lib.urlhandlers.php @ 3030:1c346de31ad1

Visit:

Revision 3030:1c346de31ad1, 17.6 KB checked in by franck <carnet.franck.paul@…>, 10 years ago (diff)
Add an blog option to disable internal search (404 on ?q= queries, search widget hidden), fixes #1888

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12	if (!defined('DC_RC_PATH')) { return; }
13
14	class dcUrlHandlers extends urlHandler
15	{
16	public $args;
17
18	public function getURLFor($type,$value='') {
19	$core =& $GLOBALS['core'];
20	$url = $core->callBehavior("publicGetURLFor",$type,$value);
21	if (!$url) {
22	$url = $this->getBase($type);
23	if ($value) {
24	if ($url) {
25	$url .= '/';
26	}
27	$url .= $value;
28	}
29	}
30	return $url;
31	}
32
33	public function register($type,$url,$representation,$handler)
34	{
35	$core =& $GLOBALS['core'];
36	$t = new ArrayObject(array($type,$url,$representation,$handler));
37	$core->callBehavior("publicRegisterURL",$t);
38	parent::register($t[0],$t[1],$t[2],$t[3]);
39	}
40
41	public static function p404()
42	{
43	throw new Exception ("Page not found",404);
44	}
45
46	public static function default404($args,$type,$e)
47	{
48	if ($e->getCode() != 404) {
49	throw $e;
50	}
51	$_ctx =& $GLOBALS['_ctx'];
52	$core = $GLOBALS['core'];
53
54	header('Content-Type: text/html; charset=UTF-8');
55	http::head(404,'Not Found');
56	$core->url->type = '404';
57	$_ctx->current_tpl = '404.html';
58	$_ctx->content_type = 'text/html';
59
60	echo $core->tpl->getData($_ctx->current_tpl);
61
62	# --BEHAVIOR-- publicAfterDocument
63	$core->callBehavior('publicAfterDocument',$core);
64	exit;
65	}
66
67	protected static function getPageNumber(&$args)
68	{
69	if (preg_match('#(^\|/)page/([0-9]+)$#',$args,$m)) {
70	$n = (integer) $m[2];
71	if ($n > 0) {
72	$args = preg_replace('#(^\|/)page/([0-9]+)$#','',$args);
73	return $n;
74	}
75	}
76
77	return false;
78	}
79
80	protected static function serveDocument($tpl,$content_type='text/html',$http_cache=true,$http_etag=true)
81	{
82	$_ctx =& $GLOBALS['_ctx'];
83	$core =& $GLOBALS['core'];
84
85	if ($_ctx->nb_entry_per_page === null) {
86	$_ctx->nb_entry_per_page = $core->blog->settings->system->nb_post_per_page;
87	}
88	if ($_ctx->nb_entry_first_page === null) {
89	$_ctx->nb_entry_first_page = $_ctx->nb_entry_per_page;
90	}
91
92	$tpl_file = $core->tpl->getFilePath($tpl);
93
94	if (!$tpl_file) {
95	throw new Exception('Unable to find template ');
96	}
97
98	$result = new ArrayObject;
99
100	$_ctx->current_tpl = $tpl;
101	$_ctx->content_type = $content_type;
102	$_ctx->http_cache = $http_cache;
103	$_ctx->http_etag = $http_etag;
104	$core->callBehavior('urlHandlerBeforeGetData',$_ctx);
105
106	if ($_ctx->http_cache) {
107	$GLOBALS['mod_files'][] = $tpl_file;
108	http::cache($GLOBALS['mod_files'],$GLOBALS['mod_ts']);
109	}
110
111	header('Content-Type: '.$_ctx->content_type.'; charset=UTF-8');
112	if ($core->blog->settings->system->prevents_clickjacking) {
113	if ($_ctx->exists('xframeoption')) {
114	$url = parse_url($_ctx->xframeoption);
115	header(sprintf('X-Frame-Options: %s', is_array($url)?("ALLOW-FROM ".$url['scheme'].'://'.$url['host']):'SAMEORIGIN'));
116	} else {
117	// Prevents Clickjacking as far as possible
118	header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
119	}
120	}
121
122	$result['content'] = $core->tpl->getData($_ctx->current_tpl);
123	$result['content_type'] = $_ctx->content_type;
124	$result['tpl'] = $_ctx->current_tpl;
125	$result['blogupddt'] = $core->blog->upddt;
126
127	# --BEHAVIOR-- urlHandlerServeDocument
128	$core->callBehavior('urlHandlerServeDocument',$result);
129
130	if ($_ctx->http_cache && $_ctx->http_etag) {
131	http::etag($result['content'],http::getSelfURI());
132	}
133	echo $result['content'];
134	}
135
136	public function getDocument()
137	{
138	$core =& $GLOBALS['core'];
139
140	$type = $args = '';
141
142	if ($this->mode == 'path_info')
143	{
144	$part = substr($_SERVER['PATH_INFO'],1);
145	}
146	else
147	{
148	$part = '';
149
150	$qs = $this->parseQueryString();
151
152	# Recreates some _GET and _REQUEST pairs
153	if (!empty($qs))
154	{
155	foreach ($_GET as $k => $v) {
156	if (isset($_REQUEST[$k])) {
157	unset($_REQUEST[$k]);
158	}
159	}
160	$_GET = $qs;
161	$_REQUEST = array_merge($qs,$_REQUEST);
162
163	list($k,$v) = each($qs);
164	if ($v === null) {
165	$part = $k;
166	unset($_GET[$k]);
167	unset($_REQUEST[$k]);
168	}
169	}
170	}
171
172	$_SERVER['URL_REQUEST_PART'] = $part;
173
174	$this->getArgs($part,$type,$this->args);
175
176	# --BEHAVIOR-- urlHandlerGetArgsDocument
177	$core->callBehavior('urlHandlerGetArgsDocument',$this);
178
179	if (!$type)
180	{
181	$this->type = 'default';
182	$this->callDefaultHandler($this->args);
183	}
184	else
185	{
186	$this->type = $type;
187	$this->callHandler($type,$this->args);
188	}
189	}
190
191	public static function home($args)
192	{
193	$n = self::getPageNumber($args);
194
195	if ($args && !$n)
196	{
197	# "Then specified URL went unrecognized by all URL handlers and
198	# defaults to the home page, but is not a page number.
199	self::p404();
200	}
201	else
202	{
203	$_ctx =& $GLOBALS['_ctx'];
204	$core =& $GLOBALS['core'];
205
206	if ($n) {
207	$GLOBALS['_page_number'] = $n;
208	$core->url->type = $n > 1 ? 'default-page' : 'default';
209	}
210
211	if (empty($_GET['q'])) {
212	if ($core->blog->settings->system->nb_post_for_home !== null) {
213	$_ctx->nb_entry_first_page = $core->blog->settings->system->nb_post_for_home;
214	}
215	self::serveDocument('home.html');
216	$core->blog->publishScheduledEntries();
217	} else {
218	self::search();
219	}
220	}
221	}
222
223	public static function search()
224	{
225	$_ctx =& $GLOBALS['_ctx'];
226	$core =& $GLOBALS['core'];
227
228	if ($core->blog->settings->system->no_search) {
229
230	# Search is disabled for this blog.
231	self::p404();
232
233	} else {
234
235	$core->url->type='search';
236
237	$GLOBALS['_search'] = !empty($_GET['q']) ? rawurldecode($_GET['q']) : '';
238	if ($GLOBALS['_search']) {
239	$params = new ArrayObject(array('search' => $GLOBALS['_search']));
240	$core->callBehavior('publicBeforeSearchCount',$params);
241	$GLOBALS['_search_count'] = $core->blog->getPosts($params,true)->f(0);
242	}
243
244	self::serveDocument('search.html');
245	}
246	}
247
248	public static function lang($args)
249	{
250	$_ctx =& $GLOBALS['_ctx'];
251	$core =& $GLOBALS['core'];
252
253	$n = self::getPageNumber($args);
254	$params = new ArrayObject(array(
255	'lang' => $args));
256
257	$core->callBehavior('publicLangBeforeGetLangs',$params,$args);
258
259	$_ctx->langs = $core->blog->getLangs($params);
260
261	if ($_ctx->langs->isEmpty()) {
262	# The specified language does not exist.
263	self::p404();
264	}
265	else
266	{
267	if ($n) {
268	$GLOBALS['_page_number'] = $n;
269	}
270	$_ctx->cur_lang = $args;
271	self::home(null);
272	}
273	}
274
275	public static function category($args)
276	{
277	$_ctx =& $GLOBALS['_ctx'];
278	$core =& $GLOBALS['core'];
279
280	$n = self::getPageNumber($args);
281
282	if ($args == '' && !$n) {
283	# No category was specified.
284	self::p404();
285	}
286	else
287	{
288	$params = new ArrayObject(array(
289	'cat_url' => $args,
290	'post_type' => 'post',
291	'without_empty' => false));
292
293	$core->callBehavior('publicCategoryBeforeGetCategories',$params,$args);
294
295	$_ctx->categories = $core->blog->getCategories($params);
296
297	if ($_ctx->categories->isEmpty()) {
298	# The specified category does no exist.
299	self::p404();
300	}
301	else
302	{
303	if ($n) {
304	$GLOBALS['_page_number'] = $n;
305	}
306	self::serveDocument('category.html');
307	}
308	}
309	}
310
311	public static function archive($args)
312	{
313	$_ctx =& $GLOBALS['_ctx'];
314	$core =& $GLOBALS['core'];
315
316	$year = $month = $cat_url = null;
317	# Nothing or year and month
318	if ($args == '')
319	{
320	self::serveDocument('archive.html');
321	}
322	elseif (preg_match('\|^/([0-9]{4})/([0-9]{2})$\|',$args,$m))
323	{
324	$params = new ArrayObject(array(
325	'year' => $m[1],
326	'month' => $m[2],
327	'type' => 'month'));
328
329	$core->callBehavior('publicArchiveBeforeGetDates',$params,$args);
330
331	$_ctx->archives = $core->blog->getDates($params);
332
333	if ($_ctx->archives->isEmpty()) {
334	# There is no entries for the specified period.
335	self::p404();
336	}
337	else
338	{
339	self::serveDocument('archive_month.html');
340	}
341	}
342	else {
343	# The specified URL is not a date.
344	self::p404();
345	}
346	}
347
348	public static function post($args)
349	{
350	if ($args == '') {
351	# No entry was specified.
352	self::p404();
353	}
354	else
355	{
356	$_ctx =& $GLOBALS['_ctx'];
357	$core =& $GLOBALS['core'];
358
359	$core->blog->withoutPassword(false);
360
361	$params = new ArrayObject(array(
362	'post_url' => $args));
363
364	$core->callBehavior('publicPostBeforeGetPosts',$params,$args);
365
366	$_ctx->posts = $core->blog->getPosts($params);
367
368	$_ctx->comment_preview = new ArrayObject();
369	$_ctx->comment_preview['content'] = '';
370	$_ctx->comment_preview['rawcontent'] = '';
371	$_ctx->comment_preview['name'] = '';
372	$_ctx->comment_preview['mail'] = '';
373	$_ctx->comment_preview['site'] = '';
374	$_ctx->comment_preview['preview'] = false;
375	$_ctx->comment_preview['remember'] = false;
376
377	$core->blog->withoutPassword(true);
378
379	if ($_ctx->posts->isEmpty())
380	{
381	# The specified entry does not exist.
382	self::p404();
383	}
384	else
385	{
386	$post_id = $_ctx->posts->post_id;
387	$post_password = $_ctx->posts->post_password;
388
389	# Password protected entry
390	if ($post_password != '' && !$_ctx->preview)
391	{
392	# Get passwords cookie
393	if (isset($_COOKIE['dc_passwd'])) {
394	$pwd_cookie = json_decode($_COOKIE['dc_passwd']);
395	if ($pwd_cookie === NULL) {
396	$pwd_cookie = array();
397	} else {
398	$pwd_cookie = (array) $pwd_cookie;
399	}
400	} else {
401	$pwd_cookie = array();
402	}
403
404	# Check for match
405	# Note: We must prefix post_id key with '#'' in pwd_cookie array in order to avoid integer conversion
406	# because MyArray["12345"] is treated as MyArray[12345]
407	if ((!empty($_POST['password']) && $_POST['password'] == $post_password)
408	\|\| (isset($pwd_cookie['#'.$post_id]) && $pwd_cookie['#'.$post_id] == $post_password))
409	{
410	$pwd_cookie['#'.$post_id] = $post_password;
411	setcookie('dc_passwd',json_encode($pwd_cookie),0,'/');
412	}
413	else
414	{
415	self::serveDocument('password-form.html','text/html',false);
416	return;
417	}
418	}
419
420	$post_comment =
421	isset($_POST['c_name']) && isset($_POST['c_mail']) &&
422	isset($_POST['c_site']) && isset($_POST['c_content']) &&
423	$_ctx->posts->commentsActive();
424
425	# Posting a comment
426	if ($post_comment)
427	{
428	# Spam trap
429	if (!empty($_POST['f_mail'])) {
430	http::head(412,'Precondition Failed');
431	header('Content-Type: text/plain');
432	echo "So Long, and Thanks For All the Fish";
433	# Exits immediately the application to preserve the server.
434	exit;
435	}
436
437	$name = $_POST['c_name'];
438	$mail = $_POST['c_mail'];
439	$site = $_POST['c_site'];
440	$content = $_POST['c_content'];
441	$preview = !empty($_POST['preview']);
442
443	if ($content != '')
444	{
445	# --BEHAVIOR-- publicBeforeCommentTransform
446	$buffer = $core->callBehavior('publicBeforeCommentTransform',$content);
447	if ($buffer != '') {
448	$content = $buffer;
449	} else {
450	if ($core->blog->settings->system->wiki_comments) {
451	$core->initWikiComment();
452	} else {
453	$core->initWikiSimpleComment();
454	}
455	$content = $core->wikiTransform($content);
456	}
457	$content = $core->HTMLfilter($content);
458	}
459
460	$_ctx->comment_preview['content'] = $content;
461	$_ctx->comment_preview['rawcontent'] = $_POST['c_content'];
462	$_ctx->comment_preview['name'] = $name;
463	$_ctx->comment_preview['mail'] = $mail;
464	$_ctx->comment_preview['site'] = $site;
465
466	if ($preview)
467	{
468	# --BEHAVIOR-- publicBeforeCommentPreview
469	$core->callBehavior('publicBeforeCommentPreview',$_ctx->comment_preview);
470
471	$_ctx->comment_preview['preview'] = true;
472	}
473	else
474	{
475	# Post the comment
476	$cur = $core->con->openCursor($core->prefix.'comment');
477	$cur->comment_author = $name;
478	$cur->comment_site = html::clean($site);
479	$cur->comment_email = html::clean($mail);
480	$cur->comment_content = $content;
481	$cur->post_id = $_ctx->posts->post_id;
482	$cur->comment_status = $core->blog->settings->system->comments_pub ? 1 : -1;
483	$cur->comment_ip = http::realIP();
484
485	$redir = $_ctx->posts->getURL();
486	$redir .= $core->blog->settings->system->url_scan == 'query_string' ? '&' : '?';
487
488	try
489	{
490	if (!text::isEmail($cur->comment_email)) {
491	throw new Exception(__('You must provide a valid email address.'));
492	}
493
494	# --BEHAVIOR-- publicBeforeCommentCreate
495	$core->callBehavior('publicBeforeCommentCreate',$cur);
496	if ($cur->post_id) {
497	$comment_id = $core->blog->addComment($cur);
498
499	# --BEHAVIOR-- publicAfterCommentCreate
500	$core->callBehavior('publicAfterCommentCreate',$cur,$comment_id);
501	}
502
503	if ($cur->comment_status == 1) {
504	$redir_arg = 'pub=1';
505	} else {
506	$redir_arg = 'pub=0';
507	}
508
509	header('Location: '.$redir.$redir_arg);
510	}
511	catch (Exception $e)
512	{
513	$_ctx->form_error = $e->getMessage();
514	$_ctx->form_error;
515	}
516	}
517	}
518
519	# The entry
520	if ($_ctx->posts->trackbacksActive()) {
521	header('X-Pingback: '.$core->blog->url.$core->url->getURLFor("xmlrpc",$core->blog->id));
522	}
523	self::serveDocument('post.html');
524	}
525	}
526	}
527
528	public static function preview($args)
529	{
530	$core = $GLOBALS['core'];
531	$_ctx = $GLOBALS['_ctx'];
532
533	if (!preg_match('#^(.+?)/([0-9a-z]{40})/(.+?)$#',$args,$m)) {
534	# The specified Preview URL is malformed.
535	self::p404();
536	}
537	else
538	{
539	$user_id = $m[1];
540	$user_key = $m[2];
541	$post_url = $m[3];
542	if (!$core->auth->checkUser($user_id,null,$user_key)) {
543	# The user has no access to the entry.
544	self::p404();
545	}
546	else
547	{
548	$_ctx->preview = true;
549	if (defined ("DC_ADMIN_URL")) {
550	$_ctx->xframeoption=DC_ADMIN_URL;
551	}
552	self::post($post_url);
553	}
554	}
555	}
556
557	public static function feed($args)
558	{
559	$type = null;
560	$comments = false;
561	$cat_url = false;
562	$post_id = null;
563	$subtitle = '';
564
565	$mime = 'application/xml';
566
567	$_ctx =& $GLOBALS['_ctx'];
568	$core =& $GLOBALS['core'];
569
570	if (preg_match('!^([a-z]{2}(-[a-z]{2})?)/(.*)$!',$args,$m)) {
571	$params = new ArrayObject(array('lang' => $m[1]));
572
573	$args = $m[3];
574
575	$core->callBehavior('publicFeedBeforeGetLangs',$params,$args);
576
577	$_ctx->langs = $core->blog->getLangs($params);
578
579	if ($_ctx->langs->isEmpty()) {
580	# The specified language does not exist.
581	self::p404();
582	return;
583	} else {
584	$_ctx->cur_lang = $m[1];
585	}
586	}
587
588	if (preg_match('#^rss2/xslt$#',$args,$m))
589	{
590	# RSS XSLT stylesheet
591	self::serveDocument('rss2.xsl','text/xml');
592	return;
593	}
594	elseif (preg_match('#^(atom\|rss2)/comments/([0-9]+)$#',$args,$m))
595	{
596	# Post comments feed
597	$type = $m[1];
598	$comments = true;
599	$post_id = (integer) $m[2];
600	}
601	elseif (preg_match('#^(?:category/(.+)/)?(atom\|rss2)(/comments)?$#',$args,$m))
602	{
603	# All posts or comments feed
604	$type = $m[2];
605	$comments = !empty($m[3]);
606	if (!empty($m[1])) {
607	$cat_url = $m[1];
608	}
609	}
610	else
611	{
612	# The specified Feed URL is malformed.
613	self::p404();
614	return;
615	}
616
617	if ($cat_url)
618	{
619	$params = new ArrayObject(array(
620	'cat_url' => $cat_url,
621	'post_type' => 'post'));
622
623	$core->callBehavior('publicFeedBeforeGetCategories',$params,$args);
624
625	$_ctx->categories = $core->blog->getCategories($params);
626
627	if ($_ctx->categories->isEmpty()) {
628	# The specified category does no exist.
629	self::p404();
630	return;
631	}
632
633	$subtitle = ' - '.$_ctx->categories->cat_title;
634	}
635	elseif ($post_id)
636	{
637	$params = new ArrayObject(array(
638	'post_id' => $post_id,
639	'post_type' => ''));
640
641	$core->callBehavior('publicFeedBeforeGetPosts',$params,$args);
642
643	$_ctx->posts = $core->blog->getPosts($params);
644
645	if ($_ctx->posts->isEmpty()) {
646	# The specified post does not exist.
647	self::p404();
648	return;
649	}
650
651	$subtitle = ' - '.$_ctx->posts->post_title;
652	}
653
654	$tpl = $type;
655	if ($comments) {
656	$tpl .= '-comments';
657	$_ctx->nb_comment_per_page = $core->blog->settings->system->nb_comment_per_feed;
658	} else {
659	$_ctx->nb_entry_per_page = $core->blog->settings->system->nb_post_per_feed;
660	$_ctx->short_feed_items = $core->blog->settings->system->short_feed_items;
661	}
662	$tpl .= '.xml';
663
664	if ($type == 'atom') {
665	$mime = 'application/atom+xml';
666	}
667
668	$_ctx->feed_subtitle = $subtitle;
669
670	header('X-Robots-Tag: '.context::robotsPolicy($core->blog->settings->system->robots_policy,''));
671	self::serveDocument($tpl,$mime);
672	if (!$comments && !$cat_url) {
673	$core->blog->publishScheduledEntries();
674	}
675	}
676
677	public static function trackback($args)
678	{
679	if (!preg_match('/^[0-9]+$/',$args)) {
680	# The specified trackback URL is not an number
681	self::p404();
682	} else {
683	$tb = new dcTrackback($GLOBALS['core']);
684	$tb->receive($args);
685	}
686	}
687
688	public static function rsd($args)
689	{
690	$core =& $GLOBALS['core'];
691	http::cache($GLOBALS['mod_files'],$GLOBALS['mod_ts']);
692
693	header('Content-Type: text/xml; charset=UTF-8');
694	echo
695	'<?xml version="1.0" encoding="UTF-8"?>'."\n".
696	'<rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd">'."\n".
697	"<service>\n".
698	" <engineName>Dotclear</engineName>\n".
699	" <engineLink>http://www.dotclear.org/</engineLink>\n".
700	' <homePageLink>'.html::escapeHTML($core->blog->url)."</homePageLink>\n";
701
702	if ($core->blog->settings->system->enable_xmlrpc)
703	{
704	$u = sprintf(DC_XMLRPC_URL,$core->blog->url,$core->blog->id);
705
706	echo
707	" <apis>\n".
708	' <api name="WordPress" blogID="1" preferred="true" apiLink="'.$u.'"/>'."\n".
709	' <api name="Movable Type" blogID="1" preferred="false" apiLink="'.$u.'"/>'."\n".
710	' <api name="MetaWeblog" blogID="1" preferred="false" apiLink="'.$u.'"/>'."\n".
711	' <api name="Blogger" blogID="1" preferred="false" apiLink="'.$u.'"/>'."\n".
712	" </apis>\n";
713	}
714
715	echo
716	"</service>\n".
717	"</rsd>\n";
718	}
719
720	public static function xmlrpc($args)
721	{
722	$core =& $GLOBALS['core'];
723	$blog_id = preg_replace('#^([^/]).#','$1',$args);
724	$server = new dcXmlRpc($core,$blog_id);
725	$server->serve();
726	}
727	}

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: inc/public/lib.urlhandlers.php @ 3030:1c346de31ad1

Download in other formats:

Sites map