Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.

Differences Between: [Versions 401 and 403]

   1  <?php
   2  
   3  namespace PhpXmlRpc;
   4  
   5  use PhpXmlRpc\Helper\XMLParser;
   6  use PhpXmlRpc\Traits\LoggerAware;
   7  use PhpXmlRpc\Traits\ParserAware;
   8  
   9  /**
  10   * A helper class to easily convert between Value objects and php native values.
  11   *
  12   * @todo implement an interface
  13   * @todo add class constants for the options values
  14   */
  15  class Encoder
  16  {
  17      use LoggerAware;
  18      use ParserAware;
  19  
  20      /**
  21       * Takes an xml-rpc Value in object instance and translates it into native PHP types, recursively.
  22       * Works with xml-rpc Request objects as input, too.
  23       * Xmlrpc dateTime values will be converted to strings or DateTime objects depending on an $options parameter
  24       * Supports i8 and NIL xml-rpc values without the need for specific options.
  25       * Both xml-rpc arrays and structs are decoded into PHP arrays, with the exception described below:
  26       * Given proper options parameter, can rebuild generic php object instances (provided those have been encoded to
  27       * xml-rpc format using a corresponding option in php_xmlrpc_encode()).
  28       * PLEASE NOTE that rebuilding php objects involves calling their constructor function.
  29       * This means that the remote communication end can decide which php code will get executed on your server, leaving
  30       * the door possibly open to 'php-injection' style of attacks (provided you have some classes defined on your server
  31       * that might wreak havoc if instances are built outside an appropriate context).
  32       * Make sure you trust the remote server/client before enabling this!
  33       *
  34       * @author Dan Libby
  35       *
  36       * @param Value|Request $xmlrpcVal
  37       * @param array $options accepted elements:
  38       *                      - 'decode_php_objs': if set in the options array, xml-rpc structs can be decoded into php
  39       *                         objects, see the details above;
  40       *                      - 'dates_as_objects': when set xml-rpc dateTimes are decoded as php DateTime objects
  41       *                      - 'extension_api': reserved for usage by phpxmlrpc-polyfill
  42       * @return mixed
  43       *
  44       * Feature creep -- add an option to allow converting xml-rpc dateTime values to unix timestamps (integers)
  45       */
  46      public function decode($xmlrpcVal, $options = array())
  47      {
  48          switch ($xmlrpcVal->kindOf()) {
  49              case 'scalar':
  50                  if (in_array('extension_api', $options)) {
  51                      $val = $xmlrpcVal->scalarVal();
  52                      $typ = $xmlrpcVal->scalarTyp();
  53                      switch ($typ) {
  54                          case 'dateTime.iso8601':
  55                              $xmlrpcVal = array(
  56                                  'xmlrpc_type' => 'datetime',
  57                                  'scalar' => $val,
  58                                  'timestamp' => \PhpXmlRpc\Helper\Date::iso8601Decode($val)
  59                              );
  60                              return (object)$xmlrpcVal;
  61                          case 'base64':
  62                              $xmlrpcVal = array(
  63                                  'xmlrpc_type' => 'base64',
  64                                  'scalar' => $val
  65                              );
  66                              return (object)$xmlrpcVal;
  67                          case 'string':
  68                              if (isset($options['extension_api_encoding'])) {
  69                                  // if iconv is not available, we use mb_convert_encoding
  70                                  if (function_exists('iconv')) {
  71                                      $dval = @iconv('UTF-8', $options['extension_api_encoding'], $val);
  72                                  } elseif (function_exists('mb_convert_encoding')) {
  73                                      /// @todo check for discrepancies between the supported charset names
  74                                      $dval = @mb_convert_encoding($val, $options['extension_api_encoding'], 'UTF-8');
  75                                  } else {
  76                                      $dval = false;
  77                                  }
  78                                  if ($dval !== false) {
  79                                      return $dval;
  80                                  }
  81                              }
  82                              // break through voluntarily
  83                          default:
  84                              return $val;
  85                      }
  86                  }
  87                  if (in_array('dates_as_objects', $options) && $xmlrpcVal->scalarTyp() == 'dateTime.iso8601') {
  88                      // we return a Datetime object instead of a string; since now the constructor of xml-rpc value accepts
  89                      // safely string, int and DateTimeInterface, we cater to all 3 cases here
  90                      $out = $xmlrpcVal->scalarVal();
  91                      if (is_string($out)) {
  92                          $out = strtotime($out);
  93                          // NB: if the string does not convert into a timestamp, this will return false.
  94                          // We avoid logging an error here, as we presume it was already done when parsing the xml
  95                          /// @todo we could return null, to be more in line with what the XMLParser does...
  96                      }
  97                      if (is_int($out)) {
  98                          $result = new \DateTime();
  99                          $result->setTimestamp($out);
 100  
 101                          return $result;
 102                      } elseif (is_a($out, 'DateTimeInterface') || is_a($out, 'DateTime')) {
 103                          return $out;
 104                      }
 105                  }
 106                  return $xmlrpcVal->scalarVal();
 107  
 108              case 'array':
 109                  $arr = array();
 110                  foreach ($xmlrpcVal as $value) {
 111                      $arr[] = $this->decode($value, $options);
 112                  }
 113                  return $arr;
 114  
 115              case 'struct':
 116                  // If user said so, try to rebuild php objects for specific struct vals.
 117                  /// @todo should we raise a warning for class not found?
 118                  // shall we check for proper subclass of xml-rpc value instead of presence of _php_class to detect
 119                  // what we can do?
 120                  if (in_array('decode_php_objs', $options) && $xmlrpcVal->_php_class != ''
 121                      && class_exists($xmlrpcVal->_php_class)
 122                  ) {
 123                      $obj = @new $xmlrpcVal->_php_class();
 124                      foreach ($xmlrpcVal as $key => $value) {
 125                          $obj->$key = $this->decode($value, $options);
 126                      }
 127                      return $obj;
 128                  } else {
 129                      $arr = array();
 130                      foreach ($xmlrpcVal as $key => $value) {
 131                          $arr[$key] = $this->decode($value, $options);
 132                      }
 133                      return $arr;
 134                  }
 135  
 136              case 'msg':
 137                  $paramCount = $xmlrpcVal->getNumParams();
 138                  $arr = array();
 139                  for ($i = 0; $i < $paramCount; $i++) {
 140                      $arr[] = $this->decode($xmlrpcVal->getParam($i), $options);
 141                  }
 142                  return $arr;
 143  
 144              /// @todo throw on unsupported type
 145          }
 146      }
 147  
 148      /**
 149       * Takes native php types and encodes them into xml-rpc Value objects, recursively.
 150       * PHP strings, integers, floats and booleans have a straightforward encoding - note that integers will _not_ be
 151       * converted to xml-rpc <i8> elements, even if they exceed the 32-bit range.
 152       * PHP arrays will be encoded to either xml-rpc structs or arrays, depending on whether they are hashes
 153       * or plain 0..N integer indexed.
 154       * PHP objects will be encoded into xml-rpc structs, except if they implement DateTimeInterface, in which case they
 155       * will be encoded as dateTime values.
 156       * PhpXmlRpc\Value objects will not be double-encoded - which makes it possible to pass in a pre-created base64 Value
 157       * as part of a php array.
 158       * If given a proper $options parameter, php object instances will be encoded into 'special' xml-rpc values, that can
 159       * later be decoded into php object instances by calling php_xmlrpc_decode() with a corresponding option.
 160       * PHP resource and NULL variables will be converted into uninitialized Value objects (which will lead to invalid
 161       * xml-rpc when later serialized); to support encoding of the latter use the appropriate $options parameter.
 162       *
 163       * @author Dan Libby
 164       *
 165       * @param mixed $phpVal the value to be converted into an xml-rpc value object
 166       * @param array $options can include:
 167       *                       - 'encode_php_objs' when set, some out-of-band info will be added to the xml produced by
 168       *                         serializing the built Value, which can later be decoced by this library to rebuild an
 169       *                         instance of the same php object
 170       *                       - 'auto_dates': when set, any string which respects the xml-rpc datetime format will be converted to a dateTime Value
 171       *                       - 'null_extension': when set, php NULL values will be converted to an xml-rpc <NIL> (or <EX:NIL>) Value
 172       *                       - 'extension_api': reserved for usage by phpxmlrpc-polyfill
 173       * @return Value
 174       *
 175       * Feature creep -- could support more types via optional type argument (string => datetime support has been added,
 176       * ??? => base64 not yet). Also: allow auto-encoding of integers to i8 when too-big to fit into i4
 177       */
 178      public function encode($phpVal, $options = array())
 179      {
 180          $type = gettype($phpVal);
 181          switch ($type) {
 182              case 'string':
 183                  if (in_array('auto_dates', $options) && preg_match(PhpXmlRpc::$xmlrpc_datetime_format, $phpVal)) {
 184                      $xmlrpcVal = new Value($phpVal, Value::$xmlrpcDateTime);
 185                  } else {
 186                      $xmlrpcVal = new Value($phpVal, Value::$xmlrpcString);
 187                  }
 188                  break;
 189              case 'integer':
 190                  $xmlrpcVal = new Value($phpVal, Value::$xmlrpcInt);
 191                  break;
 192              case 'double':
 193                  $xmlrpcVal = new Value($phpVal, Value::$xmlrpcDouble);
 194                  break;
 195              case 'boolean':
 196                  $xmlrpcVal = new Value($phpVal, Value::$xmlrpcBoolean);
 197                  break;
 198              case 'array':
 199                  // A shorter one-liner would be
 200                  //     $tmp = array_diff(array_keys($phpVal), range(0, count($phpVal)-1));
 201                  // but execution time skyrockets!
 202                  $j = 0;
 203                  $arr = array();
 204                  $ko = false;
 205                  foreach ($phpVal as $key => $val) {
 206                      $arr[$key] = $this->encode($val, $options);
 207                      if (!$ko && $key !== $j) {
 208                          $ko = true;
 209                      }
 210                      $j++;
 211                  }
 212                  if ($ko) {
 213                      $xmlrpcVal = new Value($arr, Value::$xmlrpcStruct);
 214                  } else {
 215                      $xmlrpcVal = new Value($arr, Value::$xmlrpcArray);
 216                  }
 217                  break;
 218              case 'object':
 219                  if (is_a($phpVal, 'PhpXmlRpc\Value')) {
 220                      $xmlrpcVal = $phpVal;
 221                  // DateTimeInterface is not present in php 5.4...
 222                  } elseif (is_a($phpVal, 'DateTimeInterface') || is_a($phpVal, 'DateTime')) {
 223                      $xmlrpcVal = new Value($phpVal->format('Ymd\TH:i:s'), Value::$xmlrpcDateTime);
 224                  } elseif (in_array('extension_api', $options) && $phpVal instanceof \stdClass && isset($phpVal->xmlrpc_type)) {
 225                      // Handle the 'pre-converted' base64 and datetime values
 226                      if (isset($phpVal->scalar)) {
 227                          switch ($phpVal->xmlrpc_type) {
 228                              case 'base64':
 229                                  $xmlrpcVal = new Value($phpVal->scalar, Value::$xmlrpcBase64);
 230                                  break;
 231                              case 'datetime':
 232                                  $xmlrpcVal = new Value($phpVal->scalar, Value::$xmlrpcDateTime);
 233                                  break;
 234                              default:
 235                                  $xmlrpcVal = new Value();
 236                          }
 237                      } else {
 238                          $xmlrpcVal = new Value();
 239                      }
 240  
 241                  } else {
 242                      $arr = array();
 243                      foreach ($phpVal as $k => $v) {
 244                          $arr[$k] = $this->encode($v, $options);
 245                      }
 246                      $xmlrpcVal = new Value($arr, Value::$xmlrpcStruct);
 247                      if (in_array('encode_php_objs', $options)) {
 248                          // let's save original class name into xml-rpc value: it might be useful later on...
 249                          $xmlrpcVal->_php_class = get_class($phpVal);
 250                      }
 251                  }
 252                  break;
 253              case 'NULL':
 254                  if (in_array('extension_api', $options)) {
 255                      $xmlrpcVal = new Value('', Value::$xmlrpcString);
 256                  } elseif (in_array('null_extension', $options)) {
 257                      $xmlrpcVal = new Value('', Value::$xmlrpcNull);
 258                  } else {
 259                      $xmlrpcVal = new Value();
 260                  }
 261                  break;
 262              case 'resource':
 263                  if (in_array('extension_api', $options)) {
 264                      $xmlrpcVal = new Value((int)$phpVal, Value::$xmlrpcInt);
 265                  } else {
 266                      $xmlrpcVal = new Value();
 267                  }
 268                  break;
 269              // catch "user function", "unknown type"
 270              default:
 271                  // it has to return an empty object in case, not a boolean. (giancarlo pinerolo)
 272                  $xmlrpcVal = new Value();
 273                  break;
 274          }
 275  
 276          return $xmlrpcVal;
 277      }
 278  
 279      /**
 280       * Convert the xml representation of a method response, method request or single
 281       * xml-rpc value into the appropriate object (a.k.a. deserialize).
 282       *
 283       * @param string $xmlVal
 284       * @param array $options unused atm
 285       * @return Value|Request|Response|false false on error, or an instance of either Value, Request or Response
 286       *
 287       * @todo is this a good name/class for this method? It does something quite different from 'decode' after all
 288       *       (returning objects vs returns plain php values)... In fact, it belongs rather to a Parser class
 289       * @todo feature creep -- we should allow an option to return php native types instead of PhpXmlRpc objects instances
 290       * @todo feature creep -- allow source charset to be passed in as an option, in case the xml misses its declaration
 291       * @todo feature creep -- allow expected type (val/req/resp) to be passed in as an option
 292       */
 293      public function decodeXml($xmlVal, $options = array())
 294      {
 295          // 'guestimate' encoding
 296          $valEncoding = XMLParser::guessEncoding('', $xmlVal);
 297          if ($valEncoding != '') {
 298  
 299              // Since parsing will fail if
 300              // - charset is not specified in the xml declaration,
 301              // - the encoding is not UTF8 and
 302              // - there are non-ascii chars in the text,
 303              // we try to work round that...
 304              // The following code might be better for mb_string enabled installs, but makes the lib about 200% slower...
 305              //if (!is_valid_charset($valEncoding, array('UTF-8'))
 306              if (!in_array($valEncoding, array('UTF-8', 'US-ASCII')) && !XMLParser::hasEncoding($xmlVal)) {
 307                  if (function_exists('mb_convert_encoding')) {
 308                      $xmlVal = mb_convert_encoding($xmlVal, 'UTF-8', $valEncoding);
 309                  } else {
 310                      if ($valEncoding == 'ISO-8859-1') {
 311                          $xmlVal = utf8_encode($xmlVal);
 312                      } else {
 313                          $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': invalid charset encoding of xml text: ' . $valEncoding);
 314                      }
 315                  }
 316              }
 317          }
 318  
 319          // What if internal encoding is not in one of the 3 allowed? We use the broadest one, i.e. utf8!
 320          /// @todo with php < 5.6, this does not work. We should add a manual conversion of the xml string to UTF8
 321          if (in_array(PhpXmlRpc::$xmlrpc_internalencoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) {
 322              $parserOptions = array(XML_OPTION_TARGET_ENCODING => PhpXmlRpc::$xmlrpc_internalencoding);
 323          } else {
 324              $parserOptions = array(XML_OPTION_TARGET_ENCODING => 'UTF-8', 'target_charset' => PhpXmlRpc::$xmlrpc_internalencoding);
 325          }
 326  
 327          $xmlRpcParser = $this->getParser();
 328          $_xh = $xmlRpcParser->parse(
 329              $xmlVal,
 330              XMLParser::RETURN_XMLRPCVALS,
 331              XMLParser::ACCEPT_REQUEST | XMLParser::ACCEPT_RESPONSE | XMLParser::ACCEPT_VALUE | XMLParser::ACCEPT_FAULT,
 332              $parserOptions
 333          );
 334          // BC
 335          if (!is_array($_xh)) {
 336              $_xh = $xmlRpcParser->_xh;
 337          }
 338  
 339          if ($_xh['isf'] > 1) {
 340              // test that $_xh['value'] is an obj, too???
 341  
 342              $this->getLogger()->error('XML-RPC: ' . $_xh['isf_reason']);
 343  
 344              return false;
 345          }
 346  
 347          switch ($_xh['rt']) {
 348              case 'methodresponse':
 349                  $v = $_xh['value'];
 350                  if ($_xh['isf'] == 1) {
 351                      /** @var Value $vc */
 352                      $vc = $v['faultCode'];
 353                      /** @var Value $vs */
 354                      $vs = $v['faultString'];
 355                      $r = new Response(0, $vc->scalarVal(), $vs->scalarVal());
 356                  } else {
 357                      $r = new Response($v);
 358                  }
 359                  return $r;
 360  
 361              case 'methodcall':
 362                  $req = new Request($_xh['method']);
 363                  for ($i = 0; $i < count($_xh['params']); $i++) {
 364                      $req->addParam($_xh['params'][$i]);
 365                  }
 366                  return $req;
 367  
 368              case 'value':
 369                  return $_xh['value'];
 370  
 371              case 'fault':
 372                  // EPI api emulation
 373                  $v = $_xh['value'];
 374                  // use a known error code
 375                  /** @var Value $vc */
 376                  $vc = isset($v['faultCode']) ? $v['faultCode']->scalarVal() : PhpXmlRpc::$xmlrpcerr['invalid_return'];
 377                  /** @var Value $vs */
 378                  $vs = isset($v['faultString']) ? $v['faultString']->scalarVal() : '';
 379                  if (!is_int($vc) || $vc == 0) {
 380                      $vc = PhpXmlRpc::$xmlrpcerr['invalid_return'];
 381                  }
 382                  return new Response(0, $vc, $vs);
 383  
 384              default:
 385                  return false;
 386          }
 387      }
 388  }