87. 

  87.      *
    88. 

  88.      * {@inheritdoc}
    89. 

  89.      */
    90. 

  90.     public function outputContent(array $options = array()) {
    91. 

  91.         /* variable pointer for easier access */
    92. 

  92.         $modx =& $this->modx;
    93. 

  93. 

  94.         /* backwards compat */
    95. 

  95.         $error =& $this->modx->error;
    96. 

  96.         /* prevent browsing of subdirectories for security */
    97. 

  97.         $target = preg_replace('/[\.]{2,}/', '', htmlspecialchars($options['action']));
    98. 

  98. 

  99.         $siteId = $this->modx->user->getUserToken($this->modx->context->get('key'));
    100. 

  100.         $isLogin = $target == 'login' || $target == 'security/login';
    101. 

  101. 

  102.         /* Block the user if there's no user token for the current context, and permissions are in fact required */
    103. 

  103.         if (empty($siteId) && (!defined('MODX_REQP') || MODX_REQP === TRUE)) {
    104. 

  104.             $this->responseCode = 401;
    105. 

  105.             $this->body = $modx->error->failure($modx->lexicon('access_denied'),array('code' => 401));
    106. 

  106.         }
    107. 

  107.         /* Make sure we've got a token */
    108. 

  108.         elseif (!$isLogin && !isset($_SERVER['HTTP_MODAUTH']) && (!isset($_REQUEST['HTTP_MODAUTH']) || empty($_REQUEST['HTTP_MODAUTH']))) {
    109. 

  109.             $this->responseCode = 401;
    110. 

  110.             $this->body = $modx->error->failure($modx->lexicon('access_denied'),array('code' => 401));
    111. 

  111.         }
    112. 

  112.         /* If the token was passed as a request header (like in the manager), check if it's right */
    113. 

  113.         else if (!$isLogin && isset($_SERVER['HTTP_MODAUTH']) && $_SERVER['HTTP_MODAUTH'] != $siteId) {
    114. 

  114.             $this->responseCode = 401;
    115. 

  115.             $this->body = $modx->error->failure($modx->lexicon('access_denied'),array('code' => 401));
    116. 

  116.         }
    117. 

  117.         /* If the token was passed a request variable, check if it's right */
    118. 

  118.         else if (!$isLogin && isset($_REQUEST['HTTP_MODAUTH']) && $_REQUEST['HTTP_MODAUTH'] != $siteId) {
    119. 

  119.             $this->responseCode = 401;
    120. 

  120.             $this->body = $modx->error->failure($modx->lexicon('access_denied'), array('code' => 401));
    121. 

  121.         }
    122. 

  122.         /* verify the location and action */
    123. 

  123.         /*else if (!isset($options['location']) || !isset($options['action'])) {
    124. 

  124.             $this->responseCode = 404;
    125. 

  125.             $this->body = $this->modx->error->failure($modx->lexicon('action_err_ns'),array('code' => 404));
    126. 

    127. 

  127.         }*/
    128. 

  128.         /* If we don't have an action, 404 out */
    129. 

  129.         else if (empty($options['action'])) {
    130. 

  130.             $this->responseCode = 404;
    131. 

  131.             $this->body = $this->modx->error->failure($modx->lexicon('action_err_ns'), array('code' => 404));
    132. 

  132.         }
    133. 

  133.         /* execute a processor and format the response */
    134. 

  134.         else {
    135. 

  135.             /* create scriptProperties array from HTTP GPC vars */
    136. 

  136.             if (!isset($_POST)) $_POST = array();
    137. 

  137.             if (!isset($_GET) || $isLogin) $_GET = array();
    138. 

  138.             $scriptProperties = array_merge($_GET,$_POST);
    139. 

  139.             if (isset($_FILES) && !empty($_FILES)) {
    140. 

  140.                 $scriptProperties = array_merge($scriptProperties,$_FILES);
    141. 

  141.             }
    142. 

  142. 

  143.             /* run processor */
    144. 

  144.             $this->response = $this->modx->runProcessor($target,$scriptProperties,$options);
    145. 

  145.             if (!$this->response) {
    146. 

  146.                 $this->responseCode = 404;
    147. 

  147.                 $this->body = $this->modx->error->failure($this->modx->lexicon('processor_err_nf',array(
    148. 

  148.                     'target' => $target,
    149. 

  149.                 )));
    150. 

  150.             } else {
    151. 

  151.                 $this->body = $this->response->getResponse();
    152. 

  152.             }
    153. 

  153.         }
    154. 

  154.         /* if files sent, this means that the browser needs it in text/plain,
    155. 

  155.          * so ignore text/json header type
    156. 

  156.          */
    157. 

  157.         if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
    158. 

  158.             header("Content-Type: application/json; charset=UTF-8");
    159. 

  159.             $message = 'OK';
    160. 

  160.             if (array_key_exists($this->responseCode,$this->_responseCodes)) {
    161. 

  161.                 $message = $this->_responseCodes[$this->responseCode];
    162. 

  162.             }
    163. 

  163.             header('Status: '.$this->responseCode.' '.$message);
    164. 

  164.             header('Version: ' . $_SERVER['SERVER_PROTOCOL']);
    165. 

  165.         }
    166. 

  166.         if (is_array($this->header)) {
    167. 

  167.             foreach ($this->header as $header) header($header);
    168. 

  168.         }
    169. 

  169.         if (is_array($this->body)) {
    170. 

  170.             @session_write_close();
    171. 

  171.             $json = $this->modx->toJSON(array(
    172. 

  172.                 'success' => isset($this->body['success']) ? $this->body['success'] : 0,
    173. 

  173.                 'message' => isset($this->body['message']) ? $this->body['message'] : $this->modx->lexicon('error'),
    174. 

  174.                 'total' => (isset($this->body['total']) && $this->body['total'] > 0)
    175. 

  175.                     ? intval($this->body['total'])
    176. 

  176.                     : (isset($this->body['errors'])
    177. 

  177.                         ? count($this->body['errors'])
    178. 

  178.                         : 1),
    179. 

  179.                 'data' => isset($this->body['errors']) ? $this->body['errors'] : array(),
    180. 

  180.                 'object' => isset($this->body['object']) ? $this->body['object'] : array(),
    181. 

  181.             ));
    182. 

  182. 

  183.             if (!empty($_GET['callback'])) {
    184. 

  184.                 $json = $modx->stripTags($_GET['callback']) . '(' . $json . ')';
    185. 

  185.             }
    186. 

  186.             die($json);
    187. 

  187.         } else {
    188. 

  188.             @session_write_close();
    189. 

  189.             die($this->body);
    190. 

  190.         }
    191. 

  191.     }
    192. 

  192. 

  193.     /**
    194. 

  194.      * Return arrays of objects (with count) converted to JSON.
    195. 

  195.      *
    196. 

  196.      * The JSON result includes two main elements, total and results. This format is used for list
    197. 

  197.      * results.
    198. 

  198.      *
    199. 

  199.      * @access public
    200. 

  200.      * @param array $array An array of data objects.
    201. 

  201.      * @param mixed $count The total number of objects. Used for pagination.
    202. 

  202.      * @return string The JSON output.
    203. 

  203.      */
    204. 

  204.     public function outputArray(array $array,$count = false) {
    205. 

  205.         if (!is_array($array)) return false;
    206. 

  206.         if ($count === false) { $count = count($array); }
    207. 

  207.         return '({"total":"'.$count.'","results":'.$this->modx->toJSON($array).'})';
    208. 

  208.     }
    209. 

  209. 

  210.     /**
    211. 

  211.      * Set the physical location of the processor directory for the response handler.
    212. 

  212.      *
    213. 

  213.      * This allows for dynamic processor locations.
    214. 

  214.      *
    215. 

  215.      * @access public
    216. 

  216.      * @param string $dir The directory to set as the processors directory.
    217. 

  217.      */
    218. 

  218.     public function setDirectory($dir = '') {
    219. 

  219.         if ($dir == '') {
    220. 

  220.             $this->_directory = $this->modx->getOption('processors_path');
    221. 

  221.         } else {
    222. 

  222.             $this->_directory = $dir;
    223. 

  223.         }
    224. 

  224.     }
    225. 

  225. 

  226.     /**
    227. 

  227.      * Converts PHP to JSON with JavaScript literals left in-tact.
    228. 

  228.      *
    229. 

  229.      * JSON does not allow JavaScript literals, but this function encodes certain identifiable
    230. 

  230.      * literals and decodes them back into literals after modX::toJSON() formats the data.
    231. 

  231.      *
    232. 

  232.      * @access public
    233. 

  233.      * @param mixed $data The PHP data to be converted.
    234. 

  234.      * @return string The extended JSON-encoded string.
    235. 

  235.      */
    236. 

  236.     public function toJSON($data) {
    237. 

  237.         if (is_array($data)) {
    238. 

  238.             array_walk_recursive($data, array(&$this, '_encodeLiterals'));
    239. 

  239.         }
    240. 

  240.         return $this->_decodeLiterals($this->modx->toJSON($data));
    241. 

  241.     }
    242. 

  242. 

  243.     /**
    244. 

  244.      * Encodes certain JavaScript literal strings for later decoding.
    245. 

  245.      *
    246. 

  246.      * @access protected
    247. 

  247.      * @param mixed &$value A reference to the value to be encoded if it is identified as a literal.
    248. 

  248.      * @param integer|string $key The array key corresponding to the value.
    249. 

  249.      */
    250. 

  250.     protected function _encodeLiterals(&$value, $key) {
    251. 

  251.         if (is_string($value)) {
    252. 

  252.             /* properly handle common literal structures */
    253. 

  253.             if (strpos($value, 'function(') === 0
    254. 

  254.              || strpos($value, 'this.') === 0
    255. 

  255.              || strpos($value, 'new Function(') === 0
    256. 

  256.              || strpos($value, 'Ext.') === 0) {
    257. 

  257.                 $value = '@@' . base64_encode($value) . '@@';
    258. 

  258.              }
    259. 

  259.         }
    260. 

  260.     }
    261. 

  261. 

  262.     /**
    263. 

  263.      * Decodes strings encoded by _encodeLiterals to restore JavaScript literals.
    264. 

  264.      *
    265. 

  265.      * @access protected
    266. 

  266.      * @param string $string The JSON-encoded string with encoded literals.
    267. 

  267.      * @return string The JSON-encoded string with literals restored.
    268. 

  268.      */
    269. 

  269.     protected function _decodeLiterals($string) {
    270. 

  270.         $pattern = '/"@@(.*?)@@"/';
    271. 

  271.         $string = preg_replace_callback(
    272. 

  272.             $pattern,
    273. 

  273.             function ($matches) { return base64_decode($matches[1]); },
    274. 

  274.             $string
    275. 

  275.         );
    276. 

  276.         return $string;
    277. 

  277.     }
    278. 

  278. }
    279. 

  279.