X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FApp%2FPage.php;h=96bb59425efd151f405bd025d41dfb98a1058f70;hb=e659a0314086dd700dbe5e754e383ab758725805;hp=c78d0f9e0c53b5f95a4a34774b62bfdfcf9f52a0;hpb=4622814e5f6cd22d421ded545be74c745d593483;p=friendica.git diff --git a/src/App/Page.php b/src/App/Page.php index c78d0f9e0c..96bb59425e 100644 --- a/src/App/Page.php +++ b/src/App/Page.php @@ -1,6 +1,6 @@ '', 'template' => '', 'title' => '', + 'section' => '', + 'module' => '', ]; /** * @var string The basepath of the page @@ -80,8 +83,9 @@ class Page implements ArrayAccess private $basePath; private $timestamp = 0; - private $command = ''; private $method = ''; + private $module = ''; + private $command = ''; /** * @param string $basepath The Page basepath @@ -92,94 +96,62 @@ class Page implements ArrayAccess $this->basePath = $basepath; } - public function setLogging(string $command, string $method) + public function setLogging(string $method, string $module, string $command) { - $this->command = $command; $this->method = $method; + $this->module = $module; + $this->command = $command; } - public function logRuntime(IManageConfigValues $config) + public function logRuntime(IManageConfigValues $config, string $origin = '') { - if (in_array($this->command, $config->get('system', 'runtime_ignore'))) { + $ignore = $config->get('system', 'runtime_ignore'); + if (in_array($this->module, $ignore) || in_array($this->command, $ignore)) { return; } - $runtime = number_format(microtime(true) - $this->timestamp, 3); + $signature = !empty($_SERVER['HTTP_SIGNATURE']); + $load = number_format(System::currentLoad(), 2); + $runtime = number_format(microtime(true) - $this->timestamp, 3); if ($runtime > $config->get('system', 'runtime_loglimit')) { - Logger::debug('Runtime', ['method' => $this->method, 'command' => $this->command, 'runtime' => $runtime]); + Logger::debug('Runtime', ['method' => $this->method, 'module' => $this->module, 'runtime' => $runtime, 'load' => $load, 'origin' => $origin, 'signature' => $signature, 'request' => $_SERVER['REQUEST_URI'] ?? '']); } } + // ArrayAccess interface + /** - * Whether a offset exists - * - * @link https://php.net/manual/en/arrayaccess.offsetexists.php - * - * @param mixed $offset

- * An offset to check for. - *

- * - * @return boolean true on success or false on failure. - *

- *

- * The return value will be casted to boolean if non-boolean was returned. - * @since 5.0.0 + * @inheritDoc */ - public function offsetExists($offset) + #[\ReturnTypeWillChange] + public function offsetExists($offset): bool { return isset($this->page[$offset]); } /** - * Offset to retrieve - * - * @link https://php.net/manual/en/arrayaccess.offsetget.php - * - * @param mixed $offset

- * The offset to retrieve. - *

- * - * @return mixed Can return all value types. - * @since 5.0.0 + * @inheritDoc */ + #[\ReturnTypeWillChange] public function offsetGet($offset) { return $this->page[$offset] ?? null; } /** - * Offset to set - * - * @link https://php.net/manual/en/arrayaccess.offsetset.php - * - * @param mixed $offset

- * The offset to assign the value to. - *

- * @param mixed $value

- * The value to set. - *

- * - * @return void - * @since 5.0.0 + * @inheritDoc */ - public function offsetSet($offset, $value) + #[\ReturnTypeWillChange] + public function offsetSet($offset, $value): void { $this->page[$offset] = $value; } /** - * Offset to unset - * - * @link https://php.net/manual/en/arrayaccess.offsetunset.php - * - * @param mixed $offset

- * The offset to unset. - *

- * - * @return void - * @since 5.0.0 + * @inheritDoc */ - public function offsetUnset($offset) + #[\ReturnTypeWillChange] + public function offsetUnset($offset): void { if (isset($this->page[$offset])) { unset($this->page[$offset]); @@ -195,9 +167,9 @@ class Page implements ArrayAccess * @param string $media * @see Page::initHead() */ - public function registerStylesheet($path, string $media = 'screen') + public function registerStylesheet(string $path, string $media = 'screen') { - $path = Network::appendQueryParam($path, ['v' => FRIENDICA_VERSION]); + $path = Network::appendQueryParam($path, ['v' => App::VERSION]); if (mb_strpos($path, $this->basePath . DIRECTORY_SEPARATOR) === 0) { $path = mb_substr($path, mb_strlen($this->basePath . DIRECTORY_SEPARATOR)); @@ -216,17 +188,18 @@ class Page implements ArrayAccess * - Infinite scroll data * - head.tpl template * - * @param App $app The Friendica App instance - * @param Arguments $args The Friendica App Arguments - * @param L10n $l10n The l10n language instance - * @param IManageConfigValues $config The Friendica configuration - * @param IManagePersonalConfigValues $pConfig The Friendica personal configuration (for user) + * @param App $app The Friendica App instance + * @param Arguments $args The Friendica App Arguments + * @param L10n $l10n The l10n language instance + * @param IManageConfigValues $config The Friendica configuration + * @param IManagePersonalConfigValues $pConfig The Friendica personal configuration (for user) + * @param int $localUID The local user id * * @throws HTTPException\InternalServerErrorException */ - private function initHead(App $app, Arguments $args, L10n $l10n, IManageConfigValues $config, IManagePersonalConfigValues $pConfig) + private function initHead(App $app, Arguments $args, L10n $l10n, IManageConfigValues $config, IManagePersonalConfigValues $pConfig, int $localUID) { - $interval = ((local_user()) ? $pConfig->get(local_user(), 'system', 'update_interval') : 40000); + $interval = ($localUID ? $pConfig->get($localUID, 'system', 'update_interval') : 40000); // If the update is 'deactivated' set it to the highest integer number (~24 days) if ($interval < 0) { @@ -271,15 +244,44 @@ class Page implements ArrayAccess * being first */ $this->page['htmlhead'] = Renderer::replaceMacros($tpl, [ - '$local_user' => local_user(), - '$generator' => 'Friendica' . ' ' . FRIENDICA_VERSION, - '$delitem' => $l10n->t('Delete this item?'), - '$blockAuthor' => $l10n->t('Block this author? They won\'t be able to follow you nor see your public posts, and you won\'t be able to see their posts and their notifications.'), + '$l10n' => [ + 'delitem' => $l10n->t('Delete this item?'), + 'blockAuthor' => $l10n->t('Block this author? They won\'t be able to follow you nor see your public posts, and you won\'t be able to see their posts and their notifications.'), + 'ignoreAuthor' => $l10n->t('Ignore this author? You won\'t be able to see their posts and their notifications.'), + 'collapseAuthor' => $l10n->t('Collapse this author\'s posts?'), + + 'likeError' => $l10n->t('Like not successful'), + 'dislikeError' => $l10n->t('Dislike not successful'), + 'announceError' => $l10n->t('Sharing not successful'), + 'attendError' => $l10n->t('Attendance unsuccessful'), + 'srvError' => $l10n->t('Backend error'), + 'netError' => $l10n->t('Network error'), + + // Dropzone + 'dictDefaultMessage' => $l10n->t('Drop files here to upload'), + 'dictFallbackMessage' => $l10n->t("Your browser does not support drag and drop file uploads."), + 'dictFallbackText' => $l10n->t('Please use the fallback form below to upload your files like in the olden days.'), + 'dictFileTooBig' => $l10n->t('File is too big ({{filesize}}MiB). Max filesize: {{maxFilesize}}MiB.'), + 'dictInvalidFileType' => $l10n->t("You can't upload files of this type."), + 'dictResponseError' => $l10n->t('Server responded with {{statusCode}} code.'), + 'dictCancelUpload' => $l10n->t('Cancel upload'), + 'dictUploadCanceled' => $l10n->t('Upload canceled.'), + 'dictCancelUploadConfirmation' => $l10n->t('Are you sure you want to cancel this upload?'), + 'dictRemoveFile' => $l10n->t('Remove file'), + 'dictMaxFilesExceeded' => $l10n->t("You can't upload any more files."), + ], + + '$local_user' => $localUID, + '$generator' => 'Friendica' . ' ' . App::VERSION, '$update_interval' => $interval, '$shortcut_icon' => $shortcut_icon, '$touch_icon' => $touch_icon, '$block_public' => intval($config->get('system', 'block_public')), '$stylesheets' => $this->stylesheets, + + // Dropzone + '$max_imagesize' => round(\Friendica\Util\Strings::getBytesFromShorthand($config->get('system', 'maximagesize')) / 1000000, 1), + ]) . $this->page['htmlhead']; } @@ -288,7 +290,7 @@ class Page implements ArrayAccess * * Taken from http://webcheatsheet.com/php/get_current_page_url.php */ - private function curPageURL() + private function curPageURL(): string { $pageURL = 'http'; if (!empty($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on")) { @@ -304,12 +306,12 @@ class Page implements ArrayAccess } return $pageURL; } - + /** * Initializes Page->page['footer']. * * Includes: - * - Javascript homebase + * - JavaScript homebase * - Mobile toggle link * - Registered footer scripts (through App->registerFooterScript()) * - footer.tpl template @@ -390,7 +392,7 @@ class Page implements ArrayAccess */ public function registerFooterScript($path) { - $path = Network::appendQueryParam($path, ['v' => FRIENDICA_VERSION]); + $path = Network::appendQueryParam($path, ['v' => App::VERSION]); $url = str_replace($this->basePath . DIRECTORY_SEPARATOR, '', $path); @@ -436,12 +438,16 @@ class Page implements ArrayAccess * @param Mode $mode The current node mode * @param ResponseInterface $response The Response of the module class, including type, content & headers * @param L10n $l10n The l10n language class + * @param Profiler $profiler * @param IManageConfigValues $config The Configuration of this node * @param IManagePersonalConfigValues $pconfig The personal/user configuration - * - * @throws HTTPException\InternalServerErrorException|HTTPException\ServiceUnavailableException + * @param Nav $nav + * @param int $localUID + * @throws HTTPException\MethodNotAllowedException + * @throws HTTPException\InternalServerErrorException + * @throws HTTPException\ServiceUnavailableException */ - public function run(App $app, BaseURL $baseURL, Arguments $args, Mode $mode, ResponseInterface $response, L10n $l10n, Profiler $profiler, IManageConfigValues $config, IManagePersonalConfigValues $pconfig) + public function run(App $app, BaseURL $baseURL, Arguments $args, Mode $mode, ResponseInterface $response, L10n $l10n, Profiler $profiler, IManageConfigValues $config, IManagePersonalConfigValues $pconfig, Nav $nav, int $localUID) { $moduleName = $args->getModuleName(); @@ -475,7 +481,7 @@ class Page implements ArrayAccess * all the module functions have executed so that all * theme choices made by the modules can take effect. */ - $this->initHead($app, $args, $l10n, $config, $pconfig); + $this->initHead($app, $args, $l10n, $config, $pconfig, $localUID); /* Build the page ending -- this is stuff that goes right before * the closing tag @@ -491,21 +497,7 @@ class Page implements ArrayAccess // Add the navigation (menu) template if ($moduleName != 'install' && $moduleName != 'maintenance') { $this->page['htmlhead'] .= Renderer::replaceMacros(Renderer::getMarkupTemplate('nav_head.tpl'), []); - $this->page['nav'] = Nav::build($app); - } - - foreach ($response->getHeaders() as $key => $header) { - if (is_array($header)) { - $header_str = implode(',', $header); - } else { - $header_str = $header; - } - - if (empty($key)) { - header($header_str); - } else { - header("$key: $header_str"); - } + $this->page['nav'] = $nav->getHtml(); } // Build the page - now that we have all the components @@ -517,7 +509,7 @@ class Page implements ArrayAccess $content = mb_convert_encoding($this->page["content"], 'HTML-ENTITIES', "UTF-8"); - /// @TODO one day, kill those error-surpressing @ stuff, or PHP should ban it + /// @TODO one day, kill those error-suppressing @ stuff, or PHP should ban it @$doc->loadHTML($content); $xpath = new DOMXPath($doc); @@ -538,10 +530,15 @@ class Page implements ArrayAccess $page = $this->page; - header("X-Friendica-Version: " . FRIENDICA_VERSION); + // add and escape some common but crucial content for direct "echo" in HTML (security) + $page['title'] = htmlspecialchars($page['title'] ?? ''); + $page['section'] = htmlspecialchars($args->get(0) ?? 'generic'); + $page['module'] = htmlspecialchars($args->getModuleName() ?? ''); + + header("X-Friendica-Version: " . App::VERSION); header("Content-type: text/html; charset=utf-8"); - if ($config->get('system', 'hsts') && ($baseURL->getSSLPolicy() == BaseURL::SSL_POLICY_FULL)) { + if ($config->get('system', 'hsts') && ($baseURL->getScheme() === 'https')) { header("Strict-Transport-Security: max-age=31536000"); } @@ -573,6 +570,10 @@ class Page implements ArrayAccess // Used as is in view/php/default.php $lang = $l10n->getCurrentLang(); + ob_start(); require_once $template; + $body = ob_get_clean(); + + return $response->withBody(Utils::streamFor($body)); } }