epsylon
/
Elgg-Lorea-Hydra


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312
							<?php
/**

 * Elgg Actions

 *

 * @see http://learn.elgg.org/en/latest/guides/actions.html

 *

 * @package Elgg.Core

 * @subpackage Actions

 */

/**

 * Handle a request for an action

 * 

 * @param array $segments URL segments that make up action name

 *

 * @return void

 * @access private

 */
function _elgg_action_handler(array $segments) {
	_elgg_services()->actions->execute(implode('/', $segments));
}

/**

 * Perform an action.

 *

 * This function executes the action with name $action as registered

 * by {@link elgg_register_action()}.

 *

 * The plugin hook 'action', $action_name will be triggered before the action

 * is executed.  If a handler returns false, it will prevent the action script

 * from being called.

 *

 * @note If an action isn't registered in the system or is registered

 * to an unavailable file the user will be forwarded to the site front

 * page and an error will be emitted via {@link register_error()}.

 *

 * @warning All actions require CSRF tokens.

 *

 * @param string $action    The requested action

 * @param string $forwarder Optionally, the location to forward to

 *

 * @see elgg_register_action()

 *

 * @return void

 * @access private

 */
function action($action, $forwarder = "") {
	_elgg_services()->actions->execute($action, $forwarder);
}

/**

 * Registers an action.

 *

 * Actions are registered to a script in the system and are executed

 * by the URL http://elggsite.org/action/action_name/.

 *

 * $filename must be the full path of the file to register or a path relative

 * to the core actions/ dir.

 *

 * Actions should be namedspaced for your plugin.  Example:

 * <code>

 * elgg_register_action('myplugin/save_settings', ...);

 * </code>

 *

 * @tip Put action files under the actions/<plugin_name> directory of your plugin.

 *

 * @tip You don't need to include engine/start.php in your action files.

 *

 * @note Internal: Actions are saved in $CONFIG->actions as an array in the form:

 * <code>

 * array(

 * 	'file' => '/location/to/file.php',

 * 	'access' => 'public', 'logged_in', or 'admin'

 * )

 * </code>

 *

 * @param string $action   The name of the action (eg "register", "account/settings/save")

 * @param string $filename Optionally, the filename where this action is located. If not specified,

 *                         will assume the action is in elgg/actions/<action>.php

 * @param string $access   Who is allowed to execute this action: public, logged_in, admin.

 *                         (default: logged_in)

 *

 * @return bool

 */
function elgg_register_action($action, $filename = "", $access = 'logged_in') {
	return _elgg_services()->actions->register($action, $filename, $access);
}

/**

 * Unregisters an action

 *

 * @param string $action Action name

 * @return bool

 * @since 1.8.1

 */
function elgg_unregister_action($action) {
	return _elgg_services()->actions->unregister($action);
}

/**

 * Get an HMAC token builder/validator object

 *

 * @param mixed $data HMAC data string or serializable data

 * @return \Elgg\Security\Hmac

 * @since 1.11

 */
function elgg_build_hmac($data) {
	return _elgg_services()->crypto->getHmac($data);
}

/**

 * Validate an action token.

 *

 * Calls to actions will automatically validate tokens. If tokens are not

 * present or invalid, the action will be denied and the user will be redirected.

 *

 * Plugin authors should never have to manually validate action tokens.

 *

 * @param bool  $visible_errors Emit {@link register_error()} errors on failure?

 * @param mixed $token          The token to test against. Default: $_REQUEST['__elgg_token']

 * @param mixed $ts             The time stamp to test against. Default: $_REQUEST['__elgg_ts']

 *

 * @return bool

 * @see generate_action_token()

 * @access private

 */
function validate_action_token($visible_errors = true, $token = null, $ts = null) {
	return _elgg_services()->actions->validateActionToken($visible_errors, $token, $ts);
}

/**

 * Validates the presence of action tokens.

 *

 * This function is called for all actions.  If action tokens are missing,

 * the user will be forwarded to the site front page and an error emitted.

 *

 * This function verifies form input for security features (like a generated token),

 * and forwards if they are invalid.

 *

 * @param string $action The action being performed 

 *

 * @return mixed True if valid or redirects.

 * @access private

 */
function action_gatekeeper($action) {
	return _elgg_services()->actions->gatekeeper($action);
}

/**

 * Generate an action token.

 *

 * Action tokens are based on timestamps as returned by {@link time()}.

 * They are valid for one hour.

 *

 * Action tokens should be passed to all actions name __elgg_ts and __elgg_token.

 *

 * @warning Action tokens are required for all actions.

 *

 * @param int $timestamp Unix timestamp

 *

 * @see @elgg_view input/securitytoken

 * @see @elgg_view input/form

 *

 * @return string|false

 * @access private

 */
function generate_action_token($timestamp) {
	return _elgg_services()->actions->generateActionToken($timestamp);
}

/**

 * Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL).

 *

 * Used during installation and saves as a datalist.

 *

 * Note: Old secrets were hex encoded.

 *

 * @return mixed The site secret hash or false

 * @access private

 * @todo Move to better file.

 */
function init_site_secret() {
	return _elgg_services()->siteSecret->init();
}

/**

 * Returns the site secret.

 *

 * Used to generate difficult to guess hashes for sessions and action tokens.

 *

 * @return string Site secret.

 * @access private

 * @todo Move to better file.

 */
function get_site_secret() {
	return _elgg_services()->siteSecret->get();
}

/**

 * Get the strength of the site secret

 *

 * @return string "strong", "moderate", or "weak"

 * @access private

 */
function _elgg_get_site_secret_strength() {
	return _elgg_services()->siteSecret->getStrength();
}

/**

 * Check if an action is registered and its script exists.

 *

 * @param string $action Action name

 *

 * @return bool

 * @since 1.8.0

 */
function elgg_action_exists($action) {
	return _elgg_services()->actions->exists($action);
}

/**

 * Checks whether the request was requested via ajax

 *

 * @return bool whether page was requested via ajax

 * @since 1.8.0

 */
function elgg_is_xhr() {
	return _elgg_services()->request->isXmlHttpRequest();
}

/**

 * Catch calls to forward() in ajax request and force an exit.

 *

 * Forces response is json of the following form:

 * <pre>

 * {

 *     "current_url": "the.url.we/were/coming/from",

 *     "forward_url": "the.url.we/were/going/to",

 *     "system_messages": {

 *         "messages": ["msg1", "msg2", ...],

 *         "errors": ["err1", "err2", ...]

 *     },

 *     "status": -1 //or 0 for success if there are no error messages present

 * }

 * </pre>

 * where "system_messages" is all message registers at the point of forwarding

 * 

 * @internal registered for the 'forward', 'all' plugin hook

 *

 * @param string $hook

 * @param string $type

 * @param string $reason

 * @param array $params

 * @return void

 * @access private

 */
function ajax_forward_hook($hook, $type, $reason, $params) {
	_elgg_services()->actions->ajaxForwardHook($hook, $type, $reason, $params);
}

/**

 * Buffer all output echo'd directly in the action for inclusion in the returned JSON.

 * @return void

 * @access private

 */
function ajax_action_hook() {
	_elgg_services()->actions->ajaxActionHook();
}

/**

 * Send an updated CSRF token

 *

 * @access private

 */
function _elgg_csrf_token_refresh() {

	if (!elgg_is_xhr()) {
		return false;
	}

	$ts = time();
	$token = generate_action_token($ts);
	$data = array(
		'__elgg_ts' => $ts,
		'__elgg_token' => $token,
		'logged_in' => elgg_is_logged_in(),
	);

	header("Content-Type: application/json;charset=utf-8");
	echo json_encode($data);

	return true;
}

/**

 * Initialize some ajaxy actions features

 * @access private

 */
function actions_init() {
	elgg_register_page_handler('action', '_elgg_action_handler');
	elgg_register_page_handler('refresh_token', '_elgg_csrf_token_refresh');

	elgg_register_simplecache_view('js/languages/en');

	elgg_register_plugin_hook_handler('action', 'all', 'ajax_action_hook');
	elgg_register_plugin_hook_handler('forward', 'all', 'ajax_forward_hook');
}

return function(\Elgg\EventsService $events, \Elgg\HooksRegistrationService $hooks) {
	$events->registerHandler('init', 'system', 'actions_init');
};