| [ Index ] |
PHP Cross Reference of Phabricator |
[Summary view] [Print] [Text view]
1 <?php 2 3 final class PhameBlogLiveController extends PhameController { 4 5 private $id; 6 private $more; 7 8 public function shouldAllowPublic() { 9 return true; 10 } 11 12 public function willProcessRequest(array $data) { 13 $this->id = idx($data, 'id'); 14 $this->more = idx($data, 'more', ''); 15 } 16 17 public function processRequest() { 18 $request = $this->getRequest(); 19 $user = $request->getUser(); 20 21 $blog = id(new PhameBlogQuery()) 22 ->setViewer($user) 23 ->withIDs(array($this->id)) 24 ->executeOne(); 25 if (!$blog) { 26 return new Aphront404Response(); 27 } 28 29 if ($blog->getDomain() && ($request->getHost() != $blog->getDomain())) { 30 $base_uri = $blog->getLiveURI(); 31 32 // Don't redirect directly, since the domain is user-controlled and there 33 // are a bevy of security issues associated with automatic redirects to 34 // external domains. 35 36 // Previously we CSRF'd this and someone found a way to pass OAuth 37 // information through it using anchors. Just make users click a normal 38 // link so that this is no more dangerous than any other external link 39 // on the site. 40 41 $dialog = id(new AphrontDialogView()) 42 ->setTitle(pht('Blog Moved')) 43 ->setUser($user) 44 ->appendParagraph(pht('This blog is now hosted here:')) 45 ->appendParagraph( 46 phutil_tag( 47 'a', 48 array( 49 'href' => $base_uri, 50 ), 51 $base_uri)) 52 ->addCancelButton('/'); 53 54 return id(new AphrontDialogResponse())->setDialog($dialog); 55 } 56 57 $phame_request = clone $request; 58 $phame_request->setPath('/'.ltrim($this->more, '/')); 59 60 $uri = $blog->getLiveURI(); 61 62 $skin = $blog->getSkinRenderer($phame_request); 63 $skin 64 ->setBlog($blog) 65 ->setBaseURI($uri); 66 67 $skin->willProcessRequest(array()); 68 return $skin->processRequest(); 69 } 70 71 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Nov 30 09:20:46 2014 | Cross-referenced by PHPXref 0.7.1 |