Skip to content
Snippets Groups Projects
Commit d07a8a75 authored by hahn's avatar hahn
Browse files

task#3869 - update sws class

parent 68cc3286
Branches
No related tags found
No related merge requests found
...@@ -103,7 +103,7 @@ class sws { ...@@ -103,7 +103,7 @@ class sws {
* version * version
* @var string * @var string
*/ */
private $_sVersion = "0.06 (beta)"; private $_sVersion = "0.07 (beta)";
/** /**
* title * title
...@@ -166,6 +166,23 @@ class sws { ...@@ -166,6 +166,23 @@ class sws {
return false; return false;
} }
/**
* helper for _parseParams
* check if parameter args contain safe chars
* @param type $sParamValue
* @return boolean
*/
private function _verifyParamValue($sParamValue){
$sOKChars='a-z0-9\"\{\}\[\]\.\,\ \:\-\+';
if(isset($this->_aParams[$sParamValue])){
$sVal=urldecode($this->_aParams[$sParamValue]);
if(preg_match('/[^'.$sOKChars. ']/i', $sVal)){
$this->_quit("ERROR: parameter $sParamValue=.. contains unsupported character(s): [". preg_replace('/['.$sOKChars. ']/i', '',$sVal)."]");
}
}
return true;
}
/** /**
* parse parameters (given GET/ POST is in by _aParams @see setParams) * parse parameters (given GET/ POST is in by _aParams @see setParams)
* class - class to initialize * class - class to initialize
...@@ -176,7 +193,7 @@ class sws { ...@@ -176,7 +193,7 @@ class sws {
*/ */
private function _parseParams() { private function _parseParams() {
$aMinParams = array("class", "action"); $aMinParams = array("class", "action");
$aMaxParams = array_merge($aMinParams, array("args")); $aMaxParams = array_merge($aMinParams, array("init", "args", "type"));
$sErrors = ''; $sErrors = '';
// set defaults // set defaults
...@@ -202,7 +219,12 @@ class sws { ...@@ -202,7 +219,12 @@ class sws {
$sErrors.="- <em>" . $sKey . "</em><br>"; $sErrors.="- <em>" . $sKey . "</em><br>";
} }
} }
// TODO: checkMaxParams // check max Params
foreach(array_keys($this->_aParams) as $sKey){
if(!in_array($sKey, $aMaxParams)){
$this->_quit("ERROR: parameter ". htmlentities($sKey)." is unknown.");
}
}
// check if classname and action exist in configuration // check if classname and action exist in configuration
if (array_key_exists("class", $this->_aParams)) { if (array_key_exists("class", $this->_aParams)) {
...@@ -214,6 +236,9 @@ class sws { ...@@ -214,6 +236,9 @@ class sws {
$this->_sClassfile = $this->_aKnownClasses["classes"][$this->_aParams["class"]]["file"]; $this->_sClassfile = $this->_aKnownClasses["classes"][$this->_aParams["class"]]["file"];
// get arguments for the method // get arguments for the method
$this->_verifyParamValue("init");
$this->_verifyParamValue("args");
if (array_key_exists("init", $this->_aParams)) { if (array_key_exists("init", $this->_aParams)) {
try { try {
$aTmp = json_decode($this->_aParams["init"], 1); $aTmp = json_decode($this->_aParams["init"], 1);
...@@ -222,7 +247,7 @@ class sws { ...@@ -222,7 +247,7 @@ class sws {
} }
if (!is_array($aTmp)) { if (!is_array($aTmp)) {
$this->_quit( $this->_quit(
'ERROR: wrong request - init value must be a json string<br>' 'ERROR: wrong request - init value must be a json string (in url encoded form)<br>'
. 'examples:<br>' . 'examples:<br>'
. '- one arg <code>(...)&init=["my string"]</code><br>' . '- one arg <code>(...)&init=["my string"]</code><br>'
. '- two args <code>(...)&init=["my string", 123]</code> ' . '- two args <code>(...)&init=["my string", 123]</code> '
...@@ -249,7 +274,7 @@ class sws { ...@@ -249,7 +274,7 @@ class sws {
} }
if (!is_array($aTmp)) { if (!is_array($aTmp)) {
$this->_quit( $this->_quit(
'ERROR: wrong request - args value must be a json string<br>' 'ERROR: wrong request - args value must be a json string (in url encoded form)<br>'
. 'examples:<br>' . 'examples:<br>'
. '- one arg <code>(...)&args=["my string"]</code><br>' . '- one arg <code>(...)&args=["my string"]</code><br>'
. '- two args <code>(...)&args=["my string", 123]</code> ' . '- two args <code>(...)&args=["my string", 123]</code> '
...@@ -623,7 +648,7 @@ class sws { ...@@ -623,7 +648,7 @@ class sws {
$sClassInit = '<span class="urlvalue">[initparams]</span>'; $sClassInit = '<span class="urlvalue">[initparams]</span>';
$sActionSelect = '<span class="urlvalue">[action]</span>'; $sActionSelect = '<span class="urlvalue">[action]</span>';
$sParamSelect = '<span class="urlvalue">[parameters]</span>'; $sParamSelect = '<span class="urlvalue">[parameters]</span>';
$sTypeSelect = '<span class="urlvalue">[type: raw|json]</span>'; $sTypeSelect = '<span class="urlvalue">[raw|json]</span>';
$sSyntax = sprintf( $sSyntax = sprintf(
'<pre>?' '<pre>?'
...@@ -701,6 +726,9 @@ class sws { ...@@ -701,6 +726,9 @@ class sws {
. '.warning{ color:#a96; background:#fc8; padding: 0.5em; margin-bottom: 2em; border-left: 4px solid;}' . '.warning{ color:#a96; background:#fc8; padding: 0.5em; margin-bottom: 2em; border-left: 4px solid;}'
. '.defaultvalue{color: #33c;}' . '.defaultvalue{color: #33c;}'
. '</style>' . '</style>'
;
if($this->_aOptions["enableGui"]){
$sReturn.= ''
. '<script>' . '<script>'
. 'function toggleDesciption(sId, a){' . 'function toggleDesciption(sId, a){'
. 'var o=document.getElementById(sId);' . 'var o=document.getElementById(sId);'
...@@ -781,6 +809,9 @@ class sws { ...@@ -781,6 +809,9 @@ class sws {
' '
. '</script>' . '</script>'
;
}
$sReturn.= ''
. '</head>' . '</head>'
. '<body>'; . '<body>';
......
{ {
"options": { "options": {
"enableGui": 1, "enableGui": 1,
"enableDump": 1 "enableDump": 0
}, },
"classes": { "classes": {
"Actionlog": { "Actionlog": {
...@@ -9,6 +9,12 @@ ...@@ -9,6 +9,12 @@
"actions": { "actions": {
"getLogs": {} "getLogs": {}
} }
},
"project": {
"file": "project.class.php",
"actions": {
"getProjects": {}
}
} }
} }
} }
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment