Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
- Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
- PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.
/lib/phpxmlrpc/ -> Server.php (source)
Differences Between: [Versions 401 and 403]
1 <?php 2 3 namespace PhpXmlRpc; 4 5 use PhpXmlRpc\Exception\NoSuchMethodException; 6 use PhpXmlRpc\Exception\ValueErrorException; 7 use PhpXmlRpc\Helper\Http; 8 use PhpXmlRpc\Helper\Interop; 9 use PhpXmlRpc\Helper\Logger; 10 use PhpXmlRpc\Helper\XMLParser; 11 use PhpXmlRpc\Traits\CharsetEncoderAware; 12 use PhpXmlRpc\Traits\DeprecationLogger; 13 use PhpXmlRpc\Traits\ParserAware; 14 15 /** 16 * Allows effortless implementation of XML-RPC servers 17 * 18 * @property string[] $accepted_compression deprecated - public access left in purely for BC. Access via getOption()/setOption() 19 * @property bool $allow_system_funcs deprecated - public access left in purely for BC. Access via getOption()/setOption() 20 * @property bool $compress_response deprecated - public access left in purely for BC. Access via getOption()/setOption() 21 * @property int $debug deprecated - public access left in purely for BC. Access via getOption()/setOption() 22 * @property int $exception_handling deprecated - public access left in purely for BC. Access via getOption()/setOption() 23 * @property string $functions_parameters_type deprecated - public access left in purely for BC. Access via getOption()/setOption() 24 * @property array $phpvals_encoding_options deprecated - public access left in purely for BC. Access via getOption()/setOption() 25 * @property string $response_charset_encoding deprecated - public access left in purely for BC. Access via getOption()/setOption() 26 */ 27 class Server 28 { 29 use CharsetEncoderAware; 30 use DeprecationLogger; 31 use ParserAware; 32 33 const OPT_ACCEPTED_COMPRESSION = 'accepted_compression'; 34 const OPT_ALLOW_SYSTEM_FUNCS = 'allow_system_funcs'; 35 const OPT_COMPRESS_RESPONSE = 'compress_response'; 36 const OPT_DEBUG = 'debug'; 37 const OPT_EXCEPTION_HANDLING = 'exception_handling'; 38 const OPT_FUNCTIONS_PARAMETERS_TYPE = 'functions_parameters_type'; 39 const OPT_PHPVALS_ENCODING_OPTIONS = 'phpvals_encoding_options'; 40 const OPT_RESPONSE_CHARSET_ENCODING = 'response_charset_encoding'; 41 42 /** @var string */ 43 protected static $responseClass = '\\PhpXmlRpc\\Response'; 44 45 /** 46 * @var string 47 * Defines how functions in $dmap will be invoked: either using an xml-rpc Request object or plain php values. 48 * Valid strings are 'xmlrpcvals', 'phpvals' or 'epivals' (only for use by polyfill-xmlrpc). 49 * 50 * @todo create class constants for these 51 */ 52 protected $functions_parameters_type = 'xmlrpcvals'; 53 54 /** 55 * @var array 56 * Option used for fine-tuning the encoding the php values returned from functions registered in the dispatch map 57 * when the functions_parameters_type member is set to 'phpvals'. 58 * @see Encoder::encode for a list of values 59 */ 60 protected $phpvals_encoding_options = array('auto_dates'); 61 62 /** 63 * @var int 64 * Controls whether the server is going to echo debugging messages back to the client as comments in response body. 65 * SECURITY SENSITIVE! 66 * Valid values: 67 * 0 = 68 * 1 = 69 * 2 = 70 * 3 = 71 */ 72 protected $debug = 1; 73 74 /** 75 * @var int 76 * Controls behaviour of server when the invoked method-handler function throws an exception (within the `execute` method): 77 * 0 = catch it and return an 'internal error' xml-rpc response (default) 78 * 1 = SECURITY SENSITIVE DO NOT ENABLE ON PUBLIC SERVERS!!! catch it and return an xml-rpc response with the error 79 * corresponding to the exception, both its code and message. 80 * 2 = allow the exception to float to the upper layers 81 * Can be overridden per-method-handler in the dispatch map 82 */ 83 protected $exception_handling = 0; 84 85 /** 86 * @var bool 87 * When set to true, it will enable HTTP compression of the response, in case the client has declared its support 88 * for compression in the request. 89 * Automatically set at constructor time. 90 */ 91 protected $compress_response = false; 92 93 /** 94 * @var string[] 95 * List of http compression methods accepted by the server for requests. Automatically set at constructor time. 96 * NB: PHP supports deflate, gzip compressions out of the box if compiled w. zlib 97 */ 98 protected $accepted_compression = array(); 99 100 /** 101 * @var bool 102 * Shall we serve calls to system.* methods? 103 */ 104 protected $allow_system_funcs = true; 105 106 /** 107 * List of charset encodings natively accepted for requests. 108 * Set at constructor time. 109 * @deprecated UNUSED so far by this library. It is still accessible by subclasses but will be dropped in the future. 110 */ 111 private $accepted_charset_encodings = array(); 112 113 /** 114 * @var string 115 * Charset encoding to be used for response. 116 * NB: if we can, we will convert the generated response from internal_encoding to the intended one. 117 * Can be: 118 * - a supported xml encoding (only UTF-8 and ISO-8859-1, unless mbstring is enabled), 119 * - null (leave unspecified in response, convert output stream to US_ASCII), 120 * - 'auto' (use client-specified charset encoding or same as request if request headers do not specify it (unless request is US-ASCII: then use library default anyway). 121 * NB: pretty dangerous if you accept every charset and do not have mbstring enabled) 122 */ 123 protected $response_charset_encoding = ''; 124 125 protected static $options = array( 126 self::OPT_ACCEPTED_COMPRESSION, 127 self::OPT_ALLOW_SYSTEM_FUNCS, 128 self::OPT_COMPRESS_RESPONSE, 129 self::OPT_DEBUG, 130 self::OPT_EXCEPTION_HANDLING, 131 self::OPT_FUNCTIONS_PARAMETERS_TYPE, 132 self::OPT_PHPVALS_ENCODING_OPTIONS, 133 self::OPT_RESPONSE_CHARSET_ENCODING, 134 ); 135 136 /** 137 * @var mixed 138 * Extra data passed at runtime to method handling functions. Used only by EPI layer 139 * @internal 140 */ 141 public $user_data = null; 142 143 /** 144 * Array defining php functions exposed as xml-rpc methods by this server. 145 * @var array[] $dmap 146 */ 147 protected $dmap = array(); 148 149 /** 150 * Storage for internal debug info. 151 */ 152 protected $debug_info = ''; 153 154 protected static $_xmlrpc_debuginfo = ''; 155 protected static $_xmlrpcs_occurred_errors = ''; 156 protected static $_xmlrpcs_prev_ehandler = ''; 157 158 /** 159 * @param array[] $dispatchMap the dispatch map with definition of exposed services 160 * Array keys are the names of the method names. 161 * Each array value is an array with the following members: 162 * - function (callable) 163 * - docstring (optional) 164 * - signature (array, optional) 165 * - signature_docs (array, optional) 166 * - parameters_type (string, optional) 167 * - exception_handling (int, optional) 168 * @param boolean $serviceNow set to false in order to prevent the server from running upon construction 169 */ 170 public function __construct($dispatchMap = null, $serviceNow = true) 171 { 172 // if ZLIB is enabled, let the server by default accept compressed requests, 173 // and compress responses sent to clients that support them 174 if (function_exists('gzinflate')) { 175 $this->accepted_compression[] = 'gzip'; 176 } 177 if (function_exists('gzuncompress')) { 178 $this->accepted_compression[] = 'deflate'; 179 } 180 if (function_exists('gzencode') || function_exists('gzcompress')) { 181 $this->compress_response = true; 182 } 183 184 // by default the xml parser can support these 3 charset encodings 185 $this->accepted_charset_encodings = array('UTF-8', 'ISO-8859-1', 'US-ASCII'); 186 187 // dispMap is a dispatch array of methods mapped to function names and signatures. 188 // If a method doesn't appear in the map then an unknown method error is generated. 189 // milosch - changed to make passing dispMap optional. Instead, you can use the addToMap() function 190 // to add functions manually (borrowed from SOAPX4) 191 if ($dispatchMap) { 192 $this->setDispatchMap($dispatchMap); 193 if ($serviceNow) { 194 $this->service(); 195 } 196 } 197 } 198 199 /** 200 * @param string $name see all the OPT_ constants 201 * @param mixed $value 202 * @return $this 203 * @throws ValueErrorException on unsupported option 204 */ 205 public function setOption($name, $value) 206 { 207 switch ($name) { 208 case self::OPT_ACCEPTED_COMPRESSION : 209 case self::OPT_ALLOW_SYSTEM_FUNCS: 210 case self::OPT_COMPRESS_RESPONSE: 211 case self::OPT_DEBUG: 212 case self::OPT_EXCEPTION_HANDLING: 213 case self::OPT_FUNCTIONS_PARAMETERS_TYPE: 214 case self::OPT_PHPVALS_ENCODING_OPTIONS: 215 case self::OPT_RESPONSE_CHARSET_ENCODING: 216 $this->$name = $value; 217 break; 218 default: 219 throw new ValueErrorException("Unsupported option '$name'"); 220 } 221 222 return $this; 223 } 224 225 /** 226 * @param string $name see all the OPT_ constants 227 * @return mixed 228 * @throws ValueErrorException on unsupported option 229 */ 230 public function getOption($name) 231 { 232 switch ($name) { 233 case self::OPT_ACCEPTED_COMPRESSION: 234 case self::OPT_ALLOW_SYSTEM_FUNCS: 235 case self::OPT_COMPRESS_RESPONSE: 236 case self::OPT_DEBUG: 237 case self::OPT_EXCEPTION_HANDLING: 238 case self::OPT_FUNCTIONS_PARAMETERS_TYPE: 239 case self::OPT_PHPVALS_ENCODING_OPTIONS: 240 case self::OPT_RESPONSE_CHARSET_ENCODING: 241 return $this->$name; 242 default: 243 throw new ValueErrorException("Unsupported option '$name'"); 244 } 245 } 246 247 /** 248 * Returns the complete list of Server options. 249 * @return array 250 */ 251 public function getOptions() 252 { 253 $values = array(); 254 foreach(static::$options as $opt) { 255 $values[$opt] = $this->getOption($opt); 256 } 257 return $values; 258 } 259 260 /** 261 * @param array $options key: see all the OPT_ constants 262 * @return $this 263 * @throws ValueErrorException on unsupported option 264 */ 265 public function setOptions($options) 266 { 267 foreach($options as $name => $value) { 268 $this->setOption($name, $value); 269 } 270 271 return $this; 272 } 273 274 /** 275 * Set debug level of server. 276 * 277 * @param integer $level debug lvl: determines info added to xml-rpc responses (as xml comments) 278 * 0 = no debug info, 279 * 1 = msgs set from user with debugmsg(), 280 * 2 = add complete xml-rpc request (headers and body), 281 * 3 = add also all processing warnings happened during method processing 282 * (NB: this involves setting a custom error handler, and might interfere 283 * with the standard processing of the php function exposed as method. In 284 * particular, triggering a USER_ERROR level error will not halt script 285 * execution anymore, but just end up logged in the xml-rpc response) 286 * Note that info added at level 2 and 3 will be base64 encoded 287 * @return $this 288 */ 289 public function setDebug($level) 290 { 291 $this->debug = $level; 292 return $this; 293 } 294 295 /** 296 * Add a string to the debug info that can be later serialized by the server as part of the response message. 297 * Note that for best compatibility, the debug string should be encoded using the PhpXmlRpc::$xmlrpc_internalencoding 298 * character set. 299 * 300 * @param string $msg 301 * @return void 302 */ 303 public static function xmlrpc_debugmsg($msg) 304 { 305 static::$_xmlrpc_debuginfo .= $msg . "\n"; 306 } 307 308 /** 309 * Add a string to the debug info that will be later serialized by the server as part of the response message 310 * (base64 encoded) when debug level >= 2 311 * 312 * @param string $msg 313 * @return void 314 */ 315 public static function error_occurred($msg) 316 { 317 static::$_xmlrpcs_occurred_errors .= $msg . "\n"; 318 } 319 320 /** 321 * Return a string with the serialized representation of all debug info. 322 * 323 * @internal this function will become protected in the future 324 * 325 * @param string $charsetEncoding the target charset encoding for the serialization 326 * 327 * @return string an XML comment (or two) 328 */ 329 public function serializeDebug($charsetEncoding = '') 330 { 331 // Tough encoding problem: which internal charset should we assume for debug info? 332 // It might contain a copy of raw data received from client, ie with unknown encoding, 333 // intermixed with php generated data and user generated data... 334 // so we split it: system debug is base 64 encoded, 335 // user debug info should be encoded by the end user using the INTERNAL_ENCODING 336 $out = ''; 337 if ($this->debug_info != '') { 338 $out .= "<!-- SERVER DEBUG INFO (BASE64 ENCODED):\n" . base64_encode($this->debug_info) . "\n-->\n"; 339 } 340 if (static::$_xmlrpc_debuginfo != '') { 341 $out .= "<!-- DEBUG INFO:\n" . $this->getCharsetEncoder()->encodeEntities(str_replace('--', '_-', static::$_xmlrpc_debuginfo), PhpXmlRpc::$xmlrpc_internalencoding, $charsetEncoding) . "\n-->\n"; 342 // NB: a better solution MIGHT be to use CDATA, but we need to insert it 343 // into return payload AFTER the beginning tag 344 //$out .= "<![CDATA[ DEBUG INFO:\n\n" . str_replace(']]>', ']_]_>', static::$_xmlrpc_debuginfo) . "\n]]>\n"; 345 } 346 347 return $out; 348 } 349 350 /** 351 * Execute the xml-rpc request, printing the response. 352 * 353 * @param string $data the request body. If null, the http POST request will be examined 354 * @param bool $returnPayload When true, return the response but do not echo it or any http header 355 * 356 * @return Response|string the response object (usually not used by caller...) or its xml serialization 357 * @throws \Exception in case the executed method does throw an exception (and depending on server configuration) 358 */ 359 public function service($data = null, $returnPayload = false) 360 { 361 if ($data === null) { 362 $data = file_get_contents('php://input'); 363 } 364 $rawData = $data; 365 366 // reset internal debug info 367 $this->debug_info = ''; 368 369 // Save what we received, before parsing it 370 if ($this->debug > 1) { 371 $this->debugMsg("+++GOT+++\n" . $data . "\n+++END+++"); 372 } 373 374 $resp = $this->parseRequestHeaders($data, $reqCharset, $respCharset, $respEncoding); 375 if (!$resp) { 376 // this actually executes the request 377 $resp = $this->parseRequest($data, $reqCharset); 378 379 // save full body of request into response, for debugging purposes. 380 // NB: this is the _request_ data, not the response's own data, unlike what happens client-side 381 /// @todo try to move this injection to the resp. constructor or use a non-deprecated access method. Or, even 382 /// better: just avoid setting this, and set debug info of the received http request in the request 383 /// object instead? It's not like the developer misses access to _SERVER, _COOKIES though... 384 /// Last but not least: the raw data might be of use to handler functions - but in decompressed form... 385 $resp->raw_data = $rawData; 386 } 387 388 if ($this->debug > 2 && static::$_xmlrpcs_occurred_errors != '') { 389 $this->debugMsg("+++PROCESSING ERRORS AND WARNINGS+++\n" . 390 static::$_xmlrpcs_occurred_errors . "+++END+++"); 391 } 392 393 $header = $resp->xml_header($respCharset); 394 if ($this->debug > 0) { 395 $header .= $this->serializeDebug($respCharset); 396 } 397 398 // Do not create response serialization if it has already happened. Helps to build json magic 399 /// @todo what if the payload was created targeting a different charset than $respCharset? 400 /// Also, if we do not call serialize(), the request will not set its content-type to have the charset declared 401 $payload = $resp->getPayload(); 402 if (empty($payload)) { 403 $payload = $resp->serialize($respCharset); 404 } 405 $payload = $header . $payload; 406 407 if ($returnPayload) { 408 return $payload; 409 } 410 411 // if we get a warning/error that has output some text before here, then we cannot 412 // add a new header. We cannot say we are sending xml, either... 413 if (!headers_sent()) { 414 header('Content-Type: ' . $resp->getContentType()); 415 // we do not know if client actually told us an accepted charset, but if it did we have to tell it what we did 416 header("Vary: Accept-Charset"); 417 418 // http compression of output: only if we can do it, and we want to do it, and client asked us to, 419 // and php ini settings do not force it already 420 $phpNoSelfCompress = !ini_get('zlib.output_compression') && (ini_get('output_handler') != 'ob_gzhandler'); 421 if ($this->compress_response && $respEncoding != '' && $phpNoSelfCompress) { 422 if (strpos($respEncoding, 'gzip') !== false && function_exists('gzencode')) { 423 $payload = gzencode($payload); 424 header("Content-Encoding: gzip"); 425 header("Vary: Accept-Encoding"); 426 } elseif (strpos($respEncoding, 'deflate') !== false && function_exists('gzcompress')) { 427 $payload = gzcompress($payload); 428 header("Content-Encoding: deflate"); 429 header("Vary: Accept-Encoding"); 430 } 431 } 432 433 // Do not output content-length header if php is compressing output for us: it will mess up measurements. 434 // Note that Apache/mod_php will add (and even alter!) the Content-Length header on its own, but only for 435 // responses up to 8000 bytes 436 if ($phpNoSelfCompress) { 437 header('Content-Length: ' . (int)strlen($payload)); 438 } 439 } else { 440 $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': http headers already sent before response is fully generated. Check for php warning or error messages'); 441 } 442 443 print $payload; 444 445 // return response, in case subclasses want it 446 return $resp; 447 } 448 449 /** 450 * Add a method to the dispatch map. 451 * 452 * @param string $methodName the name with which the method will be made available 453 * @param callable $function the php function that will get invoked 454 * @param array[] $sig the array of valid method signatures. 455 * Each element is one signature: an array of strings with at least one element 456 * First element = type of returned value. Elements 2..N = types of parameters 1..N 457 * @param string $doc method documentation 458 * @param array[] $sigDoc the array of valid method signatures docs, following the format of $sig but with 459 * descriptions instead of types (one string for return type, one per param) 460 * @param string $parametersType to allow single method handlers to receive php values instead of a Request, or vice-versa 461 * @param int $exceptionHandling @see $this->exception_handling 462 * @return void 463 * 464 * @todo raise a warning if the user tries to register a 'system.' method 465 */ 466 public function addToMap($methodName, $function, $sig = null, $doc = false, $sigDoc = false, $parametersType = false, 467 $exceptionHandling = false) 468 { 469 $this->add_to_map($methodName, $function, $sig, $doc, $sigDoc, $parametersType, $exceptionHandling); 470 } 471 472 /** 473 * Add a method to the dispatch map. 474 * 475 * @param string $methodName the name with which the method will be made available 476 * @param callable $function the php function that will get invoked 477 * @param array[] $sig the array of valid method signatures. 478 * Each element is one signature: an array of strings with at least one element 479 * First element = type of returned value. Elements 2..N = types of parameters 1..N 480 * @param string $doc method documentation 481 * @param array[] $sigDoc the array of valid method signatures docs, following the format of $sig but with 482 * descriptions instead of types (one string for return type, one per param) 483 * @param string $parametersType to allow single method handlers to receive php values instead of a Request, or vice-versa 484 * @param int $exceptionHandling @see $this->exception_handling 485 * @return void 486 * 487 * @todo raise a warning if the user tries to register a 'system.' method 488 * @deprecated use addToMap instead 489 */ 490 public function add_to_map($methodName, $function, $sig = null, $doc = false, $sigDoc = false, $parametersType = false, 491 $exceptionHandling = false) 492 { 493 $this->logDeprecationUnlessCalledBy('addToMap'); 494 495 $this->dmap[$methodName] = array( 496 'function' => $function, 497 'docstring' => $doc, 498 ); 499 if ($sig) { 500 $this->dmap[$methodName]['signature'] = $sig; 501 } 502 if ($sigDoc) { 503 $this->dmap[$methodName]['signature_docs'] = $sigDoc; 504 } 505 if ($parametersType) { 506 $this->dmap[$methodName]['parameters_type'] = $parametersType; 507 } 508 if ($exceptionHandling !== false) { 509 $this->dmap[$methodName]['exception_handling'] = $exceptionHandling; 510 } 511 } 512 513 /** 514 * Verify type and number of parameters received against a list of known signatures. 515 * 516 * @param array|Request $in array of either xml-rpc value objects or xml-rpc type definitions 517 * @param array $sigs array of known signatures to match against 518 * @return array int, string 519 */ 520 protected function verifySignature($in, $sigs) 521 { 522 // check each possible signature in turn 523 if (is_object($in)) { 524 $numParams = $in->getNumParams(); 525 } else { 526 $numParams = count($in); 527 } 528 foreach ($sigs as $curSig) { 529 if (count($curSig) == $numParams + 1) { 530 $itsOK = 1; 531 for ($n = 0; $n < $numParams; $n++) { 532 if (is_object($in)) { 533 $p = $in->getParam($n); 534 if ($p->kindOf() == 'scalar') { 535 $pt = $p->scalarTyp(); 536 } else { 537 $pt = $p->kindOf(); 538 } 539 } else { 540 $pt = ($in[$n] == 'i4') ? 'int' : strtolower($in[$n]); // dispatch maps never use i4... 541 } 542 543 // param index is $n+1, as first member of sig is return type 544 if ($pt != $curSig[$n + 1] && $curSig[$n + 1] != Value::$xmlrpcValue) { 545 $itsOK = 0; 546 $pno = $n + 1; 547 $wanted = $curSig[$n + 1]; 548 $got = $pt; 549 break; 550 } 551 } 552 if ($itsOK) { 553 return array(1, ''); 554 } 555 } 556 } 557 if (isset($wanted)) { 558 return array(0, "Wanted {$wanted}, got {$got} at param {$pno}"); 559 } else { 560 return array(0, "No method signature matches number of parameters"); 561 } 562 } 563 564 /** 565 * Parse http headers received along with xml-rpc request. If needed, inflate request. 566 * 567 * @return Response|null null on success or an error Response 568 */ 569 protected function parseRequestHeaders(&$data, &$reqEncoding, &$respEncoding, &$respCompression) 570 { 571 // check if $_SERVER is populated: it might have been disabled via ini file 572 // (this is true even when in CLI mode) 573 if (count($_SERVER) == 0) { 574 $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': cannot parse request headers as $_SERVER is not populated'); 575 } 576 577 if ($this->debug > 1) { 578 if (function_exists('getallheaders')) { 579 $this->debugMsg(''); // empty line 580 foreach (getallheaders() as $name => $val) { 581 $this->debugMsg("HEADER: $name: $val"); 582 } 583 } 584 } 585 586 if (isset($_SERVER['HTTP_CONTENT_ENCODING'])) { 587 $contentEncoding = str_replace('x-', '', $_SERVER['HTTP_CONTENT_ENCODING']); 588 } else { 589 $contentEncoding = ''; 590 } 591 592 $rawData = $data; 593 594 // check if request body has been compressed and decompress it 595 if ($contentEncoding != '' && strlen($data)) { 596 if ($contentEncoding == 'deflate' || $contentEncoding == 'gzip') { 597 // if decoding works, use it. else assume data wasn't gzencoded 598 /// @todo test separately for gzinflate and gzuncompress 599 if (function_exists('gzinflate') && in_array($contentEncoding, $this->accepted_compression)) { 600 if ($contentEncoding == 'deflate' && $degzdata = @gzuncompress($data)) { 601 $data = $degzdata; 602 if ($this->debug > 1) { 603 $this->debugMsg("\n+++INFLATED REQUEST+++[" . strlen($data) . " chars]+++\n" . $data . "\n+++END+++"); 604 } 605 } elseif ($contentEncoding == 'gzip' && $degzdata = @gzinflate(substr($data, 10))) { 606 $data = $degzdata; 607 if ($this->debug > 1) { 608 $this->debugMsg("+++INFLATED REQUEST+++[" . strlen($data) . " chars]+++\n" . $data . "\n+++END+++"); 609 } 610 } else { 611 $r = new static::$responseClass(0, PhpXmlRpc::$xmlrpcerr['server_decompress_fail'], 612 PhpXmlRpc::$xmlrpcstr['server_decompress_fail'], '', array('raw_data' => $rawData) 613 ); 614 615 return $r; 616 } 617 } else { 618 $r = new static::$responseClass(0, PhpXmlRpc::$xmlrpcerr['server_cannot_decompress'], 619 PhpXmlRpc::$xmlrpcstr['server_cannot_decompress'], '', array('raw_data' => $rawData) 620 ); 621 622 return $r; 623 } 624 } 625 } 626 627 // check if client specified accepted charsets, and if we know how to fulfill the request 628 if ($this->response_charset_encoding == 'auto') { 629 $respEncoding = ''; 630 if (isset($_SERVER['HTTP_ACCEPT_CHARSET'])) { 631 // here we check if we can match the client-requested encoding with the encodings we know we can generate. 632 // we parse q=0.x preferences instead of preferring the first charset specified 633 $http = new Http(); 634 $clientAcceptedCharsets = $http->parseAcceptHeader($_SERVER['HTTP_ACCEPT_CHARSET']); 635 $knownCharsets = $this->getCharsetEncoder()->knownCharsets(); 636 foreach ($clientAcceptedCharsets as $accepted) { 637 foreach ($knownCharsets as $charset) { 638 if (strtoupper($accepted) == strtoupper($charset)) { 639 $respEncoding = $charset; 640 break 2; 641 } 642 } 643 } 644 } 645 } else { 646 $respEncoding = $this->response_charset_encoding; 647 } 648 649 if (isset($_SERVER['HTTP_ACCEPT_ENCODING'])) { 650 $respCompression = $_SERVER['HTTP_ACCEPT_ENCODING']; 651 } else { 652 $respCompression = ''; 653 } 654 655 // 'guestimate' request encoding 656 /// @todo check if mbstring is enabled and automagic input conversion is on: it might mingle with this check??? 657 $reqEncoding = XMLParser::guessEncoding(isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : '', 658 $data); 659 660 return null; 661 } 662 663 /** 664 * Parse an xml chunk containing an xml-rpc request and execute the corresponding php function registered with the 665 * server. 666 * @internal this function will become protected in the future 667 * 668 * @param string $data the xml request 669 * @param string $reqEncoding (optional) the charset encoding of the xml request 670 * @return Response 671 * @throws \Exception in case the executed method does throw an exception (and depending on server configuration) 672 * 673 * @todo either rename this function or move the 'execute' part out of it... 674 */ 675 public function parseRequest($data, $reqEncoding = '') 676 { 677 // decompose incoming XML into request structure 678 679 /// @todo move this block of code into the XMLParser 680 if ($reqEncoding != '') { 681 // Since parsing will fail if 682 // - charset is not specified in the xml declaration, 683 // - the encoding is not UTF8 and 684 // - there are non-ascii chars in the text, 685 // we try to work round that... 686 // The following code might be better for mb_string enabled installs, but it makes the lib about 200% slower... 687 //if (!is_valid_charset($reqEncoding, array('UTF-8'))) 688 if (!in_array($reqEncoding, array('UTF-8', 'US-ASCII')) && !XMLParser::hasEncoding($data)) { 689 if (function_exists('mb_convert_encoding')) { 690 $data = mb_convert_encoding($data, 'UTF-8', $reqEncoding); 691 } else { 692 if ($reqEncoding == 'ISO-8859-1') { 693 $data = utf8_encode($data); 694 } else { 695 $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': unsupported charset encoding of received request: ' . $reqEncoding); 696 } 697 } 698 } 699 } 700 // PHP internally might use ISO-8859-1, so we have to tell the xml parser to give us back data in the expected charset. 701 // What if internal encoding is not in one of the 3 allowed? We use the broadest one, i.e. utf8 702 if (in_array(PhpXmlRpc::$xmlrpc_internalencoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) { 703 $options = array(XML_OPTION_TARGET_ENCODING => PhpXmlRpc::$xmlrpc_internalencoding); 704 } else { 705 $options = array(XML_OPTION_TARGET_ENCODING => 'UTF-8', 'target_charset' => PhpXmlRpc::$xmlrpc_internalencoding); 706 } 707 // register a callback with the xml parser for when it finds the method name 708 $options['methodname_callback'] = array($this, 'methodNameCallback'); 709 710 $xmlRpcParser = $this->getParser(); 711 try { 712 $_xh = $xmlRpcParser->parse($data, $this->functions_parameters_type, XMLParser::ACCEPT_REQUEST, $options); 713 // BC 714 if (!is_array($_xh)) { 715 $_xh = $xmlRpcParser->_xh; 716 } 717 } catch (NoSuchMethodException $e) { 718 return new static::$responseClass(0, $e->getCode(), $e->getMessage()); 719 } 720 721 if ($_xh['isf'] == 3) { 722 // (BC) we return XML error as a faultCode 723 preg_match('/^XML error ([0-9]+)/', $_xh['isf_reason'], $matches); 724 return new static::$responseClass( 725 0, 726 PhpXmlRpc::$xmlrpcerrxml + (int)$matches[1], 727 $_xh['isf_reason']); 728 } elseif ($_xh['isf']) { 729 /// @todo separate better the various cases, as we have done in Request::parseResponse: invalid xml-rpc vs. 730 /// parsing error 731 return new static::$responseClass( 732 0, 733 PhpXmlRpc::$xmlrpcerr['invalid_request'], 734 PhpXmlRpc::$xmlrpcstr['invalid_request'] . ' ' . $_xh['isf_reason']); 735 } else { 736 // small layering violation in favor of speed and memory usage: we should allow the 'execute' method handle 737 // this, but in the most common scenario (xml-rpc values type server with some methods registered as phpvals) 738 // that would mean a useless encode+decode pass 739 if ($this->functions_parameters_type != 'xmlrpcvals' || 740 (isset($this->dmap[$_xh['method']]['parameters_type']) && 741 ($this->dmap[$_xh['method']]['parameters_type'] != 'xmlrpcvals') 742 ) 743 ) { 744 if ($this->debug > 1) { 745 $this->debugMsg("\n+++PARSED+++\n" . var_export($_xh['params'], true) . "\n+++END+++"); 746 } 747 748 return $this->execute($_xh['method'], $_xh['params'], $_xh['pt']); 749 } else { 750 // build a Request object with data parsed from xml and add parameters in 751 $req = new Request($_xh['method']); 752 /// @todo for more speed, we could just pass in the array to the constructor (and loose the type validation)... 753 for ($i = 0; $i < count($_xh['params']); $i++) { 754 $req->addParam($_xh['params'][$i]); 755 } 756 757 if ($this->debug > 1) { 758 $this->debugMsg("\n+++PARSED+++\n" . var_export($req, true) . "\n+++END+++"); 759 } 760 761 return $this->execute($req); 762 } 763 } 764 } 765 766 /** 767 * Execute a method invoked by the client, checking parameters used. 768 * 769 * @param Request|string $req either a Request obj or a method name 770 * @param mixed[] $params array with method parameters as php types (only if $req is method name) 771 * @param string[] $paramTypes array with xml-rpc types of method parameters (only if $req is method name) 772 * @return Response 773 * 774 * @throws \Exception in case the executed method does throw an exception (and depending on server configuration) 775 */ 776 protected function execute($req, $params = null, $paramTypes = null) 777 { 778 static::$_xmlrpcs_occurred_errors = ''; 779 static::$_xmlrpc_debuginfo = ''; 780 781 if (is_object($req)) { 782 $methodName = $req->method(); 783 } else { 784 $methodName = $req; 785 } 786 787 $sysCall = $this->isSyscall($methodName); 788 $dmap = $sysCall ? $this->getSystemDispatchMap() : $this->dmap; 789 790 if (!isset($dmap[$methodName]['function'])) { 791 // No such method 792 return new static::$responseClass(0, PhpXmlRpc::$xmlrpcerr['unknown_method'], PhpXmlRpc::$xmlrpcstr['unknown_method']); 793 } 794 795 // Check signature 796 if (isset($dmap[$methodName]['signature'])) { 797 $sig = $dmap[$methodName]['signature']; 798 if (is_object($req)) { 799 list($ok, $errStr) = $this->verifySignature($req, $sig); 800 } else { 801 list($ok, $errStr) = $this->verifySignature($paramTypes, $sig); 802 } 803 if (!$ok) { 804 // Didn't match. 805 return new static::$responseClass( 806 0, 807 PhpXmlRpc::$xmlrpcerr['incorrect_params'], 808 PhpXmlRpc::$xmlrpcstr['incorrect_params'] . ": {$errStr}" 809 ); 810 } 811 } 812 813 $func = $dmap[$methodName]['function']; 814 815 // let the 'class::function' syntax be accepted in dispatch maps 816 if (is_string($func) && strpos($func, '::')) { 817 $func = explode('::', $func); 818 } 819 820 // build string representation of function 'name' 821 if (is_array($func)) { 822 if (is_object($func[0])) { 823 $funcName = get_class($func[0]) . '->' . $func[1]; 824 } else { 825 $funcName = implode('::', $func); 826 } 827 } else if ($func instanceof \Closure) { 828 $funcName = 'Closure'; 829 } else { 830 $funcName = $func; 831 } 832 833 // verify that function to be invoked is in fact callable 834 if (!is_callable($func)) { 835 $this->getLogger()->error("XML-RPC: " . __METHOD__ . ": function '$funcName' registered as method handler is not callable"); 836 return new static::$responseClass( 837 0, 838 PhpXmlRpc::$xmlrpcerr['server_error'], 839 PhpXmlRpc::$xmlrpcstr['server_error'] . ": no function matches method" 840 ); 841 } 842 843 if (isset($dmap[$methodName]['exception_handling'])) { 844 $exception_handling = (int)$dmap[$methodName]['exception_handling']; 845 } else { 846 $exception_handling = $this->exception_handling; 847 } 848 849 // If debug level is 3, we should catch all errors generated during processing of user function, and log them 850 // as part of response 851 if ($this->debug > 2) { 852 self::$_xmlrpcs_prev_ehandler = set_error_handler(array('\PhpXmlRpc\Server', '_xmlrpcs_errorHandler')); 853 } 854 855 try { 856 // Allow mixed-convention servers 857 if (is_object($req)) { 858 // call an 'xml-rpc aware' function 859 if ($sysCall) { 860 $r = call_user_func($func, $this, $req); 861 } else { 862 $r = call_user_func($func, $req); 863 } 864 if (!is_a($r, 'PhpXmlRpc\Response')) { 865 $this->getLogger()->error("XML-RPC: " . __METHOD__ . ": function '$funcName' registered as method handler does not return an xmlrpc response object but a " . gettype($r)); 866 if (is_a($r, 'PhpXmlRpc\Value')) { 867 $r = new static::$responseClass($r); 868 } else { 869 $r = new static::$responseClass( 870 0, 871 PhpXmlRpc::$xmlrpcerr['server_error'], 872 PhpXmlRpc::$xmlrpcstr['server_error'] . ": function does not return xmlrpc response object" 873 ); 874 } 875 } 876 } else { 877 // call a 'plain php' function 878 if ($sysCall) { 879 array_unshift($params, $this); 880 $r = call_user_func_array($func, $params); 881 } else { 882 // 3rd API convention for method-handling functions: EPI-style 883 if ($this->functions_parameters_type == 'epivals') { 884 $r = call_user_func_array($func, array($methodName, $params, $this->user_data)); 885 // mimic EPI behaviour: if we get an array that looks like an error, make it an error response 886 if (is_array($r) && array_key_exists('faultCode', $r) && array_key_exists('faultString', $r)) { 887 $r = new static::$responseClass(0, (integer)$r['faultCode'], (string)$r['faultString']); 888 } else { 889 // functions using EPI api should NOT return resp objects, so make sure we encode the 890 // return type correctly 891 $encoder = new Encoder(); 892 $r = new static::$responseClass($encoder->encode($r, array('extension_api'))); 893 } 894 } else { 895 $r = call_user_func_array($func, $params); 896 } 897 } 898 // the return type can be either a Response object or a plain php value... 899 if (!is_a($r, '\PhpXmlRpc\Response')) { 900 // q: what should we assume here about automatic encoding of datetimes and php classes instances? 901 // a: let the user decide 902 $encoder = new Encoder(); 903 $r = new static::$responseClass($encoder->encode($r, $this->phpvals_encoding_options)); 904 } 905 } 906 /// @todo bump minimum php version to 7.1 and use a single catch clause instead of the duplicate blocks 907 } catch (\Exception $e) { 908 // (barring errors in the lib) an uncaught exception happened in the called function, we wrap it in a 909 // proper error-response 910 switch ($exception_handling) { 911 case 2: 912 if ($this->debug > 2) { 913 if (self::$_xmlrpcs_prev_ehandler) { 914 set_error_handler(self::$_xmlrpcs_prev_ehandler); 915 } else { 916 restore_error_handler(); 917 } 918 } 919 throw $e; 920 case 1: 921 $errCode = $e->getCode(); 922 if ($errCode == 0) { 923 $errCode = PhpXmlRpc::$xmlrpcerr['server_error']; 924 } 925 $r = new static::$responseClass(0, $errCode, $e->getMessage()); 926 break; 927 default: 928 $r = new static::$responseClass(0, PhpXmlRpc::$xmlrpcerr['server_error'], PhpXmlRpc::$xmlrpcstr['server_error']); 929 } 930 } catch (\Error $e) { 931 // (barring errors in the lib) an uncaught exception happened in the called function, we wrap it in a 932 // proper error-response 933 switch ($exception_handling) { 934 case 2: 935 if ($this->debug > 2) { 936 if (self::$_xmlrpcs_prev_ehandler) { 937 set_error_handler(self::$_xmlrpcs_prev_ehandler); 938 } else { 939 restore_error_handler(); 940 } 941 } 942 throw $e; 943 case 1: 944 $errCode = $e->getCode(); 945 if ($errCode == 0) { 946 $errCode = PhpXmlRpc::$xmlrpcerr['server_error']; 947 } 948 $r = new static::$responseClass(0, $errCode, $e->getMessage()); 949 break; 950 default: 951 $r = new static::$responseClass(0, PhpXmlRpc::$xmlrpcerr['server_error'], PhpXmlRpc::$xmlrpcstr['server_error']); 952 } 953 } 954 955 if ($this->debug > 2) { 956 // note: restore the error handler we found before calling the user func, even if it has been changed 957 // inside the func itself 958 if (self::$_xmlrpcs_prev_ehandler) { 959 set_error_handler(self::$_xmlrpcs_prev_ehandler); 960 } else { 961 restore_error_handler(); 962 } 963 } 964 965 return $r; 966 } 967 968 /** 969 * Registered as callback for when the XMLParser has found the name of the method to execute. 970 * Handling that early allows to 1. stop parsing the rest of the xml if there is no such method registered, and 971 * 2. tweak the type of data that the parser will return, in case the server uses mixed-calling-convention 972 * 973 * @internal 974 * @param $methodName 975 * @param XMLParser $xmlParser 976 * @param resource $parser 977 * @return void 978 * @throws NoSuchMethodException 979 * 980 * @todo feature creep - we could validate here that the method in the dispatch map is valid, but that would mean 981 * dirtying a lot the logic, as we would have back to both parseRequest() and execute() methods the info 982 * about the matched method handler, in order to avoid doing the work twice... 983 */ 984 public function methodNameCallback($methodName, $xmlParser, $parser) 985 { 986 $sysCall = $this->isSyscall($methodName); 987 $dmap = $sysCall ? $this->getSystemDispatchMap() : $this->dmap; 988 989 if (!isset($dmap[$methodName]['function'])) { 990 // No such method 991 throw new NoSuchMethodException(PhpXmlRpc::$xmlrpcstr['unknown_method'], PhpXmlRpc::$xmlrpcerr['unknown_method']); 992 } 993 994 // alter on-the-fly the config of the xml parser if needed 995 if (isset($dmap[$methodName]['parameters_type']) && 996 $dmap[$methodName]['parameters_type'] != $this->functions_parameters_type) { 997 /// @todo this should be done by a method of the XMLParser 998 switch ($dmap[$methodName]['parameters_type']) { 999 case XMLParser::RETURN_PHP: 1000 xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_fast'); 1001 break; 1002 case XMLParser::RETURN_EPIVALS: 1003 xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_epi'); 1004 break; 1005 /// @todo log a warning on unsupported return type 1006 case XMLParser::RETURN_XMLRPCVALS: 1007 default: 1008 xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee'); 1009 } 1010 } 1011 } 1012 1013 /** 1014 * Add a string to the 'internal debug message' (separate from 'user debug message'). 1015 * 1016 * @param string $string 1017 * @return void 1018 */ 1019 protected function debugMsg($string) 1020 { 1021 $this->debug_info .= $string . "\n"; 1022 } 1023 1024 /** 1025 * @param string $methName 1026 * @return bool 1027 */ 1028 protected function isSyscall($methName) 1029 { 1030 return (strpos($methName, "system.") === 0); 1031 } 1032 1033 /** 1034 * @param array $dmap 1035 * @return $this 1036 */ 1037 public function setDispatchMap($dmap) 1038 { 1039 $this->dmap = $dmap; 1040 return $this; 1041 } 1042 1043 /** 1044 * @return array[] 1045 */ 1046 public function getDispatchMap() 1047 { 1048 return $this->dmap; 1049 } 1050 1051 /** 1052 * @return array[] 1053 */ 1054 public function getSystemDispatchMap() 1055 { 1056 if (!$this->allow_system_funcs) { 1057 return array(); 1058 } 1059 1060 return array( 1061 'system.listMethods' => array( 1062 'function' => 'PhpXmlRpc\Server::_xmlrpcs_listMethods', 1063 // listMethods: signature was either a string, or nothing. 1064 // The useless string variant has been removed 1065 'signature' => array(array(Value::$xmlrpcArray)), 1066 'docstring' => 'This method lists all the methods that the XML-RPC server knows how to dispatch', 1067 'signature_docs' => array(array('list of method names')), 1068 ), 1069 'system.methodHelp' => array( 1070 'function' => 'PhpXmlRpc\Server::_xmlrpcs_methodHelp', 1071 'signature' => array(array(Value::$xmlrpcString, Value::$xmlrpcString)), 1072 'docstring' => 'Returns help text if defined for the method passed, otherwise returns an empty string', 1073 'signature_docs' => array(array('method description', 'name of the method to be described')), 1074 ), 1075 'system.methodSignature' => array( 1076 'function' => 'PhpXmlRpc\Server::_xmlrpcs_methodSignature', 1077 'signature' => array(array(Value::$xmlrpcArray, Value::$xmlrpcString)), 1078 'docstring' => 'Returns an array of known signatures (an array of arrays) for the method name passed. If no signatures are known, returns a none-array (test for type != array to detect missing signature)', 1079 'signature_docs' => array(array('list of known signatures, each sig being an array of xmlrpc type names', 'name of method to be described')), 1080 ), 1081 'system.multicall' => array( 1082 'function' => 'PhpXmlRpc\Server::_xmlrpcs_multicall', 1083 'signature' => array(array(Value::$xmlrpcArray, Value::$xmlrpcArray)), 1084 'docstring' => 'Boxcar multiple RPC calls in one request. See http://www.xmlrpc.com/discuss/msgReader$1208 for details', 1085 'signature_docs' => array(array('list of response structs, where each struct has the usual members', 'list of calls, with each call being represented as a struct, with members "methodname" and "params"')), 1086 ), 1087 'system.getCapabilities' => array( 1088 'function' => 'PhpXmlRpc\Server::_xmlrpcs_getCapabilities', 1089 'signature' => array(array(Value::$xmlrpcStruct)), 1090 'docstring' => 'This method lists all the capabilities that the XML-RPC server has: the (more or less standard) extensions to the xmlrpc spec that it adheres to', 1091 'signature_docs' => array(array('list of capabilities, described as structs with a version number and url for the spec')), 1092 ), 1093 ); 1094 } 1095 1096 /** 1097 * @return array[] 1098 */ 1099 public function getCapabilities() 1100 { 1101 $outAr = array( 1102 // xml-rpc spec: always supported 1103 'xmlrpc' => array( 1104 'specUrl' => 'http://www.xmlrpc.com/spec', // NB: the spec sits now at http://xmlrpc.com/spec.md 1105 'specVersion' => 1 1106 ), 1107 // if we support system.xxx functions, we always support multicall, too... 1108 'system.multicall' => array( 1109 // Note that, as of 2006/09/17, the following URL does not respond anymore 1110 'specUrl' => 'http://www.xmlrpc.com/discuss/msgReader$1208', 1111 'specVersion' => 1 1112 ), 1113 // introspection: version 2! we support 'mixed', too. 1114 // note: the php xml-rpc extension says this instead: 1115 // url http://xmlrpc-epi.sourceforge.net/specs/rfc.introspection.php, version 20010516 1116 'introspection' => array( 1117 'specUrl' => 'http://phpxmlrpc.sourceforge.net/doc-2/ch10.html', 1118 'specVersion' => 2, 1119 ), 1120 ); 1121 1122 // NIL extension 1123 if (PhpXmlRpc::$xmlrpc_null_extension) { 1124 $outAr['nil'] = array( 1125 // Note that, as of 2023/01, the following URL does not respond anymore 1126 'specUrl' => 'http://www.ontosys.com/xml-rpc/extensions.php', 1127 'specVersion' => 1 1128 ); 1129 } 1130 1131 // support for "standard" error codes 1132 if (PhpXmlRpc::$xmlrpcerr['unknown_method'] === Interop::$xmlrpcerr['unknown_method']) { 1133 $outAr['faults_interop'] = array( 1134 'specUrl' => 'http://xmlrpc-epi.sourceforge.net/specs/rfc.fault_codes.php', 1135 'specVersion' => 20010516 1136 ); 1137 } 1138 1139 return $outAr; 1140 } 1141 1142 /** 1143 * @internal handler of a system. method 1144 * 1145 * @param Server $server 1146 * @param Request $req 1147 * @return Response 1148 */ 1149 public static function _xmlrpcs_getCapabilities($server, $req = null) 1150 { 1151 $encoder = new Encoder(); 1152 return new static::$responseClass($encoder->encode($server->getCapabilities())); 1153 } 1154 1155 /** 1156 * @internal handler of a system. method 1157 * 1158 * @param Server $server 1159 * @param Request $req if called in plain php values mode, second param is missing 1160 * @return Response 1161 */ 1162 public static function _xmlrpcs_listMethods($server, $req = null) 1163 { 1164 $outAr = array(); 1165 foreach ($server->dmap as $key => $val) { 1166 $outAr[] = new Value($key, 'string'); 1167 } 1168 foreach ($server->getSystemDispatchMap() as $key => $val) { 1169 $outAr[] = new Value($key, 'string'); 1170 } 1171 1172 return new static::$responseClass(new Value($outAr, 'array')); 1173 } 1174 1175 /** 1176 * @internal handler of a system. method 1177 * 1178 * @param Server $server 1179 * @param Request $req 1180 * @return Response 1181 */ 1182 public static function _xmlrpcs_methodSignature($server, $req) 1183 { 1184 // let's accept as parameter either an xml-rpc value or string 1185 if (is_object($req)) { 1186 $methName = $req->getParam(0); 1187 $methName = $methName->scalarVal(); 1188 } else { 1189 $methName = $req; 1190 } 1191 if ($server->isSyscall($methName)) { 1192 $dmap = $server->getSystemDispatchMap(); 1193 } else { 1194 $dmap = $server->dmap; 1195 } 1196 if (isset($dmap[$methName])) { 1197 if (isset($dmap[$methName]['signature'])) { 1198 $sigs = array(); 1199 foreach ($dmap[$methName]['signature'] as $inSig) { 1200 $curSig = array(); 1201 foreach ($inSig as $sig) { 1202 $curSig[] = new Value($sig, 'string'); 1203 } 1204 $sigs[] = new Value($curSig, 'array'); 1205 } 1206 $r = new static::$responseClass(new Value($sigs, 'array')); 1207 } else { 1208 // NB: according to the official docs, we should be returning a 1209 // "none-array" here, which means not-an-array 1210 $r = new static::$responseClass(new Value('undef', 'string')); 1211 } 1212 } else { 1213 $r = new static::$responseClass(0, PhpXmlRpc::$xmlrpcerr['introspect_unknown'], PhpXmlRpc::$xmlrpcstr['introspect_unknown']); 1214 } 1215 1216 return $r; 1217 } 1218 1219 /** 1220 * @internal handler of a system. method 1221 * 1222 * @param Server $server 1223 * @param Request $req 1224 * @return Response 1225 */ 1226 public static function _xmlrpcs_methodHelp($server, $req) 1227 { 1228 // let's accept as parameter either an xml-rpc value or string 1229 if (is_object($req)) { 1230 $methName = $req->getParam(0); 1231 $methName = $methName->scalarVal(); 1232 } else { 1233 $methName = $req; 1234 } 1235 if ($server->isSyscall($methName)) { 1236 $dmap = $server->getSystemDispatchMap(); 1237 } else { 1238 $dmap = $server->dmap; 1239 } 1240 if (isset($dmap[$methName])) { 1241 if (isset($dmap[$methName]['docstring'])) { 1242 $r = new static::$responseClass(new Value($dmap[$methName]['docstring'], 'string')); 1243 } else { 1244 $r = new static::$responseClass(new Value('', 'string')); 1245 } 1246 } else { 1247 $r = new static::$responseClass(0, PhpXmlRpc::$xmlrpcerr['introspect_unknown'], PhpXmlRpc::$xmlrpcstr['introspect_unknown']); 1248 } 1249 1250 return $r; 1251 } 1252 1253 /** 1254 * @internal this function will become protected in the future 1255 * 1256 * @param $err 1257 * @return Value 1258 */ 1259 public static function _xmlrpcs_multicall_error($err) 1260 { 1261 if (is_string($err)) { 1262 $str = PhpXmlRpc::$xmlrpcstr["multicall_{$err}"]; 1263 $code = PhpXmlRpc::$xmlrpcerr["multicall_{$err}"]; 1264 } else { 1265 $code = $err->faultCode(); 1266 $str = $err->faultString(); 1267 } 1268 $struct = array(); 1269 $struct['faultCode'] = new Value($code, 'int'); 1270 $struct['faultString'] = new Value($str, 'string'); 1271 1272 return new Value($struct, 'struct'); 1273 } 1274 1275 /** 1276 * @internal this function will become protected in the future 1277 * 1278 * @param Server $server 1279 * @param Value $call 1280 * @return Value 1281 */ 1282 public static function _xmlrpcs_multicall_do_call($server, $call) 1283 { 1284 if ($call->kindOf() != 'struct') { 1285 return static::_xmlrpcs_multicall_error('notstruct'); 1286 } 1287 $methName = @$call['methodName']; 1288 if (!$methName) { 1289 return static::_xmlrpcs_multicall_error('nomethod'); 1290 } 1291 if ($methName->kindOf() != 'scalar' || $methName->scalarTyp() != 'string') { 1292 return static::_xmlrpcs_multicall_error('notstring'); 1293 } 1294 if ($methName->scalarVal() == 'system.multicall') { 1295 return static::_xmlrpcs_multicall_error('recursion'); 1296 } 1297 1298 $params = @$call['params']; 1299 if (!$params) { 1300 return static::_xmlrpcs_multicall_error('noparams'); 1301 } 1302 if ($params->kindOf() != 'array') { 1303 return static::_xmlrpcs_multicall_error('notarray'); 1304 } 1305 1306 $req = new Request($methName->scalarVal()); 1307 foreach ($params as $i => $param) { 1308 if (!$req->addParam($param)) { 1309 $i++; // for error message, we count params from 1 1310 return static::_xmlrpcs_multicall_error(new static::$responseClass(0, 1311 PhpXmlRpc::$xmlrpcerr['incorrect_params'], 1312 PhpXmlRpc::$xmlrpcstr['incorrect_params'] . ": probable xml error in param " . $i)); 1313 } 1314 } 1315 1316 $result = $server->execute($req); 1317 1318 if ($result->faultCode() != 0) { 1319 return static::_xmlrpcs_multicall_error($result); // Method returned fault. 1320 } 1321 1322 return new Value(array($result->value()), 'array'); 1323 } 1324 1325 /** 1326 * @internal this function will become protected in the future 1327 * 1328 * @param Server $server 1329 * @param Value $call 1330 * @return Value 1331 */ 1332 public static function _xmlrpcs_multicall_do_call_phpvals($server, $call) 1333 { 1334 if (!is_array($call)) { 1335 return static::_xmlrpcs_multicall_error('notstruct'); 1336 } 1337 if (!array_key_exists('methodName', $call)) { 1338 return static::_xmlrpcs_multicall_error('nomethod'); 1339 } 1340 if (!is_string($call['methodName'])) { 1341 return static::_xmlrpcs_multicall_error('notstring'); 1342 } 1343 if ($call['methodName'] == 'system.multicall') { 1344 return static::_xmlrpcs_multicall_error('recursion'); 1345 } 1346 if (!array_key_exists('params', $call)) { 1347 return static::_xmlrpcs_multicall_error('noparams'); 1348 } 1349 if (!is_array($call['params'])) { 1350 return static::_xmlrpcs_multicall_error('notarray'); 1351 } 1352 1353 // this is a simplistic hack, since we might have received 1354 // base64 or datetime values, but they will be listed as strings here... 1355 $pt = array(); 1356 $wrapper = new Wrapper(); 1357 foreach ($call['params'] as $val) { 1358 // support EPI-encoded base64 and datetime values 1359 if ($val instanceof \stdClass && isset($val->xmlrpc_type)) { 1360 $pt[] = $val->xmlrpc_type == 'datetime' ? Value::$xmlrpcDateTime : $val->xmlrpc_type; 1361 } else { 1362 $pt[] = $wrapper->php2XmlrpcType(gettype($val)); 1363 } 1364 } 1365 1366 $result = $server->execute($call['methodName'], $call['params'], $pt); 1367 1368 if ($result->faultCode() != 0) { 1369 return static::_xmlrpcs_multicall_error($result); // Method returned fault. 1370 } 1371 1372 return new Value(array($result->value()), 'array'); 1373 } 1374 1375 /** 1376 * @internal handler of a system. method 1377 * 1378 * @param Server $server 1379 * @param Request|array $req 1380 * @return Response 1381 */ 1382 public static function _xmlrpcs_multicall($server, $req) 1383 { 1384 $result = array(); 1385 // let's accept a plain list of php parameters, beside a single xml-rpc msg object 1386 if (is_object($req)) { 1387 $calls = $req->getParam(0); 1388 foreach ($calls as $call) { 1389 $result[] = static::_xmlrpcs_multicall_do_call($server, $call); 1390 } 1391 } else { 1392 $numCalls = count($req); 1393 for ($i = 0; $i < $numCalls; $i++) { 1394 $result[$i] = static::_xmlrpcs_multicall_do_call_phpvals($server, $req[$i]); 1395 } 1396 } 1397 1398 return new static::$responseClass(new Value($result, 'array')); 1399 } 1400 1401 /** 1402 * Error handler used to track errors that occur during server-side execution of PHP code. 1403 * This allows to report back to the client whether an internal error has occurred or not 1404 * using an xml-rpc response object, instead of letting the client deal with the html junk 1405 * that a PHP execution error on the server generally entails. 1406 * 1407 * NB: in fact a user defined error handler can only handle WARNING, NOTICE and USER_* errors. 1408 * 1409 * @internal 1410 */ 1411 public static function _xmlrpcs_errorHandler($errCode, $errString, $filename = null, $lineNo = null, $context = null) 1412 { 1413 // obey the @ protocol 1414 if (error_reporting() == 0) { 1415 return; 1416 } 1417 1418 //if ($errCode != E_NOTICE && $errCode != E_WARNING && $errCode != E_USER_NOTICE && $errCode != E_USER_WARNING) 1419 if ($errCode != E_STRICT) { 1420 static::error_occurred($errString); 1421 } 1422 1423 // Try to avoid as much as possible disruption to the previous error handling mechanism in place 1424 if (self::$_xmlrpcs_prev_ehandler == '') { 1425 // The previous error handler was the default: all we should do is log error to the default error log 1426 // (if level high enough) 1427 if (ini_get('log_errors') && (intval(ini_get('error_reporting')) & $errCode)) { 1428 // we can't use the functionality of LoggerAware, because this is a static method 1429 if (self::$logger === null) { 1430 self::$logger = Logger::instance(); 1431 } 1432 self::$logger->error($errString); 1433 } 1434 } else { 1435 // Pass control on to previous error handler, trying to avoid loops... 1436 if (self::$_xmlrpcs_prev_ehandler != array('\PhpXmlRpc\Server', '_xmlrpcs_errorHandler')) { 1437 if (is_array(self::$_xmlrpcs_prev_ehandler)) { 1438 // the following works both with static class methods and plain object methods as error handler 1439 call_user_func_array(self::$_xmlrpcs_prev_ehandler, array($errCode, $errString, $filename, $lineNo, $context)); 1440 } else { 1441 $method = self::$_xmlrpcs_prev_ehandler; 1442 $method($errCode, $errString, $filename, $lineNo, $context); 1443 } 1444 } 1445 } 1446 } 1447 1448 // *** BC layer *** 1449 1450 /** 1451 * @param string $charsetEncoding 1452 * @return string 1453 * 1454 * @deprecated this method was moved to the Response class 1455 */ 1456 protected function xml_header($charsetEncoding = '') 1457 { 1458 $this->logDeprecation('Method ' . __METHOD__ . ' is deprecated'); 1459 1460 if ($charsetEncoding != '') { 1461 return "<?xml version=\"1.0\" encoding=\"$charsetEncoding\"?" . ">\n"; 1462 } else { 1463 return "<?xml version=\"1.0\"?" . ">\n"; 1464 } 1465 } 1466 1467 // we have to make this return by ref in order to allow calls such as `$resp->_cookies['name'] = ['value' => 'something'];` 1468 public function &__get($name) 1469 { 1470 switch ($name) { 1471 case self::OPT_ACCEPTED_COMPRESSION : 1472 case self::OPT_ALLOW_SYSTEM_FUNCS: 1473 case self::OPT_COMPRESS_RESPONSE: 1474 case self::OPT_DEBUG: 1475 case self::OPT_EXCEPTION_HANDLING: 1476 case self::OPT_FUNCTIONS_PARAMETERS_TYPE: 1477 case self::OPT_PHPVALS_ENCODING_OPTIONS: 1478 case self::OPT_RESPONSE_CHARSET_ENCODING: 1479 $this->logDeprecation('Getting property Request::' . $name . ' is deprecated'); 1480 return $this->$name; 1481 case 'accepted_charset_encodings': 1482 // manually implement the 'protected property' behaviour 1483 $canAccess = false; 1484 $trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); 1485 if (isset($trace[1]) && isset($trace[1]['class'])) { 1486 if (is_subclass_of($trace[1]['class'], 'PhpXmlRpc\Server')) { 1487 $canAccess = true; 1488 } 1489 } 1490 if ($canAccess) { 1491 $this->logDeprecation('Getting property Request::' . $name . ' is deprecated'); 1492 return $this->accepted_compression; 1493 } else { 1494 trigger_error("Cannot access protected property Server::accepted_charset_encodings in " . __FILE__, E_USER_ERROR); 1495 } 1496 break; 1497 default: 1498 /// @todo throw instead? There are very few other places where the lib trigger errors which can potentially reach stdout... 1499 $trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 1); 1500 trigger_error('Undefined property via __get(): ' . $name . ' in ' . $trace[0]['file'] . ' on line ' . $trace[0]['line'], E_USER_WARNING); 1501 $result = null; 1502 return $result; 1503 } 1504 } 1505 1506 public function __set($name, $value) 1507 { 1508 switch ($name) { 1509 case self::OPT_ACCEPTED_COMPRESSION : 1510 case self::OPT_ALLOW_SYSTEM_FUNCS: 1511 case self::OPT_COMPRESS_RESPONSE: 1512 case self::OPT_DEBUG: 1513 case self::OPT_EXCEPTION_HANDLING: 1514 case self::OPT_FUNCTIONS_PARAMETERS_TYPE: 1515 case self::OPT_PHPVALS_ENCODING_OPTIONS: 1516 case self::OPT_RESPONSE_CHARSET_ENCODING: 1517 $this->logDeprecation('Setting property Request::' . $name . ' is deprecated'); 1518 $this->$name = $value; 1519 break; 1520 case 'accepted_charset_encodings': 1521 // manually implement the 'protected property' behaviour 1522 $canAccess = false; 1523 $trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); 1524 if (isset($trace[1]) && isset($trace[1]['class'])) { 1525 if (is_subclass_of($trace[1]['class'], 'PhpXmlRpc\Server')) { 1526 $canAccess = true; 1527 } 1528 } 1529 if ($canAccess) { 1530 $this->logDeprecation('Setting property Request::' . $name . ' is deprecated'); 1531 $this->accepted_compression = $value; 1532 } else { 1533 trigger_error("Cannot access protected property Server::accepted_charset_encodings in " . __FILE__, E_USER_ERROR); 1534 } 1535 break; 1536 default: 1537 /// @todo throw instead? There are very few other places where the lib trigger errors which can potentially reach stdout... 1538 $trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 1); 1539 trigger_error('Undefined property via __set(): ' . $name . ' in ' . $trace[0]['file'] . ' on line ' . $trace[0]['line'], E_USER_WARNING); 1540 } 1541 } 1542 1543 public function __isset($name) 1544 { 1545 switch ($name) { 1546 case self::OPT_ACCEPTED_COMPRESSION : 1547 case self::OPT_ALLOW_SYSTEM_FUNCS: 1548 case self::OPT_COMPRESS_RESPONSE: 1549 case self::OPT_DEBUG: 1550 case self::OPT_EXCEPTION_HANDLING: 1551 case self::OPT_FUNCTIONS_PARAMETERS_TYPE: 1552 case self::OPT_PHPVALS_ENCODING_OPTIONS: 1553 case self::OPT_RESPONSE_CHARSET_ENCODING: 1554 $this->logDeprecation('Checking property Request::' . $name . ' is deprecated'); 1555 return isset($this->$name); 1556 case 'accepted_charset_encodings': 1557 // manually implement the 'protected property' behaviour 1558 $canAccess = false; 1559 $trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); 1560 if (isset($trace[1]) && isset($trace[1]['class'])) { 1561 if (is_subclass_of($trace[1]['class'], 'PhpXmlRpc\Server')) { 1562 $canAccess = true; 1563 } 1564 } 1565 if ($canAccess) { 1566 $this->logDeprecation('Checking property Request::' . $name . ' is deprecated'); 1567 return isset($this->accepted_compression); 1568 } 1569 // break through voluntarily 1570 default: 1571 return false; 1572 } 1573 } 1574 1575 public function __unset($name) 1576 { 1577 switch ($name) { 1578 case self::OPT_ACCEPTED_COMPRESSION : 1579 case self::OPT_ALLOW_SYSTEM_FUNCS: 1580 case self::OPT_COMPRESS_RESPONSE: 1581 case self::OPT_DEBUG: 1582 case self::OPT_EXCEPTION_HANDLING: 1583 case self::OPT_FUNCTIONS_PARAMETERS_TYPE: 1584 case self::OPT_PHPVALS_ENCODING_OPTIONS: 1585 case self::OPT_RESPONSE_CHARSET_ENCODING: 1586 $this->logDeprecation('Unsetting property Request::' . $name . ' is deprecated'); 1587 unset($this->$name); 1588 break; 1589 case 'accepted_charset_encodings': 1590 // manually implement the 'protected property' behaviour 1591 $canAccess = false; 1592 $trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); 1593 if (isset($trace[1]) && isset($trace[1]['class'])) { 1594 if (is_subclass_of($trace[1]['class'], 'PhpXmlRpc\Server')) { 1595 $canAccess = true; 1596 } 1597 } 1598 if ($canAccess) { 1599 $this->logDeprecation('Unsetting property Request::' . $name . ' is deprecated'); 1600 unset($this->accepted_compression); 1601 } else { 1602 trigger_error("Cannot access protected property Server::accepted_charset_encodings in " . __FILE__, E_USER_ERROR); 1603 } 1604 break; 1605 default: 1606 /// @todo throw instead? There are very few other places where the lib trigger errors which can potentially reach stdout... 1607 $trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 1); 1608 trigger_error('Undefined property via __unset(): ' . $name . ' in ' . $trace[0]['file'] . ' on line ' . $trace[0]['line'], E_USER_WARNING); 1609 } 1610 } 1611 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
