| Server IP : 213.186.33.4 / Your IP : 216.73.216.193 Web Server : Apache System : Linux webm006.cluster103.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64 User : awebpaca ( 35430) PHP Version : 8.5.0 Disable Function : _dyuweyrj4,_dyuweyrj4r,dl MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/awebpaca/boutiques/app/code/core/Mage/Adminhtml/Controller/ |
Upload File : |
<?php
/**
* Magento
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for your
* needs please refer to http://www.magentocommerce.com for more information.
*
* @category Mage
* @package Mage_Adminhtml
* @copyright Copyright (c) 2010 Magento Inc. (http://www.magentocommerce.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/
/**
* Base adminhtml controller
*
* @category Mage
* @package Mage_Adminhtml
* @author Magento Core Team <core@magentocommerce.com>
*/
class Mage_Adminhtml_Controller_Action extends Mage_Core_Controller_Varien_Action
{
const FLAG_IS_URLS_CHECKED = 'check_url_settings';
/**
* Array of actions which can be processed without secret key validation
*
* @var array
*/
protected $_publicActions = array();
/**
* Used module name in current adminhtml controller
*/
protected $_usedModuleName = 'adminhtml';
/**
* Currently used area
*
* @var string
*/
protected $_currentArea = 'adminhtml';
/**
* Namespace for session.
*
* @var string
*/
protected $_sessionNamespace = 'adminhtml';
protected function _isAllowed()
{
return true;
}
/**
* Retrieve adminhtml session model object
*
* @return Mage_Adminhtml_Model_Session
*/
protected function _getSession()
{
return Mage::getSingleton('adminhtml/session');
}
/**
* Retrieve base admihtml helper
*
* @return Mage_Adminhtml_Helper_Data
*/
protected function _getHelper()
{
return Mage::helper('adminhtml');
}
/**
* Define active menu item in menu block
*
* @return Mage_Adminhtml_Controller_Action
*/
protected function _setActiveMenu($menuPath)
{
$this->getLayout()->getBlock('menu')->setActive($menuPath);
return $this;
}
/**
* @return Mage_Adminhtml_Controller_Action
*/
protected function _addBreadcrumb($label, $title, $link=null)
{
$this->getLayout()->getBlock('breadcrumbs')->addLink($label, $title, $link);
return $this;
}
/**
* @return Mage_Adminhtml_Controller_Action
*/
protected function _addContent(Mage_Core_Block_Abstract $block)
{
$this->getLayout()->getBlock('content')->append($block);
return $this;
}
protected function _addLeft(Mage_Core_Block_Abstract $block)
{
$this->getLayout()->getBlock('left')->append($block);
return $this;
}
protected function _addJs(Mage_Core_Block_Abstract $block)
{
$this->getLayout()->getBlock('js')->append($block);
return $this;
}
/**
* Controller predispatch method
*
* @return Mage_Adminhtml_Controller_Action
*/
public function preDispatch()
{
// override admin store design settings via stores section
Mage::getDesign()
->setArea($this->_currentArea)
->setPackageName((string)Mage::getConfig()->getNode('stores/admin/design/package/name'))
->setTheme((string)Mage::getConfig()->getNode('stores/admin/design/theme/default'))
;
foreach (array('layout', 'template', 'skin', 'locale') as $type) {
if ($value = (string)Mage::getConfig()->getNode("stores/admin/design/theme/{$type}")) {
Mage::getDesign()->setTheme($type, $value);
}
}
$this->getLayout()->setArea($this->_currentArea);
Mage::dispatchEvent('adminhtml_controller_action_predispatch_start', array());
parent::preDispatch();
$_isValidFormKey = true;
$_isValidSecretKey = true;
$_keyErrorMsg = '';
if (Mage::getSingleton('admin/session')->isLoggedIn()) {
if ($this->getRequest()->isPost()) {
$_isValidFormKey = $this->_validateFormKey();
$_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Form Key. Please refresh the page.');
} elseif (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
$_isValidSecretKey = $this->_validateSecretKey();
$_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Secret Key. Please refresh the page.');
}
}
if (!$_isValidFormKey || !$_isValidSecretKey) {
$this->setFlag('', self::FLAG_NO_DISPATCH, true);
$this->setFlag('', self::FLAG_NO_POST_DISPATCH, true);
if ($this->getRequest()->getQuery('isAjax', false) || $this->getRequest()->getQuery('ajax', false)) {
$this->getResponse()->setBody(Mage::helper('core')->jsonEncode(array(
'error' => true,
'message' => $_keyErrorMsg
)));
} else {
$this->_redirect( Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl() );
}
return $this;
}
if ($this->getRequest()->isDispatched()
&& $this->getRequest()->getActionName() !== 'denied'
&& !$this->_isAllowed()) {
$this->_forward('denied');
$this->setFlag('', self::FLAG_NO_DISPATCH, true);
return $this;
}
if (!$this->getFlag('', self::FLAG_IS_URLS_CHECKED)
&& !$this->getRequest()->getParam('forwarded')
&& !$this->_getSession()->getIsUrlNotice(true)
&& !Mage::getConfig()->getNode('global/can_use_base_url')) {
//$this->_checkUrlSettings();
$this->setFlag('', self::FLAG_IS_URLS_CHECKED, true);
}
if (is_null(Mage::getSingleton('adminhtml/session')->getLocale())) {
Mage::getSingleton('adminhtml/session')->setLocale(Mage::app()->getLocale()->getLocaleCode());
}
return $this;
}
/**
* @deprecated after 1.4.0.0 alpha, logic moved to Mage_Adminhtml_Block_Notification_Baseurl
* @return Mage_Adminhtml_Controller_Action
*/
protected function _checkUrlSettings()
{
/**
* Don't check for data saving actions
*/
if ($this->getRequest()->getPost() || $this->getRequest()->getQuery('isAjax')) {
return $this;
}
$configData = Mage::getModel('core/config_data');
$defaultUnsecure= (string) Mage::getConfig()->getNode('default/'.Mage_Core_Model_Store::XML_PATH_UNSECURE_BASE_URL);
$defaultSecure = (string) Mage::getConfig()->getNode('default/'.Mage_Core_Model_Store::XML_PATH_SECURE_BASE_URL);
if ($defaultSecure == '{{base_url}}' || $defaultUnsecure == '{{base_url}}') {
$this->_getSession()->addNotice(
$this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento <a href="%s">configuration</a>.', $this->getUrl('adminhtml/system_config/edit', array('section'=>'web')))
);
return $this;
}
$dataCollection = $configData->getCollection()
->addValueFilter('{{base_url}}');
$url = false;
foreach ($dataCollection as $data) {
if ($data->getScope() == 'stores') {
$code = Mage::app()->getStore($data->getScopeId())->getCode();
$url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'store'=>$code));
}
if ($data->getScope() == 'websites') {
$code = Mage::app()->getWebsite($data->getScopeId())->getCode();
$url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'website'=>$code));
}
if ($url) {
$this->_getSession()->addNotice(
$this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento <a href="%s">configuration</a>.', $url)
);
return $this;
}
}
return $this;
}
public function deniedAction()
{
$this->getResponse()->setHeader('HTTP/1.1','403 Forbidden');
if (!Mage::getSingleton('admin/session')->isLoggedIn()) {
$this->_redirect('*/index/login');
return;
}
$this->loadLayout(array('default', 'adminhtml_denied'));
$this->renderLayout();
}
public function loadLayout($ids=null, $generateBlocks=true, $generateXml=true)
{
parent::loadLayout($ids, $generateBlocks, $generateXml);
$this->_initLayoutMessages('adminhtml/session');
return $this;
}
public function norouteAction($coreRoute = null)
{
$this->getResponse()->setHeader('HTTP/1.1','404 Not Found');
$this->getResponse()->setHeader('Status','404 File not found');
$this->loadLayout(array('default', 'adminhtml_noroute'));
$this->renderLayout();
}
/**
* Retrieve currently used module name
*
* @return string
*/
public function getUsedModuleName()
{
return $this->_usedModuleName;
}
/**
* Set currently used module name
*
* @param string $moduleName
* @return Mage_Adminhtml_Controller_Action
*/
public function setUsedModuleName($moduleName)
{
$this->_usedModuleName = $moduleName;
return $this;
}
/**
* Translate a phrase
*
* @return string
*/
public function __()
{
$args = func_get_args();
$expr = new Mage_Core_Model_Translate_Expr(array_shift($args), $this->getUsedModuleName());
array_unshift($args, $expr);
return Mage::app()->getTranslator()->translate($args);
}
/**
* Set referer url for redirect in responce
*
* Is overriden here to set defaultUrl to admin url
*
* @param string $defaultUrl
* @return Mage_Adminhtml_Controller_Action
*/
protected function _redirectReferer($defaultUrl=null)
{
$defaultUrl = empty($defaultUrl) ? $this->getUrl('*') : $defaultUrl;
parent::_redirectReferer($defaultUrl);
return $this;
}
/**
* Declare headers and content file in responce for file download
*
* @param string $fileName
* @param string|array $content set to null to avoid starting output, $contentLength should be set explicitly in
* that case
* @param string $contentType
* @param int $contentLength explicit content length, if strlen($content) isn't applicable
* @return Mage_Adminhtml_Controller_Action
*/
protected function _prepareDownloadResponse($fileName, $content, $contentType = 'application/octet-stream', $contentLength = null)
{
$session = Mage::getSingleton('admin/session');
if ($session->isFirstPageAfterLogin()) {
$this->_redirect($session->getUser()->getStartupPageUrl());
return $this;
}
$isFile = false;
$file = null;
if (is_array($content)) {
if (!isset($content['type']) || !isset($content['value'])) {
return $this;
}
if ($content['type'] == 'filename') {
$isFile = true;
$file = $content['value'];
$contentLength = filesize($file);
}
}
$this->getResponse()
->setHttpResponseCode(200)
->setHeader('Pragma', 'public', true)
->setHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0', true)
->setHeader('Content-type', $contentType, true)
->setHeader('Content-Length', is_null($contentLength) ? strlen($content) : $contentLength)
->setHeader('Content-Disposition', 'attachment; filename="'.$fileName.'"')
->setHeader('Last-Modified', date('r'));
if (!is_null($content)) {
if ($isFile) {
$this->getResponse()->clearBody();
$this->getResponse()->sendHeaders();
$ioAdapter = new Varien_Io_File();
$ioAdapter->open(array('path' => $ioAdapter->dirname($file)));
$ioAdapter->streamOpen($file, 'r');
while ($buffer = $ioAdapter->streamRead()) {
print $buffer;
}
$ioAdapter->streamClose();
if (!empty($content['rm'])) {
$ioAdapter->rm($file);
}
} else {
$this->getResponse()->setBody($content);
}
}
return $this;
}
/**
* Set redirect into responce
*
* @param string $path
* @param array $arguments
*/
protected function _redirect($path, $arguments=array())
{
$this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED));
$this->getResponse()->setRedirect($this->getUrl($path, $arguments));
return $this;
}
protected function _forward($action, $controller = null, $module = null, array $params = null)
{
$this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED));
return parent::_forward($action, $controller, $module, $params);
}
/**
* Generate url by route and parameters
*
* @param string $route
* @param array $params
* @return string
*/
public function getUrl($route='', $params=array())
{
return Mage::helper('adminhtml')->getUrl($route, $params);
}
/**
* Validate Secret Key
*
* @return bool
*/
protected function _validateSecretKey()
{
if (is_array($this->_publicActions) && in_array($this->getRequest()->getActionName(), $this->_publicActions)) {
return true;
}
if (!($secretKey = $this->getRequest()->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME, null))
|| $secretKey != Mage::getSingleton('adminhtml/url')->getSecretKey()) {
return false;
}
return true;
}
}