fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 18:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Clean up of request method and argument handling

Browse source
This commit is contained in:
Kijin Sung 2018-03-13 11:06:17 +09:00
parent 4520a6a2a4
commit 39dd27762e
1 changed files with 46 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

71
classes/context/Context.class.php
View file

@ -1163,6 +1163,10 @@ class Context
{
self::$_instance->request_method = 'XMLRPC';
}
elseif(isset($_POST['_rx_ajax_compat']) && $_POST['_rx_ajax_compat'] === 'XMLRPC')
{
self::$_instance->request_method = 'XMLRPC';
}
}
}
@ -1171,7 +1175,7 @@ class Context
*
* @return void
*/
private static function setRequestArguments()
public static function setRequestArguments()
{
// Get the request method.
$request_method = self::getRequestMethod();
@ -1180,25 +1184,28 @@ class Context
if ($request_method === 'XMLRPC')
{
$xml = $GLOBALS['HTTP_RAW_POST_DATA'];
if(!Rhymix\Framework\Security::checkXEE($xml))
if($xml)
{
header("HTTP/1.0 400 Bad Request");
exit;
}
if(function_exists('libxml_disable_entity_loader'))
{
libxml_disable_entity_loader(true);
}
$oXml = new XmlParser();
$xml_obj = $oXml->parse($xml);
$params = $xml_obj->methodcall->params;
unset($params->node_name, $params->attrs, $params->body);
if(count(get_object_vars($params)))
{
foreach($params as $key => $val)
if(!Rhymix\Framework\Security::checkXEE($xml))
{
self::set($key, self::_filterXmlVars($key, $val), true);
header("HTTP/1.0 400 Bad Request");
exit;
}
if(function_exists('libxml_disable_entity_loader'))
{
libxml_disable_entity_loader(true);
}
$oXml = new XmlParser();
$xml_obj = $oXml->parse($xml);
$params = $xml_obj->methodcall->params;
unset($params->node_name, $params->attrs, $params->body);
if($params && count(get_object_vars($params)))
{
foreach($params as $key => $val)
{
self::set($key, self::_filterXmlVars($key, $val), true);
}
}
}
}
@ -1230,7 +1237,7 @@ class Context
{
$set_to_vars = true;
}
elseif(($request_method == 'POST' || $request_method == 'JSON') && isset($_POST[$key]))
elseif(($request_method == 'POST' || $request_method == 'XMLRPC' || $request_method == 'JSON') && isset($_POST[$key]))
{
$set_to_vars = true;
}
@ -1251,12 +1258,6 @@ class Context
self::set($key, $val, $set_to_vars);
}
}
// Pretend that this request is XMLRPC for compatibility with XE third-party.
if(isset($_POST['_rx_ajax_compat']) && $_POST['_rx_ajax_compat'] === 'XMLRPC')
{
self::$_instance->request_method = 'XMLRPC';
}
}
/**
@ -1923,6 +1924,26 @@ class Context
return new stdClass;
}
/**
* Clear all values from GET/POST/XMLRPC
*
* @return void
*/
public static function clearRequestVars()
{
self::$_get_vars = new stdClass;
}
/**
* Clear all user-set values
*
* @return void
*/
public static function clearUserVars()
{
self::$_tpl_vars = new stdClass;
}
/**
* Register if an action is to be encrypted by SSL. Those actions are sent to https in common/js/xml_handler.js
*