Index: doc/features/4.3/ssl_plugin.txt =================================================================== --- doc/features/4.3/ssl_plugin.txt (revision 0) +++ doc/features/4.3/ssl_plugin.txt (revision 0) @@ -0,0 +1,47 @@ +SSL plugin +========== + +Allows to create a plugin for SSL handling +------------------------------------------ + +eZSSLZone is a default handler for SSL. If you need another handler you should create +a class mySSLZone in the autoloading directories of eZ Publish, where you can +overwrite the functions checkNode, checkObject, checkModuleView. + + +Changes in the site.ini + -- for the default handler +SSLZoneHandler=eZSSLZone + -- for the custom handler +SSLZoneHandler=mySSLZone + + +Example for mysslzone.php + +PathString, $redirect ); + } +} + +?> \ No newline at end of file Index: index.php =================================================================== --- index.php (revision 24398) +++ index.php (working copy) @@ -685,10 +685,20 @@ { $userParameters = false; } - - // Check if we should switch access mode (http/https) for this module view. - eZSSLZone::checkModuleView( $module->attribute( 'name' ), $function_name ); - + if ( eZSSLZone::enabled() ) + { + // Check if we should switch access mode (http/https) for this module view. + $optionArray = array( 'iniFile' => 'site.ini', + 'iniSection' => 'SSLZoneSettings', + 'iniVariable' => 'SSLZoneHandler' ); + + $options = new ezpExtensionOptions( $optionArray ); + $SSLHandler = eZExtension::getHandlerClass( $options ); + if ( $SSLHandler instanceof eZSSLZoneInterface ) + { + $SSLHandler->checkModuleView( $module->attribute( 'name' ), $function_name ); + } + } $moduleResult = $module->run( $function_name, $params, false, $userParameters ); if ( $module->exitStatus() == eZModule::STATUS_FAILED and Index: kernel/classes/ezsslzone.php =================================================================== --- kernel/classes/ezsslzone.php (revision 24398) +++ kernel/classes/ezsslzone.php (working copy) @@ -44,7 +44,7 @@ For more details pleaase see doc/feautures/3.8/ssl_zones.txt */ -class eZSSLZone +class eZSSLZone implements eZSSLZoneInterface { const DEFAULT_SSL_PORT = 443; @@ -284,50 +284,9 @@ * \static * Check whether the given node should cause access mode change. * It it should, this method does not return. - * - * \see checkNode() */ - static function checkNodeID( $module, $view, $nodeID ) - { - if ( !eZSSLZone::enabled() ) - return; - - /* If the given module/view is not in the list of 'keep mode' views, - * i.e. it cannot choose access mode itself, - * then do nothing. - */ - if ( !eZSSLZone::isKeepModeView( $module, $view ) ) - return; - - // Fetch path string for the given node. - $pathStrings = eZPersistentObject::fetchObjectList( - eZContentObjectTreeNode::definition(), // def - array( 'path_string' ), // field_filters - array( 'node_id' => $nodeID ), // conds - null, // sorts - null, // limit - false // asObject - ); - - if ( !$pathStrings ) - { - eZDebug::writeError( "Node #$nodeID not found", "eZSSLZone::checkNodeID" ); - return; - } - - eZSSLZone::checkNodePath( $module, $view, $pathStrings[0]['path_string'] ); - } - - /** - * \static - * Check whether the given node should cause access mode change. - * It it should, this method does not return. - */ static function checkNode( $module, $view, &$node, $redirect = true ) { - if ( !eZSSLZone::enabled() ) - return; - /* If the given module/view is not in the list of 'keep mode' views, * i.e. it cannot choose access mode itself, * then do nothing. @@ -335,9 +294,7 @@ if ( !$redirect && !eZSSLZone::isKeepModeView( $module, $view ) ) return; - $pathString = $node->attribute( 'path_string' ); - - return eZSSLZone::checkNodePath( $module, $view, $pathString, $redirect ); + return eZSSLZone::checkNodePath( $module, $view, $node->PathString, $redirect ); } /** @@ -347,9 +304,6 @@ */ static function checkNodePath( $module, $view, $pathString, $redirect = true ) { - if ( !eZSSLZone::enabled() ) - return; - /* If the given module/view is not in the list of 'keep mode' views, * i.e. it cannot choose access mode itself, * then do nothing. @@ -387,9 +341,6 @@ */ static function checkObject( $module, $view, $object ) { - if ( !eZSSLZone::enabled() ) - return; - /* If the given module/view is not in the list of 'keep mode' views, * i.e. it cannot choose access mode itself, * then do nothing. @@ -459,9 +410,6 @@ */ static function checkModuleView( $module, $view ) { - if ( !eZSSLZone::enabled() ) - return; - $ini = eZINI::instance(); $viewsModes = $ini->variable( 'SSLZoneSettings', 'ModuleViewAccessMode' ); Index: kernel/content/edit.php =================================================================== --- kernel/content/edit.php (revision 24398) +++ kernel/content/edit.php (working copy) @@ -48,7 +48,27 @@ } // Check if we should switch access mode (http/https) for this object. -eZSSLZone::checkObject( 'content', 'edit', $obj ); +if (eZSSLZone::enabled()) +{ + if ($obj instanceof eZContentObject) + { + // Check if we should switch access mode (http/https) for this module view. + $optionArray = array( 'iniFile' => 'site.ini', + 'iniSection' => 'SSLZoneSettings', + 'iniVariable' => 'SSLZoneHandler' ); + + $options = new ezpExtensionOptions( $optionArray ); + $SSLHandler = eZExtension::getHandlerClass( $options ); + if ( $SSLHandler instanceof eZSSLZoneInterface ) + { + $SSLHandler->checkObject( 'content', 'edit', $obj ); + } + } + else + { + eZDebug::writeError( "Object #$ObjectID not found", "content/edit" ); + } +} // This controls if the final access check is done. // Some code will turn it off since they do the checking themselves. Index: kernel/content/urlalias.php =================================================================== --- kernel/content/urlalias.php (revision 24398) +++ kernel/content/urlalias.php (working copy) @@ -36,17 +36,32 @@ $Offset = $Params['Offset']; $viewParameters = array( 'offset' => $Offset ); -eZSSLZone::checkNodeID( 'content', 'urlalias', $NodeID ); - -$tpl = templateInit(); -$limit = 20; - $node = eZContentObjectTreeNode::fetch( $NodeID ); if ( !$node ) { return $Module->handleError( eZError::KERNEL_NOT_AVAILABLE, 'kernel' ); } +if ( eZSSLZone::enabled() ) +{ + // Check if we should switch access mode (http/https) for this module view. + $optionArray = array( 'iniFile' => 'site.ini', + 'iniSection' => 'SSLZoneSettings', + 'iniVariable' => 'SSLZoneHandler' ); + + $options = new ezpExtensionOptions( $optionArray ); + $SSLHandler = eZExtension::getHandlerClass( $options ); + if ( $SSLHandler instanceof eZSSLZoneInterface ) + { + $SSLHandler->checkNode( 'content', 'urlalias', $node ); + } +} + +$tpl = templateInit(); +$limit = 20; + + + $infoCode = 'no-errors'; // This will be modified if info/warning is given to user. $infoData = array(); // Extra parameters can be added to this array $aliasText = false; Index: kernel/content/view.php =================================================================== --- kernel/content/view.php (revision 24398) +++ kernel/content/view.php (working copy) @@ -42,7 +42,29 @@ $Day = $Params['Day']; // Check if we should switch access mode (http/https) for this node. -eZSSLZone::checkNodeID( 'content', 'view', $NodeID ); +if (eZSSLZone::enabled()) +{ + $node = eZContentObjectTreeNode::fetch($NodeID); + + if ($node instanceof eZContentObjectTreeNode) + { + // Check if we should switch access mode (http/https) for this module view. + $optionArray = array( 'iniFile' => 'site.ini', + 'iniSection' => 'SSLZoneSettings', + 'iniVariable' => 'SSLZoneHandler' ); + + $options = new ezpExtensionOptions( $optionArray ); + $SSLHandler = eZExtension::getHandlerClass( $options ); + if ( $SSLHandler instanceof eZSSLZoneInterface ) + { + $SSLHandler->checkNode( 'content', 'view', $node ); + } + } + else + { + eZDebug::writeError( "Node #$NodeID not found", "content/view" ); + } +} if ( isset( $Params['UserParameters'] ) ) { Index: kernel/private/interfaces/ezsslzoneinterface.php =================================================================== --- kernel/private/interfaces/ezsslzoneinterface.php (revision 0) +++ kernel/private/interfaces/ezsslzoneinterface.php (revision 0) @@ -0,0 +1,13 @@ + \ No newline at end of file Index: settings/site.ini =================================================================== --- settings/site.ini (revision 24398) +++ settings/site.ini (working copy) @@ -1221,6 +1221,8 @@ [SSLZoneSettings] # Enable/disable the SSL zones functionality. SSLZones=disabled +# Defines the handler class name of the SSL Zone +SSLZoneHandler=eZSSLZone # Content subtrees we must use SSL for. # (currently, only content/view and content/edit respect this setting) #