commit 6fadcab27db6f635999b0ed7f904923544a6e080
parent ba34dca293dfb1f1a5df0a323a4a23fac3f0fb15
Author: Jan Dankert <develop@jandankert.de>
Date: Fri, 26 Feb 2021 00:04:49 +0100
New: Request may contain JSON,XML in POST data. This is good for API clients.
Diffstat:
9 files changed, 64 insertions(+), 34 deletions(-)
diff --git a/modules/cms/Dispatcher.class.php b/modules/cms/Dispatcher.class.php
@@ -405,7 +405,7 @@ class Dispatcher
$possibleDbIds = [];
if ( $this->request->hasRequestVar('dbid') )
- $possibleDbIds[] = $this->request->getRequestVar('dbid',RequestParams::FILTER_ALPHANUM);
+ $possibleDbIds[] = $this->request->getRequestAlphanum('dbid' );
if ( Session::getDatabaseId() )
$possibleDbIds[] = Session::getDatabaseId();
@@ -574,7 +574,6 @@ class Dispatcher
$date = explode(" ",$micro_date);
$filename = $dir.'/'.$auditConfig->get('prefix','audit' ).'-'.date('c',$date[1]).'-'.$date[0].'.json';
- $json = new JSON();
$user = Session::getUser();
$data = array(
@@ -592,7 +591,7 @@ class Dispatcher
);
// Write the file.
- if ( file_put_contents( $filename, $json->encode($data) ) === FALSE )
+ if ( file_put_contents( $filename, JSON::encode($data) ) === FALSE )
Logger::warn('Could not write audit log to file: '.$filename);
else
Logger::debug('Audit logfile: '.$filename);
diff --git a/modules/cms/action/RequestParams.class.php b/modules/cms/action/RequestParams.class.php
@@ -3,7 +3,9 @@
namespace cms\action;
use util\exception\ValidationException;
+use util\json\JSON;
use util\Text;
+use util\XML;
class RequestParams
@@ -35,6 +37,8 @@ class RequestParams
public $isAction;
+ private $parameter;
+
/**
* @var bool
*/
@@ -45,17 +49,48 @@ class RequestParams
*/
public function __construct()
{
- $this->id = @$_REQUEST[self::PARAM_ID ];
- $this->action = @$_REQUEST[self::PARAM_ACTION ];
- $this->method = @$_REQUEST[self::PARAM_SUBACTION];
+ $headers = array_change_key_case(getallheaders(), CASE_LOWER);
// Is this a POST request?
$this->isAction = @$_SERVER['REQUEST_METHOD'] == 'POST';
+
+ $contenttype = trim(explode( ';',@$headers['content-type'])[0]);
+
+ if ( !$this->isAction )
+ $this->parameter = &$_GET;
+ else
+ switch( $contenttype ) {
+ case 'application/x-www-form-urlencoded': // the most used form url encoding
+ case 'multipart/form-data': // Multipart-Formdata for File uploads
+ case '':
+ $this->parameter = &$_POST; // Using builtin POST data parsing
+ break;
+
+ case 'text/json':
+ case 'application/json':
+ // parsing the JSON data
+ $this->parameter = JSON::decode(file_get_contents("php://input"));
+ break;
+
+ case 'text/xml':
+ case 'application/xml':
+ $this->parameter = (array)simplexml_load_string(file_get_contents("php://input"));
+ break;
+
+ default:
+ // Unknown content type
+ throw new \LogicException('HTTP-POST with unknown content type: ' . $contenttype);
+ }
+
+ $this->id = $this->getRequestId();
+ $this->action = $this->getRequestAlphanum(self::PARAM_ACTION );
+ $this->method = $this->getRequestAlphanum(self::PARAM_SUBACTION);
}
public function getRequiredRequestVar( $varName, $transcode ) {
+
$value = $this->getRequestVar($varName,$transcode);
if ( empty( $value ) )
@@ -85,22 +120,17 @@ class RequestParams
*/
public function getRequestVar($varName, $transcode = self::FILTER_TEXT)
{
- if($varName == self::PARAM_ID)
- return $this->id;
-
- if($varName == self::PARAM_ACTION)
- return $this->action;
-
- if($varName == self::PARAM_SUBACTION)
- return $this->method;
-
- if (!isset($_REQUEST[$varName]))
+ if (!isset($this->parameter[$varName]))
return '';
- return $this->cleanText( $_REQUEST[$varName], $transcode );
+ return $this->cleanText( $this->parameter[$varName], $transcode );
}
+ public function getRequestAlphanum( $varName ) {
+ return $this->getRequestVar( $varName,self::FILTER_ALPHANUM );
+ }
+
public function cleanText( $value, $transcode )
{
switch ($transcode) {
@@ -151,7 +181,7 @@ class RequestParams
*/
public function hasRequestVar($varName)
{
- return (isset($_REQUEST[$varName]) && (!empty($_REQUEST[$varName]) || $_REQUEST[$varName] == '0'));
+ return (isset($this->parameter[$varName]) && (!empty($this->parameter[$varName]) || $this->parameter[$varName] == '0'));
}
diff --git a/modules/cms/api/API.class.php b/modules/cms/api/API.class.php
@@ -28,6 +28,7 @@ class API
const OUTPUT_XML = 4;
const OUTPUT_YAML = 5;
const OUTPUT_HTML = 6;
+ const OUTPUT_PLAIN = 7;
/**
@@ -91,7 +92,12 @@ class API
$output = print_r($data, true);
break;
- case self::OUTPUT_PHPSERIALIZE:
+ case self::OUTPUT_PLAIN:
+ header('Content-Type: text/plain; charset=UTF-8');
+ $output = print_r($data, true);
+ break;
+
+ case self::OUTPUT_PHPSERIALIZE:
header('Content-Type: application/php-serialized; charset=UTF-8');
$output = serialize($data);
break;
@@ -111,8 +117,7 @@ class API
else
{
// Fallback, falls json_encode() nicht existiert...
- $json = new JSON();
- $output = $json->encode($data);
+ $output = JSON::encode($data);
}
break;
@@ -194,7 +199,7 @@ class API
if (in_array('text/html', $types))
return self::OUTPUT_HTML; // normally an ordinary browser.
- return self::OUTPUT_YAML; // Fallback
+ return self::OUTPUT_PLAIN; // Fallback
}
/**
diff --git a/modules/cms/macros/macro/SearchIndex.class.php b/modules/cms/macros/macro/SearchIndex.class.php
@@ -78,8 +78,7 @@ class SearchIndex extends Macro
}
// Output search index as JSON
- $json = new JSON();
- echo $json->encode( $searchIndex );
+ echo JSON::encode( $searchIndex );
}
diff --git a/modules/cms/ui/action/index/IndexManifestAction.class.php b/modules/cms/ui/action/index/IndexManifestAction.class.php
@@ -62,8 +62,7 @@ class IndexManifestAction extends IndexAction implements Method {
);
header("Content-Type: application/manifest+json");
- $json = new JSON();
- $this->setTemplateVar( 'manifest',$json->encode($value) );
+ $this->setTemplateVar( 'manifest',JSON::encode($value) );
}
diff --git a/modules/logger/Logger.class.php b/modules/logger/Logger.class.php
@@ -181,8 +181,7 @@ class Logger
break;
case self::OUTPUT_JSON:
- $json = new JSON();
- $text = $json->encode( $values );
+ $text = JSON::encode( $values );
$text = str_replace("\n", "", $text);
break;
}
diff --git a/modules/template_engine/components/html/component_link/LinkComponent.class.php b/modules/template_engine/components/html/component_link/LinkComponent.class.php
@@ -117,14 +117,13 @@ class LinkComponent extends Component
else
$link->addAttribute('data-id','');
- $json = new JSON();
$arrayvalues = array();
foreach( $this->getExtraParamArray() as $varname => $varvalue ) {
$link->addAttribute('data-extra-'.$varname,$varvalue);
$arrayvalues[ $varname ] = $varvalue;
}
- $link->addAttribute('data-extra',str_replace('"',"'",str_replace(array("\t", "\r", "\n"),'',$json->encode($arrayvalues))));
+ $link->addAttribute('data-extra',str_replace('"',"'",str_replace(array("\t", "\r", "\n"),'',JSON::encode($arrayvalues))));
switch ($this->type)
{
@@ -144,7 +143,7 @@ class LinkComponent extends Component
$data['none'] = '0';
- $link->addAttribute('data-data',str_replace(array("\t", "\r", "\n"),'',$json->encode($data)));
+ $link->addAttribute('data-data',str_replace(array("\t", "\r", "\n"),'',JSON::encode($data)));
break;
case 'html':
diff --git a/modules/util/JSON.class.php b/modules/util/JSON.class.php
@@ -134,7 +134,7 @@ class JSON
* bubble up with an error, so all return values
* from encode() should be checked with isError()
*/
- function Services_JSON()
+ function __construct()
{
$this->use = SERVICES_JSON_LOOSE_TYPE;
}
diff --git a/modules/util/json/JSON.class.php b/modules/util/json/JSON.class.php
@@ -10,11 +10,11 @@ require(__DIR__.'/../JSON.class.php');
*/
class JSON
{
- public function encode($var) {
+ public static function encode($var) {
$json = new \JSON();
return $json->encode($var);
}
- public function decode($var) {
+ public static function decode($var) {
$json = new \JSON();
return $json->decode($var);
}