ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilCtrl.php
Go to the documentation of this file.
1 <?php
2 
18 declare(strict_types=1);
19 
20 use ILIAS\HTTP\Response\Sender\ResponseSendingException;
21 use ILIAS\HTTP\Response\Sender\ResponseSenderStrategy;
22 use ILIAS\Refinery\Factory as Refinery;
23 use ILIAS\HTTP\Wrapper\RequestWrapper;
24 use ILIAS\Filesystem\Stream\Streams;
25 use Psr\Http\Message\ServerRequestInterface;
26 use GuzzleHttp\Psr7\Response;
27 
34 class ilCtrl implements ilCtrlInterface
35 {
40  private ResponseSenderStrategy $response_sender;
41 
46  private ServerRequestInterface $server_request;
47 
52  private RequestWrapper $post_parameters;
53 
58  private RequestWrapper $get_parameters;
59 
64  private Refinery $refinery;
65 
70  private ilCtrlStructureInterface $structure;
71 
76  private ilCtrlTokenRepositoryInterface $token_repository;
77 
82  private ilCtrlContextInterface $context;
83 
88  private ilCtrlPathFactoryInterface $path_factory;
89 
94  private ilComponentFactory $component_factory;
95 
96  private ilCtrlQueryParserInterface $query_parser;
97 
102  private array $stacktrace = [];
103 
108  private ?object $exec_object = null;
109 
123  public function __construct(
124  ilCtrlStructureInterface $structure,
125  ilCtrlTokenRepositoryInterface $token_repository,
126  ilCtrlPathFactoryInterface $path_factory,
127  ilCtrlContextInterface $context,
128  ResponseSenderStrategy $response_sender,
129  ServerRequestInterface $server_request,
130  RequestWrapper $post_parameters,
131  RequestWrapper $get_parameters,
132  Refinery $refinery,
133  ilComponentFactory $component_factory,
134  ilCtrlQueryParserInterface $query_parser
135  ) {
136  $this->structure = $structure;
137  $this->token_repository = $token_repository;
138  $this->response_sender = $response_sender;
139  $this->server_request = $server_request;
140  $this->post_parameters = $post_parameters;
141  $this->get_parameters = $get_parameters;
142  $this->refinery = $refinery;
143  $this->path_factory = $path_factory;
144  $this->context = $context;
145  $this->component_factory = $component_factory;
146  $this->query_parser = $query_parser;
147  }
148 
149  public function __clone()
150  {
151  $this->structure = clone $this->structure;
152  }
153 
157  public function callBaseClass(string $a_base_class = null): void
158  {
159  // prioritise the context's baseclass over the given one.
160  $a_base_class = $this->context->getBaseClass() ?? $a_base_class;
161 
162  // abort if no baseclass was provided.
163  if (null === $a_base_class) {
164  throw new ilCtrlException(__METHOD__ . " was not given a baseclass and the request doesn't include one either.");
165  }
166 
167  // abort if the provided baseclass is unknown.
168  if (!$this->structure->isBaseClass($a_base_class)) {
169  throw new ilCtrlException("Provided class '$a_base_class' is not a baseclass");
170  }
171 
172  // in case the baseclass was given by argument,
173  // set the context's baseclass.
174  $this->context->setBaseClass($a_base_class);
175 
176  // no null-check needed as previous isBaseClass() was true.
177  $obj_name = $this->structure->getObjNameByName($a_base_class);
178  $this->forwardCommand(new $obj_name());
179  }
180 
184  public function forwardCommand(object $a_gui_object)
185  {
186  $class_name = get_class($a_gui_object);
187 
188  // @TODO: remove this check once an interface for command classes exists.
189  if (!method_exists($a_gui_object, 'executeCommand')) {
190  throw new ilCtrlException("$class_name doesn't implement executeCommand().");
191  }
192 
193  $this->exec_object = $a_gui_object;
194  $this->populateCall($class_name, self::CMD_MODE_PROCESS);
195 
196  // with forward command we cannot progress, or set
197  // the current command class. Otherwise, the path-
198  // finding gets mixed up, as it can only be used in
199  // getHTML() method calls.
200  $this->context
201  ->setCmdMode(self::CMD_MODE_PROCESS);
202 
203  return $a_gui_object->executeCommand();
204  }
205 
209  public function getHTML(object $a_gui_object, array $a_parameters = null): string
210  {
211  $class_name = get_class($a_gui_object);
212  // @TODO: remove this check once an interface for command classes exists.
213  if (!method_exists($a_gui_object, 'getHTML')) {
214  throw new ilCtrlException("$class_name doesn't implement getHTML().");
215  }
216 
217  $isolatad_structure = $this->structure;
218  $isolated_context = $this->context;
219  $isolated_object = $this->exec_object;
220 
221  $this->exec_object = $a_gui_object;
222  $this->populateCall($class_name, self::CMD_MODE_HTML);
223  $this->context
224  ->setCmdClass($class_name)
225  ->setCmdMode(self::CMD_MODE_HTML);
226 
227  $html = (null !== $a_parameters) ?
228  $a_gui_object->getHTML($a_parameters) :
229  $a_gui_object->getHTML();
230 
231  $this->structure = $isolatad_structure;
232  $this->context = $isolated_context;
233  $this->exec_object = $isolated_object;
234 
235  return $html;
236  }
237 
241  public function getCmd(string $fallback_command = null): ?string
242  {
243  // retrieve $_GET and $_POST parameters.
244  $post_command = $this->getPostCommand();
245  $get_command = $this->getQueryParam(self::PARAM_CMD);
246  $table_command = $this->getTableCommand();
247 
248  $is_post = (self::CMD_POST === $get_command);
249 
250  // if the $_GET command is 'post', either the $_POST
251  // command or $_GETs fallback command is used.
252  // for now, the table command is used as fallback as well,
253  // but this will be removed once the implementation of
254  // table actions change.
255  $command = ($is_post) ?
256  $post_command ?? $table_command ?? $this->getQueryParam(self::PARAM_CMD_FALLBACK) :
257  $get_command;
258 
259  // override the command that has been set during a
260  // request via ilCtrl::setCmd().
261  $context_command = $this->context->getCmd();
262  if (null !== $context_command && self::CMD_POST !== $context_command) {
263  $command = $context_command;
264  }
265 
266  if (null !== $command) {
267  // if the command is for post requests, or the command
268  // is not considered safe, the csrf-validation must pass.
269  $cmd_class = $this->context->getCmdClass();
270 
271  if (null !== $cmd_class && !$this->isCmdSecure($is_post, $cmd_class, $command)) {
272  $stored_token = $this->token_repository->getToken();
273  $sent_token = $this->getQueryParam(self::PARAM_CSRF_TOKEN);
274 
275  if (null !== $sent_token && $stored_token->verifyWith($sent_token)) {
276  return $command;
277  }
278  } else {
279  return $command;
280  }
281  }
282 
283  return $fallback_command ?? '';
284  }
285 
289  public function setCmd(?string $a_cmd): void
290  {
291  if (!empty($a_cmd)) {
292  $this->context->setCmd($a_cmd);
293  } else {
294  $this->context->setCmd(null);
295  }
296  }
297 
301  public function getCmdClass(): ?string
302  {
303  if (null !== ($cmd_class = $this->context->getCmdClass())) {
304  return strtolower($this->structure->getObjNameByName($cmd_class));
305  }
306 
307  return '';
308  }
309 
313  public function setCmdClass($a_cmd_class): void
314  {
315  if (!empty($a_cmd_class)) {
316  $this->context->setCmdClass($a_cmd_class);
317  } else {
318  $this->context->setCmdClass(null);
319  }
320  }
321 
325  public function getNextClass($a_gui_class = null): ?string
326  {
327  if (null === $a_gui_class && null === $this->exec_object) {
328  return '';
329  }
330 
331  if (null === $this->context->getPath()) {
332  return '';
333  }
334 
335  $next_cid = $this->context->getPath()->getNextCid(
336  $this->getClassByObject($a_gui_class ?? $this->exec_object)
337  );
338 
339  if (null !== $next_cid) {
340  return strtolower($this->structure->getObjNameByCid($next_cid) ?? '');
341  }
342 
343  return '';
344  }
345 
349  public function saveParameter(object $a_gui_obj, $a_parameter): void
350  {
351  $this->saveParameterByClass($this->getClassByObject($a_gui_obj), $a_parameter);
352  }
353 
357  public function saveParameterByClass(string $a_class, $a_parameter): void
358  {
359  if (!empty($a_parameter)) {
360  if (is_array($a_parameter)) {
361  foreach ($a_parameter as $parameter) {
362  $this->structure->setPermanentParameterByClass($a_class, $parameter);
363  }
364  } else {
365  $this->structure->setPermanentParameterByClass($a_class, $a_parameter);
366  }
367  }
368  }
369 
373  public function setParameter(object $a_gui_obj, string $a_parameter, $a_value): void
374  {
375  $this->setParameterByClass($this->getClassByObject($a_gui_obj), $a_parameter, $a_value);
376  }
377 
381  public function setParameterByClass(string $a_class, string $a_parameter, $a_value): void
382  {
383  $this->structure->setTemporaryParameterByClass($a_class, $a_parameter, $a_value);
384  }
385 
389  public function getParameterArray(object $a_gui_obj): array
390  {
391  return $this->getParameterArrayByClass($this->getClassByObject($a_gui_obj));
392  }
393 
397  public function getParameterArrayByClass(string $a_class): array
398  {
399  if (null === $this->structure->getClassCidByName($a_class)) {
400  throw new ilCtrlException("Cannot find provided class '$a_class' in the control structure.");
401  }
402 
403  $parameters = [];
404  $permanent_parameters = $this->structure->getPermanentParametersByClass($a_class);
405  if (null !== $permanent_parameters) {
406  foreach ($permanent_parameters as $parameter) {
407  $parameters[$parameter] = $this->getQueryParam($parameter);
408  }
409  }
410 
411  $temporary_parameters = $this->structure->getTemporaryParametersByClass($a_class);
412  if (null !== $temporary_parameters) {
413  // override existing ones, as temporary parameters
414  // are prioritised over fetched ones.
415  foreach ($temporary_parameters as $key => $value) {
416  $parameters[$key] = $value;
417  }
418  }
419 
420  return $parameters;
421  }
422 
426  public function clearParameters(object $a_gui_obj): void
427  {
428  $this->clearParametersByClass($this->getClassByObject($a_gui_obj));
429  }
430 
434  public function clearParametersByClass(string $a_class): void
435  {
436  // apparently permanent parameters should not be removable,
437  // therefore the line below stays commented:
438  // $this->structure->removePermanentParametersByClass($a_class);
439  $this->structure->removeTemporaryParametersByClass($a_class);
440  }
441 
445  public function clearParameterByClass(string $a_class, string $a_parameter): void
446  {
447  $this->structure->removeSingleParameterByClass($a_class, $a_parameter);
448  }
449 
453  public function getLinkTarget(
454  object $a_gui_obj,
455  string $a_cmd = null,
456  string $a_anchor = null,
457  bool $is_async = false,
458  bool $has_xml_style = false
459  ): string {
460  return $this->getLinkTargetByClass(
461  $this->getClassByObject($a_gui_obj),
462  $a_cmd,
463  $a_anchor,
464  $is_async,
465  $has_xml_style
466  );
467  }
468 
472  public function getLinkTargetByClass(
473  $a_class,
474  string $a_cmd = null,
475  string $a_anchor = null,
476  bool $is_async = false,
477  bool $has_xml_style = false
478  ): string {
479  return $this->getTargetUrl(
480  $a_class,
481  $a_cmd,
482  $a_anchor,
483  $is_async,
484  $has_xml_style
485  ) ?? '';
486  }
487 
491  public function getFormAction(
492  object $a_gui_obj,
493  string $a_fallback_cmd = null,
494  string $a_anchor = null,
495  bool $is_async = false,
496  bool $has_xml_style = false
497  ): string {
498  return $this->getFormActionByClass(
499  $this->getClassByObject($a_gui_obj),
500  $a_fallback_cmd,
501  $a_anchor,
502  $is_async,
503  $has_xml_style
504  );
505  }
506 
510  public function getFormActionByClass(
511  $a_class,
512  string $a_fallback_cmd = null,
513  string $a_anchor = null,
514  bool $is_async = false,
515  bool $has_xml_style = false
516  ): string {
517  return $this->getTargetUrl(
518  $a_class,
519  $a_fallback_cmd,
520  $a_anchor,
521  $is_async,
522  $has_xml_style,
523  true
524  ) ?? '';
525  }
526 
530  public function redirect(
531  object $a_gui_obj,
532  string $a_cmd = null,
533  string $a_anchor = null,
534  bool $is_async = false
535  ): void {
536  $this->redirectByClass(
537  $this->getClassByObject($a_gui_obj),
538  $a_cmd,
539  $a_anchor,
540  $is_async
541  );
542  }
543 
547  public function redirectByClass(
548  $a_class,
549  string $a_cmd = null,
550  string $a_anchor = null,
551  bool $is_async = false
552  ): void {
553  $this->redirectToURL(
554  $this->getLinkTargetByClass(
555  $a_class,
556  $a_cmd,
557  $a_anchor,
558  $is_async
559  )
560  );
561  }
562 
566  public function redirectToURL(string $target_url): void
567  {
568  // prepend the ILIAS HTTP path if it wasn't already.
569  if (defined("ILIAS_HTTP_PATH") &&
570  strpos($target_url, "://") === false &&
571  strpos($target_url, "/") !== 0
572  ) {
573  $target_url = ILIAS_HTTP_PATH . "/" . $target_url;
574  }
575 
576  // this line can be dropped after discussion with TB or JF,
577  // it keeps the functionality of UI plugin hooks alive.
578  $target_url = $this->modifyUrlWithPluginHooks($target_url);
579 
580  // initialize http response object
581  $response = new Response();
582 
583  // there's an exceptional case for asynchronous file uploads
584  // where a json response is delivered.
585  if ('application/json' === $this->server_request->getHeaderLine('Accept')) {
586  try {
587  $body = Streams::ofString(
588  json_encode(
589  [
590  'redirect_url' => $target_url,
591  'success' => true,
592  'message' => 'called redirect after asynchronous file-upload request.',
593  ],
594  JSON_THROW_ON_ERROR
595  )
596  );
597  } catch (Throwable $exception) {
598  $body = Streams::ofString($exception->getMessage());
599  }
600 
601  $response = $response->withBody($body);
602  } else {
603  $response = $response->withAddedHeader('Location', $target_url);
604  }
605 
606  // manually trigger session_write_close() due to exceptions stored
607  // in the ILIAS database, otherwise this method is called by exit()
608  // which leads to the exceptions not being written to the database.
609  session_write_close();
610 
611  try {
612  $this->response_sender->sendResponse($response);
613  } catch (ResponseSendingException $e) {
614  header("Location: $target_url");
615  if ('application/json' === $this->server_request->getHeaderLine('Accept')) {
616  $content = (null !== $response->getBody()) ?
617  $response->getBody()->getContents() :
618  [];
619 
620  echo json_encode($content, JSON_THROW_ON_ERROR);
621  }
622  } catch (Throwable $t) {
623  header("Location: $target_url");
624  echo $t->getMessage();
625  }
626 
627  exit;
628  }
629 
633  public function setContextObject(int $obj_id, string $obj_type): void
634  {
635  // cannot process object without object type.
636  if (!empty($obj_type)) {
637  $this->context->setObjId($obj_id);
638  $this->context->setObjType($obj_type);
639  }
640  }
641 
645  public function getContextObjId(): ?int
646  {
647  return $this->context->getObjId();
648  }
649 
653  public function getContextObjType(): ?string
654  {
655  return $this->context->getObjType();
656  }
657 
661  public function getCallHistory(): array
662  {
663  return $this->stacktrace;
664  }
665 
669  public function lookupClassPath(string $a_class): string
670  {
671  $path = $this->structure->getRelativePathByName($a_class);
672  if (null === $path) {
673  throw new ilCtrlException("Class '$a_class' cannot be found in the control structure.");
674  }
675 
676  return $path;
677  }
678 
682  public function lookupOriginalClassName(string $a_class): ?string
683  {
684  return $this->structure->getObjNameByName($a_class);
685  }
686 
690  public function getClassForClasspath(string $a_class_path): string
691  {
692  $path_info = pathinfo($a_class_path);
693 
694  return substr($path_info['basename'], 6, -4);
695  }
696 
700  public function setTargetScript(string $a_target_script): void
701  {
702  $this->context->setTargetScript($a_target_script);
703  }
704 
708  public function isAsynch(): bool
709  {
710  return $this->context->isAsync();
711  }
712 
716  public function setReturn(object $a_gui_obj, string $a_cmd = null): void
717  {
718  $this->setReturnByClass($this->getClassByObject($a_gui_obj), $a_cmd);
719  }
720 
724  public function setReturnByClass(string $a_class, string $a_cmd = null): void
725  {
726  $this->structure->setReturnTargetByClass(
727  $a_class,
728  $this->getLinkTargetByClass(
729  $a_class,
730  $a_cmd
731  )
732  );
733  }
734 
738  public function returnToParent(object $a_gui_obj, string $a_anchor = null): void
739  {
740  $class_name = $this->getClassByObject($a_gui_obj);
741  $target_url = $this->getParentReturnByClass($class_name);
742 
743  // append redirect source to target url.
744  $target_url = $this->appendParameterString(
745  $target_url,
746  self::PARAM_REDIRECT,
747  $class_name
748  );
749 
750  // append the provided anchor if necessary.
751  if (null !== $a_anchor) {
752  $target_url .= "#$a_anchor";
753  }
754 
755  $this->redirectToURL($target_url);
756  }
757 
761  public function getParentReturn(object $a_gui_obj): ?string
762  {
763  return $this->getParentReturnByClass($this->getClassByObject($a_gui_obj));
764  }
765 
769  public function getParentReturnByClass(string $a_class): ?string
770  {
771  $path = $this->path_factory->find($this->context, $a_class);
772  if (null !== $path->getCidPath()) {
773  foreach ($path->getCidArray() as $cid) {
774  $current_class = $this->structure->getClassNameByCid($cid);
775  $return_target = $this->structure->getReturnTargetByClass($current_class);
776  if (null !== $return_target) {
777  return $return_target;
778  }
779  }
780  }
781 
782  return null;
783  }
784 
788  public function getRedirectSource(): ?string
789  {
790  return $this->context->getRedirectSource();
791  }
792 
796  public function insertCtrlCalls($a_parent, $a_child, string $a_comp_prefix): void
797  {
798  throw new ilCtrlException(__METHOD__ . " is deprecated and must not be used.");
799  }
800 
804  public function checkCurrentPathForClass(string $gui_class): bool
805  {
806  $class_cid = $this->structure->getClassCidByName($gui_class);
807  if (null === $class_cid) {
808  return false;
809  }
810 
811  return strpos(
812  $this->context->getPath()->getCidPath() ?? '',
813  $class_cid
814  ) !== false;
815  }
816 
820  public function getCurrentClassPath(): array
821  {
822  if (null === $this->context->getPath()->getCidPath()) {
823  return [];
824  }
825 
826  $class_paths = [];
827  foreach ($this->context->getPath()->getCidArray(SORT_ASC) as $cid) {
828  $class_paths[] = $this->structure->getObjNameByCid($cid);
829  }
830 
831  return $class_paths;
832  }
833 
840  private function getQueryParam(string $parameter_name): ?string
841  {
842  if ($this->get_parameters->has($parameter_name)) {
843  return $this->get_parameters->retrieve(
844  $parameter_name,
845  $this->refinery->to()->string()
846  );
847  }
848 
849  return null;
850  }
851 
855  private function getTableCommand(): ?string
856  {
857  if ($this->post_parameters->has('table_top_cmd')) {
858  return $this->post_parameters->retrieve(
859  'table_top_cmd',
860  $this->refinery->custom()->transformation(function ($item): ?string {
861  return is_array($item) ? key($item) : null;
862  })
863  );
864  }
865  // Button on top of the table
866  if ($this->post_parameters->has('select_cmd2')) {
867  return $this->post_parameters->has('selected_cmd2')
868  ? $this->post_parameters->retrieve('selected_cmd2', $this->refinery->to()->string())
869  : null;
870  }
871  // Button at bottom of the table
872  if ($this->post_parameters->has('select_cmd')) {
873  return $this->post_parameters->has('selected_cmd')
874  ? $this->post_parameters->retrieve('selected_cmd', $this->refinery->to()->string())
875  : null;
876  }
877 
878  return null;
879  }
880 
885  private function getPostCommand(): ?string
886  {
887  if ($this->post_parameters->has(self::PARAM_CMD)) {
888  return $this->post_parameters->retrieve(
889  self::PARAM_CMD,
890  $this->refinery->custom()->transformation(
891  static function ($value): ?string {
892  if (!empty($value)) {
893  if (is_array($value)) {
894  // this most likely only works by accident, but
895  // the selected or clicked command button will
896  // always be sent as first array entry. This
897  // should definitely be done differently.
898  return (string) array_key_first($value);
899  }
900 
901  return (string) $value;
902  }
903 
904  return null;
905  }
906  )
907  );
908  }
909 
910  return null;
911  }
912 
925  private function getTargetUrl(
926  $a_class,
927  string $a_cmd = null,
928  string $a_anchor = null,
929  bool $is_async = false,
930  bool $is_escaped = false,
931  bool $is_post = false
932  ): ?string {
933  if (empty($a_class)) {
934  throw new ilCtrlException(__METHOD__ . " was provided with an empty class or class-array.");
935  }
936 
937  $is_array = is_array($a_class);
938 
939  $path = $this->path_factory->find($this->context, $a_class);
940  if (null !== ($exception = $path->getException())) {
941  throw $exception;
942  }
943 
944  $base_class = $path->getBaseClass();
945  if (null === $base_class) {
946  throw new ilCtrlException("Cannot find a valid baseclass in the cid path '{$path->getCidPath()}'");
947  }
948 
949  $target_url = $this->context->getTargetScript();
950  $target_url = $this->appendParameterString(
951  $target_url,
952  self::PARAM_BASE_CLASS,
953  urlencode($base_class), // encode in case of namespaced classes
954  $is_escaped
955  );
956 
957  $cmd_class = ($is_array) ?
958  $a_class[array_key_last($a_class)] :
959  $a_class;
960 
961  // only append the cid path and command class params
962  // if they exist.
963  if (null !== $path->getNextCid($base_class)) {
964  $target_url = $this->appendParameterString(
965  $target_url,
966  self::PARAM_CID_PATH,
967  $path->getCidPath(),
968  $is_escaped
969  );
970 
971  $target_url = $this->appendParameterString(
972  $target_url,
973  self::PARAM_CMD_CLASS,
974  urlencode($cmd_class), // encode in case of namespaced classes
975  $is_escaped
976  );
977  }
978 
979  // if the target url is generated for form actions,
980  // the command must be set to 'post'.
981  if ($is_post) {
982  $target_url = $this->appendParameterString(
983  $target_url,
984  self::PARAM_CMD,
985  self::CMD_POST,
986  $is_escaped
987  );
988  }
989 
990  // the actual command is appended as fallback command
991  // for form actions and 'normal' get requests.
992  if (!empty($a_cmd)) {
993  $target_url = $this->appendParameterString(
994  $target_url,
995  ($is_post) ? self::PARAM_CMD_FALLBACK : self::PARAM_CMD,
996  $a_cmd,
997  $is_escaped
998  );
999  }
1000 
1001  // collect all parameters of classes within the current
1002  // targets path and append them to the target url.
1003  foreach ($path->getCidArray(SORT_ASC) as $cid) {
1004  $class_name = $this->structure->getClassNameByCid($cid);
1005  if (null === $class_name) {
1006  throw new ilCtrlException("Classname for cid '$cid' in current path cannot be found.");
1007  }
1008 
1009  $target_url = $this->appendParameterStringsByClass(
1010  $class_name,
1011  $target_url,
1012  $is_escaped
1013  );
1014  }
1015 
1016  // append a csrf token if the command is considered
1017  // unsafe or the link is for form actions.
1018  if (!$this->isCmdSecure($is_post, $cmd_class, $a_cmd)) {
1019  $token = $this->token_repository->getToken();
1020  $target_url = $this->appendParameterString(
1021  $target_url,
1022  self::PARAM_CSRF_TOKEN,
1023  $token->getToken(),
1024  $is_escaped
1025  );
1026  }
1027 
1028  if ($is_async) {
1029  $target_url = $this->appendParameterString(
1030  $target_url,
1031  self::PARAM_CMD_MODE,
1032  self::CMD_MODE_ASYNC,
1033  $is_escaped
1034  );
1035  }
1036 
1037  if (!empty($a_anchor)) {
1038  $target_url .= "#$a_anchor";
1039  }
1040 
1041  return $target_url;
1042  }
1043 
1050  private function modifyUrlWithPluginHooks(string $target_url): string
1051  {
1052  $ui_plugins = $this->component_factory->getActivePluginsInSlot("uihk");
1053  foreach ($ui_plugins as $plugin_instance) {
1056  $html = $plugin_instance
1057  ->getUIClassInstance()
1058  ->getHTML(
1059  'Services/Utilities',
1060  'redirect',
1061  ["html" => $target_url]
1062  );
1063 
1064  if (ilUIHookPluginGUI::KEEP !== $html['mode']) {
1065  $target_url = $plugin_instance
1066  ->getUIClassInstance()
1067  ->modifyHTML(
1068  $target_url,
1069  $html
1070  );
1071  }
1072  }
1073 
1074  return $target_url;
1075  }
1076 
1084  private function isCmdSecure(bool $is_post, string $cmd_class, string $cmd = null): bool
1085  {
1086  // if no command is specified, the command is
1087  // considered safe if it's not a POST command.
1088  if (null === $cmd) {
1089  return !$is_post;
1090  }
1091 
1092  // if the given command class doesn't exist, the
1093  // command is not considered safe as it might've been
1094  // tampered with.
1095  $obj_name = $this->structure->getObjNameByName($cmd_class);
1096  if (null === $obj_name) {
1097  return false;
1098  }
1099 
1100  // if the command class does not yet implement the
1101  // ilCtrlSecurityInterface, the command is considered
1102  // safe if it's not a POST command.
1103  if (!is_a($obj_name, ilCtrlSecurityInterface::class, true)) {
1104  return !$is_post;
1105  }
1106 
1107  // the post command is considered safe if it's contained
1108  // in the list of safe post commands.
1109  if ($is_post) {
1110  return in_array($cmd, $this->structure->getSafeCommandsByName($cmd_class), true);
1111  }
1112 
1113  // the get command is considered safe if it's not
1114  // contained in the list of unsafe get commands.
1115  return !in_array($cmd, $this->structure->getUnsafeCommandsByName($cmd_class), true);
1116  }
1117 
1126  private function appendParameterStringsByClass(
1127  string $class_name,
1128  string $target_url,
1129  bool $is_escaped = false
1130  ): string {
1131  $class_parameters = $this->getParameterArrayByClass($class_name);
1132  if (!empty($class_parameters)) {
1133  foreach ($class_parameters as $key => $value) {
1134  $target_url = $this->appendParameterString(
1135  $target_url,
1136  $key,
1137  $value,
1138  $is_escaped
1139  );
1140  }
1141  }
1142 
1143  return $target_url;
1144  }
1145 
1154  private function appendParameterString(
1155  string $url,
1156  string $parameter_name,
1157  $value,
1158  bool $is_escaped = false
1159  ): string {
1160  // transform value into a string, since null will fail we can
1161  // (temporarily) use the null coalescing operator.
1162  $value = $this->refinery->kindlyTo()->string()->transform($value ?? '');
1163 
1164  if ('' === $value) {
1165  return $url;
1166  }
1167 
1169  $parsed_url = parse_url(str_replace('&amp;', '&', $url));
1170 
1171  $query_parameters = $this->query_parser->parseQueriesOfURL($parsed_url['query'] ?? '');
1172 
1173  // update the given parameter or add it to the list.
1174  $query_parameters[$parameter_name] = $value;
1175 
1176  $new_url = $parsed_url['path'] ?? $this->context->getTargetScript();
1177  // we currently only escape ampersands (don't blame me).
1178  $ampersand = ($is_escaped) ? '&amp;' : '&';
1179 
1180  foreach ($query_parameters as $parameter => $parameter_value) {
1181  $new_url .= (strpos($new_url, '?') !== false) ?
1182  $ampersand . "$parameter=$parameter_value" :
1183  "?$parameter=$parameter_value";
1184  }
1185 
1186  return $new_url;
1187  }
1188 
1194  private function populateCall(string $class_name, string $cmd_mode): void
1195  {
1196  $obj_name = $this->structure->getObjNameByName($class_name);
1197 
1198  $this->stacktrace[] = [
1199  self::PARAM_CMD_CLASS => $obj_name,
1200  self::PARAM_CMD_MODE => $cmd_mode,
1201  self::PARAM_CMD => $this->getCmd(),
1202  ];
1203  }
1204 
1211  private function getClassByObject($object): string
1212  {
1213  return (is_object($object)) ? get_class($object) : $object;
1214  }
1215 }
ilCtrl\getPostCommand
getPostCommand()
Returns the current $_POST command.
Definition: class.ilCtrl.php:885
ilCtrl\getContextObjId
getContextObjId()
Definition: class.ilCtrl.php:645
exit
exit
Definition: login.php:28
ilCtrl\__construct
__construct(ilCtrlStructureInterface $structure, ilCtrlTokenRepositoryInterface $token_repository, ilCtrlPathFactoryInterface $path_factory, ilCtrlContextInterface $context, ResponseSenderStrategy $response_sender, ServerRequestInterface $server_request, RequestWrapper $post_parameters, RequestWrapper $get_parameters, Refinery $refinery, ilComponentFactory $component_factory, ilCtrlQueryParserInterface $query_parser)
ilCtrl Constructor
Definition: class.ilCtrl.php:123
ilCtrl\getLinkTargetByClass
getLinkTargetByClass( $a_class, string $a_cmd=null, string $a_anchor=null, bool $is_async=false, bool $has_xml_style=false)
Definition: class.ilCtrl.php:472
ilCtrl\redirectByClass
redirectByClass( $a_class, string $a_cmd=null, string $a_anchor=null, bool $is_async=false)
Definition: class.ilCtrl.php:547
ilCtrl\getHTML
getHTML(object $a_gui_object, array $a_parameters=null)
Definition: class.ilCtrl.php:209
ilCtrl\setCmd
setCmd(?string $a_cmd)
Definition: class.ilCtrl.php:289
ilCtrl\callBaseClass
callBaseClass(string $a_base_class=null)
Definition: class.ilCtrl.php:157
ilCtrl\$post_parameters
RequestWrapper $post_parameters
Definition: class.ilCtrl.php:52
ilCtrl\redirect
redirect(object $a_gui_obj, string $a_cmd=null, string $a_anchor=null, bool $is_async=false)
Definition: class.ilCtrl.php:530
ilCtrl\getClassByObject
getClassByObject($object)
Helper function that returns the class name of a mixed (object or string) parameter.
Definition: class.ilCtrl.php:1211
ilCtrl\getCmd
getCmd(string $fallback_command=null)
Definition: class.ilCtrl.php:241
ilCtrl\setCmdClass
setCmdClass($a_cmd_class)
Definition: class.ilCtrl.php:313
ilCtrlQueryParserInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlQueryParserInterface.php:22
ilCtrl\insertCtrlCalls
insertCtrlCalls($a_parent, $a_child, string $a_comp_prefix)
Definition: class.ilCtrl.php:796
ilCtrl\$query_parser
ilCtrlQueryParserInterface $query_parser
Definition: class.ilCtrl.php:96
ilCtrl\checkCurrentPathForClass
checkCurrentPathForClass(string $gui_class)
Definition: class.ilCtrl.php:804
ilCtrl\lookupOriginalClassName
lookupOriginalClassName(string $a_class)
Definition: class.ilCtrl.php:682
ilCtrl\setParameterByClass
setParameterByClass(string $a_class, string $a_parameter, $a_value)
Definition: class.ilCtrl.php:381
ilCtrl\$server_request
ServerRequestInterface $server_request
Definition: class.ilCtrl.php:46
ilCtrl\isCmdSecure
isCmdSecure(bool $is_post, string $cmd_class, string $cmd=null)
Returns whether a given command is considered safe or not.
Definition: class.ilCtrl.php:1084
ilCtrl\clearParameterByClass
clearParameterByClass(string $a_class, string $a_parameter)
Definition: class.ilCtrl.php:445
ilCtrl\setReturnByClass
setReturnByClass(string $a_class, string $a_cmd=null)
Definition: class.ilCtrl.php:724
ilCtrl\returnToParent
returnToParent(object $a_gui_obj, string $a_anchor=null)
Definition: class.ilCtrl.php:738
ilCtrl\$exec_object
object $exec_object
Definition: class.ilCtrl.php:108
ilCtrl\forwardCommand
forwardCommand(object $a_gui_object)
Definition: class.ilCtrl.php:184
ilCtrl\getRedirectSource
getRedirectSource()
Definition: class.ilCtrl.php:788
$path
$path
Definition: ltiservices.php:32
ilCtrlTokenRepositoryInterface
Interface ilCtrlTokenRepositoryInterface describes an ilCtrl token.
Definition: interface.ilCtrlTokenRepositoryInterface.php:10
ilCtrl\getTableCommand
getTableCommand()
Definition: class.ilCtrl.php:855
ilCtrl\getClassForClasspath
getClassForClasspath(string $a_class_path)
Definition: class.ilCtrl.php:690
ilCtrl\getParentReturn
getParentReturn(object $a_gui_obj)
Definition: class.ilCtrl.php:761
ilCtrl\getNextClass
getNextClass($a_gui_class=null)
Definition: class.ilCtrl.php:325
ilCtrl\getQueryParam
getQueryParam(string $parameter_name)
Returns a parameter with the given name from the current GET request.
Definition: class.ilCtrl.php:840
$token
$token
Definition: xapitoken.php:70
ilCtrl\$token_repository
ilCtrlTokenRepositoryInterface $token_repository
Definition: class.ilCtrl.php:76
ilCtrl\getFormActionByClass
getFormActionByClass( $a_class, string $a_fallback_cmd=null, string $a_anchor=null, bool $is_async=false, bool $has_xml_style=false)
Definition: class.ilCtrl.php:510
ILIAS\HTTP\Wrapper\RequestWrapper
Interface RequestWrapper.
Definition: RequestWrapper.php:27
ilCtrl\clearParameters
clearParameters(object $a_gui_obj)
Definition: class.ilCtrl.php:426
ilCtrl\$get_parameters
RequestWrapper $get_parameters
Definition: class.ilCtrl.php:58
ilCtrl\appendParameterStringsByClass
appendParameterStringsByClass(string $class_name, string $target_url, bool $is_escaped=false)
Appends all parameters for a given class to the given URL.
Definition: class.ilCtrl.php:1126
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
ilCtrlContextInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlContextInterface.php:25
ilCtrl\lookupClassPath
lookupClassPath(string $a_class)
Definition: class.ilCtrl.php:669
ilCtrlPathFactoryInterface
Interface ilCtrlPathFactoryInterface describes the ilCtrl Path factory.
Definition: interface.ilCtrlPathFactoryInterface.php:11
ilCtrl\clearParametersByClass
clearParametersByClass(string $a_class)
Definition: class.ilCtrl.php:434
ilCtrl\$context
ilCtrlContextInterface $context
Definition: class.ilCtrl.php:82
ilCtrl\getParentReturnByClass
getParentReturnByClass(string $a_class)
Definition: class.ilCtrl.php:769
ilCtrlException
ilCtrl exceptions
Definition: class.ilCtrlException.php:10
ilCtrl\$component_factory
ilComponentFactory $component_factory
Definition: class.ilCtrl.php:94
ilCtrl\getCurrentClassPath
getCurrentClassPath()
Definition: class.ilCtrl.php:820
ilCtrl\getLinkTarget
getLinkTarget(object $a_gui_obj, string $a_cmd=null, string $a_anchor=null, bool $is_async=false, bool $has_xml_style=false)
Definition: class.ilCtrl.php:453
ilCtrl\getParameterArrayByClass
getParameterArrayByClass(string $a_class)
Definition: class.ilCtrl.php:397
ilCtrl\setTargetScript
setTargetScript(string $a_target_script)
Definition: class.ilCtrl.php:700
ilCtrl\getCallHistory
getCallHistory()
Definition: class.ilCtrl.php:661
ilCtrl\saveParameter
saveParameter(object $a_gui_obj, $a_parameter)
Definition: class.ilCtrl.php:349
ilCtrl\getParameterArray
getParameterArray(object $a_gui_obj)
Definition: class.ilCtrl.php:389
ilCtrl\saveParameterByClass
saveParameterByClass(string $a_class, $a_parameter)
Definition: class.ilCtrl.php:357
$url
$url
Definition: proxy_ylocal.php:28
ilCtrl\setParameter
setParameter(object $a_gui_obj, string $a_parameter, $a_value)
Definition: class.ilCtrl.php:373
ilCtrl\redirectToURL
redirectToURL(string $target_url)
Definition: class.ilCtrl.php:566
ilCtrl\$path_factory
ilCtrlPathFactoryInterface $path_factory
Definition: class.ilCtrl.php:88
ilCtrl\$response_sender
ResponseSenderStrategy $response_sender
Definition: class.ilCtrl.php:40
ilCtrl\populateCall
populateCall(string $class_name, string $cmd_mode)
Helper function that populates a call in the current stacktrace.
Definition: class.ilCtrl.php:1194
ilCtrl\getFormAction
getFormAction(object $a_gui_obj, string $a_fallback_cmd=null, string $a_anchor=null, bool $is_async=false, bool $has_xml_style=false)
Definition: class.ilCtrl.php:491
$response
$response
Definition: proxy_ylocal.php:39
ilCtrl\$stacktrace
array $stacktrace
Definition: class.ilCtrl.php:102
ilCtrl\$refinery
Refinery $refinery
Definition: class.ilCtrl.php:64
ilCtrl\getTargetUrl
getTargetUrl( $a_class, string $a_cmd=null, string $a_anchor=null, bool $is_async=false, bool $is_escaped=false, bool $is_post=false)
Helper function that returns a target URL string.
Definition: class.ilCtrl.php:925
ilCtrl\setReturn
setReturn(object $a_gui_obj, string $a_cmd=null)
Definition: class.ilCtrl.php:716
ilCtrl\$structure
ilCtrlStructureInterface $structure
Definition: class.ilCtrl.php:70
ilCtrl\setContextObject
setContextObject(int $obj_id, string $obj_type)
Definition: class.ilCtrl.php:633
ilCtrl\getContextObjType
getContextObjType()
Definition: class.ilCtrl.php:653