2026-04-01 14:12:17 +00:00
|
|
|
<?php
|
|
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
|
|
|
|
namespace Core\Views;
|
|
|
|
|
|
|
|
|
|
use Core\Services\Csrf;
|
|
|
|
|
|
|
|
|
|
class View
|
|
|
|
|
{
|
|
|
|
|
private string $basePath;
|
|
|
|
|
|
|
|
|
|
public function __construct(string $basePath = '')
|
|
|
|
|
{
|
|
|
|
|
$this->basePath = $basePath !== '' ? rtrim($basePath, '/') : __DIR__ . '/../../views';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function render(string $template, array $vars = []): string
|
|
|
|
|
{
|
|
|
|
|
$path = $this->basePath !== '' ? $this->basePath . '/' . ltrim($template, '/') : $template;
|
|
|
|
|
if (!is_file($path)) {
|
|
|
|
|
error_log('AC View missing: ' . $path);
|
|
|
|
|
return '';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($vars) {
|
|
|
|
|
extract($vars, EXTR_SKIP);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ob_start();
|
|
|
|
|
require $path;
|
|
|
|
|
$html = ob_get_clean() ?: '';
|
|
|
|
|
return $this->injectCsrfTokens($html);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function injectCsrfTokens(string $html): string
|
|
|
|
|
{
|
|
|
|
|
if ($html === '' || stripos($html, '<form') === false) {
|
|
|
|
|
return $html;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$tokenField = '<input type="hidden" name="csrf_token" value="' . htmlspecialchars(Csrf::token(), ENT_QUOTES, 'UTF-8') . '">';
|
|
|
|
|
|
|
|
|
|
return (string)preg_replace_callback(
|
|
|
|
|
'~<form\b[^>]*>~i',
|
|
|
|
|
static function (array $matches) use ($tokenField): string {
|
|
|
|
|
$tag = $matches[0];
|
|
|
|
|
if (!preg_match('~\bmethod\s*=\s*([\"\']?)post\1~i', $tag)) {
|
|
|
|
|
return $tag;
|
|
|
|
|
}
|
|
|
|
|
return $tag . $tokenField;
|
|
|
|
|
},
|
|
|
|
|
$html
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
