diff options
author | Nicolas Lœuillet <nicolas@loeuillet.org> | 2014-07-25 07:27:21 +0200 |
---|---|---|
committer | Nicolas Lœuillet <nicolas@loeuillet.org> | 2014-07-25 07:27:21 +0200 |
commit | fa9a7bbb3c61116e5db76c9f25ef2340fef971d7 (patch) | |
tree | cd733e8548290158d578da185bd541e7fe4b1a31 /inc/poche/Routing.class.php | |
parent | ebd6bf6007e0fad4c3e11dac0e79f687e1d195a2 (diff) | |
parent | 830612f555d8bc72669fe9bc0686680001af0e52 (diff) | |
download | wallabag-fa9a7bbb3c61116e5db76c9f25ef2340fef971d7.tar.gz wallabag-fa9a7bbb3c61116e5db76c9f25ef2340fef971d7.tar.zst wallabag-fa9a7bbb3c61116e5db76c9f25ef2340fef971d7.zip |
Merge branch 'fix/securityAllowedActions' into dev
Diffstat (limited to 'inc/poche/Routing.class.php')
-rwxr-xr-x | inc/poche/Routing.class.php | 153 |
1 files changed, 153 insertions, 0 deletions
diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php new file mode 100755 index 00000000..004bd45a --- /dev/null +++ b/inc/poche/Routing.class.php | |||
@@ -0,0 +1,153 @@ | |||
1 | <?php | ||
2 | /** | ||
3 | * wallabag, self hostable application allowing you to not miss any content anymore | ||
4 | * | ||
5 | * @category wallabag | ||
6 | * @author Nicolas Lœuillet <nicolas@loeuillet.org> | ||
7 | * @copyright 2013 | ||
8 | * @license http://opensource.org/licenses/MIT see COPYING file | ||
9 | */ | ||
10 | |||
11 | class Routing | ||
12 | { | ||
13 | protected $wallabag; | ||
14 | protected $referer; | ||
15 | protected $view; | ||
16 | protected $action; | ||
17 | protected $id; | ||
18 | protected $url; | ||
19 | protected $file; | ||
20 | protected $defaultVars = array(); | ||
21 | protected $vars = array(); | ||
22 | |||
23 | public function __construct(Poche $wallabag) | ||
24 | { | ||
25 | $this->wallabag = $wallabag; | ||
26 | $this->_init(); | ||
27 | } | ||
28 | |||
29 | private function _init() | ||
30 | { | ||
31 | # Parse GET & REFERER vars | ||
32 | $this->referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; | ||
33 | $this->view = Tools::checkVar('view', 'home'); | ||
34 | $this->action = Tools::checkVar('action'); | ||
35 | $this->id = Tools::checkVar('id'); | ||
36 | $_SESSION['sort'] = Tools::checkVar('sort', 'id'); | ||
37 | $this->url = new Url((isset ($_GET['url'])) ? $_GET['url'] : ''); | ||
38 | } | ||
39 | |||
40 | public function run() | ||
41 | { | ||
42 | # vars to _always_ send to templates | ||
43 | $this->defaultVars = array( | ||
44 | 'referer' => $this->referer, | ||
45 | 'view' => $this->view, | ||
46 | 'poche_url' => Tools::getPocheUrl(), | ||
47 | 'title' => _('wallabag, a read it later open source system'), | ||
48 | 'token' => \Session::getToken(), | ||
49 | 'theme' => $this->wallabag->tpl->getTheme() | ||
50 | ); | ||
51 | |||
52 | $this->_launchAction(); | ||
53 | $this->_defineTplInformation(); | ||
54 | |||
55 | # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) | ||
56 | $this->vars = array_merge($this->vars, array('messages' => $this->wallabag->messages->display('all', FALSE))); | ||
57 | |||
58 | $this->_render($this->file, $this->vars); | ||
59 | } | ||
60 | |||
61 | private function _defineTplInformation() | ||
62 | { | ||
63 | $tplFile = array(); | ||
64 | $tplVars = array(); | ||
65 | |||
66 | if (\Session::isLogged()) { | ||
67 | $this->wallabag->action($this->action, $this->url, $this->id); | ||
68 | $tplFile = Tools::getTplFile($this->view); | ||
69 | $tplVars = array_merge($this->vars, $this->wallabag->displayView($this->view, $this->id)); | ||
70 | } elseif(isset($_SERVER['PHP_AUTH_USER'])) { | ||
71 | if($this->wallabag->store->userExists($_SERVER['PHP_AUTH_USER'])) { | ||
72 | $this->wallabag->login($this->referer); | ||
73 | } else { | ||
74 | $this->wallabag->messages->add('e', _('login failed: user doesn\'t exist')); | ||
75 | Tools::logm('user doesn\'t exist'); | ||
76 | $tplFile = Tools::getTplFile('login'); | ||
77 | $tplVars['http_auth'] = 1; | ||
78 | } | ||
79 | } elseif(isset($_SERVER['REMOTE_USER'])) { | ||
80 | if($this->wallabag->store->userExists($_SERVER['REMOTE_USER'])) { | ||
81 | $this->wallabag->login($this->referer); | ||
82 | } else { | ||
83 | $this->wallabag->messages->add('e', _('login failed: user doesn\'t exist')); | ||
84 | Tools::logm('user doesn\'t exist'); | ||
85 | $tplFile = Tools::getTplFile('login'); | ||
86 | $tplVars['http_auth'] = 1; | ||
87 | } | ||
88 | } else { | ||
89 | $tplFile = Tools::getTplFile('login'); | ||
90 | $tplVars['http_auth'] = 0; | ||
91 | \Session::logout(); | ||
92 | } | ||
93 | |||
94 | $this->file = $tplFile; | ||
95 | $this->vars = array_merge($this->defaultVars, $tplVars); | ||
96 | } | ||
97 | |||
98 | private function _launchAction() | ||
99 | { | ||
100 | if (isset($_GET['login'])) { | ||
101 | // hello to you | ||
102 | $this->wallabag->login($this->referer); | ||
103 | } elseif (isset($_GET['feed']) && isset($_GET['user_id'])) { | ||
104 | $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0); | ||
105 | $this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']); | ||
106 | } | ||
107 | |||
108 | //allowed ONLY to logged in user | ||
109 | if (\Session::isLogged() === true) | ||
110 | { | ||
111 | if (isset($_GET['logout'])) { | ||
112 | // see you soon ! | ||
113 | $this->wallabag->logout(); | ||
114 | } elseif (isset($_GET['config'])) { | ||
115 | // update password | ||
116 | $this->wallabag->updatePassword($_POST['password'], $_POST['password_repeat']); | ||
117 | } elseif (isset($_GET['newuser'])) { | ||
118 | $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser']); | ||
119 | } elseif (isset($_GET['deluser'])) { | ||
120 | $this->wallabag->deleteUser($_POST['password4deletinguser']); | ||
121 | } elseif (isset($_GET['epub'])) { | ||
122 | $epub = new WallabagEpub($this->wallabag, $_GET['method'], $_GET['id'], $_GET['value']); | ||
123 | $epub->run(); | ||
124 | } elseif (isset($_GET['import'])) { | ||
125 | $import = $this->wallabag->import(); | ||
126 | $tplVars = array_merge($this->vars, $import); | ||
127 | } elseif (isset($_GET['download'])) { | ||
128 | Tools::downloadDb(); | ||
129 | } elseif (isset($_GET['empty-cache'])) { | ||
130 | Tools::emptyCache(); | ||
131 | } elseif (isset($_GET['export'])) { | ||
132 | $this->wallabag->export(); | ||
133 | } elseif (isset($_GET['updatetheme'])) { | ||
134 | $this->wallabag->tpl->updateTheme($_POST['theme']); | ||
135 | } elseif (isset($_GET['updatelanguage'])) { | ||
136 | $this->wallabag->language->updateLanguage($_POST['language']); | ||
137 | } elseif (isset($_GET['uploadfile'])) { | ||
138 | $this->wallabag->uploadFile(); | ||
139 | } elseif (isset($_GET['feed']) && isset($_GET['action']) && $_GET['action'] == 'generate') { | ||
140 | $this->wallabag->updateToken(); | ||
141 | } | ||
142 | elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) { | ||
143 | $plainUrl = new Url(base64_encode($_GET['plainurl'])); | ||
144 | $this->wallabag->action('add', $plainUrl); | ||
145 | } | ||
146 | } | ||
147 | } | ||
148 | |||
149 | public function _render($file, $vars) | ||
150 | { | ||
151 | echo $this->wallabag->tpl->render($file, $vars); | ||
152 | } | ||
153 | } \ No newline at end of file | ||