00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034 class Mage_Adminhtml_Controller_Action extends Mage_Core_Controller_Varien_Action
00035 {
00036 const FLAG_IS_URLS_CHECKED = 'check_url_settings';
00037
00038
00039
00040
00041
00042
00043 protected $_publicActions = array();
00044
00045
00046
00047
00048 protected $_usedModuleName = 'adminhtml';
00049
00050 protected function _isAllowed()
00051 {
00052 return true;
00053 }
00054
00055
00056
00057
00058
00059
00060 protected function _getSession()
00061 {
00062 return Mage::getSingleton('adminhtml/session');
00063 }
00064
00065
00066
00067
00068
00069
00070 protected function _getHelper()
00071 {
00072 return Mage::helper('adminhtml');
00073 }
00074
00075
00076
00077
00078
00079
00080 protected function _setActiveMenu($menuPath)
00081 {
00082 $this->getLayout()->getBlock('menu')->setActive($menuPath);
00083 return $this;
00084 }
00085
00086
00087
00088
00089 protected function _addBreadcrumb($label, $title, $link=null)
00090 {
00091 $this->getLayout()->getBlock('breadcrumbs')->addLink($label, $title, $link);
00092 return $this;
00093 }
00094
00095
00096
00097
00098 protected function _addContent(Mage_Core_Block_Abstract $block)
00099 {
00100 $this->getLayout()->getBlock('content')->append($block);
00101 return $this;
00102 }
00103
00104 protected function _addLeft(Mage_Core_Block_Abstract $block)
00105 {
00106 $this->getLayout()->getBlock('left')->append($block);
00107 return $this;
00108 }
00109
00110 protected function _addJs(Mage_Core_Block_Abstract $block)
00111 {
00112 $this->getLayout()->getBlock('js')->append($block);
00113 return $this;
00114 }
00115
00116
00117
00118
00119
00120
00121 public function preDispatch()
00122 {
00123 Mage::getDesign()->setArea('adminhtml')
00124 ->setPackageName((string)Mage::getConfig()->getNode('stores/admin/design/package/name'))
00125 ->setTheme((string)Mage::getConfig()->getNode('stores/admin/design/theme/default'));
00126
00127 $this->getLayout()->setArea('adminhtml');
00128
00129 Mage::dispatchEvent('adminhtml_controller_action_predispatch_start', array());
00130 parent::preDispatch();
00131 $_isValidFormKey = true;
00132 $_isValidSecretKey = true;
00133 $_keyErrorMsg = '';
00134 if (Mage::getSingleton('admin/session')->isLoggedIn()) {
00135 if ($this->getRequest()->isPost()) {
00136 $_isValidFormKey = $this->_validateFormKey();
00137 $_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Form Key. Please refresh the page.');
00138 } elseif (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
00139 $_isValidSecretKey = $this->_validateSecretKey();
00140 $_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Secret Key. Please refresh the page.');
00141 }
00142 }
00143 if (!$_isValidFormKey || !$_isValidSecretKey) {
00144 $this->setFlag('', self::FLAG_NO_DISPATCH, true);
00145 $this->setFlag('', self::FLAG_NO_POST_DISPATCH, true);
00146 if ($this->getRequest()->getQuery('isAjax', false) || $this->getRequest()->getQuery('ajax', false)) {
00147 $this->getResponse()->setBody(Zend_Json::encode(array(
00148 'error' => true,
00149 'message' => $_keyErrorMsg
00150 )));
00151 } else {
00152 $this->_redirect( Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl() );
00153 }
00154 return $this;
00155 }
00156
00157 if ($this->getRequest()->isDispatched()
00158 && $this->getRequest()->getActionName() !== 'denied'
00159 && !$this->_isAllowed()) {
00160 $this->_forward('denied');
00161 $this->setFlag('', self::FLAG_NO_DISPATCH, true);
00162 return $this;
00163 }
00164
00165 if (!$this->getFlag('', self::FLAG_IS_URLS_CHECKED)
00166 && !$this->getRequest()->getParam('forwarded')
00167 && !$this->_getSession()->getIsUrlNotice(true)
00168 && !Mage::getConfig()->getNode('global/can_use_base_url')) {
00169 $this->_checkUrlSettings();
00170 $this->setFlag('', self::FLAG_IS_URLS_CHECKED, true);
00171 }
00172 if (is_null(Mage::getSingleton('adminhtml/session')->getLocale())) {
00173 Mage::getSingleton('adminhtml/session')->setLocale(Mage::app()->getLocale()->getLocaleCode());
00174 }
00175
00176 return $this;
00177 }
00178
00179 protected function _checkUrlSettings()
00180 {
00181
00182
00183
00184 if ($this->getRequest()->getPost() || $this->getRequest()->getQuery('isAjax')) {
00185 return $this;
00186 }
00187
00188 $configData = Mage::getModel('core/config_data');
00189
00190 $defaultUnsecure= (string) Mage::getConfig()->getNode('default/'.Mage_Core_Model_Store::XML_PATH_UNSECURE_BASE_URL);
00191 $defaultSecure = (string) Mage::getConfig()->getNode('default/'.Mage_Core_Model_Store::XML_PATH_SECURE_BASE_URL);
00192
00193 if ($defaultSecure == '{{base_url}}' || $defaultUnsecure == '{{base_url}}') {
00194 $this->_getSession()->addNotice(
00195 $this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure Url / Base Secure Url. It is highly recommended to change this value in your Magento <a href="%s">configuration</a>.', $this->getUrl('adminhtml/system_config/edit', array('section'=>'web')))
00196 );
00197 return $this;
00198 }
00199
00200 $dataCollection = $configData->getCollection()
00201 ->addValueFilter('{{base_url}}');
00202
00203 $url = false;
00204 foreach ($dataCollection as $data) {
00205 if ($data->getScope() == 'stores') {
00206 $code = Mage::app()->getStore($data->getScopeId())->getCode();
00207 $url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'store'=>$code));
00208 }
00209 if ($data->getScope() == 'websites') {
00210 $code = Mage::app()->getWebsite($data->getScopeId())->getCode();
00211 $url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'website'=>$code));
00212 }
00213
00214 if ($url) {
00215 $this->_getSession()->addNotice(
00216 $this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure Url / Base Secure Url. It is highly recommended to change this value in your Magento <a href="%s">configuration</a>.', $url)
00217 );
00218 return $this;
00219 }
00220 }
00221 return $this;
00222 }
00223
00224 public function deniedAction()
00225 {
00226 $this->getResponse()->setHeader('HTTP/1.1','403 Forbidden');
00227 if (!Mage::getSingleton('admin/session')->isLoggedIn()) {
00228 $this->_redirect('*/index/login');
00229 return;
00230 }
00231 $this->loadLayout(array('default', 'adminhtml_denied'));
00232 $this->renderLayout();
00233 }
00234
00235 public function loadLayout($ids=null, $generateBlocks=true, $generateXml=true)
00236 {
00237 parent::loadLayout($ids, $generateBlocks, $generateXml);
00238 $this->_initLayoutMessages('adminhtml/session');
00239 return $this;
00240 }
00241
00242 public function norouteAction($coreRoute = null)
00243 {
00244 $this->getResponse()->setHeader('HTTP/1.1','404 Not Found');
00245 $this->getResponse()->setHeader('Status','404 File not found');
00246 $this->loadLayout(array('default', 'adminhtml_noroute'));
00247 $this->renderLayout();
00248 }
00249
00250
00251
00252
00253
00254
00255
00256 public function getUsedModuleName()
00257 {
00258 return $this->_usedModuleName;
00259 }
00260
00261
00262
00263
00264
00265
00266
00267 public function setUsedModuleName($moduleName)
00268 {
00269 $this->_usedModuleName = $moduleName;
00270 return $this;
00271 }
00272
00273
00274
00275
00276
00277
00278 public function __()
00279 {
00280 $args = func_get_args();
00281 $expr = new Mage_Core_Model_Translate_Expr(array_shift($args), $this->getUsedModuleName());
00282 array_unshift($args, $expr);
00283 return Mage::app()->getTranslator()->translate($args);
00284 }
00285
00286
00287
00288
00289
00290
00291
00292
00293
00294 protected function _redirectReferer($defaultUrl=null)
00295 {
00296 $defaultUrl = empty($defaultUrl) ? $this->getUrl('*') : $defaultUrl;
00297 parent::_redirectReferer($defaultUrl);
00298 return $this;
00299 }
00300
00301
00302
00303
00304
00305
00306
00307
00308
00309
00310 protected function _prepareDownloadResponse($fileName, $content, $contentType = 'application/octet-stream', $contentLength = null)
00311 {
00312 $session = Mage::getSingleton('admin/session');
00313 if ($session->isFirstPageAfterLogin()) {
00314 $this->_redirect($session->getUser()->getStartupPageUrl());
00315 return $this;
00316 }
00317 $this->getResponse()
00318 ->setHttpResponseCode(200)
00319 ->setHeader('Pragma', 'public', true)
00320 ->setHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0', true)
00321 ->setHeader('Content-type', $contentType, true)
00322 ->setHeader('Content-Length', is_null($contentLength) ? strlen($content) : $contentLength)
00323 ->setHeader('Content-Disposition', 'attachment; filename=' . $fileName)
00324 ->setHeader('Last-Modified', date('r'));
00325 if (!is_null($content)) {
00326 $this->getResponse()->setBody($content);
00327 }
00328 return $this;
00329 }
00330
00331
00332
00333
00334
00335
00336
00337 protected function _redirect($path, $arguments=array())
00338 {
00339 $this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED));
00340 $this->getResponse()->setRedirect($this->getUrl($path, $arguments));
00341 return $this;
00342 }
00343
00344 protected function _forward($action, $controller = null, $module = null, array $params = null)
00345 {
00346 $this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED));
00347 return parent::_forward($action, $controller, $module, $params);
00348 }
00349
00350
00351
00352
00353
00354
00355
00356
00357 public function getUrl($route='', $params=array())
00358 {
00359 return Mage::helper('adminhtml')->getUrl($route, $params);
00360 }
00361
00362
00363
00364
00365
00366
00367 protected function _validateSecretKey()
00368 {
00369 if (is_array($this->_publicActions) && in_array($this->getRequest()->getActionName(), $this->_publicActions)) {
00370 return true;
00371 }
00372
00373 if (!($secretKey = $this->getRequest()->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME, null))
00374 || $secretKey != Mage::getSingleton('adminhtml/url')->getSecretKey()) {
00375 return false;
00376 }
00377 return true;
00378 }
00379 }