27 private $currentAction = null;
43 'admin/plugins/disable',
48 if (!in_array(
$action, $exceptions)) {
53 $forwarder = str_replace(
_elgg_services()->config->getSiteUrl(),
"", $forwarder);
54 $forwarder = str_replace(
"http://",
"", $forwarder);
55 $forwarder = str_replace(
"@",
"", $forwarder);
56 if (substr($forwarder, 0, 1) ==
"/") {
57 $forwarder = substr($forwarder, 1);
60 if (!isset($this->actions[
$action])) {
62 } elseif (!
_elgg_services()->session->isAdminLoggedIn() && ($this->actions[
$action][
'access'] ===
'admin')) {
64 } elseif (!
_elgg_services()->session->isLoggedIn() && ($this->actions[
$action][
'access'] !==
'public')) {
69 if (
_elgg_services()->hooks->trigger(
'action', $action, null,
true)) {
70 if (!include($this->actions[$action][
'file'])) {
76 $forwarder = empty($forwarder) ?
REFERER : $forwarder;
89 if (empty($filename)) {
99 $this->actions[
$action] = array(
111 if (isset($this->actions[
$action])) {
112 unset($this->actions[$action]);
134 if ((
$token) && (
$ts) && ($session_id)) {
140 if ($token_matches) {
141 if ($this->validateTokenTimestamp(
$ts)) {
144 $returnval =
_elgg_services()->hooks->trigger(
'action_gatekeeper:permissions:check',
'all', array(
151 }
else if ($visible_errors) {
154 }
else if ($visible_errors) {
162 }
else if ($visible_errors) {
172 $length = $req->server->get(
'CONTENT_LENGTH');
173 $post_count = count($req->request);
174 if ($length && $post_count < 1) {
176 $error_msg =
_elgg_services()->hooks->trigger(
'action_gatekeeper:upload_exceeded_msg',
'all', array(
177 'post_size' => $length,
178 'visible_errors' => $visible_errors,
179 ),
_elgg_services()->translator->translate(
'actiongatekeeper:uploadexceeded'));
181 $error_msg =
_elgg_services()->translator->translate(
'actiongatekeeper:missingfields');
183 if ($visible_errors) {
199 $timeout = $this->getActionTokenTimeout();
201 return ($timeout == 0 || (
$ts > $now - $timeout) && (
$ts < $now + $timeout));
211 if (($timeout =
_elgg_services()->config->get(
'action_token_timeout')) === null) {
216 return (
int)((float)$timeout * $hour);
225 if ($this->validateActionToken(
false)) {
231 if (
$token && $this->validateTokenTimestamp(
$ts)) {
241 }
else if ($this->validateActionToken()) {
258 if ($session_id && $site_secret) {
270 return (isset($this->actions[
$action]) && file_exists($this->actions[$action][
'file']));
283 'system_messages' => array(
303 if (isset($system_messages[
'success'])) {
304 $params[
'system_messages'][
'success'] = $system_messages[
'success'];
307 if (isset($system_messages[
'error'])) {
308 $params[
'system_messages'][
'error'] = $system_messages[
'error'];
312 $context = array(
'action' => $this->currentAction);
319 $http_accept =
_elgg_services()->request->server->get(
'HTTP_ACCEPT');
320 if (stripos($http_accept,
'application/json') ===
false) {
321 header(
"Content-type: text/plain");
323 header(
"Content-type: application/json");
elgg_is_xhr()
Checks whether the request was requested via ajax.
action_gatekeeper($action)
Validates the presence of action tokens.
execute($action, $forwarder="")
if(!$autoload_available) _elgg_services()
elgg forward
Meant to mimic the php forward() function by simply redirecting the user to another page...
getAllActions()
Get all actions.
generate_action_token($timestamp)
Generate an action token.
elgg echo
Translates a string.
validateActionToken($visible_errors=true, $token=null, $ts=null)
generateActionToken($timestamp)
system_messages($message=null, $register="success", $count=false)
Queues a message to be displayed.
validate_action_token($visible_errors=true, $token=null, $ts=null)
Validate an action token.
validateTokenTimestamp($ts)
Is the token timestamp within acceptable range?
elgg register_error
Wrapper function for system_messages.
ajaxForwardHook($hook, $reason, $return, $params)
clearfix elgg elgg elgg elgg page header