fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-22 05:15:29 +09:00
Code Issues Projects Releases Packages Wiki Activity

Clean up of request method and argument handling

Browse source
This commit is contained in:
Kijin Sung 2018-03-13 11:06:17 +09:00
parent 4520a6a2a4
commit 39dd27762e
1 changed files with 46 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

71
classes/context/Context.class.php
View file

@ -1163,6 +1163,10 @@ class Context
{ {
self::$_instance->request_method = 'XMLRPC'; self::$_instance->request_method = 'XMLRPC';
} }
elseif(isset($_POST['_rx_ajax_compat']) && $_POST['_rx_ajax_compat'] === 'XMLRPC')
{
self::$_instance->request_method = 'XMLRPC';
}
} }
} }
@ -1171,7 +1175,7 @@ class Context
* *
* @return void * @return void
*/ */
private static function setRequestArguments() public static function setRequestArguments()
{ {
// Get the request method. // Get the request method.
$request_method = self::getRequestMethod(); $request_method = self::getRequestMethod();
@ -1180,25 +1184,28 @@ class Context
if ($request_method === 'XMLRPC') if ($request_method === 'XMLRPC')
{ {
$xml = $GLOBALS['HTTP_RAW_POST_DATA']; $xml = $GLOBALS['HTTP_RAW_POST_DATA'];
if(!Rhymix\Framework\Security::checkXEE($xml)) if($xml)
{ {
header("HTTP/1.0 400 Bad Request"); if(!Rhymix\Framework\Security::checkXEE($xml))
exit;
}
if(function_exists('libxml_disable_entity_loader'))
{
libxml_disable_entity_loader(true);
}
$oXml = new XmlParser();
$xml_obj = $oXml->parse($xml);
$params = $xml_obj->methodcall->params;
unset($params->node_name, $params->attrs, $params->body);
if(count(get_object_vars($params)))
{
foreach($params as $key => $val)
{ {
self::set($key, self::_filterXmlVars($key, $val), true); header("HTTP/1.0 400 Bad Request");
exit;
}
if(function_exists('libxml_disable_entity_loader'))
{
libxml_disable_entity_loader(true);
}
$oXml = new XmlParser();
$xml_obj = $oXml->parse($xml);
$params = $xml_obj->methodcall->params;
unset($params->node_name, $params->attrs, $params->body);
if($params && count(get_object_vars($params)))
{
foreach($params as $key => $val)
{
self::set($key, self::_filterXmlVars($key, $val), true);
}
} }
} }
} }
@ -1230,7 +1237,7 @@ class Context
{ {
$set_to_vars = true; $set_to_vars = true;
} }
elseif(($request_method == 'POST' || $request_method == 'JSON') && isset($_POST[$key])) elseif(($request_method == 'POST' || $request_method == 'XMLRPC' || $request_method == 'JSON') && isset($_POST[$key]))
{ {
$set_to_vars = true; $set_to_vars = true;
} }
@ -1251,12 +1258,6 @@ class Context
self::set($key, $val, $set_to_vars); self::set($key, $val, $set_to_vars);
} }
} }
// Pretend that this request is XMLRPC for compatibility with XE third-party.
if(isset($_POST['_rx_ajax_compat']) && $_POST['_rx_ajax_compat'] === 'XMLRPC')
{
self::$_instance->request_method = 'XMLRPC';
}
} }
/** /**
@ -1923,6 +1924,26 @@ class Context
return new stdClass; return new stdClass;
} }
/**
* Clear all values from GET/POST/XMLRPC
*
* @return void
*/
public static function clearRequestVars()
{
self::$_get_vars = new stdClass;
}
/**
* Clear all user-set values
*
* @return void
*/
public static function clearUserVars()
{
self::$_tpl_vars = new stdClass;
}
/** /**
* Register if an action is to be encrypted by SSL. Those actions are sent to https in common/js/xml_handler.js * Register if an action is to be encrypted by SSL. Those actions are sent to https in common/js/xml_handler.js
* *