<?php
/*
** Copyright (C) 2001-2025 Zabbix SIA
**
** This program is free software: you can redistribute it and/or modify it under the terms of
** the GNU Affero General Public License as published by the Free Software Foundation, version 3.
**
** This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
** without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
** See the GNU Affero General Public License for more details.
**
** You should have received a copy of the GNU Affero General Public License along with this program.
** If not, see <https://www.gnu.org/licenses/>.
**/
abstract class CController {
protected const POST_CONTENT_TYPE_FORM = 0;
protected const POST_CONTENT_TYPE_JSON = 1;
protected const VALIDATION_OK = 0;
protected const VALIDATION_ERROR = 1;
protected const VALIDATION_FATAL_ERROR = 2;
/**
* Content type of the POST request.
*
* @var int
*/
private $post_content_type = self::POST_CONTENT_TYPE_FORM;
/**
* Action name, so that controller knows which action is being executed.
*
* @var string
*/
private $action;
/**
* Response object generated by controller.
*
* @var CControllerResponse
*/
private $response;
/**
* Result of input validation, one of VALIDATION_OK, VALIDATION_ERROR, VALIDATION_FATAL_ERROR.
*
* @var int
*/
private $validation_result;
/**
* Non-validated input parameters.
*
* @var array|null
*/
private $raw_input;
/**
* Validated input parameters.
*
* @var array
*/
protected $input = [];
/**
* Validate CSRF token flag, if true CSRF token must be validated.
*
* @var bool
*/
private bool $validate_csrf_token = true;
public function __construct() {
$this->init();
$this->populateRawInput();
}
/**
* Initialization function that can be overridden later.
*/
protected function init() {
}
/**
* Get content type of the POST request.
*
* @return int
*/
protected function getPostContentType(): int {
return $this->post_content_type;
}
/**
* Set content type of the POST request.
*
* @param int $post_content_type
*/
protected function setPostContentType(int $post_content_type): void {
$this->post_content_type = $post_content_type;
}
/**
* Return controller action name.
*
* @return string
*/
public function getAction() {
return $this->action;
}
/**
* Set controller action name.
*
* @param string $action
*/
public function setAction($action) {
$this->action = $action;
}
/**
* Return controller response object.
*
* @return CControllerResponse
*/
public function getResponse() {
return $this->response;
}
/**
* Set controller response.
*
* @param CControllerResponse $response
*/
protected function setResponse($response) {
$this->response = $response;
}
/**
* Return debug mode.
*
* @return bool
*/
protected function getDebugMode() {
return CWebUser::getDebugMode();
}
/**
* Return user type.
*
* @return int
*/
protected function getUserType() {
return CWebUser::getType();
}
/**
* Checks access of current user to specific access rule.
*
* @param string $rule_name Rule name.
*
* @return bool Returns true if user has access to rule, false - otherwise.
*/
protected function checkAccess(string $rule_name): bool {
return CWebUser::checkAccess($rule_name);
}
/**
* Disables CSRF token validation.
*/
protected function disableCsrfValidation(): void {
$this->validate_csrf_token = false;
}
/**
* @throws Exception
*
* @return array
*/
private static function getFormInput(): array {
static $input;
if ($input === null) {
$input = $_REQUEST;
if (hasRequest('formdata')) {
if (!hasRequest('data') || !is_string(getRequest('data'))
|| !hasRequest('sign') || !is_string(getRequest('sign'))) {
throw new Exception(_('Operation cannot be performed due to unauthorized request.'));
}
$data = base64_decode(getRequest('data'));
$sign = base64_decode(getRequest('sign'));
$request_sign = CEncryptHelper::sign($data);
if (CEncryptHelper::checkSign($sign, $request_sign)) {
$data = json_decode($data, true);
if ($data['messages']) {
CMessageHelper::setScheduleMessages($data['messages']);
}
$input = array_replace($input, $data['form']);
}
else {
info(_('Operation cannot be performed due to unauthorized request.'));
}
// Replace window.history to avoid resubmission warning dialog.
zbx_add_post_js("history.replaceState({}, '');");
}
}
return $input;
}
/**
* @return array
*/
private static function getJsonInput(): array {
static $input;
if ($input === null) {
$input = $_REQUEST;
$json_input = json_decode(file_get_contents('php://input'), true);
if (is_array($json_input)) {
$input += $json_input;
}
else {
info(_('JSON array input is expected.'));
}
}
return $input;
}
/**
* Validate input parameters.
*
* @param array $validation_rules
*
* @return bool
*/
protected function validateInput(array $validation_rules): bool {
if ($this->raw_input === null) {
$this->validation_result = self::VALIDATION_FATAL_ERROR;
return false;
}
$validator = new CNewValidator($this->raw_input, $validation_rules);
foreach ($validator->getAllErrors() as $error) {
info($error);
}
if ($validator->isErrorFatal()) {
$this->validation_result = self::VALIDATION_FATAL_ERROR;
}
else {
$this->input = $validator->getValidInput();
$this->validation_result = $validator->isError() ? self::VALIDATION_ERROR : self::VALIDATION_OK;
}
return $this->validation_result == self::VALIDATION_OK;
}
/**
* Validate "from" and "to" parameters for allowed period.
*
* @throws CAccessDeniedException
*
* @return bool
*/
protected function validateTimeSelectorPeriod(): bool {
if (!$this->hasInput('from') || !$this->hasInput('to')) {
return true;
}
try {
$min_period = CTimePeriodHelper::getMinPeriod();
$max_period = CTimePeriodHelper::getMaxPeriod();
}
catch (Exception $x) {
throw new CAccessDeniedException();
}
$range_time_parser = new CRangeTimeParser();
$time_period = [
'from' => $this->getInput('from'),
'to' => $this->getInput('to')
];
foreach (['from' => 'from_ts', 'to' => 'to_ts'] as $field => $field_ts) {
$range_time_parser->parse($time_period[$field]);
$time_period[$field_ts] = $range_time_parser->getDateTime($field === 'from')->getTimestamp();
}
$period = $time_period['to_ts'] - $time_period['from_ts'] + 1;
if ($period < $min_period) {
info(_n('Minimum time period to display is %1$s minute.',
'Minimum time period to display is %1$s minutes.', (int) ($min_period / SEC_PER_MIN)
));
return false;
}
elseif ($period > $max_period + 1) {
info(_n('Maximum time period to display is %1$s day.',
'Maximum time period to display is %1$s days.', (int) round($max_period / SEC_PER_DAY)
));
return false;
}
return true;
}
/**
* Return validation result.
*
* @return int
*/
protected function getValidationError() {
return $this->validation_result;
}
/**
* Check if input parameter exists.
*
* @param string $var
*
* @return bool
*/
protected function hasInput($var) {
return array_key_exists($var, $this->input);
}
/**
* Get single input parameter.
*
* @param string $var
* @param mixed $default
*
* @return mixed
*/
protected function getInput($var, $default = null) {
if ($default === null) {
return $this->input[$var];
}
else {
return array_key_exists($var, $this->input) ? $this->input[$var] : $default;
}
}
/**
* Get several input parameters.
*
* @param array $var
* @param array $names
*/
protected function getInputs(&$var, $names) {
foreach ($names as $name) {
if ($this->hasInput($name)) {
$var[$name] = $this->getInput($name);
}
}
}
/**
* Return all input parameters.
*
* @return array
*/
protected function getInputAll() {
return $this->input;
}
/**
* Check user permissions.
*
* @abstract
*
* @return bool
*/
abstract protected function checkPermissions();
/**
* Validate input parameters.
*
* @abstract
*
* @return bool
*/
abstract protected function checkInput();
/**
* Checks if CSRF token in the request is valid.
*
* @return bool
*/
private function checkCsrfToken(): bool {
if (!isRequestMethod('post') || !is_array($this->raw_input)
|| !array_key_exists(CSRF_TOKEN_NAME, $this->raw_input)) {
return false;
}
$skip = ['popup', 'massupdate'];
$csrf_token_form = $this->raw_input[CSRF_TOKEN_NAME];
if (!is_string($csrf_token_form)) {
return false;
}
if (strpos(get_class($this), 'Modules\\') === 0) {
return CCsrfTokenHelper::check($csrf_token_form, $this->action);
}
foreach (explode('.', $this->action) as $segment) {
if (!in_array($segment, $skip, true)) {
return CCsrfTokenHelper::check($csrf_token_form, $segment);
}
}
return false;
}
/**
* Execute action and generate response object.
*
* @abstract
*/
abstract protected function doAction();
private function populateRawInput(): void {
switch ($this->getPostContentType()) {
case self::POST_CONTENT_TYPE_FORM:
$this->raw_input = self::getFormInput();
break;
case self::POST_CONTENT_TYPE_JSON:
$this->raw_input = self::getJsonInput();
break;
default:
$this->raw_input = null;
}
}
/**
* Main controller processing routine. Returns response object: data, redirect or fatal redirect.
*
* @throws CAccessDeniedException
*
* @return CControllerResponse|null
*/
final public function run(): ?CControllerResponse {
if ($this->validate_csrf_token && (!CWebUser::isLoggedIn() || !$this->checkCsrfToken())) {
throw new CAccessDeniedException();
}
if ($this->checkInput()) {
if ($this->checkPermissions() !== true) {
throw new CAccessDeniedException();
}
$this->doAction();
}
return $this->getResponse();
}
}