1 <?php
2 /**
3 * @package Joomla.Platform
4 * @subpackage Application
5 *
6 * @copyright Copyright (C) 2005 - 2017 Open Source Matters, Inc. All rights reserved.
7 * @license GNU General Public License version 2 or later; see LICENSE
8 */
9
10 defined('JPATH_PLATFORM') or die;
11
12 use Joomla\Registry\Registry;
13 use Joomla\String\StringHelper;
14
15 /**
16 * Base class for a Joomla! Web application.
17 *
18 * @since 11.4
19 * @note As of 4.0 this class will be abstract
20 */
21 class JApplicationWeb extends JApplicationBase
22 {
23 /**
24 * @var string Character encoding string.
25 * @since 11.3
26 */
27 public $charSet = 'utf-8';
28
29 /**
30 * @var string Response mime type.
31 * @since 11.3
32 */
33 public $mimeType = 'text/html';
34
35 /**
36 * @var JDate The body modified date for response headers.
37 * @since 11.3
38 */
39 public $modifiedDate;
40
41 /**
42 * @var JApplicationWebClient The application client object.
43 * @since 11.3
44 */
45 public $client;
46
47 /**
48 * @var JDocument The application document object.
49 * @since 11.3
50 */
51 protected $document;
52
53 /**
54 * @var JLanguage The application language object.
55 * @since 11.3
56 */
57 protected $language;
58
59 /**
60 * @var JSession The application session object.
61 * @since 11.3
62 */
63 protected $session;
64
65 /**
66 * @var object The application response object.
67 * @since 11.3
68 */
69 protected $response;
70
71 /**
72 * @var JApplicationWeb The application instance.
73 * @since 11.3
74 */
75 protected static $instance;
76
77 /**
78 * A map of integer HTTP 1.1 response codes to the full HTTP Status for the headers.
79 *
80 * @var object
81 * @since 3.4
82 * @link http://tools.ietf.org/pdf/rfc7231.pdf
83 */
84 private $responseMap = array(
85 300 => 'HTTP/1.1 300 Multiple Choices',
86 301 => 'HTTP/1.1 301 Moved Permanently',
87 302 => 'HTTP/1.1 302 Found',
88 303 => 'HTTP/1.1 303 See other',
89 304 => 'HTTP/1.1 304 Not Modified',
90 305 => 'HTTP/1.1 305 Use Proxy',
91 306 => 'HTTP/1.1 306 (Unused)',
92 307 => 'HTTP/1.1 307 Temporary Redirect',
93 308 => 'HTTP/1.1 308 Permanent Redirect',
94 );
95
96 /**
97 * A map of HTTP Response headers which may only send a single value, all others
98 * are considered to allow multiple
99 *
100 * @var object
101 * @since 3.5.2
102 * @link https://tools.ietf.org/html/rfc7230
103 */
104 private $singleValueResponseHeaders = array(
105 'status', // This is not a valid header name, but the representation used by Joomla to identify the HTTP Response Code
106 'Content-Length',
107 'Host',
108 'Content-Type',
109 'Content-Location',
110 'Date',
111 'Location',
112 'Retry-After',
113 'Server',
114 'Mime-Version',
115 'Last-Modified',
116 'ETag',
117 'Accept-Ranges',
118 'Content-Range',
119 'Age',
120 'Expires',
121 'Clear-Site-Data',
122 );
123
124 /**
125 * Class constructor.
126 *
127 * @param JInput $input An optional argument to provide dependency injection for the application's
128 * input object. If the argument is a JInput object that object will become
129 * the application's input object, otherwise a default input object is created.
130 * @param Registry $config An optional argument to provide dependency injection for the application's
131 * config object. If the argument is a Registry object that object will become
132 * the application's config object, otherwise a default config object is created.
133 * @param JApplicationWebClient $client An optional argument to provide dependency injection for the application's
134 * client object. If the argument is a JApplicationWebClient object that object will become
135 * the application's client object, otherwise a default client object is created.
136 *
137 * @since 11.3
138 */
139 public function __construct(JInput $input = null, Registry $config = null, JApplicationWebClient $client = null)
140 {
141 // If an input object is given use it.
142 if ($input instanceof JInput)
143 {
144 $this->input = $input;
145 }
146 // Create the input based on the application logic.
147 else
148 {
149 $this->input = new JInput;
150 }
151
152 // If a config object is given use it.
153 if ($config instanceof Registry)
154 {
155 $this->config = $config;
156 }
157 // Instantiate a new configuration object.
158 else
159 {
160 $this->config = new Registry;
161 }
162
163 // If a client object is given use it.
164 if ($client instanceof JApplicationWebClient)
165 {
166 $this->client = $client;
167 }
168 // Instantiate a new web client object.
169 else
170 {
171 $this->client = new JApplicationWebClient;
172 }
173
174 // Load the configuration object.
175 $this->loadConfiguration($this->fetchConfigurationData());
176
177 // Set the execution datetime and timestamp;
178 $this->set('execution.datetime', gmdate('Y-m-d H:i:s'));
179 $this->set('execution.timestamp', time());
180
181 // Setup the response object.
182 $this->response = new stdClass;
183 $this->response->cachable = false;
184 $this->response->headers = array();
185 $this->response->body = array();
186
187 // Set the system URIs.
188 $this->loadSystemUris();
189 }
190
191 /**
192 * Returns a reference to the global JApplicationWeb object, only creating it if it doesn't already exist.
193 *
194 * This method must be invoked as: $web = JApplicationWeb::getInstance();
195 *
196 * @param string $name The name (optional) of the JApplicationWeb class to instantiate.
197 *
198 * @return JApplicationWeb
199 *
200 * @since 11.3
201 */
202 public static function getInstance($name = null)
203 {
204 // Only create the object if it doesn't exist.
205 if (empty(self::$instance))
206 {
207 if (class_exists($name) && (is_subclass_of($name, 'JApplicationWeb')))
208 {
209 self::$instance = new $name;
210 }
211 else
212 {
213 self::$instance = new JApplicationWeb;
214 }
215 }
216
217 return self::$instance;
218 }
219
220 /**
221 * Initialise the application.
222 *
223 * @param mixed $session An optional argument to provide dependency injection for the application's
224 * session object. If the argument is a JSession object that object will become
225 * the application's session object, if it is false then there will be no session
226 * object, and if it is null then the default session object will be created based
227 * on the application's loadSession() method.
228 * @param mixed $document An optional argument to provide dependency injection for the application's
229 * document object. If the argument is a JDocument object that object will become
230 * the application's document object, if it is false then there will be no document
231 * object, and if it is null then the default document object will be created based
232 * on the application's loadDocument() method.
233 * @param mixed $language An optional argument to provide dependency injection for the application's
234 * language object. If the argument is a JLanguage object that object will become
235 * the application's language object, if it is false then there will be no language
236 * object, and if it is null then the default language object will be created based
237 * on the application's loadLanguage() method.
238 * @param mixed $dispatcher An optional argument to provide dependency injection for the application's
239 * event dispatcher. If the argument is a JEventDispatcher object that object will become
240 * the application's event dispatcher, if it is null then the default event dispatcher
241 * will be created based on the application's loadDispatcher() method.
242 *
243 * @return JApplicationWeb Instance of $this to allow chaining.
244 *
245 * @deprecated 13.1 (Platform) & 4.0 (CMS)
246 * @see JApplicationWeb::loadSession()
247 * @see JApplicationWeb::loadDocument()
248 * @see JApplicationWeb::loadLanguage()
249 * @see JApplicationBase::loadDispatcher()
250 * @since 11.3
251 */
252 public function initialise($session = null, $document = null, $language = null, $dispatcher = null)
253 {
254 // Create the session based on the application logic.
255 if ($session !== false)
256 {
257 $this->loadSession($session);
258 }
259
260 // Create the document based on the application logic.
261 if ($document !== false)
262 {
263 $this->loadDocument($document);
264 }
265
266 // Create the language based on the application logic.
267 if ($language !== false)
268 {
269 $this->loadLanguage($language);
270 }
271
272 $this->loadDispatcher($dispatcher);
273
274 return $this;
275 }
276
277 /**
278 * Execute the application.
279 *
280 * @return void
281 *
282 * @since 11.3
283 */
284 public function execute()
285 {
286 // Trigger the onBeforeExecute event.
287 $this->triggerEvent('onBeforeExecute');
288
289 // Perform application routines.
290 $this->doExecute();
291
292 // Trigger the onAfterExecute event.
293 $this->triggerEvent('onAfterExecute');
294
295 // If we have an application document object, render it.
296 if ($this->document instanceof JDocument)
297 {
298 // Trigger the onBeforeRender event.
299 $this->triggerEvent('onBeforeRender');
300
301 // Render the application output.
302 $this->render();
303
304 // Trigger the onAfterRender event.
305 $this->triggerEvent('onAfterRender');
306 }
307
308 // If gzip compression is enabled in configuration and the server is compliant, compress the output.
309 if ($this->get('gzip') && !ini_get('zlib.output_compression') && (ini_get('output_handler') != 'ob_gzhandler'))
310 {
311 $this->compress();
312 }
313
314 // Trigger the onBeforeRespond event.
315 $this->triggerEvent('onBeforeRespond');
316
317 // Send the application response.
318 $this->respond();
319
320 // Trigger the onAfterRespond event.
321 $this->triggerEvent('onAfterRespond');
322 }
323
324 /**
325 * Rendering is the process of pushing the document buffers into the template
326 * placeholders, retrieving data from the document and pushing it into
327 * the application response buffer.
328 *
329 * @return void
330 *
331 * @since 11.3
332 */
333 protected function render()
334 {
335 // Setup the document options.
336 $options = array(
337 'template' => $this->get('theme'),
338 'file' => $this->get('themeFile', 'index.php'),
339 'params' => $this->get('themeParams'),
340 );
341
342 if ($this->get('themes.base'))
343 {
344 $options['directory'] = $this->get('themes.base');
345 }
346 // Fall back to constants.
347 else
348 {
349 $options['directory'] = defined('JPATH_THEMES') ? JPATH_THEMES : (defined('JPATH_BASE') ? JPATH_BASE : __DIR__) . '/themes';
350 }
351
352 // Parse the document.
353 $this->document->parse($options);
354
355 // Render the document.
356 $data = $this->document->render($this->get('cache_enabled'), $options);
357
358 // Set the application output data.
359 $this->setBody($data);
360 }
361
362 /**
363 * Checks the accept encoding of the browser and compresses the data before
364 * sending it to the client if possible.
365 *
366 * @return void
367 *
368 * @since 11.3
369 */
370 protected function compress()
371 {
372 // Supported compression encodings.
373 $supported = array(
374 'x-gzip' => 'gz',
375 'gzip' => 'gz',
376 'deflate' => 'deflate',
377 );
378
379 // Get the supported encoding.
380 $encodings = array_intersect($this->client->encodings, array_keys($supported));
381
382 // If no supported encoding is detected do nothing and return.
383 if (empty($encodings))
384 {
385 return;
386 }
387
388 // Verify that headers have not yet been sent, and that our connection is still alive.
389 if ($this->checkHeadersSent() || !$this->checkConnectionAlive())
390 {
391 return;
392 }
393
394 // Iterate through the encodings and attempt to compress the data using any found supported encodings.
395 foreach ($encodings as $encoding)
396 {
397 if (($supported[$encoding] == 'gz') || ($supported[$encoding] == 'deflate'))
398 {
399 // Verify that the server supports gzip compression before we attempt to gzip encode the data.
400 // @codeCoverageIgnoreStart
401 if (!extension_loaded('zlib') || ini_get('zlib.output_compression'))
402 {
403 continue;
404 }
405 // @codeCoverageIgnoreEnd
406
407 // Attempt to gzip encode the data with an optimal level 4.
408 $data = $this->getBody();
409 $gzdata = gzencode($data, 4, ($supported[$encoding] == 'gz') ? FORCE_GZIP : FORCE_DEFLATE);
410
411 // If there was a problem encoding the data just try the next encoding scheme.
412 // @codeCoverageIgnoreStart
413 if ($gzdata === false)
414 {
415 continue;
416 }
417 // @codeCoverageIgnoreEnd
418
419 // Set the encoding headers.
420 $this->setHeader('Content-Encoding', $encoding);
421
422 // Header will be removed at 4.0
423 if ($this->get('MetaVersion'))
424 {
425 $this->setHeader('X-Content-Encoded-By', 'Joomla');
426 }
427
428 // Replace the output with the encoded data.
429 $this->setBody($gzdata);
430
431 // Compression complete, let's break out of the loop.
432 break;
433 }
434 }
435 }
436
437 /**
438 * Method to send the application response to the client. All headers will be sent prior to the main
439 * application output data.
440 *
441 * @return void
442 *
443 * @since 11.3
444 */
445 protected function respond()
446 {
447 // Send the content-type header.
448 $this->setHeader('Content-Type', $this->mimeType . '; charset=' . $this->charSet);
449
450 // If the response is set to uncachable, we need to set some appropriate headers so browsers don't cache the response.
451 if (!$this->response->cachable)
452 {
453 // Expires in the past.
454 $this->setHeader('Expires', 'Wed, 17 Aug 2005 00:00:00 GMT', true);
455
456 // Always modified.
457 $this->setHeader('Last-Modified', gmdate('D, d M Y H:i:s') . ' GMT', true);
458 $this->setHeader('Cache-Control', 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0', false);
459
460 // HTTP 1.0
461 $this->setHeader('Pragma', 'no-cache');
462 }
463 else
464 {
465 // Expires.
466 $this->setHeader('Expires', gmdate('D, d M Y H:i:s', time() + 900) . ' GMT');
467
468 // Last modified.
469 if ($this->modifiedDate instanceof JDate)
470 {
471 $this->setHeader('Last-Modified', $this->modifiedDate->format('D, d M Y H:i:s'));
472 }
473 }
474
475 $this->sendHeaders();
476
477 echo $this->getBody();
478 }
479
480 /**
481 * Redirect to another URL.
482 *
483 * If the headers have not been sent the redirect will be accomplished using a "301 Moved Permanently"
484 * or "303 See Other" code in the header pointing to the new location. If the headers have already been
485 * sent this will be accomplished using a JavaScript statement.
486 *
487 * @param string $url The URL to redirect to. Can only be http/https URL.
488 * @param integer $status The HTTP 1.1 status code to be provided. 303 is assumed by default.
489 *
490 * @return void
491 *
492 * @since 11.3
493 */
494 public function redirect($url, $status = 303)
495 {
496 // Check for relative internal links.
497 if (preg_match('#^index\.php#', $url))
498 {
499 // We changed this from "$this->get('uri.base.full') . $url" due to the inability to run the system tests with the original code
500 $url = JUri::base() . $url;
501 }
502
503 // Perform a basic sanity check to make sure we don't have any CRLF garbage.
504 $url = preg_split("/[\r\n]/", $url);
505 $url = $url[0];
506
507 /*
508 * Here we need to check and see if the URL is relative or absolute. Essentially, do we need to
509 * prepend the URL with our base URL for a proper redirect. The rudimentary way we are looking
510 * at this is to simply check whether or not the URL string has a valid scheme or not.
511 */
512 if (!preg_match('#^[a-z]+\://#i', $url))
513 {
514 // Get a JUri instance for the requested URI.
515 $uri = JUri::getInstance($this->get('uri.request'));
516
517 // Get a base URL to prepend from the requested URI.
518 $prefix = $uri->toString(array('scheme', 'user', 'pass', 'host', 'port'));
519
520 // We just need the prefix since we have a path relative to the root.
521 if ($url[0] == '/')
522 {
523 $url = $prefix . $url;
524 }
525 // It's relative to where we are now, so lets add that.
526 else
527 {
528 $parts = explode('/', $uri->toString(array('path')));
529 array_pop($parts);
530 $path = implode('/', $parts) . '/';
531 $url = $prefix . $path . $url;
532 }
533 }
534
535 // If the headers have already been sent we need to send the redirect statement via JavaScript.
536 if ($this->checkHeadersSent())
537 {
538 echo "<script>document.location.href='" . str_replace("'", ''', $url) . "';</script>\n";
539 }
540 else
541 {
542 // We have to use a JavaScript redirect here because MSIE doesn't play nice with utf-8 URLs.
543 if (($this->client->engine == JApplicationWebClient::TRIDENT) && !StringHelper::is_ascii($url))
544 {
545 $html = '<html><head>';
546 $html .= '<meta http-equiv="content-type" content="text/html; charset=' . $this->charSet . '" />';
547 $html .= '<script>document.location.href=\'' . str_replace("'", ''', $url) . '\';</script>';
548 $html .= '</head><body></body></html>';
549
550 echo $html;
551 }
552 else
553 {
554 // Check if we have a boolean for the status variable for compatability with old $move parameter
555 // @deprecated 4.0
556 if (is_bool($status))
557 {
558 $status = $status ? 301 : 303;
559 }
560
561 // Now check if we have an integer status code that maps to a valid redirect. If we don't then set a 303
562 // @deprecated 4.0 From 4.0 if no valid status code is given an InvalidArgumentException will be thrown
563 if (!is_int($status) || is_int($status) && !isset($this->responseMap[$status]))
564 {
565 $status = 303;
566 }
567
568 // All other cases use the more efficient HTTP header for redirection.
569 $this->setHeader('Status', $status, true);
570 $this->setHeader('Location', $url, true);
571 }
572 }
573
574 // Set appropriate headers
575 $this->respond();
576
577 // Close the application after the redirect.
578 $this->close();
579 }
580
581 /**
582 * Load an object or array into the application configuration object.
583 *
584 * @param mixed $data Either an array or object to be loaded into the configuration object.
585 *
586 * @return JApplicationWeb Instance of $this to allow chaining.
587 *
588 * @since 11.3
589 */
590 public function loadConfiguration($data)
591 {
592 // Load the data into the configuration object.
593 if (is_array($data))
594 {
595 $this->config->loadArray($data);
596 }
597 elseif (is_object($data))
598 {
599 $this->config->loadObject($data);
600 }
601
602 return $this;
603 }
604
605 /**
606 * Set/get cachable state for the response. If $allow is set, sets the cachable state of the
607 * response. Always returns the current state.
608 *
609 * @param boolean $allow True to allow browser caching.
610 *
611 * @return boolean
612 *
613 * @since 11.3
614 */
615 public function allowCache($allow = null)
616 {
617 if ($allow !== null)
618 {
619 $this->response->cachable = (bool) $allow;
620 }
621
622 return $this->response->cachable;
623 }
624
625 /**
626 * Method to set a response header. If the replace flag is set then all headers
627 * with the given name will be replaced by the new one. The headers are stored
628 * in an internal array to be sent when the site is sent to the browser.
629 *
630 * @param string $name The name of the header to set.
631 * @param string $value The value of the header to set.
632 * @param boolean $replace True to replace any headers with the same name.
633 *
634 * @return JApplicationWeb Instance of $this to allow chaining.
635 *
636 * @since 11.3
637 */
638 public function setHeader($name, $value, $replace = false)
639 {
640 // Sanitize the input values.
641 $name = (string) $name;
642 $value = (string) $value;
643
644 // Create an array of duplicate header names
645 $keys = false;
646 if ($this->response->headers)
647 {
648 $names = array();
649 foreach ($this->response->headers as $key => $header)
650 {
651 $names[$key] = $header['name'];
652 }
653 // Find existing headers by name
654 $keys = array_keys($names, $name);
655 }
656
657 // Remove if $replace is true and there are duplicate names
658 if ($replace && $keys)
659 {
660 $this->response->headers = array_diff_key($this->response->headers, array_flip($keys));
661 }
662
663 /**
664 * If no keys found, safe to insert (!$keys)
665 * If ($keys && $replace) it's a replacement and previous have been deleted
666 * if($keys && !in_array...) it's a multiple value header
667 */
668 $single = in_array($name, $this->singleValueResponseHeaders);
669 if ($value && (!$keys || ($keys && ($replace || !$single))))
670 {
671 // Add the header to the internal array.
672 $this->response->headers[] = array('name' => $name, 'value' => $value);
673 }
674
675 return $this;
676 }
677
678 /**
679 * Method to get the array of response headers to be sent when the response is sent
680 * to the client.
681 *
682 * @return array *
683 *
684 * @since 11.3
685 */
686 public function getHeaders()
687 {
688 return $this->response->headers;
689 }
690
691 /**
692 * Method to clear any set response headers.
693 *
694 * @return JApplicationWeb Instance of $this to allow chaining.
695 *
696 * @since 11.3
697 */
698 public function clearHeaders()
699 {
700 $this->response->headers = array();
701
702 return $this;
703 }
704
705 /**
706 * Send the response headers.
707 *
708 * @return JApplicationWeb Instance of $this to allow chaining.
709 *
710 * @since 11.3
711 */
712 public function sendHeaders()
713 {
714 if (!$this->checkHeadersSent())
715 {
716 // Creating an array of headers, making arrays of headers with multiple values
717 $val = array();
718 foreach ($this->response->headers as $header)
719 {
720 if ('status' == strtolower($header['name']))
721 {
722 // 'status' headers indicate an HTTP status, and need to be handled slightly differently
723 $this->header('HTTP/1.1 ' . (int) $header['value'], true);
724 }
725 else
726 {
727 $val[$header['name']] = !isset($val[$header['name']])?$header['value']:implode(', ', array($val[$header['name']], $header['value']));
728 $this->header($header['name'] . ': ' . $val[$header['name']], true);
729 }
730 }
731 }
732
733 return $this;
734 }
735
736 /**
737 * Set body content. If body content already defined, this will replace it.
738 *
739 * @param string $content The content to set as the response body.
740 *
741 * @return JApplicationWeb Instance of $this to allow chaining.
742 *
743 * @since 11.3
744 */
745 public function setBody($content)
746 {
747 $this->response->body = array((string) $content);
748
749 return $this;
750 }
751
752 /**
753 * Prepend content to the body content
754 *
755 * @param string $content The content to prepend to the response body.
756 *
757 * @return JApplicationWeb Instance of $this to allow chaining.
758 *
759 * @since 11.3
760 */
761 public function prependBody($content)
762 {
763 array_unshift($this->response->body, (string) $content);
764
765 return $this;
766 }
767
768 /**
769 * Append content to the body content
770 *
771 * @param string $content The content to append to the response body.
772 *
773 * @return JApplicationWeb Instance of $this to allow chaining.
774 *
775 * @since 11.3
776 */
777 public function appendBody($content)
778 {
779 $this->response->body[] = (string) $content;
780
781 return $this;
782 }
783
784 /**
785 * Return the body content
786 *
787 * @param boolean $asArray True to return the body as an array of strings.
788 *
789 * @return mixed The response body either as an array or concatenated string.
790 *
791 * @since 11.3
792 */
793 public function getBody($asArray = false)
794 {
795 return $asArray ? $this->response->body : implode((array) $this->response->body);
796 }
797
798 /**
799 * Method to get the application document object.
800 *
801 * @return JDocument The document object
802 *
803 * @since 11.3
804 */
805 public function getDocument()
806 {
807 return $this->document;
808 }
809
810 /**
811 * Method to get the application language object.
812 *
813 * @return JLanguage The language object
814 *
815 * @since 11.3
816 */
817 public function getLanguage()
818 {
819 return $this->language;
820 }
821
822 /**
823 * Method to get the application session object.
824 *
825 * @return JSession The session object
826 *
827 * @since 11.3
828 */
829 public function getSession()
830 {
831 return $this->session;
832 }
833
834 /**
835 * Method to check the current client connection status to ensure that it is alive. We are
836 * wrapping this to isolate the connection_status() function from our code base for testing reasons.
837 *
838 * @return boolean True if the connection is valid and normal.
839 *
840 * @codeCoverageIgnore
841 * @see connection_status()
842 * @since 11.3
843 */
844 protected function checkConnectionAlive()
845 {
846 return connection_status() === CONNECTION_NORMAL;
847 }
848
849 /**
850 * Method to check to see if headers have already been sent. We are wrapping this to isolate the
851 * headers_sent() function from our code base for testing reasons.
852 *
853 * @return boolean True if the headers have already been sent.
854 *
855 * @codeCoverageIgnore
856 * @see headers_sent()
857 * @since 11.3
858 */
859 protected function checkHeadersSent()
860 {
861 return headers_sent();
862 }
863
864 /**
865 * Method to detect the requested URI from server environment variables.
866 *
867 * @return string The requested URI
868 *
869 * @since 11.3
870 */
871 protected function detectRequestUri()
872 {
873 // First we need to detect the URI scheme.
874 if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off'))
875 {
876 $scheme = 'https://';
877 }
878 else
879 {
880 $scheme = 'http://';
881 }
882
883 /*
884 * There are some differences in the way that Apache and IIS populate server environment variables. To
885 * properly detect the requested URI we need to adjust our algorithm based on whether or not we are getting
886 * information from Apache or IIS.
887 */
888 // Define variable to return
889 $uri = '';
890
891 // If PHP_SELF and REQUEST_URI are both populated then we will assume "Apache Mode".
892 if (!empty($_SERVER['PHP_SELF']) && !empty($_SERVER['REQUEST_URI']))
893 {
894 // The URI is built from the HTTP_HOST and REQUEST_URI environment variables in an Apache environment.
895 $uri = $scheme . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
896 }
897 // If not in "Apache Mode" we will assume that we are in an IIS environment and proceed.
898 elseif (isset($_SERVER['HTTP_HOST']))
899 {
900 // IIS uses the SCRIPT_NAME variable instead of a REQUEST_URI variable... thanks, MS
901 $uri = $scheme . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'];
902
903 // If the QUERY_STRING variable exists append it to the URI string.
904 if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING']))
905 {
906 $uri .= '?' . $_SERVER['QUERY_STRING'];
907 }
908 }
909
910 return trim($uri);
911 }
912
913 /**
914 * Method to load a PHP configuration class file based on convention and return the instantiated data object. You
915 * will extend this method in child classes to provide configuration data from whatever data source is relevant
916 * for your specific application.
917 *
918 * @param string $file The path and filename of the configuration file. If not provided, configuration.php
919 * in JPATH_CONFIGURATION will be used.
920 * @param string $class The class name to instantiate.
921 *
922 * @return mixed Either an array or object to be loaded into the configuration object.
923 *
924 * @since 11.3
925 * @throws RuntimeException
926 */
927 protected function fetchConfigurationData($file = '', $class = 'JConfig')
928 {
929 // Instantiate variables.
930 $config = array();
931
932 if (empty($file))
933 {
934 $file = JPATH_CONFIGURATION . '/configuration.php';
935
936 // Applications can choose not to have any configuration data
937 // by not implementing this method and not having a config file.
938 if (!file_exists($file))
939 {
940 $file = '';
941 }
942 }
943
944 if (!empty($file))
945 {
946 JLoader::register($class, $file);
947
948 if (class_exists($class))
949 {
950 $config = new $class;
951 }
952 else
953 {
954 throw new RuntimeException('Configuration class does not exist.');
955 }
956 }
957
958 return $config;
959 }
960
961 /**
962 * Flush the media version to refresh versionable assets
963 *
964 * @return void
965 *
966 * @since 3.2
967 */
968 public function flushAssets()
969 {
970 $version = new JVersion;
971 $version->refreshMediaVersion();
972 }
973
974 /**
975 * Method to send a header to the client. We are wrapping this to isolate the header() function
976 * from our code base for testing reasons.
977 *
978 * @param string $string The header string.
979 * @param boolean $replace The optional replace parameter indicates whether the header should
980 * replace a previous similar header, or add a second header of the same type.
981 * @param integer $code Forces the HTTP response code to the specified value. Note that
982 * this parameter only has an effect if the string is not empty.
983 *
984 * @return void
985 *
986 * @codeCoverageIgnore
987 * @see header()
988 * @since 11.3
989 */
990 protected function header($string, $replace = true, $code = null)
991 {
992 $string = str_replace(chr(0), '', $string);
993 header($string, $replace, $code);
994 }
995
996 /**
997 * Determine if we are using a secure (SSL) connection.
998 *
999 * @return boolean True if using SSL, false if not.
1000 *
1001 * @since 12.2
1002 */
1003 public function isSSLConnection()
1004 {
1005 return (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) || getenv('SSL_PROTOCOL_VERSION');
1006 }
1007
1008 /**
1009 * Allows the application to load a custom or default document.
1010 *
1011 * The logic and options for creating this object are adequately generic for default cases
1012 * but for many applications it will make sense to override this method and create a document,
1013 * if required, based on more specific needs.
1014 *
1015 * @param JDocument $document An optional document object. If omitted, the factory document is created.
1016 *
1017 * @return JApplicationWeb This method is chainable.
1018 *
1019 * @since 11.3
1020 */
1021 public function loadDocument(JDocument $document = null)
1022 {
1023 $this->document = ($document === null) ? JFactory::getDocument() : $document;
1024
1025 return $this;
1026 }
1027
1028 /**
1029 * Allows the application to load a custom or default language.
1030 *
1031 * The logic and options for creating this object are adequately generic for default cases
1032 * but for many applications it will make sense to override this method and create a language,
1033 * if required, based on more specific needs.
1034 *
1035 * @param JLanguage $language An optional language object. If omitted, the factory language is created.
1036 *
1037 * @return JApplicationWeb This method is chainable.
1038 *
1039 * @since 11.3
1040 */
1041 public function loadLanguage(JLanguage $language = null)
1042 {
1043 $this->language = ($language === null) ? JFactory::getLanguage() : $language;
1044
1045 return $this;
1046 }
1047
1048 /**
1049 * Allows the application to load a custom or default session.
1050 *
1051 * The logic and options for creating this object are adequately generic for default cases
1052 * but for many applications it will make sense to override this method and create a session,
1053 * if required, based on more specific needs.
1054 *
1055 * @param JSession $session An optional session object. If omitted, the session is created.
1056 *
1057 * @return JApplicationWeb This method is chainable.
1058 *
1059 * @since 11.3
1060 */
1061 public function loadSession(JSession $session = null)
1062 {
1063 if ($session !== null)
1064 {
1065 $this->session = $session;
1066
1067 return $this;
1068 }
1069
1070 // Generate a session name.
1071 $name = md5($this->get('secret') . $this->get('session_name', get_class($this)));
1072
1073 // Calculate the session lifetime.
1074 $lifetime = (($this->get('sess_lifetime')) ? $this->get('sess_lifetime') * 60 : 900);
1075
1076 // Get the session handler from the configuration.
1077 $handler = $this->get('sess_handler', 'none');
1078
1079 // Initialize the options for JSession.
1080 $options = array(
1081 'name' => $name,
1082 'expire' => $lifetime,
1083 'force_ssl' => $this->get('force_ssl'),
1084 );
1085
1086 $this->registerEvent('onAfterSessionStart', array($this, 'afterSessionStart'));
1087
1088 // Instantiate the session object.
1089 $session = JSession::getInstance($handler, $options);
1090 $session->initialise($this->input, $this->dispatcher);
1091
1092 if ($session->getState() == 'expired')
1093 {
1094 $session->restart();
1095 }
1096 else
1097 {
1098 $session->start();
1099 }
1100
1101 // Set the session object.
1102 $this->session = $session;
1103
1104 return $this;
1105 }
1106
1107 /**
1108 * After the session has been started we need to populate it with some default values.
1109 *
1110 * @return void
1111 *
1112 * @since 12.2
1113 */
1114 public function afterSessionStart()
1115 {
1116 $session = JFactory::getSession();
1117
1118 if ($session->isNew())
1119 {
1120 $session->set('registry', new Registry);
1121 $session->set('user', new JUser);
1122 }
1123 }
1124
1125 /**
1126 * Method to load the system URI strings for the application.
1127 *
1128 * @param string $requestUri An optional request URI to use instead of detecting one from the
1129 * server environment variables.
1130 *
1131 * @return void
1132 *
1133 * @since 11.3
1134 */
1135 protected function loadSystemUris($requestUri = null)
1136 {
1137 // Set the request URI.
1138 // @codeCoverageIgnoreStart
1139 if (!empty($requestUri))
1140 {
1141 $this->set('uri.request', $requestUri);
1142 }
1143 else
1144 {
1145 $this->set('uri.request', $this->detectRequestUri());
1146 }
1147 // @codeCoverageIgnoreEnd
1148
1149 // Check to see if an explicit base URI has been set.
1150 $siteUri = trim($this->get('site_uri'));
1151
1152 if ($siteUri != '')
1153 {
1154 $uri = JUri::getInstance($siteUri);
1155 $path = $uri->toString(array('path'));
1156 }
1157 // No explicit base URI was set so we need to detect it.
1158 else
1159 {
1160 // Start with the requested URI.
1161 $uri = JUri::getInstance($this->get('uri.request'));
1162
1163 // If we are working from a CGI SAPI with the 'cgi.fix_pathinfo' directive disabled we use PHP_SELF.
1164 if (strpos(php_sapi_name(), 'cgi') !== false && !ini_get('cgi.fix_pathinfo') && !empty($_SERVER['REQUEST_URI']))
1165 {
1166 // We aren't expecting PATH_INFO within PHP_SELF so this should work.
1167 $path = dirname($_SERVER['PHP_SELF']);
1168 }
1169 // Pretty much everything else should be handled with SCRIPT_NAME.
1170 else
1171 {
1172 $path = dirname($_SERVER['SCRIPT_NAME']);
1173 }
1174 }
1175
1176 $host = $uri->toString(array('scheme', 'user', 'pass', 'host', 'port'));
1177
1178 // Check if the path includes "index.php".
1179 if (strpos($path, 'index.php') !== false)
1180 {
1181 // Remove the index.php portion of the path.
1182 $path = substr_replace($path, '', strpos($path, 'index.php'), 9);
1183 }
1184
1185 $path = rtrim($path, '/\\');
1186
1187 // Set the base URI both as just a path and as the full URI.
1188 $this->set('uri.base.full', $host . $path . '/');
1189 $this->set('uri.base.host', $host);
1190 $this->set('uri.base.path', $path . '/');
1191
1192 // Set the extended (non-base) part of the request URI as the route.
1193 if (stripos($this->get('uri.request'), $this->get('uri.base.full')) === 0)
1194 {
1195 $this->set('uri.route', substr_replace($this->get('uri.request'), '', 0, strlen($this->get('uri.base.full'))));
1196 }
1197
1198 // Get an explicitly set media URI is present.
1199 $mediaURI = trim($this->get('media_uri'));
1200
1201 if ($mediaURI)
1202 {
1203 if (strpos($mediaURI, '://') !== false)
1204 {
1205 $this->set('uri.media.full', $mediaURI);
1206 $this->set('uri.media.path', $mediaURI);
1207 }
1208 else
1209 {
1210 // Normalise slashes.
1211 $mediaURI = trim($mediaURI, '/\\');
1212 $mediaURI = !empty($mediaURI) ? '/' . $mediaURI . '/' : '/';
1213 $this->set('uri.media.full', $this->get('uri.base.host') . $mediaURI);
1214 $this->set('uri.media.path', $mediaURI);
1215 }
1216 }
1217 // No explicit media URI was set, build it dynamically from the base uri.
1218 else
1219 {
1220 $this->set('uri.media.full', $this->get('uri.base.full') . 'media/');
1221 $this->set('uri.media.path', $this->get('uri.base.path') . 'media/');
1222 }
1223 }
1224 }
1225