Search moodle.org's
Developer Documentation
Developer Documentation
See Release Notes
Long Term Support Release
- Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
- Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
- PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
/lib/phpxmlrpc/ -> Encoder.php (source)
<?php namespace PhpXmlRpc;< use PhpXmlRpc\Helper\Logger;use PhpXmlRpc\Helper\XMLParser;> use PhpXmlRpc\Traits\LoggerAware; > use PhpXmlRpc\Traits\ParserAware;/**< * A helper class to easily convert between Value objects and php native values> * A helper class to easily convert between Value objects and php native values. > ** @todo implement an interface * @todo add class constants for the options values */ class Encoder {< protected static $logger; < protected static $parser; < < public function getLogger() < { < if (self::$logger === null) { < self::$logger = Logger::instance(); < } < return self::$logger; < } < < public static function setLogger($logger) < { < self::$logger = $logger; < } < < public function getParser() < { < if (self::$parser === null) { < self::$parser = new XMLParser(); < } < return self::$parser; < } < < public static function setParser($parser) < { < self::$parser = $parser; < }> use LoggerAware; > use ParserAware;/**< * Takes an xmlrpc value in object format and translates it into native PHP types. < * < * Works with xmlrpc requests objects as input, too. < *> * Takes an xml-rpc Value in object instance and translates it into native PHP types, recursively. > * Works with xml-rpc Request objects as input, too. > * Xmlrpc dateTime values will be converted to strings or DateTime objects depending on an $options parameter > * Supports i8 and NIL xml-rpc values without the need for specific options. > * Both xml-rpc arrays and structs are decoded into PHP arrays, with the exception described below:* Given proper options parameter, can rebuild generic php object instances (provided those have been encoded to< * xmlrpc format using a corresponding option in php_xmlrpc_encode())> * xml-rpc format using a corresponding option in php_xmlrpc_encode()).* PLEASE NOTE that rebuilding php objects involves calling their constructor function. * This means that the remote communication end can decide which php code will get executed on your server, leaving * the door possibly open to 'php-injection' style of attacks (provided you have some classes defined on your server * that might wreak havoc if instances are built outside an appropriate context). * Make sure you trust the remote server/client before enabling this! *< * @author Dan Libby (dan@libby.com)> * @author Dan Libby* * @param Value|Request $xmlrpcVal< * @param array $options if 'decode_php_objs' is set in the options array, xmlrpc structs can be decoded into php < * objects; if 'dates_as_objects' is set xmlrpc datetimes are decoded as php DateTime objects < *> * @param array $options accepted elements: > * - 'decode_php_objs': if set in the options array, xml-rpc structs can be decoded into php > * objects, see the details above; > * - 'dates_as_objects': when set xml-rpc dateTimes are decoded as php DateTime objects > * - 'extension_api': reserved for usage by phpxmlrpc-polyfill* @return mixed> * */ > * Feature creep -- add an option to allow converting xml-rpc dateTime values to unix timestamps (integers)public function decode($xmlrpcVal, $options = array()) { switch ($xmlrpcVal->kindOf()) { case 'scalar': if (in_array('extension_api', $options)) {< $val = reset($xmlrpcVal->me); < $typ = key($xmlrpcVal->me);> $val = $xmlrpcVal->scalarVal(); > $typ = $xmlrpcVal->scalarTyp();switch ($typ) { case 'dateTime.iso8601': $xmlrpcVal = array( 'xmlrpc_type' => 'datetime', 'scalar' => $val, 'timestamp' => \PhpXmlRpc\Helper\Date::iso8601Decode($val) ); return (object)$xmlrpcVal; case 'base64': $xmlrpcVal = array( 'xmlrpc_type' => 'base64', 'scalar' => $val ); return (object)$xmlrpcVal; case 'string': if (isset($options['extension_api_encoding'])) {> // if iconv is not available, we use mb_convert_encoding $dval = @iconv('UTF-8', $options['extension_api_encoding'], $val); > if (function_exists('iconv')) {if ($dval !== false) {> } elseif (function_exists('mb_convert_encoding')) { return $dval; > /// @todo check for discrepancies between the supported charset names } > $dval = @mb_convert_encoding($val, $options['extension_api_encoding'], 'UTF-8'); } > } else { //return $val; > $dval = false; // break through voluntarily > }< //return $val;return $val; } }< if (in_array('dates_as_objects', $options) && $xmlrpcVal->scalartyp() == 'dateTime.iso8601') { < // we return a Datetime object instead of a string since now the constructor of xmlrpc value accepts < // safely strings, ints and datetimes, we cater to all 3 cases here < $out = $xmlrpcVal->scalarval();> if (in_array('dates_as_objects', $options) && $xmlrpcVal->scalarTyp() == 'dateTime.iso8601') { > // we return a Datetime object instead of a string; since now the constructor of xml-rpc value accepts > // safely string, int and DateTimeInterface, we cater to all 3 cases here > $out = $xmlrpcVal->scalarVal();if (is_string($out)) { $out = strtotime($out);> // NB: if the string does not convert into a timestamp, this will return false. } > // We avoid logging an error here, as we presume it was already done when parsing the xml if (is_int($out)) { > /// @todo we could return null, to be more in line with what the XMLParser does...$result = new \DateTime(); $result->setTimestamp($out); return $result;< } elseif (is_a($out, 'DateTimeInterface')) {> } elseif (is_a($out, 'DateTimeInterface') || is_a($out, 'DateTime')) {return $out; } }< return $xmlrpcVal->scalarval();> return $xmlrpcVal->scalarVal();case 'array': $arr = array(); foreach($xmlrpcVal as $value) { $arr[] = $this->decode($value, $options); } return $arr; case 'struct': // If user said so, try to rebuild php objects for specific struct vals. /// @todo should we raise a warning for class not found?< // shall we check for proper subclass of xmlrpc value instead of presence of _php_class to detect> // shall we check for proper subclass of xml-rpc value instead of presence of _php_class to detect// what we can do? if (in_array('decode_php_objs', $options) && $xmlrpcVal->_php_class != '' && class_exists($xmlrpcVal->_php_class) ) { $obj = @new $xmlrpcVal->_php_class(); foreach ($xmlrpcVal as $key => $value) { $obj->$key = $this->decode($value, $options); } return $obj; } else { $arr = array(); foreach ($xmlrpcVal as $key => $value) { $arr[$key] = $this->decode($value, $options); } return $arr; } case 'msg': $paramCount = $xmlrpcVal->getNumParams(); $arr = array(); for ($i = 0; $i < $paramCount; $i++) { $arr[] = $this->decode($xmlrpcVal->getParam($i), $options); } return $arr; /// @todo throw on unsupported type } } /**< * Takes native php types and encodes them into xmlrpc PHP object format. < * It will not re-encode xmlrpc value objects. < * < * Feature creep -- could support more types via optional type argument < * (string => datetime support has been added, ??? => base64 not yet) < * < * If given a proper options parameter, php object instances will be encoded into 'special' xmlrpc values, that can < * later be decoded into php objects by calling php_xmlrpc_decode() with a corresponding option < * < * @author Dan Libby (dan@libby.com) < * < * @param mixed $phpVal the value to be converted into an xmlrpc value object < * @param array $options can include 'encode_php_objs', 'auto_dates', 'null_extension' or 'extension_api' < *> * Takes native php types and encodes them into xml-rpc Value objects, recursively. > * PHP strings, integers, floats and booleans have a straightforward encoding - note that integers will _not_ be > * converted to xml-rpc <i8> elements, even if they exceed the 32-bit range. > * PHP arrays will be encoded to either xml-rpc structs or arrays, depending on whether they are hashes > * or plain 0..N integer indexed. > * PHP objects will be encoded into xml-rpc structs, except if they implement DateTimeInterface, in which case they > * will be encoded as dateTime values. > * PhpXmlRpc\Value objects will not be double-encoded - which makes it possible to pass in a pre-created base64 Value > * as part of a php array. > * If given a proper $options parameter, php object instances will be encoded into 'special' xml-rpc values, that can > * later be decoded into php object instances by calling php_xmlrpc_decode() with a corresponding option. > * PHP resource and NULL variables will be converted into uninitialized Value objects (which will lead to invalid > * xml-rpc when later serialized); to support encoding of the latter use the appropriate $options parameter. > * > * @author Dan Libby > * > * @param mixed $phpVal the value to be converted into an xml-rpc value object > * @param array $options can include: > * - 'encode_php_objs' when set, some out-of-band info will be added to the xml produced by > * serializing the built Value, which can later be decoced by this library to rebuild an > * instance of the same php object > * - 'auto_dates': when set, any string which respects the xml-rpc datetime format will be converted to a dateTime Value > * - 'null_extension': when set, php NULL values will be converted to an xml-rpc <NIL> (or <EX:NIL>) Value > * - 'extension_api': reserved for usage by phpxmlrpc-polyfill* @return Value> * */ > * Feature creep -- could support more types via optional type argument (string => datetime support has been added, public function encode($phpVal, $options = array()) > * ??? => base64 not yet). Also: allow auto-encoding of integers to i8 when too-big to fit into i4{ $type = gettype($phpVal); switch ($type) { case 'string':< /// @todo should we be stricter in the accepted dates (ie. reject more of invalid days & times)? < if (in_array('auto_dates', $options) && preg_match('/^[0-9]{8}T[0-9]{2}:[0-9]{2}:[0-9]{2}$/', $phpVal)) {> if (in_array('auto_dates', $options) && preg_match(PhpXmlRpc::$xmlrpc_datetime_format, $phpVal)) {$xmlrpcVal = new Value($phpVal, Value::$xmlrpcDateTime); } else { $xmlrpcVal = new Value($phpVal, Value::$xmlrpcString); } break; case 'integer': $xmlrpcVal = new Value($phpVal, Value::$xmlrpcInt); break; case 'double': $xmlrpcVal = new Value($phpVal, Value::$xmlrpcDouble); break;< // Add support for encoding/decoding of booleans, since they are supported in PHPcase 'boolean': $xmlrpcVal = new Value($phpVal, Value::$xmlrpcBoolean); break; case 'array':< // PHP arrays can be encoded to either xmlrpc structs or arrays, depending on whether they are hashes < // or plain 0..n integer indexed// A shorter one-liner would be // $tmp = array_diff(array_keys($phpVal), range(0, count($phpVal)-1)); // but execution time skyrockets! $j = 0; $arr = array(); $ko = false; foreach ($phpVal as $key => $val) { $arr[$key] = $this->encode($val, $options); if (!$ko && $key !== $j) { $ko = true; } $j++; } if ($ko) { $xmlrpcVal = new Value($arr, Value::$xmlrpcStruct); } else { $xmlrpcVal = new Value($arr, Value::$xmlrpcArray); } break; case 'object': if (is_a($phpVal, 'PhpXmlRpc\Value')) { $xmlrpcVal = $phpVal;< } elseif (is_a($phpVal, 'DateTimeInterface')) {> // DateTimeInterface is not present in php 5.4... > } elseif (is_a($phpVal, 'DateTimeInterface') || is_a($phpVal, 'DateTime')) {$xmlrpcVal = new Value($phpVal->format('Ymd\TH:i:s'), Value::$xmlrpcDateTime); } elseif (in_array('extension_api', $options) && $phpVal instanceof \stdClass && isset($phpVal->xmlrpc_type)) { // Handle the 'pre-converted' base64 and datetime values if (isset($phpVal->scalar)) { switch ($phpVal->xmlrpc_type) { case 'base64': $xmlrpcVal = new Value($phpVal->scalar, Value::$xmlrpcBase64); break; case 'datetime': $xmlrpcVal = new Value($phpVal->scalar, Value::$xmlrpcDateTime); break; default: $xmlrpcVal = new Value(); } } else { $xmlrpcVal = new Value(); } } else { $arr = array(); foreach($phpVal as $k => $v) { $arr[$k] = $this->encode($v, $options); } $xmlrpcVal = new Value($arr, Value::$xmlrpcStruct); if (in_array('encode_php_objs', $options)) {< // let's save original class name into xmlrpc value: < // might be useful later on...> // let's save original class name into xml-rpc value: it might be useful later on...$xmlrpcVal->_php_class = get_class($phpVal); } } break; case 'NULL': if (in_array('extension_api', $options)) { $xmlrpcVal = new Value('', Value::$xmlrpcString); } elseif (in_array('null_extension', $options)) { $xmlrpcVal = new Value('', Value::$xmlrpcNull); } else { $xmlrpcVal = new Value(); } break; case 'resource': if (in_array('extension_api', $options)) { $xmlrpcVal = new Value((int)$phpVal, Value::$xmlrpcInt); } else { $xmlrpcVal = new Value(); } break; // catch "user function", "unknown type" default:< // giancarlo pinerolo <ping@alt.it> < // it has to return an empty object in case, not a boolean.> // it has to return an empty object in case, not a boolean. (giancarlo pinerolo)$xmlrpcVal = new Value(); break; } return $xmlrpcVal; } /** * Convert the xml representation of a method response, method request or single< * xmlrpc value into the appropriate object (a.k.a. deserialize). < * < * @todo is this a good name/class for this method? It does something quite different from 'decode' after all < * (returning objects vs returns plain php values)... In fact it belongs rather to a Parser class> * xml-rpc value into the appropriate object (a.k.a. deserialize).* * @param string $xmlVal< * @param array $options < *> * @param array $options unused atm* @return Value|Request|Response|false false on error, or an instance of either Value, Request or Response> * */ > * @todo is this a good name/class for this method? It does something quite different from 'decode' after all public function decodeXml($xmlVal, $options = array()) > * (returning objects vs returns plain php values)... In fact, it belongs rather to a Parser class { > * @todo feature creep -- we should allow an option to return php native types instead of PhpXmlRpc objects instances // 'guestimate' encoding > * @todo feature creep -- allow source charset to be passed in as an option, in case the xml misses its declaration $valEncoding = XMLParser::guessEncoding('', $xmlVal); > * @todo feature creep -- allow expected type (val/req/resp) to be passed in as an optionif ($valEncoding != '') { // Since parsing will fail if< // - charset is not specified in the xml prologue,> // - charset is not specified in the xml declaration,// - the encoding is not UTF8 and // - there are non-ascii chars in the text, // we try to work round that... // The following code might be better for mb_string enabled installs, but makes the lib about 200% slower... //if (!is_valid_charset($valEncoding, array('UTF-8')) if (!in_array($valEncoding, array('UTF-8', 'US-ASCII')) && !XMLParser::hasEncoding($xmlVal)) {> if (function_exists('mb_convert_encoding')) { if ($valEncoding == 'ISO-8859-1') { > $xmlVal = mb_convert_encoding($xmlVal, 'UTF-8', $valEncoding); $xmlVal = utf8_encode($xmlVal); > } else {} else {< if (extension_loaded('mbstring')) { < $xmlVal = mb_convert_encoding($xmlVal, 'UTF-8', $valEncoding); < } else { < $this->getLogger()->errorLog('XML-RPC: ' . __METHOD__ . ': invalid charset encoding of xml text: ' . $valEncoding);> $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': invalid charset encoding of xml text: ' . $valEncoding);} } } }< // What if internal encoding is not in one of the 3 allowed? We use the broadest one, ie. utf8! < if (!in_array(PhpXmlRpc::$xmlrpc_internalencoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) { < /// @todo emit a warning < $parserOptions = array(XML_OPTION_TARGET_ENCODING => 'UTF-8'); < } else {> // What if internal encoding is not in one of the 3 allowed? We use the broadest one, i.e. utf8! > /// @todo with php < 5.6, this does not work. We should add a manual conversion of the xml string to UTF8 > if (in_array(PhpXmlRpc::$xmlrpc_internalencoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) {$parserOptions = array(XML_OPTION_TARGET_ENCODING => PhpXmlRpc::$xmlrpc_internalencoding);> } else { } > $parserOptions = array(XML_OPTION_TARGET_ENCODING => 'UTF-8', 'target_charset' => PhpXmlRpc::$xmlrpc_internalencoding);$xmlRpcParser = $this->getParser();< $xmlRpcParser->parse(> $_xh = $xmlRpcParser->parse($xmlVal, XMLParser::RETURN_XMLRPCVALS, XMLParser::ACCEPT_REQUEST | XMLParser::ACCEPT_RESPONSE | XMLParser::ACCEPT_VALUE | XMLParser::ACCEPT_FAULT, $parserOptions );> // BC > if (!is_array($_xh)) { if ($xmlRpcParser->_xh['isf'] > 1) { > $_xh = $xmlRpcParser->_xh; // test that $xmlrpc->_xh['value'] is an obj, too??? > }< if ($xmlRpcParser->_xh['isf'] > 1) { < // test that $xmlrpc->_xh['value'] is an obj, too???> if ($_xh['isf'] > 1) { > // test that $_xh['value'] is an obj, too???< $this->getLogger()->errorLog($xmlRpcParser->_xh['isf_reason']);> $this->getLogger()->error('XML-RPC: ' . $_xh['isf_reason']);return false; }< switch ($xmlRpcParser->_xh['rt']) {> switch ($_xh['rt']) {case 'methodresponse':< $v = $xmlRpcParser->_xh['value']; < if ($xmlRpcParser->_xh['isf'] == 1) {> $v = $_xh['value']; > if ($_xh['isf'] == 1) {/** @var Value $vc */ $vc = $v['faultCode']; /** @var Value $vs */ $vs = $v['faultString'];< $r = new Response(0, $vc->scalarval(), $vs->scalarval());> $r = new Response(0, $vc->scalarVal(), $vs->scalarVal());} else { $r = new Response($v); } return $r; case 'methodcall':< $req = new Request($xmlRpcParser->_xh['method']); < for ($i = 0; $i < count($xmlRpcParser->_xh['params']); $i++) { < $req->addParam($xmlRpcParser->_xh['params'][$i]);> $req = new Request($_xh['method']); > for ($i = 0; $i < count($_xh['params']); $i++) { > $req->addParam($_xh['params'][$i]);} return $req; case 'value':< return $xmlRpcParser->_xh['value'];> return $_xh['value'];case 'fault': // EPI api emulation< $v = $xmlRpcParser->_xh['value'];> $v = $_xh['value'];// use a known error code /** @var Value $vc */< $vc = isset($v['faultCode']) ? $v['faultCode']->scalarval() : PhpXmlRpc::$xmlrpcerr['invalid_return'];> $vc = isset($v['faultCode']) ? $v['faultCode']->scalarVal() : PhpXmlRpc::$xmlrpcerr['invalid_return'];/** @var Value $vs */< $vs = isset($v['faultString']) ? $v['faultString']->scalarval() : '';> $vs = isset($v['faultString']) ? $v['faultString']->scalarVal() : '';if (!is_int($vc) || $vc == 0) { $vc = PhpXmlRpc::$xmlrpcerr['invalid_return']; } return new Response(0, $vc, $vs);>default: return false; } } }
