.php
* @param string $access Who is allowed to execute this action: public, logged_in, admin.
* (default: logged_in)
*
* @return bool
*/
function elgg_register_action($action, $filename = "", $access = 'logged_in') {
return _elgg_services()->actions->register($action, $filename, $access);
}
/**
* Unregisters an action
*
* @param string $action Action name
* @return bool
* @since 1.8.1
*/
function elgg_unregister_action($action) {
return _elgg_services()->actions->unregister($action);
}
/**
* Get an HMAC token builder/validator object
*
* @param mixed $data HMAC data string or serializable data
* @return \Elgg\Security\Hmac
* @since 1.11
*/
function elgg_build_hmac($data) {
return _elgg_services()->crypto->getHmac($data);
}
/**
* Validate an action token.
*
* Calls to actions will automatically validate tokens. If tokens are not
* present or invalid, the action will be denied and the user will be redirected.
*
* Plugin authors should never have to manually validate action tokens.
*
* @param bool $visible_errors Emit {@link register_error()} errors on failure?
* @param mixed $token The token to test against. Default: $_REQUEST['__elgg_token']
* @param mixed $ts The time stamp to test against. Default: $_REQUEST['__elgg_ts']
*
* @return bool
* @see generate_action_token()
* @access private
*/
function validate_action_token($visible_errors = true, $token = null, $ts = null) {
return _elgg_services()->actions->validateActionToken($visible_errors, $token, $ts);
}
/**
* Validates the presence of action tokens.
*
* This function is called for all actions. If action tokens are missing,
* the user will be forwarded to the site front page and an error emitted.
*
* This function verifies form input for security features (like a generated token),
* and forwards if they are invalid.
*
* @param string $action The action being performed
*
* @return mixed True if valid or redirects.
* @access private
*/
function action_gatekeeper($action) {
return _elgg_services()->actions->gatekeeper($action);
}
/**
* Generate an action token.
*
* Action tokens are based on timestamps as returned by {@link time()}.
* They are valid for one hour.
*
* Action tokens should be passed to all actions name __elgg_ts and __elgg_token.
*
* @warning Action tokens are required for all actions.
*
* @param int $timestamp Unix timestamp
*
* @see @elgg_view input/securitytoken
* @see @elgg_view input/form
*
* @return string|false
* @access private
*/
function generate_action_token($timestamp) {
return _elgg_services()->actions->generateActionToken($timestamp);
}
/**
* Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL).
*
* Used during installation and saves as a datalist.
*
* Note: Old secrets were hex encoded.
*
* @return mixed The site secret hash or false
* @access private
* @todo Move to better file.
*/
function init_site_secret() {
return _elgg_services()->siteSecret->init();
}
/**
* Returns the site secret.
*
* Used to generate difficult to guess hashes for sessions and action tokens.
*
* @return string Site secret.
* @access private
* @todo Move to better file.
*/
function get_site_secret() {
return _elgg_services()->siteSecret->get();
}
/**
* Get the strength of the site secret
*
* @return string "strong", "moderate", or "weak"
* @access private
*/
function _elgg_get_site_secret_strength() {
return _elgg_services()->siteSecret->getStrength();
}
/**
* Check if an action is registered and its script exists.
*
* @param string $action Action name
*
* @return bool
* @since 1.8.0
*/
function elgg_action_exists($action) {
return _elgg_services()->actions->exists($action);
}
/**
* Checks whether the request was requested via ajax
*
* @return bool whether page was requested via ajax
* @since 1.8.0
*/
function elgg_is_xhr() {
return _elgg_services()->request->isXmlHttpRequest();
}
/**
* Catch calls to forward() in ajax request and force an exit.
*
* Forces response is json of the following form:
*
* {
* "current_url": "the.url.we/were/coming/from",
* "forward_url": "the.url.we/were/going/to",
* "system_messages": {
* "messages": ["msg1", "msg2", ...],
* "errors": ["err1", "err2", ...]
* },
* "status": -1 //or 0 for success if there are no error messages present
* }
*
* where "system_messages" is all message registers at the point of forwarding
*
* @internal registered for the 'forward', 'all' plugin hook
*
* @param string $hook
* @param string $type
* @param string $reason
* @param array $params
* @return void
* @access private
*/
function ajax_forward_hook($hook, $type, $reason, $params) {
_elgg_services()->actions->ajaxForwardHook($hook, $type, $reason, $params);
}
/**
* Buffer all output echo'd directly in the action for inclusion in the returned JSON.
* @return void
* @access private
*/
function ajax_action_hook() {
_elgg_services()->actions->ajaxActionHook();
}
/**
* Send an updated CSRF token
*
* @access private
*/
function _elgg_csrf_token_refresh() {
if (!elgg_is_xhr()) {
return false;
}
$ts = time();
$token = generate_action_token($ts);
$data = array(
'__elgg_ts' => $ts,
'__elgg_token' => $token,
'logged_in' => elgg_is_logged_in(),
);
header("Content-Type: application/json;charset=utf-8");
echo json_encode($data);
return true;
}
/**
* Initialize some ajaxy actions features
* @access private
*/
function actions_init() {
elgg_register_page_handler('action', '_elgg_action_handler');
elgg_register_page_handler('refresh_token', '_elgg_csrf_token_refresh');
elgg_register_simplecache_view('js/languages/en');
elgg_register_plugin_hook_handler('action', 'all', 'ajax_action_hook');
elgg_register_plugin_hook_handler('forward', 'all', 'ajax_forward_hook');
}
return function(\Elgg\EventsService $events, \Elgg\HooksRegistrationService $hooks) {
$events->registerHandler('init', 'system', 'actions_init');
};