Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'cc-5709-airtime-analyzer-buy-now-saas' into saas

This commit is contained in:
Albert Santoni 2014-07-03 12:27:01 -04:00
parent cda812dd73 14113f7e60
commit 9c14cfd47c
5 changed files with 43 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
airtime_mvc/application/common/CORSHelper.php Normal file
View File

@ -0,0 +1,26 @@
<?php
class CORSHelper
{
public static function enableATProCrossOriginRequests(&$request, &$response)
{
//Allow AJAX requests from www.airtime.pro. We use this to automatically login users
//after they sign up from the microsite.
//Chrome sends the Origin header for all requests, so we whitelist the webserver's hostname as well.
$response = $response->setHeader('Access-Control-Allow-Origin', '*');
$origin = $request->getHeader('Origin');
if (($origin != "") &&
(!in_array($origin,
array("http://www.airtime.pro",
"https://www.airtime.pro",
"http://" . $_SERVER['SERVER_NAME'],
"https://" . $_SERVER['SERVER_NAME']
))
))
{
//Don't allow CORS from other domains to prevent XSS.
throw new Zend_Controller_Action_Exception('Forbidden', 403);
}
}
}

2
airtime_mvc/application/controllers/BillingController.php
View File

@ -15,7 +15,7 @@ class BillingController extends Zend_Controller_Action {
public function indexAction()
{
$this->_redirect('billing/upgrade');
}
public function upgradeAction()

23
airtime_mvc/application/controllers/LoginController.php
View File

@ -1,6 +1,7 @@
<?php
require_once('WhmcsLoginController.php');
require_once('CORSHelper.php');
class LoginController extends Zend_Controller_Action
{
@ -14,25 +15,11 @@ class LoginController extends Zend_Controller_Action
$CC_CONFIG = Config::getConfig();
$request = $this->getRequest();
$response = $this->getResponse();
//Allow AJAX requests from www.airtime.pro. We use this to automatically login users
//after they sign up from the microsite.
//Chrome sends the Origin header for all requests, so we whitelist the webserver's hostname as well.
$response = $this->getResponse()->setHeader('Access-Control-Allow-Origin', '*');
$origin = $request->getHeader('Origin');
if (($origin != "") &&
(!in_array($origin,
array("http://www.airtime.pro",
"https://www.airtime.pro",
"http://" . $_SERVER['SERVER_NAME'],
"https://" . $_SERVER['SERVER_NAME']
))
))
{
//Don't allow CORS from other domains to prevent XSS.
throw new Zend_Controller_Action_Exception('Forbidden', 403);
}
//Enable AJAX requests from www.airtime.pro for the sign-in process.
CORSHelper::enableATProCrossOriginRequests($request, $response);
Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', 'en_CA'));
$auth = Zend_Auth::getInstance();

9
airtime_mvc/application/controllers/ShowbuilderController.php
View File

@ -1,5 +1,7 @@
<?php
require_once('CORSHelper.php');
class ShowbuilderController extends Zend_Controller_Action
{
@ -22,7 +24,12 @@ class ShowbuilderController extends Zend_Controller_Action
$CC_CONFIG = Config::getConfig();
$request = $this->getRequest();
$response = $this->getResponse();
//Enable AJAX requests from www.airtime.pro because the autologin during the seamless sign-up follows
//a redirect here.
CORSHelper::enableATProCrossOriginRequests($request, $response);
$baseUrl = Application_Common_OsPath::getBaseDir();
$user = Application_Model_User::GetCurrentUser();

3
airtime_mvc/public/index.php
View File

@ -46,6 +46,9 @@ if (file_exists('/usr/share/php/libzend-framework-php')) {
//Upgrade directory
set_include_path(APPLICATION_PATH . '/upgrade/' . PATH_SEPARATOR . get_include_path());
//Common directory
set_include_path(APPLICATION_PATH . '/common/' . PATH_SEPARATOR . get_include_path());
/** Zend_Application */
require_once 'Zend/Application.php';