Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.
 All Data Structures Functions Variables Pages
ZurmoHttpRequest.php
1 <?php
2  /*********************************************************************************
3  * Zurmo is a customer relationship management program developed by
4  * Zurmo, Inc. Copyright (C) 2017 Zurmo Inc.
5  *
6  * Zurmo is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU Affero General Public License version 3 as published by the
8  * Free Software Foundation with the addition of the following permission added
9  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10  * IN WHICH THE COPYRIGHT IS OWNED BY ZURMO, ZURMO DISCLAIMS THE WARRANTY
11  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12  *
13  * Zurmo is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16  * details.
17  *
18  * You should have received a copy of the GNU Affero General Public License along with
19  * this program; if not, see http://www.gnu.org/licenses or write to the Free
20  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21  * 02110-1301 USA.
22  *
23  * You can contact Zurmo, Inc. with a mailing address at 27 North Wacker Drive
24  * Suite 370 Chicago, IL 60606. or at email address contact@zurmo.com.
25  *
26  * The interactive user interfaces in original and modified versions
27  * of this program must display Appropriate Legal Notices, as required under
28  * Section 5 of the GNU Affero General Public License version 3.
29  *
30  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31  * these Appropriate Legal Notices must retain the display of the Zurmo
32  * logo and Zurmo copyright notice. If the display of the logo is not reasonably
33  * feasible for technical reasons, the Appropriate Legal Notices must display the words
34  * "Copyright Zurmo Inc. 2017. All rights reserved".
35  ********************************************************************************/
36 
37  class ZurmoHttpRequest extends CHttpRequest
38  {
39  public $excludeCsrfValidationRoutes = array();
40 
41  const EXTERNAL_REQUEST_TOKEN = 'externalRequestToken';
42 
43  public function validateCsrfToken($event)
44  {
45  if (!$this->isTrustedRequest())
46  {
47  return parent::validateCsrfToken($event);
48  }
49  else
50  {
51  return true;
52  }
53  }
54 
55  protected function isTrustedRequest()
56  {
57  $requestedUrl = Yii::app()->getRequest()->getUrl();
58  foreach ($this->excludeCsrfValidationRoutes as $excludeCsrfValidationRoute)
59  {
60  $safeUrl = Yii::app()->createUrl($excludeCsrfValidationRoute['route']);
61  if (strpos($requestedUrl, $safeUrl) === 0)
62  {
63  if ($excludeCsrfValidationRoute['tokenEnabled'] === false)
64  {
65  return true;
66  }
67  else
68  {
69  $externalRequestToken = Yii::app()->getRequest()->getPost(self::EXTERNAL_REQUEST_TOKEN);
70  if ($externalRequestToken === ZURMO_TOKEN)
71  {
72  return true;
73  }
74  }
75  }
76  }
77  return false;
78  }
79 
84  public function isExternalRequest()
85  {
86  try
87  {
88  $url = Yii::app()->getRequest()->getUrl();
89  }
90  catch (CException $e)
91  {
92  $url = '';
93  }
94  if (strpos($url, '/external/') !== false)
95  {
96  return true;
97  }
98  else
99  {
100  return false;
101  }
102  }
103 
108  public function isContextiveExternalRequest()
109  {
110  try
111  {
112  $url = Yii::app()->getRequest()->getUrl();
113  }
114  catch (CException $e)
115  {
116  $url = '';
117  }
118  if (strpos($url, '/contextiveExternal/') !== false)
119  {
120  return true;
121  }
122  else
123  {
124  return false;
125  }
126  }
127 
128  public function isOAuthRequest()
129  {
130  $accessToken = Yii::app()->getRequest()->getParam('access_token');
131  if ($accessToken != null)
132  {
133  return true;
134  }
135  return false;
136  }
137 
142  public function isAnExternalRequestVariant()
143  {
144  if ($this->isExternalRequest())
145  {
146  return true;
147  }
148  elseif ($this->isContextiveExternalRequest())
149  {
150  return true;
151  }
152  else
153  {
154  return false;
155  }
156  }
157 
161  public function resolveAndGetUrl()
162  {
163  if ($this->isContextiveExternalRequest())
164  {
165  return $this->getHostInfo() . $this->getUrl();
166  }
167  return $this->getUrl();
168  }
169 
173  public function getRealHostInfo()
174  {
175  $secure = $this->getIsSecureConnection();
176  if ($secure)
177  {
178  $http = 'https';
179  }
180  else
181  {
182  $http = 'http';
183  }
184  if (isset($_SERVER['HTTP_HOST']))
185  {
186  return $http . '://' . $_SERVER['HTTP_HOST'];
187  }
188 
189  else
190  {
191  $hostInfo = $http . '://' . $_SERVER['SERVER_NAME'];
192  if ($secure)
193  {
194  $port = $this->getSecurePort();
195  }
196  else
197  {
198  $port = $this->getPort();
199  }
200  if (($port !== 80 && !$secure) || ($port !== 443 && $secure))
201  {
202  $hostInfo .= ':' . $port;
203  }
204  return $hostInfo;
205  }
206  }
207 
211  public function getRealScriptUrl()
212  {
213  $scriptName = basename($_SERVER['SCRIPT_FILENAME']);
214  if (basename($_SERVER['SCRIPT_NAME']) === $scriptName)
215  {
216  return $_SERVER['SCRIPT_NAME'];
217  }
218  elseif (basename($_SERVER['PHP_SELF']) === $scriptName)
219  {
220  return $_SERVER['PHP_SELF'];
221  }
222  elseif (isset($_SERVER['ORIG_SCRIPT_NAME']) && basename($_SERVER['ORIG_SCRIPT_NAME']) === $scriptName)
223  {
224  return $_SERVER['ORIG_SCRIPT_NAME'];
225  }
226  elseif (($pos = strpos($_SERVER['PHP_SELF'], '/' . $scriptName)) !== false)
227  {
228  return substr($_SERVER['SCRIPT_NAME'], 0, $pos) . '/' . $scriptName;
229  }
230  elseif (isset($_SERVER['DOCUMENT_ROOT']) && strpos($_SERVER['SCRIPT_FILENAME'], $_SERVER['DOCUMENT_ROOT']) === 0)
231  {
232  return str_replace('\\', '/', str_replace($_SERVER['DOCUMENT_ROOT'], '', $_SERVER['SCRIPT_FILENAME']));
233  }
234  else
235  {
236  throw new CException(Yii::t('yii', 'CHttpRequest is unable to determine the entry script URL.'));
237  }
238  }
239 
245  {
246  return parse_url(Yii::app()->getRequest()->getHostInfo(), PHP_URL_HOST);
247  }
248  }
249 ?>
Generated on Sat Jul 4 2020 07:10:27
Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.