blob: 90af966581c68df558756e3c96e4e40e341a86a9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
<?php
/**
* TPageStatePersister class file
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @link http://www.pradosoft.com/
* @copyright Copyright © 2005 PradoSoft
* @license http://www.pradosoft.com/license/
* @version $Revision: $ $Date: $
* @package System.Web.UI
*/
/**
* TPageStatePersister class
*
* TPageStatePersister implements a page state persistent method based on
* form hidden fields.
*
* Depending on the {@link TPage::getEnableStateValidation() EnableStateValidation}
* and {@link TPage::getEnableStateEncryption() EnableStateEncryption},
* TPageStatePersister may do HMAC validation and encryption to prevent
* the state data from being tampered or viewed.
* The private keys and hashing/encryption methods are determined by
* {@link TApplication::getSecurityManager() SecurityManager}.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @version $Revision: $ $Date: $
* @package System.Web.UI
* @since 3.0
*/
class TPageStatePersister extends TComponent implements IPageStatePersister
{
private $_page;
/**
* @param TPage the page that this persister works for
*/
public function getPage()
{
return $this->_page;
}
/**
* @param TPage the page that this persister works for
*/
public function setPage(TPage $page)
{
$this->_page=$page;
}
/**
* Saves state in hidden fields.
* @param mixed state to be stored
*/
public function save($state)
{
Prado::trace("Saving state",'System.Web.UI.TPageStatePersister');
$sm=Prado::getApplication()->getSecurityManager();
if($this->_page->getEnableStateValidation())
$data=$sm->hashData(Prado::serialize($state));
else
$data=Prado::serialize($state);
if($this->_page->getEnableStateEncryption())
$data=$sm->encrypt($data);
if(extension_loaded('zlib'))
$data=gzcompress($data);
$this->_page->getClientScript()->registerHiddenField(TPage::FIELD_PAGESTATE,base64_encode($data));
}
/**
* Loads page state from hidden fields.
* @return mixed the restored state
* @throws THttpException if page state is corrupted
*/
public function load()
{
Prado::trace("Loading state",'System.Web.UI.TPageStatePersister');
$application=Prado::getApplication();
$sm=$application->getSecurityManager();
$str=base64_decode($application->getRequest()->itemAt(TPage::FIELD_PAGESTATE));
if($str==='')
return null;
if(extension_loaded('zlib'))
$data=gzuncompress($str);
else
$data=$str;
if($data!==false)
{
if($this->_page->getEnableStateEncryption())
$data=$sm->decrypt($data);
if($this->_page->getEnableStateValidation())
{
if(($data=$sm->validateData($data))!==false)
return Prado::unserialize($data);
}
else
return $data;
}
throw new THttpException(400,'pagestatepersister_pagestate_corrupted');
}
}
?>
|