|
Elgg
Version 2.3
|
Go to the source code of this file.
Namespaces | |
| Elgg\Core | |
| Activate a plugin or plugins. | |
Functions | |
| _elgg_action_handler (array $segments) | |
| Handle a request for an action. More... | |
| action ($action, $forwarder="") | |
| Perform an action. More... | |
| elgg_register_action ($action, $filename="", $access= 'logged_in') | |
| Registers an action. More... | |
| elgg_unregister_action ($action) | |
| Unregisters an action. More... | |
| elgg_build_hmac ($data) | |
| Get an HMAC token builder/validator object. More... | |
| validate_action_token ($visible_errors=true, $token=null, $ts=null) | |
| Validate an action token. More... | |
| action_gatekeeper ($action) | |
| Validates the presence of action tokens. More... | |
| generate_action_token ($timestamp) | |
| Generate an action token. More... | |
| init_site_secret () | |
| Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL). More... | |
| get_site_secret () | |
| Returns the site secret. More... | |
| _elgg_get_site_secret_strength () | |
| Get the strength of the site secret. More... | |
| elgg_action_exists ($action) | |
| Check if an action is registered and its script exists. More... | |
| elgg_is_xhr () | |
| Checks whether the request was requested via ajax. More... | |
| ajax_forward_hook ($hook, $type, $reason, $params) | |
| Catch calls to forward() in ajax request and force an exit. More... | |
| ajax_action_hook () | |
| Buffer all output echo'd directly in the action for inclusion in the returned JSON. More... | |
| _elgg_csrf_token_refresh () | |
| Send an updated CSRF token, provided the page's current tokens were not fake. More... | |
| actions_init () | |
| Initialize some ajaxy actions features private. More... | |
Variables | |
| return | function (\Elgg\EventsService $events,\Elgg\HooksRegistrationService $hooks) |
| _elgg_action_handler | ( | array | $segments | ) |
Handle a request for an action.
| array | $segments | URL segments that make up action name |
Definition at line 21 of file actions.php.
| _elgg_csrf_token_refresh | ( | ) |
Send an updated CSRF token, provided the page's current tokens were not fake.
Definition at line 290 of file actions.php.
| _elgg_get_site_secret_strength | ( | ) |
Get the strength of the site secret.
Definition at line 215 of file actions.php.
| action | ( | $action, | |
$forwarder = "" |
|||
| ) |
Perform an action.
This function executes the action with name $action as registered by elgg_register_action().
The plugin hook 'action', $action_name will be triggered before the action is executed. If a handler returns false, it will prevent the action script from being called.
| string | $action | The requested action Name of the registered action |
| string | $forwarder | The location to forward to Forwarding to this location will only take place if action script file is not calling forward() Defaults to index URL Use REFERRER to forward to the referring page |
Definition at line 53 of file actions.php.
| action_gatekeeper | ( | $action | ) |
Validates the presence of action tokens.
This function is called for all actions. If action tokens are missing, the user will be forwarded to the site front page and an error emitted.
This function verifies form input for security features (like a generated token), and forwards if they are invalid.
| string | $action | The action being performed |
Definition at line 156 of file actions.php.
| actions_init | ( | ) |
Initialize some ajaxy actions features private.
Definition at line 298 of file actions.php.
| ajax_action_hook | ( | ) |
Buffer all output echo'd directly in the action for inclusion in the returned JSON.
Definition at line 279 of file actions.php.
| ajax_forward_hook | ( | $hook, | |
| $type, | |||
| $reason, | |||
| $params | |||
| ) |
Catch calls to forward() in ajax request and force an exit.
Forces response is json of the following form:
{
"current_url": "the.url.we/were/coming/from",
"forward_url": "the.url.we/were/going/to",
"system_messages": {
"messages": ["msg1", "msg2", ...],
"errors": ["err1", "err2", ...]
},
"status": -1 //or 0 for success if there are no error messages present
}
where "system_messages" is all message registers at the point of forwarding
Definition at line 268 of file actions.php.
| elgg_action_exists | ( | $action | ) |
Check if an action is registered and its script exists.
| string | $action | Action name |
Definition at line 227 of file actions.php.
| elgg_build_hmac | ( | $data | ) |
Get an HMAC token builder/validator object.
| mixed | $data | HMAC data string or serializable data |
Definition at line 118 of file actions.php.
| elgg_is_xhr | ( | ) |
Checks whether the request was requested via ajax.
Definition at line 237 of file actions.php.
| elgg_register_action | ( | $action, | |
$filename = "", |
|||
$access = 'logged_in' |
|||
| ) |
Registers an action.
Actions are registered to a script in the system and are executed by the URL http://elggsite.org/action/action_name/.
$filename must be the full path of the file to register or a path relative to the core actions/ dir.
Actions should be namedspaced for your plugin. Example: elgg_register_action('myplugin/save_settings', ...);
Put action files under the actions/<plugin_name> directory of your plugin.
You don't need to use Elgg in your action files.
array( 'file' => '/location/to/file.php', 'access' => 'public', 'logged_in', or 'admin' ) | string | $action | The name of the action (eg "register", "account/settings/save") |
| string | $filename | Optionally, the filename where this action is located. If not specified, will assume the action is in elgg/actions/<action>.php |
| string | $access | Who is allowed to execute this action: public, logged_in, admin. (default: logged_in) |
Definition at line 96 of file actions.php.
| elgg_unregister_action | ( | $action | ) |
Unregisters an action.
| string | $action | Action name |
Definition at line 107 of file actions.php.
| generate_action_token | ( | $timestamp | ) |
Generate an action token.
Action tokens are based on timestamps as returned by time(). They are valid for one hour.
Action tokens should be passed to all actions name __elgg_ts and __elgg_token.
| int | $timestamp | Unix timestamp |
Definition at line 177 of file actions.php.
| get_site_secret | ( | ) |
Returns the site secret.
Used to generate difficult to guess hashes for sessions and action tokens.
Definition at line 205 of file actions.php.
| init_site_secret | ( | ) |
Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL).
Used during installation and saves as a datalist.
Note: Old secrets were hex encoded.
Definition at line 192 of file actions.php.
| validate_action_token | ( | $visible_errors = true, |
|
$token = null, |
|||
$ts = null |
|||
| ) |
Validate an action token.
Calls to actions will automatically validate tokens. If tokens are not present or invalid, the action will be denied and the user will be redirected.
Plugin authors should never have to manually validate action tokens.
| bool | $visible_errors | Emit register_error() errors on failure? |
| mixed | $token | The token to test against. Default: $_REQUEST['__elgg_token'] |
| mixed | $ts | The time stamp to test against. Default: $_REQUEST['__elgg_ts'] |
Definition at line 138 of file actions.php.
| return function(\Elgg\EventsService $events,\Elgg\HooksRegistrationService $hooks) |
Definition at line 305 of file actions.php.
1.8.11