From 06158693c7b846518abfe9d72491fc7376e457f3 Mon Sep 17 00:00:00 2001 From: David King Date: Fri, 19 Oct 2012 19:54:19 -0400 Subject: [feature/controller] Implement a front controller PHPBB3-10864 --- phpBB/includes/functions.php | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 3a5b100515..fb05b74cd3 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2335,7 +2335,7 @@ function phpbb_on_page($template, $user, $base_url, $num_items, $per_page, $star function append_sid($url, $params = false, $is_amp = true, $session_id = false) { global $_SID, $_EXTRA_URL, $phpbb_hook; - global $phpbb_dispatcher; + global $phpbb_dispatcher, $phpbb_root_path, $config, $symfony_request; if ($params === '' || (is_array($params) && empty($params))) { @@ -2343,6 +2343,20 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) $params = false; } + // Make sure we have a Symfony Request object; tests do not have one + // unless they need it. + if ($symfony_request) + { + // Correct the path when we are accessing it through a controller + // This simply rewrites the value given by $phpbb_root_path to the + // script_path in config. + $path_info = $symfony_request->getPathInfo(); + if (!empty($path_info) && $path_info != '/') + { + $url = $config['script_path'] . '/' . substr($url, strlen($phpbb_root_path)); + } + } + $append_sid_overwrite = false; /** @@ -5039,7 +5053,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 // Determine board url - we may need it later $board_url = generate_board_url() . '/'; - $web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $phpbb_root_path; + $web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $config['script_path'] . '/'; // Send a proper content-language to the output $user_lang = $user->lang['USER_LANG']; @@ -5216,8 +5230,12 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 /** * Generate page footer +* +* @param bool $run_cron Whether or not to run the cron +* @param bool $display_template Whether or not to display the template +* @param bool $exit_handler Whether or not to run the exit_handler() */ -function page_footer($run_cron = true) +function page_footer($run_cron = true, $display_template = true, $exit_handler = true) { global $db, $config, $template, $user, $auth, $cache, $starttime, $phpbb_root_path, $phpEx; global $request, $phpbb_dispatcher; @@ -5312,10 +5330,17 @@ function page_footer($run_cron = true) } } - $template->display('body'); + if ($display_template) + { + $template->display('body'); + } garbage_collection(); - exit_handler(); + + if ($exit_handler) + { + exit_handler(); + } } /** -- cgit v1.2.1 From d3aa8823b21990634f8b74676ac301739ddfc58b Mon Sep 17 00:00:00 2001 From: David King Date: Wed, 14 Nov 2012 15:42:13 -0500 Subject: [feature/controller] Use a dumped url matcher class to improve performance PHPBB3-10864 --- phpBB/includes/functions.php | 52 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index fb05b74cd3..7cf5611dca 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -7,6 +7,9 @@ * */ +use Symfony\Component\Routing\Matcher\Dumper\PhpMatcherDumper; +use Symfony\Component\Routing\RequestContext; + /** * @ignore */ @@ -5444,3 +5447,52 @@ function phpbb_to_numeric($input) { return ($input > PHP_INT_MAX) ? (float) $input : (int) $input; } + +/** +* Create and/or return the cached phpbb_url_matcher class +* +* If the class already exists, it instantiates it +* +* @param phpbb_extension_finder $finder Extension finder +* @param RequestContext $context Symfony RequestContext object +* @param string $root_path Root path +* @param string $php_ext PHP extension +* @return phpbb_url_matcher +*/ +function phpbb_create_url_matcher(phpbb_extension_finder $finder, RequestContext $context, $root_path, $php_ext) +{ + $matcher = phpbb_load_url_matcher($finder, $context, $root_path, $php_ext); + if ($matcher === false) + { + $provider = new phpbb_controller_provider(); + $dumper = new PhpMatcherDumper($provider->get_paths($finder)->find()); + $cached_url_matcher_dump = $dumper->dump(array( + 'class' => 'phpbb_url_matcher', + )); + + file_put_contents($root_path . 'cache/url_matcher' . $php_ext, $cached_url_matcher_dump); + return phpbb_load_url_matcher($finder, $context, $root_path, $php_ext); + } + + return $matcher; +} + +/** +* Load the cached phpbb_url_matcher class +* +* @param phpbb_extension_finder $finder Extension finder +* @param RequestContext $context Symfony RequestContext object +* @param string $root_path Root path +* @param string $php_ext PHP extension +* @return phpbb_url_matcher|bool False if the file doesn't exist +*/ +function phpbb_load_url_matcher(phpbb_extension_finder $finder, RequestContext $context, $root_path, $php_ext) +{ + if (file_exists($root_path . 'cache/url_matcher' . $php_ext)) + { + include($root_path . 'cache/url_matcher' . $php_ext); + return new phpbb_url_matcher($context); + } + + return false; +} -- cgit v1.2.1 From 196c2d4bc346ab6a31fd0b752c788e37cf39459d Mon Sep 17 00:00:00 2001 From: David King Date: Wed, 14 Nov 2012 15:56:07 -0500 Subject: [feature/controller] Move new functions to their own file PHPBB3-10864 --- phpBB/includes/functions.php | 49 -------------------------------------------- 1 file changed, 49 deletions(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 7cf5611dca..88ce142195 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -5447,52 +5447,3 @@ function phpbb_to_numeric($input) { return ($input > PHP_INT_MAX) ? (float) $input : (int) $input; } - -/** -* Create and/or return the cached phpbb_url_matcher class -* -* If the class already exists, it instantiates it -* -* @param phpbb_extension_finder $finder Extension finder -* @param RequestContext $context Symfony RequestContext object -* @param string $root_path Root path -* @param string $php_ext PHP extension -* @return phpbb_url_matcher -*/ -function phpbb_create_url_matcher(phpbb_extension_finder $finder, RequestContext $context, $root_path, $php_ext) -{ - $matcher = phpbb_load_url_matcher($finder, $context, $root_path, $php_ext); - if ($matcher === false) - { - $provider = new phpbb_controller_provider(); - $dumper = new PhpMatcherDumper($provider->get_paths($finder)->find()); - $cached_url_matcher_dump = $dumper->dump(array( - 'class' => 'phpbb_url_matcher', - )); - - file_put_contents($root_path . 'cache/url_matcher' . $php_ext, $cached_url_matcher_dump); - return phpbb_load_url_matcher($finder, $context, $root_path, $php_ext); - } - - return $matcher; -} - -/** -* Load the cached phpbb_url_matcher class -* -* @param phpbb_extension_finder $finder Extension finder -* @param RequestContext $context Symfony RequestContext object -* @param string $root_path Root path -* @param string $php_ext PHP extension -* @return phpbb_url_matcher|bool False if the file doesn't exist -*/ -function phpbb_load_url_matcher(phpbb_extension_finder $finder, RequestContext $context, $root_path, $php_ext) -{ - if (file_exists($root_path . 'cache/url_matcher' . $php_ext)) - { - include($root_path . 'cache/url_matcher' . $php_ext); - return new phpbb_url_matcher($context); - } - - return false; -} -- cgit v1.2.1 From 8913b2c7c4ffc38d4caf34ca7014b8a07f11d19d Mon Sep 17 00:00:00 2001 From: David King Date: Sat, 17 Nov 2012 17:48:20 -0500 Subject: [feature/controller] Use query string, not path info, for controller access This is hopefully just temporary until we can fix the relative path issue. PHPBB3-10864 --- phpBB/includes/functions.php | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 88ce142195..17fc16ef86 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2346,20 +2346,6 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) $params = false; } - // Make sure we have a Symfony Request object; tests do not have one - // unless they need it. - if ($symfony_request) - { - // Correct the path when we are accessing it through a controller - // This simply rewrites the value given by $phpbb_root_path to the - // script_path in config. - $path_info = $symfony_request->getPathInfo(); - if (!empty($path_info) && $path_info != '/') - { - $url = $config['script_path'] . '/' . substr($url, strlen($phpbb_root_path)); - } - } - $append_sid_overwrite = false; /** @@ -5056,7 +5042,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 // Determine board url - we may need it later $board_url = generate_board_url() . '/'; - $web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $config['script_path'] . '/'; + $web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $phpbb_root_path; // Send a proper content-language to the output $user_lang = $user->lang['USER_LANG']; -- cgit v1.2.1 From 53caf83233c962adbb68dcfb0f8172ebf788b8f7 Mon Sep 17 00:00:00 2001 From: David King Date: Sun, 18 Nov 2012 13:35:04 -0500 Subject: [feature/controller] Remove now-unused code PHPBB3-10864 --- phpBB/includes/functions.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 17fc16ef86..02a9e33f2a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -7,9 +7,6 @@ * */ -use Symfony\Component\Routing\Matcher\Dumper\PhpMatcherDumper; -use Symfony\Component\Routing\RequestContext; - /** * @ignore */ @@ -2338,7 +2335,7 @@ function phpbb_on_page($template, $user, $base_url, $num_items, $per_page, $star function append_sid($url, $params = false, $is_amp = true, $session_id = false) { global $_SID, $_EXTRA_URL, $phpbb_hook; - global $phpbb_dispatcher, $phpbb_root_path, $config, $symfony_request; + global $phpbb_dispatcher; if ($params === '' || (is_array($params) && empty($params))) { -- cgit v1.2.1 From 0f4f81b0966e29b5aaae5bf94e46260474ec0cb2 Mon Sep 17 00:00:00 2001 From: David King Date: Sun, 18 Nov 2012 15:52:35 -0500 Subject: [feature/controller] Create Symfony Request in new function PHPBB3-10864 --- phpBB/includes/functions.php | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 02a9e33f2a..820d96c9aa 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -7,6 +7,8 @@ * */ +use Symfony\Component\HttpFoundation\Request; + /** * @ignore */ @@ -5430,3 +5432,40 @@ function phpbb_to_numeric($input) { return ($input > PHP_INT_MAX) ? (float) $input : (int) $input; } + +/** +* Create a Symfony Request object from a given URI and phpbb_request object +* +* @param string $uri Request URI +* @param phpbb_request $request Request object +* @return Request A Symfony Request object +*/ +function phpbb_create_symfony_request($uri, phpbb_request $request) +{ + $request_method = $request->server('REQUEST_METHOD'); + $parameter_names = array(); + $parameter_names['request'] = array_merge( + $request->variable_names(phpbb_request_interface::GET), + // POST overwrites duplicated GET parameters + $request->variable_names(phpbb_request_interface::POST) + ); + $parameter_names['server'] = $request->variable_names(phpbb_request_interface::SERVER); + $parameter_names['files'] = $request->variable_names(phpbb_request_interface::FILES); + $parameter_names['cookie'] = $request->variable_names(phpbb_request_interface::COOKIE); + + $parameters = array( + 'request' => array(), + 'cookie' => array(), + 'files' => array(), + 'server' => array(), + ); + foreach ($parameter_names as $type => $names) + { + foreach ($names as $name) + { + $parameters[$type][$name] = $request->variable($name, ''); + } + } + + return Request::create($uri, $request_method, $parameters['request'], $parameters['cookie'], $parameters['files'], $parameters['server']); +} -- cgit v1.2.1 From e2bf66d0658ae7d7bb253083b73d5769c117746a Mon Sep 17 00:00:00 2001 From: David King Date: Sun, 18 Nov 2012 15:58:47 -0500 Subject: [feature/controller] Add documentation about input being HTML-escaped PHPBB3-10864 --- phpBB/includes/functions.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 820d96c9aa..cdc05ca649 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -5436,6 +5436,9 @@ function phpbb_to_numeric($input) /** * Create a Symfony Request object from a given URI and phpbb_request object * +* Note that everything passed into the Request object has already been HTML +* escaped by the phpbb_request object. +* * @param string $uri Request URI * @param phpbb_request $request Request object * @return Request A Symfony Request object -- cgit v1.2.1 From 30043502814cd42d824dc1d6bcb25bebc60adbed Mon Sep 17 00:00:00 2001 From: David King Date: Mon, 19 Nov 2012 11:47:42 -0500 Subject: [feature/controller] Correctly create Symfony object from globals PHPBB3-10864 --- phpBB/includes/functions.php | 70 ++++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 32 deletions(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index cdc05ca649..ee147969f9 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -5434,41 +5434,47 @@ function phpbb_to_numeric($input) } /** -* Create a Symfony Request object from a given URI and phpbb_request object +* Create a Symfony Request object from phpbb_request object * -* Note that everything passed into the Request object has already been HTML -* escaped by the phpbb_request object. -* -* @param string $uri Request URI * @param phpbb_request $request Request object * @return Request A Symfony Request object */ -function phpbb_create_symfony_request($uri, phpbb_request $request) +function phpbb_create_symfony_request(phpbb_request $request) { - $request_method = $request->server('REQUEST_METHOD'); - $parameter_names = array(); - $parameter_names['request'] = array_merge( - $request->variable_names(phpbb_request_interface::GET), - // POST overwrites duplicated GET parameters - $request->variable_names(phpbb_request_interface::POST) - ); - $parameter_names['server'] = $request->variable_names(phpbb_request_interface::SERVER); - $parameter_names['files'] = $request->variable_names(phpbb_request_interface::FILES); - $parameter_names['cookie'] = $request->variable_names(phpbb_request_interface::COOKIE); - - $parameters = array( - 'request' => array(), - 'cookie' => array(), - 'files' => array(), - 'server' => array(), - ); - foreach ($parameter_names as $type => $names) - { - foreach ($names as $name) - { - $parameters[$type][$name] = $request->variable($name, ''); - } - } - - return Request::create($uri, $request_method, $parameters['request'], $parameters['cookie'], $parameters['files'], $parameters['server']); + // This function is meant to sanitize the global input arrays + $sanitizer = function(&$value, $key) { + $type_cast_helper = new phpbb_request_type_cast_helper(); + $type_cast_helper->set_var($value, $value, gettype($value), true); + }; + + // We need to re-enable the super globals so we can access them here + $request->enable_super_globals(); + $get_parameters = $_GET; + $post_parameters = $_POST; + $server_parameters = $_SERVER; + $files_parameters = $_FILES; + $cookie_parameters = $_COOKIE; + // And now disable them again for security + $request->disable_super_globals(); + + array_walk_recursive($get_parameters, $sanitizer); + array_walk_recursive($post_parameters, $sanitizer); + + // Until we fix the issue with relative paths, we have to fake path info + // to allow urls like app.php?controller=foo/bar + $controller = $request->variable('controller', ''); + $path_info = '/' . $controller; + $request_uri = $server_parameters['REQUEST_URI']; + + // Remove the query string from REQUEST_URI + if ($pos = strpos($request_uri, '?')) + { + $request_uri = substr($request_uri, 0, $pos); + } + + // Add the path info (i.e. controller route) to the REQUEST_URI + $server_parameters['REQUEST_URI'] = $request_uri . $path_info; + $server_parameters['SCRIPT_NAME'] = ''; + + return new Request($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters); } -- cgit v1.2.1