aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc/poche/Routing.class.php
diff options
context:
space:
mode:
authorNicolas Lœuillet <nicolas@loeuillet.org>2014-07-25 07:27:21 +0200
committerNicolas Lœuillet <nicolas@loeuillet.org>2014-07-25 07:27:21 +0200
commitfa9a7bbb3c61116e5db76c9f25ef2340fef971d7 (patch)
treecd733e8548290158d578da185bd541e7fe4b1a31 /inc/poche/Routing.class.php
parentebd6bf6007e0fad4c3e11dac0e79f687e1d195a2 (diff)
parent830612f555d8bc72669fe9bc0686680001af0e52 (diff)
downloadwallabag-fa9a7bbb3c61116e5db76c9f25ef2340fef971d7.tar.gz
wallabag-fa9a7bbb3c61116e5db76c9f25ef2340fef971d7.tar.zst
wallabag-fa9a7bbb3c61116e5db76c9f25ef2340fef971d7.zip
Merge branch 'fix/securityAllowedActions' into dev
Diffstat (limited to 'inc/poche/Routing.class.php')
-rwxr-xr-xinc/poche/Routing.class.php153
1 files changed, 153 insertions, 0 deletions
diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php
new file mode 100755
index 00000000..004bd45a
--- /dev/null
+++ b/inc/poche/Routing.class.php
@@ -0,0 +1,153 @@
1<?php
2/**
3 * wallabag, self hostable application allowing you to not miss any content anymore
4 *
5 * @category wallabag
6 * @author Nicolas Lœuillet <nicolas@loeuillet.org>
7 * @copyright 2013
8 * @license http://opensource.org/licenses/MIT see COPYING file
9 */
10
11class Routing
12{
13 protected $wallabag;
14 protected $referer;
15 protected $view;
16 protected $action;
17 protected $id;
18 protected $url;
19 protected $file;
20 protected $defaultVars = array();
21 protected $vars = array();
22
23 public function __construct(Poche $wallabag)
24 {
25 $this->wallabag = $wallabag;
26 $this->_init();
27 }
28
29 private function _init()
30 {
31 # Parse GET & REFERER vars
32 $this->referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
33 $this->view = Tools::checkVar('view', 'home');
34 $this->action = Tools::checkVar('action');
35 $this->id = Tools::checkVar('id');
36 $_SESSION['sort'] = Tools::checkVar('sort', 'id');
37 $this->url = new Url((isset ($_GET['url'])) ? $_GET['url'] : '');
38 }
39
40 public function run()
41 {
42 # vars to _always_ send to templates
43 $this->defaultVars = array(
44 'referer' => $this->referer,
45 'view' => $this->view,
46 'poche_url' => Tools::getPocheUrl(),
47 'title' => _('wallabag, a read it later open source system'),
48 'token' => \Session::getToken(),
49 'theme' => $this->wallabag->tpl->getTheme()
50 );
51
52 $this->_launchAction();
53 $this->_defineTplInformation();
54
55 # because messages can be added in $poche->action(), we have to add this entry now (we can add it before)
56 $this->vars = array_merge($this->vars, array('messages' => $this->wallabag->messages->display('all', FALSE)));
57
58 $this->_render($this->file, $this->vars);
59 }
60
61 private function _defineTplInformation()
62 {
63 $tplFile = array();
64 $tplVars = array();
65
66 if (\Session::isLogged()) {
67 $this->wallabag->action($this->action, $this->url, $this->id);
68 $tplFile = Tools::getTplFile($this->view);
69 $tplVars = array_merge($this->vars, $this->wallabag->displayView($this->view, $this->id));
70 } elseif(isset($_SERVER['PHP_AUTH_USER'])) {
71 if($this->wallabag->store->userExists($_SERVER['PHP_AUTH_USER'])) {
72 $this->wallabag->login($this->referer);
73 } else {
74 $this->wallabag->messages->add('e', _('login failed: user doesn\'t exist'));
75 Tools::logm('user doesn\'t exist');
76 $tplFile = Tools::getTplFile('login');
77 $tplVars['http_auth'] = 1;
78 }
79 } elseif(isset($_SERVER['REMOTE_USER'])) {
80 if($this->wallabag->store->userExists($_SERVER['REMOTE_USER'])) {
81 $this->wallabag->login($this->referer);
82 } else {
83 $this->wallabag->messages->add('e', _('login failed: user doesn\'t exist'));
84 Tools::logm('user doesn\'t exist');
85 $tplFile = Tools::getTplFile('login');
86 $tplVars['http_auth'] = 1;
87 }
88 } else {
89 $tplFile = Tools::getTplFile('login');
90 $tplVars['http_auth'] = 0;
91 \Session::logout();
92 }
93
94 $this->file = $tplFile;
95 $this->vars = array_merge($this->defaultVars, $tplVars);
96 }
97
98 private function _launchAction()
99 {
100 if (isset($_GET['login'])) {
101 // hello to you
102 $this->wallabag->login($this->referer);
103 } elseif (isset($_GET['feed']) && isset($_GET['user_id'])) {
104 $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
105 $this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
106 }
107
108 //allowed ONLY to logged in user
109 if (\Session::isLogged() === true)
110 {
111 if (isset($_GET['logout'])) {
112 // see you soon !
113 $this->wallabag->logout();
114 } elseif (isset($_GET['config'])) {
115 // update password
116 $this->wallabag->updatePassword($_POST['password'], $_POST['password_repeat']);
117 } elseif (isset($_GET['newuser'])) {
118 $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser']);
119 } elseif (isset($_GET['deluser'])) {
120 $this->wallabag->deleteUser($_POST['password4deletinguser']);
121 } elseif (isset($_GET['epub'])) {
122 $epub = new WallabagEpub($this->wallabag, $_GET['method'], $_GET['id'], $_GET['value']);
123 $epub->run();
124 } elseif (isset($_GET['import'])) {
125 $import = $this->wallabag->import();
126 $tplVars = array_merge($this->vars, $import);
127 } elseif (isset($_GET['download'])) {
128 Tools::downloadDb();
129 } elseif (isset($_GET['empty-cache'])) {
130 Tools::emptyCache();
131 } elseif (isset($_GET['export'])) {
132 $this->wallabag->export();
133 } elseif (isset($_GET['updatetheme'])) {
134 $this->wallabag->tpl->updateTheme($_POST['theme']);
135 } elseif (isset($_GET['updatelanguage'])) {
136 $this->wallabag->language->updateLanguage($_POST['language']);
137 } elseif (isset($_GET['uploadfile'])) {
138 $this->wallabag->uploadFile();
139 } elseif (isset($_GET['feed']) && isset($_GET['action']) && $_GET['action'] == 'generate') {
140 $this->wallabag->updateToken();
141 }
142 elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
143 $plainUrl = new Url(base64_encode($_GET['plainurl']));
144 $this->wallabag->action('add', $plainUrl);
145 }
146 }
147 }
148
149 public function _render($file, $vars)
150 {
151 echo $this->wallabag->tpl->render($file, $vars);
152 }
153} \ No newline at end of file