本文整理汇总了PHP中SecurityToken::inst方法的典型用法代码示例。如果您正苦于以下问题:PHP SecurityToken::inst方法的具体用法?PHP SecurityToken::inst怎么用?PHP SecurityToken::inst使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类SecurityToken
的用法示例。
在下文中一共展示了SecurityToken::inst方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: createtranslation
/**
* Create a new translation from an existing item, switch to this language and reload the tree.
*/
function createtranslation($data, $form)
{
$request = $this->owner->getRequest();
// Protect against CSRF on destructive action
if (!SecurityToken::inst()->checkRequest($request)) {
return $this->owner->httpError(400);
}
$langCode = Convert::raw2sql($request->postVar('NewTransLang'));
$record = $this->owner->getRecord($request->postVar('ID'));
if (!$record) {
return $this->owner->httpError(404);
}
$this->owner->Locale = $langCode;
Translatable::set_current_locale($langCode);
// Create a new record in the database - this is different
// to the usual "create page" pattern of storing the record
// in-memory until a "save" is performed by the user, mainly
// to simplify things a bit.
// @todo Allow in-memory creation of translations that don't
// persist in the database before the user requests it
$translatedRecord = $record->createTranslation($langCode);
$url = Controller::join_links($this->owner->Link('show'), $translatedRecord->ID);
// set the X-Pjax header to Content, so that the whole admin panel will be refreshed
$this->owner->getResponse()->addHeader('X-Pjax', 'Content');
return $this->owner->redirect($url);
}
示例2: sort
public function sort($request)
{
if (!SecurityToken::inst()->checkRequest($request)) {
$this->httpError(404);
}
$class = $request->postVar('class');
$ids = $request->postVar('id');
if ($class == 'WorkflowAction') {
$objects = $this->Definition()->Actions();
} elseif ($class == 'WorkflowTransition') {
$parent = $request->postVar('parent');
$action = $this->Definition()->Actions()->byID($parent);
if (!$action) {
$this->httpError(400, _t('AdvancedWorkflowAdmin.INVALIDPARENTID', 'An invalid parent ID was specified.'));
}
$objects = $action->Transitions();
} else {
$this->httpError(400, _t('AdvancedWorkflowAdmin.INVALIDCLASSTOORDER', 'An invalid class to order was specified.'));
}
if (array_diff($ids, $objects->column('ID'))) {
$this->httpError(400, _t('AdvancedWorkflowAdmin.INVALIDIDLIST', 'An invalid list of IDs was provided.'));
}
singleton('WorkflowService')->reorder($objects, $ids);
return new SS_HTTPResponse(null, 200, _t('AdvancedWorkflowAdmin.SORTORDERSAVED', 'The sort order has been saved.'));
}
示例3: update
public function update(SS_HTTPRequest $request)
{
if (!SecurityToken::inst()->checkRequest($request)) {
return '';
}
$url = $request->postVar('URL');
if (strlen($url)) {
$info = Oembed::get_oembed_from_url($url);
if ($info && $info->exists()) {
$object = EmbeddedObject::create();
$object->Title = $info->title;
$object->SourceURL = $url;
$object->Width = $info->width;
$object->Height = $info->height;
$object->ThumbURL = $info->thumbnail_url;
$object->Description = $info->description ? $info->description : $info->title;
$object->Type = $info->type;
$object->EmbedHTML = $info->forTemplate();
$this->object = $object;
// needed to make sure the check in FieldHolder works out
$object->ID = -1;
return $this->FieldHolder();
} else {
$this->message = _t('EmbeddedObjectField.ERROR', 'Could not look up provided URL: ' . Convert::raw2xml($url));
return $this->FieldHolder();
}
} else {
$this->object = null;
return $this->FieldHolder();
}
}
示例4: update
public function update(SS_HTTPRequest $request)
{
if (!SecurityToken::inst()->checkRequest($request)) {
return '';
}
$url = $request->postVar('URL');
if (strlen($url)) {
$info = Oembed::get_oembed_from_url($url);
$info = Embed\Embed::create($url);
if ($info) {
$object = EmbeddedObject::create();
$object->setFromEmbed($info);
$this->object = $object;
// needed to make sure the check in FieldHolder works out
$object->ID = -1;
return $this->FieldHolder();
} else {
$this->message = _t('EmbeddedObjectField.ERROR', 'Could not look up provided URL: ' . Convert::raw2xml($url));
return $this->FieldHolder();
}
} else {
$this->object = null;
return $this->FieldHolder();
}
}
示例5: handleBatchAction
public function handleBatchAction($request)
{
// This method can't be called without ajax.
if (!$request->isAjax()) {
$this->parentController->redirectBack();
return;
}
// Protect against CSRF on destructive action
if (!SecurityToken::inst()->checkRequest($request)) {
return $this->httpError(400);
}
$actions = $this->batchActions();
$actionClass = $actions[$request->param('BatchAction')]['class'];
$actionHandler = new $actionClass();
// Sanitise ID list and query the database for apges
$ids = preg_split('/ *, */', trim($request->requestVar('csvIDs')));
foreach ($ids as $k => $v) {
if (!is_numeric($v)) {
unset($ids[$k]);
}
}
if ($ids) {
if (class_exists('Translatable') && SiteTree::has_extension('Translatable')) {
Translatable::disable_locale_filter();
}
$recordClass = $this->recordClass;
$pages = DataObject::get($recordClass)->byIDs($ids);
if (class_exists('Translatable') && SiteTree::has_extension('Translatable')) {
Translatable::enable_locale_filter();
}
$record_class = $this->recordClass;
if ($record_class::has_extension('Versioned')) {
// If we didn't query all the pages, then find the rest on the live site
if (!$pages || $pages->Count() < sizeof($ids)) {
$idsFromLive = array();
foreach ($ids as $id) {
$idsFromLive[$id] = true;
}
if ($pages) {
foreach ($pages as $page) {
unset($idsFromLive[$page->ID]);
}
}
$idsFromLive = array_keys($idsFromLive);
$livePages = Versioned::get_by_stage($this->recordClass, 'Live')->byIDs($idsFromLive);
if ($pages) {
// Can't merge into a DataList, need to condense into an actual list first
// (which will retrieve all records as objects, so its an expensive operation)
$pages = new ArrayList($pages->toArray());
$pages->merge($livePages);
} else {
$pages = $livePages;
}
}
}
} else {
$pages = new ArrayList();
}
return $actionHandler->run($pages);
}
示例6: authenticate
public function authenticate(SS_HTTPRequest $request)
{
$token = $this->getToken($request);
$user = null;
if (!Member::currentUserID() && !$this->allowPublicAccess || $token) {
if (!$token) {
throw new WebServiceException(403, "Missing token parameter");
}
$user = $this->tokenAuthenticator->authenticate($token);
if (!$user) {
throw new WebServiceException(403, "Invalid user token");
}
} else {
if ($this->allowSecurityId && Member::currentUserID()) {
// we check the SecurityID parameter for the current user
$secParam = SecurityToken::inst()->getName();
$securityID = $request->requestVar($secParam);
if ($securityID && $securityID != SecurityToken::inst()->getValue()) {
throw new WebServiceException(403, "Invalid security ID");
}
$user = Member::currentUser();
}
}
if (!$user && !$this->allowPublicAccess) {
throw new WebServiceException(403, "Invalid request");
}
// now, if we have an hmacValidator in place, use it
if ($this->hmacValidator && $user) {
if (!$this->hmacValidator->validateHmac($user, $request)) {
throw new WebServiceException(403, "Invalid message");
}
}
return true;
}
示例7: getSecurityToken
/**
* Generate a security token.
* */
public static function getSecurityToken()
{
// Ensure the session exists before querying it.
if (!Session::request_contains_session_id()) {
Session::start();
}
return SecurityToken::inst()->getSecurityID();
}
示例8: saveComplexTableField
public function saveComplexTableField($data, $form, $params)
{
$child = new $data['ClassName']();
$child->ParentID = $this->controller->ID;
$child->write();
$link = SecurityToken::inst()->addToUrl(Controller::join_links($this->Link(), 'item', $child->ID, 'edit'));
Session::set('FormInfo.ComplexTableField_Popup_DetailForm.formError', array('message' => _t('MemberProfiles.SECTIONADDED', 'Profile section added, please edit it below.'), 'type' => 'good'));
return Director::redirect($link);
}
示例9: doUpload
/**
* @param $data
* @param $form
* @return mixed
*/
public function doUpload($data, $form)
{
$material = PresentationSlide::create();
$material->SlideID = $data['Slide'];
$material->write();
$this->presentation->Materials()->filter(['ClassName' => 'PresentationSlide'])->removeAll();
$this->presentation->Materials()->add($material);
$token = SecurityToken::inst()->getValue();
return $form->controller()->redirect(Controller::join_links($form->controller()->Link(), 'success', "?key={$token}&material={$material->ID}"));
}
示例10: handleAction
function handleAction($request)
{
// This method can't be called without ajax.
if (!$this->parentController->isAjax()) {
$this->parentController->redirectBack();
return;
}
// Protect against CSRF on destructive action
if (!SecurityToken::inst()->checkRequest($request)) {
return $this->httpError(400);
}
$actions = $this->batchActions();
$actionClass = $actions[$request->param('BatchAction')]['class'];
$actionHandler = new $actionClass();
// Sanitise ID list and query the database for apges
$ids = split(' *, *', trim($request->requestVar('csvIDs')));
foreach ($ids as $k => $v) {
if (!is_numeric($v)) {
unset($ids[$k]);
}
}
if ($ids) {
if (class_exists('Translatable') && Object::has_extension('SiteTree', 'Translatable')) {
Translatable::disable_locale_filter();
}
$pages = DataObject::get($this->recordClass, sprintf('"%s"."ID" IN (%s)', ClassInfo::baseDataClass($this->recordClass), implode(", ", $ids)));
if (class_exists('Translatable') && Object::has_extension('SiteTree', 'Translatable')) {
Translatable::enable_locale_filter();
}
if (Object::has_extension($this->recordClass, 'Versioned')) {
// If we didn't query all the pages, then find the rest on the live site
if (!$pages || $pages->Count() < sizeof($ids)) {
foreach ($ids as $id) {
$idsFromLive[$id] = true;
}
if ($pages) {
foreach ($pages as $page) {
unset($idsFromLive[$page->ID]);
}
}
$idsFromLive = array_keys($idsFromLive);
$sql = sprintf('"%s"."ID" IN (%s)', $this->recordClass, implode(", ", $idsFromLive));
$livePages = Versioned::get_by_stage($this->recordClass, 'Live', $sql);
if ($pages) {
$pages->merge($livePages);
} else {
$pages = $livePages;
}
}
}
} else {
$pages = new ArrayList();
}
return $actionHandler->run($pages);
}
示例11: initVisitor
public static function initVisitor()
{
$secID = SecurityToken::inst()->getSecurityID();
if (!($visitor = self::get()->find('securityID', $secID))) {
$referer = isset($_SERVER['HTTP_REFERER']) ? self::getDomain($_SERVER['HTTP_REFERER']) : "";
$searchTerm = "";
// This is a new visitor so lets see if we can find out where they came from
$visitor = self::saveVisitor($secID, $_SERVER['REMOTE_ADDR'], $referer, $searchTerm);
}
return $visitor;
}
示例12: initVisitor
public static function initVisitor()
{
$secID = SecurityToken::inst()->getSecurityID();
if (!($visitor = self::get()->find('securityID', $secID))) {
$referer = isset($_POST['ref']) ? $_POST['ref'] : "";
$resolution = isset($_POST['res']) ? $_POST['res'] : "";
$platform = isset($_POST['plat']) ? $_POST['plat'] : "";
$searchTerm = "";
// This is a new visitor so lets see if we can find out where they came from
$visitor = self::saveVisitor($secID, $_SERVER['REMOTE_ADDR'], $referer, $searchTerm, $resolution, $platform);
}
return $visitor;
}
示例13: testDeleteActionRemoveRelation
public function testDeleteActionRemoveRelation()
{
$this->logInWithPermission('ADMIN');
$config = GridFieldConfig::create()->addComponent(new GridFieldDeleteAction(true));
$gridField = new GridField('testfield', 'testfield', $this->list, $config);
$form = new Form(new Controller(), 'mockform', new FieldList(array($this->gridField)), new FieldList());
$stateID = 'testGridStateActionField';
Session::set($stateID, array('grid' => '', 'actionName' => 'deleterecord', 'args' => array('RecordID' => $this->idFromFixture('GridFieldAction_Delete_Team', 'team1'))));
$token = SecurityToken::inst();
$request = new SS_HTTPRequest('POST', 'url', array(), array('action_gridFieldAlterAction?StateID=' . $stateID => true, $token->getName() => $token->getValue()));
$this->gridField->gridFieldAlterAction(array('StateID' => $stateID), $this->form, $request);
$this->assertEquals(2, $this->list->count(), 'User should be able to delete records with ADMIN permission.');
}
示例14: delete
public function delete($request)
{
if (!SecurityToken::inst()->checkRequest($request)) {
$this->httpError(400);
}
if (!$request->isPOST()) {
$this->httpError(400);
}
if (!$this->record->canDelete()) {
$this->httpError(403);
}
$this->record->delete();
return $this->RootField()->forTemplate();
}
示例15: testDeleteWithoutGroupDeletesFromDatabase
function testDeleteWithoutGroupDeletesFromDatabase()
{
$member1 = $this->objFromFixture('Member', 'member1');
$member1ID = $member1->ID;
$group1 = $this->objFromFixture('Group', 'group1');
$response = $this->get('MemberTableFieldTest_Controller');
$token = SecurityToken::inst();
$url = sprintf('MemberTableFieldTest_Controller/FormNoGroup/field/Members/item/%d/delete/?usetestmanifest=1', $member1->ID);
$url = $token->addToUrl($url);
$response = $this->get($url);
$group1->flushCache();
$this->assertNotContains($member1->ID, $group1->Members()->column('ID'), 'Member relation to group is removed');
DataObject::flush_and_destroy_cache();
$this->assertFalse(DataObject::get_by_id('Member', $member1ID), 'Member record is removed from database');
}