Magento: app/code/core/Mage/Adminhtml/Model/Url.php Source File

00001 <?php
00002 /**
00003  * Magento
00004  *
00005  * NOTICE OF LICENSE
00006  *
00007  * This source file is subject to the Open Software License (OSL 3.0)
00008  * that is bundled with this package in the file LICENSE.txt.
00009  * It is also available through the world-wide-web at this URL:
00010  * http://opensource.org/licenses/osl-3.0.php
00011  * If you did not receive a copy of the license and are unable to
00012  * obtain it through the world-wide-web, please send an email
00013  * to license@magentocommerce.com so we can send you a copy immediately.
00014  *
00015  * DISCLAIMER
00016  *
00017  * Do not edit or add to this file if you wish to upgrade Magento to newer
00018  * versions in the future. If you wish to customize Magento for your
00019  * needs please refer to http://www.magentocommerce.com for more information.
00020  *
00021  * @category   Mage
00022  * @package    Mage_Adminhtml
00023  * @copyright  Copyright (c) 2008 Irubin Consulting Inc. DBA Varien (http://www.varien.com)
00024  * @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
00025  */
00026 class Mage_Adminhtml_Model_Url extends Mage_Core_Model_Url
00027 {
00028     /**
00029      * Secret key query param name
00030      */
00031     const SECRET_KEY_PARAM_NAME = 'key';
00032 
00033     /**
00034      * Retrieve is secure mode for ULR logic
00035      *
00036      * @return bool
00037      */
00038     public function getSecure()
00039     {
00040         if ($this->hasData('secure_is_forced')) {
00041             return $this->getData('secure');
00042         }
00043         return Mage::getStoreConfigFlag('web/secure/use_in_adminhtml');
00044     }
00045 
00046     /**
00047      * Force strip secret key param if _nosecret param specified
00048      *
00049      * @return Mage_Core_Model_Url
00050      */
00051     public function setRouteParams(array $data, $unsetOldParams=true)
00052     {
00053         if (isset($data['_nosecret'])) {
00054             $this->setNoSecret(true);
00055             unset($data['_nosecret']);
00056         } else {
00057             $this->setNoSecret(false);
00058         }
00059 
00060         return parent::setRouteParams($data, $unsetOldParams);
00061     }
00062 
00063     /**
00064      * Custom logic to retrieve Urls
00065      *
00066      * @param string $routePath
00067      * @param array $routeParams
00068      * @return string
00069      */
00070     public function getUrl($routePath=null, $routeParams=null)
00071     {
00072         $result = parent::getUrl($routePath, $routeParams);
00073 
00074         if (!$this->useSecretKey()) {
00075             return $result;
00076         }
00077 
00078         $_route = $this->getRouteName() ? $this->getRouteName() : '*';
00079         $_controller = $this->getControllerName() ? $this->getControllerName() : $this->getDefaultControllerName();
00080         $_action = $this->getActionName() ? $this->getActionName() : $this->getDefaultActionName();
00081         $secret = array(self::SECRET_KEY_PARAM_NAME => $this->getSecretKey($_controller, $_action));
00082         if (is_array($routeParams)) {
00083             $routeParams = array_merge($secret, $routeParams);
00084         } else {
00085             $routeParams = $secret;
00086         }
00087         if (is_array($this->getRouteParams())) {
00088             $routeParams = array_merge($this->getRouteParams(), $routeParams);
00089         }
00090         return parent::getUrl("{$_route}/{$_controller}/{$_action}", $routeParams);
00091     }
00092 
00093     /**
00094      * Generate secret key for controller and action based on form key
00095      *
00096      * @param string $controller Controller name
00097      * @param string $action Action name
00098      * @return string
00099      */
00100     public function getSecretKey($controller = null, $action = null)
00101     {
00102         $salt = Mage::getSingleton('core/session')->getFormKey();
00103 
00104         $p = explode('/', trim($this->getRequest()->getOriginalPathInfo(), '/'));
00105         if (!$controller) {
00106             $controller = !empty($p[1]) ? $p[1] : $this->getRequest()->getControllerName();
00107         }
00108         if (!$action) {
00109             $action = !empty($p[2]) ? $p[2] : $this->getRequest()->getActionName();
00110         }
00111 
00112         $secret = $controller . $action . $salt;
00113         return Mage::helper('core')->getHash($secret);
00114     }
00115 
00116     /**
00117      * Return secret key settings flag
00118      *
00119      * @return boolean
00120      */
00121     public function useSecretKey()
00122     {
00123         return Mage::getStoreConfigFlag('admin/security/use_form_key') && !$this->getNoSecret();
00124     }
00125 
00126     /**
00127      * Enable secret key using
00128      *
00129      * @return Mage_Adminhtml_Model_Url
00130      */
00131     public function turnOnSecretKey()
00132     {
00133         $this->setNoSecret(false);
00134         return $this;
00135     }
00136 
00137     /**
00138      * Disable secret key using
00139      *
00140      * @return Mage_Adminhtml_Model_Url
00141      */
00142     public function turnOffSecretKey()
00143     {
00144         $this->setNoSecret(true);
00145         return $this;
00146     }
00147 
00148     /**
00149      * Refresh admin menu cache etc.
00150      *
00151      * @return Mage_Adminhtml_Model_Url
00152      */
00153     public function renewSecretUrls()
00154     {
00155         Mage::app()->cleanCache(array(Mage_Adminhtml_Block_Page_Menu::CACHE_TAGS));
00156     }
00157 }