mirror of
https://github.com/skipperbent/simple-php-router.git
synced 2026-07-11 10:02:12 +00:00
@@ -1037,6 +1037,17 @@ class CustomExceptionHandler implements IExceptionHandler
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Other error */
|
||||||
|
if($error instanceof MyCustomException) {
|
||||||
|
|
||||||
|
$request->setRewriteRoute(
|
||||||
|
// Add new route based on current url (minus query-string) and add custom parameters.
|
||||||
|
(new RouteUrl(url(null, null, []), 'PageController@error'))->setParameters(['exception' => $error])
|
||||||
|
);
|
||||||
|
return;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
throw $error;
|
throw $error;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,13 +17,13 @@ class BaseCsrfVerifier implements IMiddleware
|
|||||||
* For example: /admin/*
|
* For example: /admin/*
|
||||||
* @var array|null
|
* @var array|null
|
||||||
*/
|
*/
|
||||||
protected ?array $except = null;
|
protected array $except = [];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Urls to include. Can be used to include urls from a certain path.
|
* Urls to include. Can be used to include urls from a certain path.
|
||||||
* @var array|null
|
* @var array|null
|
||||||
*/
|
*/
|
||||||
protected ?array $include = null;
|
protected array $include = [];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var ITokenProvider
|
* @var ITokenProvider
|
||||||
@@ -38,6 +38,23 @@ class BaseCsrfVerifier implements IMiddleware
|
|||||||
$this->tokenProvider = new CookieTokenProvider();
|
$this->tokenProvider = new CookieTokenProvider();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function isIncluded(Request $request): bool
|
||||||
|
{
|
||||||
|
if (count($this->include) > 0) {
|
||||||
|
foreach ($this->include as $includeUrl) {
|
||||||
|
$includeUrl = rtrim($includeUrl, '/');
|
||||||
|
if ($includeUrl[strlen($includeUrl) - 1] === '*') {
|
||||||
|
$includeUrl = rtrim($includeUrl, '*');
|
||||||
|
return $request->getUrl()->contains($includeUrl);
|
||||||
|
}
|
||||||
|
|
||||||
|
return ($includeUrl === rtrim($request->getUrl()->getRelativeUrl(false), '/'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if the url matches the urls in the except property
|
* Check if the url matches the urls in the except property
|
||||||
* @param Request $request
|
* @param Request $request
|
||||||
@@ -45,11 +62,11 @@ class BaseCsrfVerifier implements IMiddleware
|
|||||||
*/
|
*/
|
||||||
protected function skip(Request $request): bool
|
protected function skip(Request $request): bool
|
||||||
{
|
{
|
||||||
if ($this->except === null || count($this->except) === 0) {
|
if (count($this->except) === 0) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach($this->except as $url) {
|
foreach ($this->except as $url) {
|
||||||
$url = rtrim($url, '/');
|
$url = rtrim($url, '/');
|
||||||
if ($url[strlen($url) - 1] === '*') {
|
if ($url[strlen($url) - 1] === '*') {
|
||||||
$url = rtrim($url, '*');
|
$url = rtrim($url, '*');
|
||||||
@@ -60,20 +77,9 @@ class BaseCsrfVerifier implements IMiddleware
|
|||||||
|
|
||||||
if ($skip === true) {
|
if ($skip === true) {
|
||||||
|
|
||||||
if(is_array($this->include) === true && count($this->include) > 0) {
|
$skip = !$this->isIncluded($request);
|
||||||
foreach($this->include as $includeUrl) {
|
|
||||||
$includeUrl = rtrim($includeUrl, '/');
|
|
||||||
if ($includeUrl[strlen($includeUrl) - 1] === '*') {
|
|
||||||
$includeUrl = rtrim($includeUrl, '*');
|
|
||||||
$skip = !$request->getUrl()->contains($includeUrl);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
$skip = !($includeUrl === rtrim($request->getUrl()->getRelativeUrl(false), '/'));
|
if ($skip === false) {
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if($skip === false) {
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -92,12 +98,11 @@ class BaseCsrfVerifier implements IMiddleware
|
|||||||
*/
|
*/
|
||||||
public function handle(Request $request): void
|
public function handle(Request $request): void
|
||||||
{
|
{
|
||||||
if ($this->skip($request) === false && $request->isPostBack() === true) {
|
if ($this->skip($request) === false && ($request->isPostBack() === true || $this->isIncluded($request) === true)) {
|
||||||
|
|
||||||
$token = $request->getInputHandler()->value(
|
$token = $request->getInputHandler()->value(
|
||||||
static::POST_KEY,
|
static::POST_KEY,
|
||||||
$request->getHeader(static::HEADER_KEY),
|
$request->getHeader(static::HEADER_KEY),
|
||||||
Request::$requestTypesPost
|
|
||||||
);
|
);
|
||||||
|
|
||||||
if ($this->tokenProvider->validate((string)$token) === false) {
|
if ($this->tokenProvider->validate((string)$token) === false) {
|
||||||
|
|||||||
@@ -27,11 +27,11 @@ class ClassLoader implements IClassLoader
|
|||||||
* @param object $class
|
* @param object $class
|
||||||
* @param string $method
|
* @param string $method
|
||||||
* @param array $parameters
|
* @param array $parameters
|
||||||
* @return mixed
|
* @return string
|
||||||
*/
|
*/
|
||||||
public function loadClassMethod($class, string $method, array $parameters)
|
public function loadClassMethod($class, string $method, array $parameters): string
|
||||||
{
|
{
|
||||||
return call_user_func_array([$class, $method], array_values($parameters));
|
return (string)call_user_func_array([$class, $method], array_values($parameters));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -39,11 +39,11 @@ class ClassLoader implements IClassLoader
|
|||||||
*
|
*
|
||||||
* @param Callable $closure
|
* @param Callable $closure
|
||||||
* @param array $parameters
|
* @param array $parameters
|
||||||
* @return mixed
|
* @return string
|
||||||
*/
|
*/
|
||||||
public function loadClosure(Callable $closure, array $parameters)
|
public function loadClosure(callable $closure, array $parameters): string
|
||||||
{
|
{
|
||||||
return call_user_func_array($closure, array_values($parameters));
|
return (string)call_user_func_array($closure, array_values($parameters));
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -346,7 +346,7 @@ class Router
|
|||||||
/* Verify csrf token for request */
|
/* Verify csrf token for request */
|
||||||
$this->csrfVerifier->handle($this->request);
|
$this->csrfVerifier->handle($this->request);
|
||||||
} catch(Exception $e) {
|
} catch(Exception $e) {
|
||||||
$this->handleException($e);
|
return $this->handleException($e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -427,7 +427,7 @@ class Router
|
|||||||
$routeOutput = $route->renderRoute($this->request, $this);
|
$routeOutput = $route->renderRoute($this->request, $this);
|
||||||
|
|
||||||
if ($this->renderMultipleRoutes === true) {
|
if ($this->renderMultipleRoutes === true) {
|
||||||
if ($routeOutput !== null) {
|
if ($routeOutput !== '') {
|
||||||
return $routeOutput;
|
return $routeOutput;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -444,12 +444,12 @@ class Router
|
|||||||
}
|
}
|
||||||
|
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
$this->handleException($e);
|
return $this->handleException($e);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($methodNotAllowed === true) {
|
if ($methodNotAllowed === true) {
|
||||||
$message = sprintf('Route "%s" or method "%s" not allowed.', $this->request->getUrl()->getPath(), $this->request->getMethod());
|
$message = sprintf('Route "%s" or method "%s" not allowed.', $this->request->getUrl()->getPath(), $this->request->getMethod());
|
||||||
$this->handleException(new NotFoundHttpException($message, 403));
|
return $this->handleException(new NotFoundHttpException($message, 403));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (count($this->request->getLoadedRoutes()) === 0) {
|
if (count($this->request->getLoadedRoutes()) === 0) {
|
||||||
|
|||||||
@@ -2,12 +2,12 @@
|
|||||||
|
|
||||||
class DummyCsrfVerifier extends \Pecee\Http\Middleware\BaseCsrfVerifier {
|
class DummyCsrfVerifier extends \Pecee\Http\Middleware\BaseCsrfVerifier {
|
||||||
|
|
||||||
protected ?array $except = [
|
protected array $except = [
|
||||||
'/exclude-page',
|
'/exclude-page',
|
||||||
'/exclude-all/*',
|
'/exclude-all/*',
|
||||||
];
|
];
|
||||||
|
|
||||||
protected ?array $include = [
|
protected array $include = [
|
||||||
'/exclude-all/include-page',
|
'/exclude-all/include-page',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user