*/ class Mage_Adminhtml_Controller_Action extends Mage_Core_Controller_Varien_Action { /** * Name of "is URLs checked" flag */ const FLAG_IS_URLS_CHECKED = 'check_url_settings'; /** * Session namespace to refer in other places */ const SESSION_NAMESPACE = 'adminhtml'; /** * Array of actions which can be processed without secret key validation * * @var array */ protected $_publicActions = array(); /** * Used module name in current adminhtml controller */ protected $_usedModuleName = 'adminhtml'; /** * Currently used area * * @var string */ protected $_currentArea = 'adminhtml'; /** * Namespace for session. * * @var string */ protected $_sessionNamespace = self::SESSION_NAMESPACE; protected function _isAllowed() { return Mage::getSingleton('admin/session')->isAllowed('admin'); } /** * Retrieve adminhtml session model object * * @return Mage_Adminhtml_Model_Session */ protected function _getSession() { return Mage::getSingleton('adminhtml/session'); } /** * Retrieve base admihtml helper * * @return Mage_Adminhtml_Helper_Data */ protected function _getHelper() { return Mage::helper('adminhtml'); } /** * Define active menu item in menu block * * @return Mage_Adminhtml_Controller_Action */ protected function _setActiveMenu($menuPath) { $this->getLayout()->getBlock('menu')->setActive($menuPath); return $this; } /** * @return Mage_Adminhtml_Controller_Action */ protected function _addBreadcrumb($label, $title, $link=null) { $this->getLayout()->getBlock('breadcrumbs')->addLink($label, $title, $link); return $this; } /** * @return Mage_Adminhtml_Controller_Action */ protected function _addContent(Mage_Core_Block_Abstract $block) { $this->getLayout()->getBlock('content')->append($block); return $this; } protected function _addLeft(Mage_Core_Block_Abstract $block) { $this->getLayout()->getBlock('left')->append($block); return $this; } protected function _addJs(Mage_Core_Block_Abstract $block) { $this->getLayout()->getBlock('js')->append($block); return $this; } /** * Controller predispatch method * * @return Mage_Adminhtml_Controller_Action */ public function preDispatch() { // override admin store design settings via stores section Mage::getDesign() ->setArea($this->_currentArea) ->setPackageName((string)Mage::getConfig()->getNode('stores/admin/design/package/name')) ->setTheme((string)Mage::getConfig()->getNode('stores/admin/design/theme/default')) ; foreach (array('layout', 'template', 'skin', 'locale') as $type) { if ($value = (string)Mage::getConfig()->getNode("stores/admin/design/theme/{$type}")) { Mage::getDesign()->setTheme($type, $value); } } $this->getLayout()->setArea($this->_currentArea); Mage::dispatchEvent('adminhtml_controller_action_predispatch_start', array()); parent::preDispatch(); $_isValidFormKey = true; $_isValidSecretKey = true; $_keyErrorMsg = ''; if (Mage::getSingleton('admin/session')->isLoggedIn()) { if ($this->getRequest()->isPost()) { $_isValidFormKey = $this->_validateFormKey(); $_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Form Key. Please refresh the page.'); } elseif (Mage::getSingleton('adminhtml/url')->useSecretKey()) { $_isValidSecretKey = $this->_validateSecretKey(); $_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Secret Key. Please refresh the page.'); } } if (!$_isValidFormKey || !$_isValidSecretKey) { $this->setFlag('', self::FLAG_NO_DISPATCH, true); $this->setFlag('', self::FLAG_NO_POST_DISPATCH, true); if ($this->getRequest()->getQuery('isAjax', false) || $this->getRequest()->getQuery('ajax', false)) { $this->getResponse()->setBody(Mage::helper('core')->jsonEncode(array( 'error' => true, 'message' => $_keyErrorMsg ))); } else { $this->_redirect( Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl() ); } return $this; } if ($this->getRequest()->isDispatched() && $this->getRequest()->getActionName() !== 'denied' && !$this->_isAllowed()) { $this->_forward('denied'); $this->setFlag('', self::FLAG_NO_DISPATCH, true); return $this; } if (!$this->getFlag('', self::FLAG_IS_URLS_CHECKED) && !$this->getRequest()->getParam('forwarded') && !$this->_getSession()->getIsUrlNotice(true) && !Mage::getConfig()->getNode('global/can_use_base_url')) { //$this->_checkUrlSettings(); $this->setFlag('', self::FLAG_IS_URLS_CHECKED, true); } if (is_null(Mage::getSingleton('adminhtml/session')->getLocale())) { Mage::getSingleton('adminhtml/session')->setLocale(Mage::app()->getLocale()->getLocaleCode()); } return $this; } /** * @deprecated after 1.4.0.0 alpha, logic moved to Mage_Adminhtml_Block_Notification_Baseurl * @return Mage_Adminhtml_Controller_Action */ protected function _checkUrlSettings() { /** * Don't check for data saving actions */ if ($this->getRequest()->getPost() || $this->getRequest()->getQuery('isAjax')) { return $this; } $configData = Mage::getModel('core/config_data'); $defaultUnsecure = (string)Mage::getConfig()->getNode( 'default/' . Mage_Core_Model_Store::XML_PATH_UNSECURE_BASE_URL ); $defaultSecure = (string)Mage::getConfig()->getNode( 'default/' . Mage_Core_Model_Store::XML_PATH_SECURE_BASE_URL ); if ($defaultSecure == '{{base_url}}' || $defaultUnsecure == '{{base_url}}') { $this->_getSession()->addNotice( $this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento configuration.', $this->getUrl('adminhtml/system_config/edit', array('section'=>'web'))) ); return $this; } $dataCollection = $configData->getCollection() ->addValueFilter('{{base_url}}'); $url = false; foreach ($dataCollection as $data) { if ($data->getScope() == 'stores') { $code = Mage::app()->getStore($data->getScopeId())->getCode(); $url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'store'=>$code)); } if ($data->getScope() == 'websites') { $code = Mage::app()->getWebsite($data->getScopeId())->getCode(); $url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'website'=>$code)); } if ($url) { $this->_getSession()->addNotice( $this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento configuration.', $url) ); return $this; } } return $this; } public function deniedAction() { $this->getResponse()->setHeader('HTTP/1.1','403 Forbidden'); if (!Mage::getSingleton('admin/session')->isLoggedIn()) { $this->_redirect('*/index/login'); return; } $this->loadLayout(array('default', 'adminhtml_denied')); $this->renderLayout(); } public function loadLayout($ids=null, $generateBlocks=true, $generateXml=true) { parent::loadLayout($ids, $generateBlocks, $generateXml); $this->_initLayoutMessages('adminhtml/session'); return $this; } public function norouteAction($coreRoute = null) { $this->getResponse()->setHeader('HTTP/1.1','404 Not Found'); $this->getResponse()->setHeader('Status','404 File not found'); $this->loadLayout(array('default', 'adminhtml_noroute')); $this->renderLayout(); } /** * Retrieve currently used module name * * @return string */ public function getUsedModuleName() { return $this->_usedModuleName; } /** * Set currently used module name * * @param string $moduleName * @return Mage_Adminhtml_Controller_Action */ public function setUsedModuleName($moduleName) { $this->_usedModuleName = $moduleName; return $this; } /** * Translate a phrase * * @return string */ public function __() { $args = func_get_args(); $expr = new Mage_Core_Model_Translate_Expr(array_shift($args), $this->getUsedModuleName()); array_unshift($args, $expr); return Mage::app()->getTranslator()->translate($args); } /** * Set referer url for redirect in responce * * Is overriden here to set defaultUrl to admin url * * @param string $defaultUrl * @return Mage_Adminhtml_Controller_Action */ protected function _redirectReferer($defaultUrl=null) { $defaultUrl = empty($defaultUrl) ? $this->getUrl('*') : $defaultUrl; parent::_redirectReferer($defaultUrl); return $this; } /** * Set redirect into responce * * @param string $path * @param array $arguments */ protected function _redirect($path, $arguments=array()) { $this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED)); $this->getResponse()->setRedirect($this->getUrl($path, $arguments)); return $this; } protected function _forward($action, $controller = null, $module = null, array $params = null) { $this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED)); return parent::_forward($action, $controller, $module, $params); } /** * Generate url by route and parameters * * @param string $route * @param array $params * @return string */ public function getUrl($route='', $params=array()) { return Mage::helper('adminhtml')->getUrl($route, $params); } /** * Validate Secret Key * * @return bool */ protected function _validateSecretKey() { if (is_array($this->_publicActions) && in_array($this->getRequest()->getActionName(), $this->_publicActions)) { return true; } if (!($secretKey = $this->getRequest()->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME, null)) || $secretKey != Mage::getSingleton('adminhtml/url')->getSecretKey()) { return false; } return true; } /** * Validate password for current admin user * * @param string $password - current password * * @return mixed - returns true or array of errors */ protected function _validateCurrentPassword($password) { $user = Mage::getSingleton('admin/session')->getUser(); return $user->validateCurrentPassword($password); } }