Page MenuHomec4science
Files F91413399

PhameBlogLiveController.php
No OneTemporary
Actions

File Metadata

Created
Sun, Nov 10, 21:15

PhameBlogLiveController.php
View Options

<?php
final class PhameBlogLiveController extends PhameBlogController {
public function shouldAllowPublic() {
return true;
}
public function handleRequest(AphrontRequest $request) {
$viewer = $request->getViewer();
$site = $request->getSite();
if ($site instanceof PhameBlogSite) {
$blog = $site->getBlog();
} else {
$id = $request->getURIData('id');
$blog = id(new PhameBlogQuery())
->setViewer($viewer)
->withIDs(array($id))
->executeOne();
if (!$blog) {
return new Aphront404Response();
}
}
if ($blog->getDomain() && ($request->getHost() != $blog->getDomain())) {
$base_uri = $blog->getLiveURI();
// Don't redirect directly, since the domain is user-controlled and there
// are a bevy of security issues associated with automatic redirects to
// external domains.
// Previously we CSRF'd this and someone found a way to pass OAuth
// information through it using anchors. Just make users click a normal
// link so that this is no more dangerous than any other external link
// on the site.
$dialog = id(new AphrontDialogView())
->setTitle(pht('Blog Moved'))
->setUser($viewer)
->appendParagraph(pht('This blog is now hosted here:'))
->appendParagraph(
phutil_tag(
'a',
array(
'href' => $base_uri,
),
$base_uri))
->addCancelButton('/');
return id(new AphrontDialogResponse())->setDialog($dialog);
}
$phame_request = clone $request;
$more = $phame_request->getURIData('more', '');
$phame_request->setPath('/'.ltrim($more, '/'));
$uri = $blog->getLiveURI();
$skin = $blog->getSkinRenderer($phame_request);
$skin
->setBlog($blog)
->setBaseURI($uri);
$skin->willProcessRequest(array());
return $skin->processRequest();
}
}

Event Timeline

c4science · Help