Changeset 502 for trunk/lib/App.inc.php

Timestamp:

Dec 30, 2014 10:24:51 PM (9 years ago)

Author:

anonymous

Message:

Many minor fixes during pulso development

File:

• trunk/lib/App.inc.php (modified) (11 diffs)

trunk/lib/App.inc.php

@@ -40 +40 @@
 require_once dirname(__FILE__) . '/Utilities.inc.php';
 
-class App {
+class App
+{
 
     // Minimum version of PHP required for this version of the Codebase.
@@ -627 +628 @@
         }
 
-        // Make sure to log in the system's locale.
-        $locale = setlocale(LC_TIME, 0);
-        setlocale(LC_TIME, 'C');
-
         // Strip HTML tags except any with more than 7 characters because that's probably not a HTML tag, e.g. <email@address.com>.
         preg_match_all('/(<[^>\s]{7,})[^>]*>/', $message, $strip_tags_allow);
@@ -678 +675 @@
         }
 
+        // Make sure to log in the system's locale.
+        $locale = setlocale(LC_TIME, 0);
+        setlocale(LC_TIME, 'C');
+
         // Data to be stored for a log event.
         $event = array(
@@ -692 +693 @@
         $event_short['url'] = truncate($event_short['url'], 120);
 
+        // Restore original locale.
+        setlocale(LC_TIME, $locale);
 
         // FILE ACTION
@@ -702 +705 @@
         if (false !== $this->getParam('log_email_priority') && $priority <= $this->getParam('log_email_priority') && $send_notifications) {
             $hostname = (isset($_SERVER['HTTP_HOST']) && '' != $_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : php_uname('n');
-            $subject = sprintf('[%s %s] %s', $hostname, $event['type'], mb_substr($message, 0, 64));
+            $subject = sprintf('[%s %s] %s', $hostname, $event['type'], mb_substr($event['message'], 0, 64));
             $email_msg = sprintf("A %s log event occurred on %s\n\n", $event['type'], $hostname);
             $headers = 'From: ' . $this->getParam('site_email');
@@ -724 +727 @@
             file_put_contents('php://stderr', "[{$event['type']}] [{$event['message']}]\n", FILE_APPEND);
         }
-
-        // Restore original locale.
-        setlocale(LC_TIME, $locale);
-
-        unset($event, $event_short);
 
         return true;
@@ -850 +848 @@
      *                                     header('Location...') redirections.
      *
+     * @param   bool    $include_csrf_token     Set to true to include the csrf_token in the form. Only use this for forms with action="post" to prevent the token from being revealed in the URL.
      * @return string url with attached queries and, if not using cookies, the session id
      */
-    public function url($url, $carry_args=null, $always_include_sid=false)
+    public function url($url, $carry_args=null, $always_include_sid=false, $include_csrf_token=false)
     {
         if (!$this->running) {
             $this->logMsg(sprintf('Canceled method call %s, application not running.', __FUNCTION__), LOG_NOTICE, __FILE__, __LINE__);
             return false;
+        }
+
+        if ($this->getParam('csrf_token_enabled') && $include_csrf_token) {
+            // Include the csrf_token as a carried query argument.
+            // This token can be validated upon form submission with $app->verifyCSRFToken() or $app->requireValidCSRFToken()
+            $carry_args = is_array($carry_args) ? $carry_args : array();
+            $carry_args = array_merge($carry_args, array($this->getParam('csrf_token_name') => $this->getCSRFToken()));
         }
 
@@ -938 +944 @@
      *
      * @access  public
-     * @param   string  $url    Input URL to parse.
-     * @return  string          URL passed through $app->url() and then & turned to $amp;.
+     * @param   (see param reference for url() method)
+     * @return  string          URL passed through $app->url() with ampersamds transformed to $amp;
      * @author  Quinn Comendant <quinn@strangecode.com>
      * @since   09 Dec 2005 17:58:45
      */
-    public function oHREF($url, $carry_args=null, $always_include_sid=false)
-    {
-        $url = $this->url($url, $carry_args, $always_include_sid);
-
-        // Replace any & not followed by an html or unicode entity with it's &amp; equivalent.
+    public function oHREF($url, $carry_args=null, $always_include_sid=false, $include_csrf_token=false)
+    {
+        // Process the URL.
+        $url = $this->url($url, $carry_args, $always_include_sid, $include_csrf_token);
+
+        // Replace any & not followed by an html or unicode entity with its &amp; equivalent.
         $url = preg_replace('/&(?![\w\d#]{1,10};)/', '&amp;', $url);
 
@@ -1093 +1100 @@
             return false;
         }
-        $this->logMsg(sprintf('Verified CSRF token %s is in %s', $user_submitted_csrf_token, $csrf_token), LOG_DEBUG, __FILE__, __LINE__);
+        $this->logMsg(sprintf('Verified CSRF token %s', $user_submitted_csrf_token), LOG_DEBUG, __FILE__, __LINE__);
         return true;
     }
@@ -1142 +1149 @@
         }
 
-        if ('' == $url) {
+        if (!$url) {
             // If URL is not specified, use the redirect_home_url.
             $url = $this->getParam('redirect_home_url');
@@ -1295 +1302 @@
         }
 
-        $this->logMsg(sprintf('deleteBoomerangURL(%s): %s', $id, $this->getBoomerangURL($id)), LOG_DEBUG, __FILE__, __LINE__);
-
         if (isset($id) && isset($_SESSION['_app'][$this->_ns]['boomerang']['url'][$id])) {
+            $url = $this->getBoomerangURL($id);
             unset($_SESSION['_app'][$this->_ns]['boomerang']['url'][$id]);
         } else if (is_array($_SESSION['_app'][$this->_ns]['boomerang']['url'])) {
-            array_pop($_SESSION['_app'][$this->_ns]['boomerang']['url']);
-        }
+            $url = array_pop($_SESSION['_app'][$this->_ns]['boomerang']['url']);
+        }
+        $this->logMsg(sprintf('deleteBoomerangURL(%s): %s', $id, $url), LOG_DEBUG, __FILE__, __LINE__);
     }