From 945c6e6a416d7328496caf467315f2f54cf2545c Mon Sep 17 00:00:00 2001 From: Qiang Xue Date: Mon, 2 Apr 2012 21:08:12 -0400 Subject: [PATCH] ... --- framework/base/ErrorHandler.php | 487 +++++++++++++++++++++++++++++++++++++ framework/base/HttpException.php | 40 +++ framework/base/Module.php | 2 +- framework/base/SecurityManager.php | 329 +++++++++++++++++++++++++ framework/base/StatePersister.php | 74 ++++++ framework/db/ar/ActiveFinder.php | 10 +- 6 files changed, 938 insertions(+), 4 deletions(-) create mode 100644 framework/base/ErrorHandler.php create mode 100644 framework/base/HttpException.php create mode 100644 framework/base/SecurityManager.php create mode 100644 framework/base/StatePersister.php diff --git a/framework/base/ErrorHandler.php b/framework/base/ErrorHandler.php new file mode 100644 index 0000000..f96f402 --- /dev/null +++ b/framework/base/ErrorHandler.php @@ -0,0 +1,487 @@ + + * @link http://www.yiiframework.com/ + * @copyright Copyright © 2008-2011 Yii Software LLC + * @license http://www.yiiframework.com/license/ + */ + +Yii::import('CHtml',true); + +/** + * CErrorHandler handles uncaught PHP errors and exceptions. + * + * It displays these errors using appropriate views based on the + * nature of the error and the mode the application runs at. + * It also chooses the most preferred language for displaying the error. + * + * CErrorHandler uses two sets of views: + * + * where <StatusCode> stands for the HTTP error code (e.g. error500.php). + * Localized views are named similarly but located under a subdirectory + * whose name is the language code (e.g. zh_cn/error500.php). + * + * Development views are displayed when the application is in debug mode + * (i.e. YII_DEBUG is defined as true). Detailed error information with source code + * are displayed in these views. Production views are meant to be shown + * to end-users and are used when the application is in production mode. + * For security reasons, they only display the error message without any + * sensitive information. + * + * CErrorHandler looks for the view templates from the following locations in order: + *
    + *
  1. themes/ThemeName/views/system: when a theme is active.
  2. + *
  3. protected/views/system
  4. + *
  5. framework/views
  6. + *
+ * If the view is not found in a directory, it will be looked for in the next directory. + * + * The property {@link maxSourceLines} can be changed to specify the number + * of source code lines to be displayed in development views. + * + * CErrorHandler is a core application component that can be accessed via + * {@link CApplication::getErrorHandler()}. + * + * @property array $error The error details. Null if there is no error. + * + * @author Qiang Xue + * @version $Id$ + * @package system.base + * @since 1.0 + */ +class CErrorHandler extends CApplicationComponent +{ + /** + * @var integer maximum number of source code lines to be displayed. Defaults to 25. + */ + public $maxSourceLines=25; + + /** + * @var integer maximum number of trace source code lines to be displayed. Defaults to 10. + * @since 1.1.6 + */ + public $maxTraceSourceLines = 10; + + /** + * @var string the application administrator information (could be a name or email link). It is displayed in error pages to end users. Defaults to 'the webmaster'. + */ + public $adminInfo='the webmaster'; + /** + * @var boolean whether to discard any existing page output before error display. Defaults to true. + */ + public $discardOutput=true; + /** + * @var string the route (eg 'site/error') to the controller action that will be used to display external errors. + * Inside the action, it can retrieve the error information by Yii::app()->errorHandler->error. + * This property defaults to null, meaning CErrorHandler will handle the error display. + */ + public $errorAction; + + private $_error; + + /** + * Handles the exception/error event. + * This method is invoked by the application whenever it captures + * an exception or PHP error. + * @param CEvent $event the event containing the exception/error information + */ + public function handle($event) + { + // set event as handled to prevent it from being handled by other event handlers + $event->handled=true; + + if($this->discardOutput) + { + // the following manual level counting is to deal with zlib.output_compression set to On + for($level=ob_get_level();$level>0;--$level) + { + @ob_end_clean(); + } + } + + if($event instanceof CExceptionEvent) + $this->handleException($event->exception); + else // CErrorEvent + $this->handleError($event); + } + + /** + * Returns the details about the error that is currently being handled. + * The error is returned in terms of an array, with the following information: + * + * @return array the error details. Null if there is no error. + */ + public function getError() + { + return $this->_error; + } + + /** + * Handles the exception. + * @param Exception $exception the exception captured + */ + protected function handleException($exception) + { + $app=Yii::app(); + if($app instanceof CWebApplication) + { + if(($trace=$this->getExactTrace($exception))===null) + { + $fileName=$exception->getFile(); + $errorLine=$exception->getLine(); + } + else + { + $fileName=$trace['file']; + $errorLine=$trace['line']; + } + + $trace = $exception->getTrace(); + + foreach($trace as $i=>$t) + { + if(!isset($t['file'])) + $trace[$i]['file']='unknown'; + + if(!isset($t['line'])) + $trace[$i]['line']=0; + + if(!isset($t['function'])) + $trace[$i]['function']='unknown'; + + unset($trace[$i]['object']); + } + + $this->_error=$data=array( + 'code'=>($exception instanceof CHttpException)?$exception->statusCode:500, + 'type'=>get_class($exception), + 'errorCode'=>$exception->getCode(), + 'message'=>$exception->getMessage(), + 'file'=>$fileName, + 'line'=>$errorLine, + 'trace'=>$exception->getTraceAsString(), + 'traces'=>$trace, + ); + + if(!headers_sent()) + header("HTTP/1.0 {$data['code']} ".get_class($exception)); + + if($exception instanceof CHttpException || !YII_DEBUG) + $this->render('error',$data); + else + { + if($this->isAjaxRequest()) + $app->displayException($exception); + else + $this->render('exception',$data); + } + } + else + $app->displayException($exception); + } + + /** + * Handles the PHP error. + * @param CErrorEvent $event the PHP error event + */ + protected function handleError($event) + { + $trace=debug_backtrace(); + // skip the first 3 stacks as they do not tell the error position + if(count($trace)>3) + $trace=array_slice($trace,3); + $traceString=''; + foreach($trace as $i=>$t) + { + if(!isset($t['file'])) + $trace[$i]['file']='unknown'; + + if(!isset($t['line'])) + $trace[$i]['line']=0; + + if(!isset($t['function'])) + $trace[$i]['function']='unknown'; + + $traceString.="#$i {$trace[$i]['file']}({$trace[$i]['line']}): "; + if(isset($t['object']) && is_object($t['object'])) + $traceString.=get_class($t['object']).'->'; + $traceString.="{$trace[$i]['function']}()\n"; + + unset($trace[$i]['object']); + } + + $app=Yii::app(); + if($app instanceof CWebApplication) + { + switch($event->code) + { + case E_WARNING: + $type = 'PHP warning'; + break; + case E_NOTICE: + $type = 'PHP notice'; + break; + case E_USER_ERROR: + $type = 'User error'; + break; + case E_USER_WARNING: + $type = 'User warning'; + break; + case E_USER_NOTICE: + $type = 'User notice'; + break; + case E_RECOVERABLE_ERROR: + $type = 'Recoverable error'; + break; + default: + $type = 'PHP error'; + } + $this->_error=$data=array( + 'code'=>500, + 'type'=>$type, + 'message'=>$event->message, + 'file'=>$event->file, + 'line'=>$event->line, + 'trace'=>$traceString, + 'traces'=>$trace, + ); + if(!headers_sent()) + header("HTTP/1.0 500 PHP Error"); + if($this->isAjaxRequest()) + $app->displayError($event->code,$event->message,$event->file,$event->line); + else if(YII_DEBUG) + $this->render('exception',$data); + else + $this->render('error',$data); + } + else + $app->displayError($event->code,$event->message,$event->file,$event->line); + } + + /** + * whether the current request is an AJAX (XMLHttpRequest) request. + * @return boolean whether the current request is an AJAX request. + */ + protected function isAjaxRequest() + { + return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH']==='XMLHttpRequest'; + } + + /** + * Returns the exact trace where the problem occurs. + * @param Exception $exception the uncaught exception + * @return array the exact trace where the problem occurs + */ + protected function getExactTrace($exception) + { + $traces=$exception->getTrace(); + + foreach($traces as $trace) + { + // property access exception + if(isset($trace['function']) && ($trace['function']==='__get' || $trace['function']==='__set')) + return $trace; + } + return null; + } + + /** + * Renders the view. + * @param string $view the view name (file name without extension). + * See {@link getViewFile} for how a view file is located given its name. + * @param array $data data to be passed to the view + */ + protected function render($view,$data) + { + if($view==='error' && $this->errorAction!==null) + Yii::app()->runController($this->errorAction); + else + { + // additional information to be passed to view + $data['version']=$this->getVersionInfo(); + $data['time']=time(); + $data['admin']=$this->adminInfo; + include($this->getViewFile($view,$data['code'])); + } + } + + /** + * Determines which view file should be used. + * @param string $view view name (either 'exception' or 'error') + * @param integer $code HTTP status code + * @return string view file path + */ + protected function getViewFile($view,$code) + { + $viewPaths=array( + Yii::app()->getTheme()===null ? null : Yii::app()->getTheme()->getSystemViewPath(), + Yii::app() instanceof CWebApplication ? Yii::app()->getSystemViewPath() : null, + YII_PATH.DIRECTORY_SEPARATOR.'views', + ); + + foreach($viewPaths as $i=>$viewPath) + { + if($viewPath!==null) + { + $viewFile=$this->getViewFileInternal($viewPath,$view,$code,$i===2?'en_us':null); + if(is_file($viewFile)) + return $viewFile; + } + } + } + + /** + * Looks for the view under the specified directory. + * @param string $viewPath the directory containing the views + * @param string $view view name (either 'exception' or 'error') + * @param integer $code HTTP status code + * @param string $srcLanguage the language that the view file is in + * @return string view file path + */ + protected function getViewFileInternal($viewPath,$view,$code,$srcLanguage=null) + { + $app=Yii::app(); + if($view==='error') + { + $viewFile=$app->findLocalizedFile($viewPath.DIRECTORY_SEPARATOR."error{$code}.php",$srcLanguage); + if(!is_file($viewFile)) + $viewFile=$app->findLocalizedFile($viewPath.DIRECTORY_SEPARATOR.'error.php',$srcLanguage); + } + else + $viewFile=$viewPath.DIRECTORY_SEPARATOR."exception.php"; + return $viewFile; + } + + /** + * Returns server version information. + * If the application is in production mode, empty string is returned. + * @return string server version information. Empty if in production mode. + */ + protected function getVersionInfo() + { + if(YII_DEBUG) + { + $version='Yii Framework/'.Yii::getVersion(); + if(isset($_SERVER['SERVER_SOFTWARE'])) + $version=$_SERVER['SERVER_SOFTWARE'].' '.$version; + } + else + $version=''; + return $version; + } + + /** + * Converts arguments array to its string representation + * + * @param array $args arguments array to be converted + * @return string string representation of the arguments array + */ + protected function argumentsToString($args) + { + $count=0; + + $isAssoc=$args!==array_values($args); + + foreach($args as $key => $value) + { + $count++; + if($count>=5) + { + if($count>5) + unset($args[$key]); + else + $args[$key]='...'; + continue; + } + + if(is_object($value)) + $args[$key] = get_class($value); + else if(is_bool($value)) + $args[$key] = $value ? 'true' : 'false'; + else if(is_string($value)) + { + if(strlen($value)>64) + $args[$key] = '"'.substr($value,0,64).'..."'; + else + $args[$key] = '"'.$value.'"'; + } + else if(is_array($value)) + $args[$key] = 'array('.$this->argumentsToString($value).')'; + else if($value===null) + $args[$key] = 'null'; + else if(is_resource($value)) + $args[$key] = 'resource'; + + if(is_string($key)) + { + $args[$key] = '"'.$key.'" => '.$args[$key]; + } + else if($isAssoc) + { + $args[$key] = $key.' => '.$args[$key]; + } + } + $out = implode(", ", $args); + + return $out; + } + + /** + * Returns a value indicating whether the call stack is from application code. + * @param array $trace the trace data + * @return boolean whether the call stack is from application code. + */ + protected function isCoreCode($trace) + { + if(isset($trace['file'])) + { + $systemPath=realpath(dirname(__FILE__).'/..'); + return $trace['file']==='unknown' || strpos(realpath($trace['file']),$systemPath.DIRECTORY_SEPARATOR)===0; + } + return false; + } + + /** + * Renders the source code around the error line. + * @param string $file source file path + * @param integer $errorLine the error line number + * @param integer $maxLines maximum number of lines to display + * @return string the rendering result + */ + protected function renderSourceCode($file,$errorLine,$maxLines) + { + $errorLine--; // adjust line number to 0-based from 1-based + if($errorLine<0 || ($lines=@file($file))===false || ($lineCount=count($lines))<=$errorLine) + return ''; + + $halfLines=(int)($maxLines/2); + $beginLine=$errorLine-$halfLines>0 ? $errorLine-$halfLines:0; + $endLine=$errorLine+$halfLines<$lineCount?$errorLine+$halfLines:$lineCount-1; + $lineNumberWidth=strlen($endLine+1); + + $output=''; + for($i=$beginLine;$i<=$endLine;++$i) + { + $isErrorLine = $i===$errorLine; + $code=sprintf("%0{$lineNumberWidth}d %s",$i+1,CHtml::encode(str_replace("\t",' ',$lines[$i]))); + if(!$isErrorLine) + $output.=$code; + else + $output.=''.$code.''; + } + return '
'.$output.'
'; + } +} diff --git a/framework/base/HttpException.php b/framework/base/HttpException.php new file mode 100644 index 0000000..f970223 --- /dev/null +++ b/framework/base/HttpException.php @@ -0,0 +1,40 @@ + + * @since 2.0 + */ +class HttpException extends Exception +{ + /** + * @var integer HTTP status code, such as 403, 404, 500, etc. + */ + public $statusCode; + + /** + * Constructor. + * @param integer $status HTTP status code, such as 404, 500, etc. + * @param string $message error message + * @param integer $code error code + */ + public function __construct($status, $message = null, $code = 0) + { + $this->statusCode = $status; + parent::__construct($message, $code); + } +} diff --git a/framework/base/Module.php b/framework/base/Module.php index 2ff0831..3a12ca8 100644 --- a/framework/base/Module.php +++ b/framework/base/Module.php @@ -393,7 +393,7 @@ abstract class Module extends Component implements Initable * ) * ~~~ * - * @param array $components application components (id => component configuration or instances) + * @param array $components application components (id => component configuration or instance) */ public function setComponents($components) { diff --git a/framework/base/SecurityManager.php b/framework/base/SecurityManager.php new file mode 100644 index 0000000..b55cba3 --- /dev/null +++ b/framework/base/SecurityManager.php @@ -0,0 +1,329 @@ + + * @link http://www.yiiframework.com/ + * @copyright Copyright © 2008-2011 Yii Software LLC + * @license http://www.yiiframework.com/license/ + */ + +/** + * CSecurityManager provides private keys, hashing and encryption functions. + * + * CSecurityManager is used by Yii components and applications for security-related purpose. + * For example, it is used in cookie validation feature to prevent cookie data + * from being tampered. + * + * CSecurityManager is mainly used to protect data from being tampered and viewed. + * It can generate HMAC and encrypt the data. The private key used to generate HMAC + * is set by {@link setValidationKey ValidationKey}. The key used to encrypt data is + * specified by {@link setEncryptionKey EncryptionKey}. If the above keys are not + * explicitly set, random keys will be generated and used. + * + * To protected data with HMAC, call {@link hashData()}; and to check if the data + * is tampered, call {@link validateData()}, which will return the real data if + * it is not tampered. The algorithm used to generated HMAC is specified by + * {@link validation}. + * + * To encrypt and decrypt data, call {@link encrypt()} and {@link decrypt()} + * respectively, which uses 3DES encryption algorithm. Note, the PHP Mcrypt + * extension must be installed and loaded. + * + * CSecurityManager is a core application component that can be accessed via + * {@link CApplication::getSecurityManager()}. + * + * @property string $validationKey The private key used to generate HMAC. + * If the key is not explicitly set, a random one is generated and returned. + * @property string $encryptionKey The private key used to encrypt/decrypt data. + * If the key is not explicitly set, a random one is generated and returned. + * @property string $validation + * + * @author Qiang Xue + * @version $Id$ + * @package system.base + * @since 1.0 + */ +class CSecurityManager extends CApplicationComponent +{ + const STATE_VALIDATION_KEY='Yii.CSecurityManager.validationkey'; + const STATE_ENCRYPTION_KEY='Yii.CSecurityManager.encryptionkey'; + + /** + * @var string the name of the hashing algorithm to be used by {@link computeHMAC}. + * See {@link http://php.net/manual/en/function.hash-algos.php hash-algos} for the list of possible + * hash algorithms. Note that if you are using PHP 5.1.1 or below, you can only use 'sha1' or 'md5'. + * + * Defaults to 'sha1', meaning using SHA1 hash algorithm. + * @since 1.1.3 + */ + public $hashAlgorithm='sha1'; + /** + * @var mixed the name of the crypt algorithm to be used by {@link encrypt} and {@link decrypt}. + * This will be passed as the first parameter to {@link http://php.net/manual/en/function.mcrypt-module-open.php mcrypt_module_open}. + * + * This property can also be configured as an array. In this case, the array elements will be passed in order + * as parameters to mcrypt_module_open. For example, array('rijndael-256', '', 'ofb', ''). + * + * Defaults to 'des', meaning using DES crypt algorithm. + * @since 1.1.3 + */ + public $cryptAlgorithm='des'; + + private $_validationKey; + private $_encryptionKey; + private $_mbstring; + + public function init() + { + parent::init(); + $this->_mbstring=extension_loaded('mbstring'); + } + + /** + * @return string a randomly generated private key + */ + protected function generateRandomKey() + { + return sprintf('%08x%08x%08x%08x',mt_rand(),mt_rand(),mt_rand(),mt_rand()); + } + + /** + * @return string the private key used to generate HMAC. + * If the key is not explicitly set, a random one is generated and returned. + */ + public function getValidationKey() + { + if($this->_validationKey!==null) + return $this->_validationKey; + else + { + if(($key=Yii::app()->getGlobalState(self::STATE_VALIDATION_KEY))!==null) + $this->setValidationKey($key); + else + { + $key=$this->generateRandomKey(); + $this->setValidationKey($key); + Yii::app()->setGlobalState(self::STATE_VALIDATION_KEY,$key); + } + return $this->_validationKey; + } + } + + /** + * @param string $value the key used to generate HMAC + * @throws CException if the key is empty + */ + public function setValidationKey($value) + { + if(!empty($value)) + $this->_validationKey=$value; + else + throw new CException(Yii::t('yii','CSecurityManager.validationKey cannot be empty.')); + } + + /** + * @return string the private key used to encrypt/decrypt data. + * If the key is not explicitly set, a random one is generated and returned. + */ + public function getEncryptionKey() + { + if($this->_encryptionKey!==null) + return $this->_encryptionKey; + else + { + if(($key=Yii::app()->getGlobalState(self::STATE_ENCRYPTION_KEY))!==null) + $this->setEncryptionKey($key); + else + { + $key=$this->generateRandomKey(); + $this->setEncryptionKey($key); + Yii::app()->setGlobalState(self::STATE_ENCRYPTION_KEY,$key); + } + return $this->_encryptionKey; + } + } + + /** + * @param string $value the key used to encrypt/decrypt data. + * @throws CException if the key is empty + */ + public function setEncryptionKey($value) + { + if(!empty($value)) + $this->_encryptionKey=$value; + else + throw new CException(Yii::t('yii','CSecurityManager.encryptionKey cannot be empty.')); + } + + /** + * This method has been deprecated since version 1.1.3. + * Please use {@link hashAlgorithm} instead. + * @return string + */ + public function getValidation() + { + return $this->hashAlgorithm; + } + + /** + * This method has been deprecated since version 1.1.3. + * Please use {@link hashAlgorithm} instead. + * @param string $value - + */ + public function setValidation($value) + { + $this->hashAlgorithm=$value; + } + + /** + * Encrypts data. + * @param string $data data to be encrypted. + * @param string $key the decryption key. This defaults to null, meaning using {@link getEncryptionKey EncryptionKey}. + * @return string the encrypted data + * @throws CException if PHP Mcrypt extension is not loaded + */ + public function encrypt($data,$key=null) + { + $module=$this->openCryptModule(); + $key=$this->substr($key===null ? md5($this->getEncryptionKey()) : $key,0,mcrypt_enc_get_key_size($module)); + srand(); + $iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND); + mcrypt_generic_init($module,$key,$iv); + $encrypted=$iv.mcrypt_generic($module,$data); + mcrypt_generic_deinit($module); + mcrypt_module_close($module); + return $encrypted; + } + + /** + * Decrypts data + * @param string $data data to be decrypted. + * @param string $key the decryption key. This defaults to null, meaning using {@link getEncryptionKey EncryptionKey}. + * @return string the decrypted data + * @throws CException if PHP Mcrypt extension is not loaded + */ + public function decrypt($data,$key=null) + { + $module=$this->openCryptModule(); + $key=$this->substr($key===null ? md5($this->getEncryptionKey()) : $key,0,mcrypt_enc_get_key_size($module)); + $ivSize=mcrypt_enc_get_iv_size($module); + $iv=$this->substr($data,0,$ivSize); + mcrypt_generic_init($module,$key,$iv); + $decrypted=mdecrypt_generic($module,$this->substr($data,$ivSize,$this->strlen($data))); + mcrypt_generic_deinit($module); + mcrypt_module_close($module); + return rtrim($decrypted,"\0"); + } + + /** + * Opens the mcrypt module with the configuration specified in {@link cryptAlgorithm}. + * @return resource the mycrypt module handle. + * @since 1.1.3 + */ + protected function openCryptModule() + { + if(extension_loaded('mcrypt')) + { + if(is_array($this->cryptAlgorithm)) + $module=@call_user_func_array('mcrypt_module_open',$this->cryptAlgorithm); + else + $module=@mcrypt_module_open($this->cryptAlgorithm,'', MCRYPT_MODE_CBC,''); + + if($module===false) + throw new CException(Yii::t('yii','Failed to initialize the mcrypt module.')); + + return $module; + } + else + throw new CException(Yii::t('yii','CSecurityManager requires PHP mcrypt extension to be loaded in order to use data encryption feature.')); + } + + /** + * Prefixes data with an HMAC. + * @param string $data data to be hashed. + * @param string $key the private key to be used for generating HMAC. Defaults to null, meaning using {@link validationKey}. + * @return string data prefixed with HMAC + */ + public function hashData($data,$key=null) + { + return $this->computeHMAC($data,$key).$data; + } + + /** + * Validates if data is tampered. + * @param string $data data to be validated. The data must be previously + * generated using {@link hashData()}. + * @param string $key the private key to be used for generating HMAC. Defaults to null, meaning using {@link validationKey}. + * @return string the real data with HMAC stripped off. False if the data + * is tampered. + */ + public function validateData($data,$key=null) + { + $len=$this->strlen($this->computeHMAC('test')); + if($this->strlen($data)>=$len) + { + $hmac=$this->substr($data,0,$len); + $data2=$this->substr($data,$len,$this->strlen($data)); + return $hmac===$this->computeHMAC($data2,$key)?$data2:false; + } + else + return false; + } + + /** + * Computes the HMAC for the data with {@link getValidationKey ValidationKey}. + * @param string $data data to be generated HMAC + * @param string $key the private key to be used for generating HMAC. Defaults to null, meaning using {@link validationKey}. + * @return string the HMAC for the data + */ + protected function computeHMAC($data,$key=null) + { + if($key===null) + $key=$this->getValidationKey(); + + if(function_exists('hash_hmac')) + return hash_hmac($this->hashAlgorithm, $data, $key); + + if(!strcasecmp($this->hashAlgorithm,'sha1')) + { + $pack='H40'; + $func='sha1'; + } + else + { + $pack='H32'; + $func='md5'; + } + if($this->strlen($key) > 64) + $key=pack($pack, $func($key)); + if($this->strlen($key) < 64) + $key=str_pad($key, 64, chr(0)); + $key=$this->substr($key,0,64); + return $func((str_repeat(chr(0x5C), 64) ^ $key) . pack($pack, $func((str_repeat(chr(0x36), 64) ^ $key) . $data))); + } + + /** + * Returns the length of the given string. + * If available uses the multibyte string function mb_strlen. + * @param string $string the string being measured for length + * @return int the length of the string + */ + private function strlen($string) + { + return $this->_mbstring ? mb_strlen($string,'8bit') : strlen($string); + } + + /** + * Returns the portion of string specified by the start and length parameters. + * If available uses the multibyte string function mb_substr + * @param string $string the input string. Must be one character or longer. + * @param int $start the starting position + * @param int $length the desired portion length + * @return string the extracted part of string, or FALSE on failure or an empty string. + */ + private function substr($string,$start,$length) + { + return $this->_mbstring ? mb_substr($string,$start,$length,'8bit') : substr($string,$start,$length); + } +} diff --git a/framework/base/StatePersister.php b/framework/base/StatePersister.php new file mode 100644 index 0000000..64ccabe --- /dev/null +++ b/framework/base/StatePersister.php @@ -0,0 +1,74 @@ + + *
  • session: data persisting within a single user session.
  • + *
  • state persister: data persisting through all requests/sessions (e.g. hit counter).
  • + *
  • cache: volatile and fast storage. It may be used as storage medium for session or state persister.
  • + * + * + * Since server resource is often limited, be cautious if you plan to use CStatePersister + * to store large amount of data. You should also consider using database-based persister + * to improve the throughput. + * + * CStatePersister is a core application component used to store global application state. + * It may be accessed via {@link CApplication::getStatePersister()}. + * page state persistent method based on cache. + * + * @author Qiang Xue + * @since 2.0 + */ +class StatePersister extends ApplicationComponent +{ + /** + * @var string the file path for keeping the state data. Make sure the directory containing + * the file exists and is writable by the Web server process. If using relative path, also + * make sure the path is correct. You may use a path alias here. If not set, it defaults + * to the `state.bin` file under the application's runtime directory. + */ + public $dataFile; + + /** + * Loads state data from persistent storage. + * @return mixed state data. Null if no state data available. + */ + public function load() + { + $dataFile = \Yii::getAlias($this->dataFile); + if (is_file($dataFile) && ($data = file_get_contents($dataFile)) !== false) { + return unserialize($data); + } else { + return null; + } + } + + /** + * Saves application state in persistent storage. + * @param mixed $state state data (must be serializable). + */ + public function save($state) + { + file_put_contents(\Yii::getAlias($this->dataFile), serialize($state), LOCK_EX); + } +} diff --git a/framework/db/ar/ActiveFinder.php b/framework/db/ar/ActiveFinder.php index 93395f3..e110116 100644 --- a/framework/db/ar/ActiveFinder.php +++ b/framework/db/ar/ActiveFinder.php @@ -245,7 +245,7 @@ class ActiveFinder extends \yii\base\Object } if (is_array($with)) { foreach ($with as $name => $value) { - if (is_array($value)) { + if (is_array($value) || $value instanceof \Closure) { $this->buildJoinTree($parent, $name, $value); } else { $this->buildJoinTree($parent, $value); @@ -299,8 +299,12 @@ class ActiveFinder extends \yii\base\Object } } - foreach ($config as $name => $value) { - $child->query->$name = $value; + if ($config instanceof \Closure) { + call_user_func($config, $child->query); + } else { + foreach ($config as $name => $value) { + $child->query->$name = $value; + } } return $child;