00001 <?php 00002 // by Edd Dumbill (C) 1999-2002 00003 // <edd@usefulinc.com> 00004 // $Id: xmlrpcs.inc,v 1.71 2008/10/29 23:41:28 ggiunta Exp $ 00005 00006 // Copyright (c) 1999,2000,2002 Edd Dumbill. 00007 // All rights reserved. 00008 // 00009 // Redistribution and use in source and binary forms, with or without 00010 // modification, are permitted provided that the following conditions 00011 // are met: 00012 // 00013 // * Redistributions of source code must retain the above copyright 00014 // notice, this list of conditions and the following disclaimer. 00015 // 00016 // * Redistributions in binary form must reproduce the above 00017 // copyright notice, this list of conditions and the following 00018 // disclaimer in the documentation and/or other materials provided 00019 // with the distribution. 00020 // 00021 // * Neither the name of the "XML-RPC for PHP" nor the names of its 00022 // contributors may be used to endorse or promote products derived 00023 // from this software without specific prior written permission. 00024 // 00025 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00026 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00027 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 00028 // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 00029 // REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 00030 // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 00031 // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 00032 // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 00033 // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 00034 // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 00035 // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 00036 // OF THE POSSIBILITY OF SUCH DAMAGE. 00037 00038 // XML RPC Server class 00039 // requires: xmlrpc.inc 00040 00041 $GLOBALS['xmlrpcs_capabilities'] = array( 00042 // xmlrpc spec: always supported 00043 'xmlrpc' => new xmlrpcval(array( 00044 'specUrl' => new xmlrpcval('http://www.xmlrpc.com/spec', 'string'), 00045 'specVersion' => new xmlrpcval(1, 'int') 00046 ), 'struct'), 00047 // if we support system.xxx functions, we always support multicall, too... 00048 // Note that, as of 2006/09/17, the following URL does not respond anymore 00049 'system.multicall' => new xmlrpcval(array( 00050 'specUrl' => new xmlrpcval('http://www.xmlrpc.com/discuss/msgReader$1208', 'string'), 00051 'specVersion' => new xmlrpcval(1, 'int') 00052 ), 'struct'), 00053 // introspection: version 2! we support 'mixed', too 00054 'introspection' => new xmlrpcval(array( 00055 'specUrl' => new xmlrpcval('http://phpxmlrpc.sourceforge.net/doc-2/ch10.html', 'string'), 00056 'specVersion' => new xmlrpcval(2, 'int') 00057 ), 'struct') 00058 ); 00059 00060 /* Functions that implement system.XXX methods of xmlrpc servers */ 00061 $_xmlrpcs_getCapabilities_sig=array(array($GLOBALS['xmlrpcStruct'])); 00062 $_xmlrpcs_getCapabilities_doc='This method lists all the capabilites that the XML-RPC server has: the (more or less standard) extensions to the xmlrpc spec that it adheres to'; 00063 $_xmlrpcs_getCapabilities_sdoc=array(array('list of capabilities, described as structs with a version number and url for the spec')); 00064 function _xmlrpcs_getCapabilities($server, $m=null) 00065 { 00066 $outAr = $GLOBALS['xmlrpcs_capabilities']; 00067 // NIL extension 00068 if ($GLOBALS['xmlrpc_null_extension']) { 00069 $outAr['nil'] = new xmlrpcval(array( 00070 'specUrl' => new xmlrpcval('http://www.ontosys.com/xml-rpc/extensions.php', 'string'), 00071 'specVersion' => new xmlrpcval(1, 'int') 00072 ), 'struct'); 00073 } 00074 return new xmlrpcresp(new xmlrpcval($outAr, 'struct')); 00075 } 00076 00077 // listMethods: signature was either a string, or nothing. 00078 // The useless string variant has been removed 00079 $_xmlrpcs_listMethods_sig=array(array($GLOBALS['xmlrpcArray'])); 00080 $_xmlrpcs_listMethods_doc='This method lists all the methods that the XML-RPC server knows how to dispatch'; 00081 $_xmlrpcs_listMethods_sdoc=array(array('list of method names')); 00082 function _xmlrpcs_listMethods($server, $m=null) // if called in plain php values mode, second param is missing 00083 { 00084 00085 $outAr=array(); 00086 foreach($server->dmap as $key => $val) 00087 { 00088 $outAr[]=&new xmlrpcval($key, 'string'); 00089 } 00090 if($server->allow_system_funcs) 00091 { 00092 foreach($GLOBALS['_xmlrpcs_dmap'] as $key => $val) 00093 { 00094 $outAr[]=&new xmlrpcval($key, 'string'); 00095 } 00096 } 00097 return new xmlrpcresp(new xmlrpcval($outAr, 'array')); 00098 } 00099 00100 $_xmlrpcs_methodSignature_sig=array(array($GLOBALS['xmlrpcArray'], $GLOBALS['xmlrpcString'])); 00101 $_xmlrpcs_methodSignature_doc='Returns an array of known signatures (an array of arrays) for the method name passed. If no signatures are known, returns a none-array (test for type != array to detect missing signature)'; 00102 $_xmlrpcs_methodSignature_sdoc=array(array('list of known signatures, each sig being an array of xmlrpc type names', 'name of method to be described')); 00103 function _xmlrpcs_methodSignature($server, $m) 00104 { 00105 // let accept as parameter both an xmlrpcval or string 00106 if (is_object($m)) 00107 { 00108 $methName=$m->getParam(0); 00109 $methName=$methName->scalarval(); 00110 } 00111 else 00112 { 00113 $methName=$m; 00114 } 00115 if(strpos($methName, "system.") === 0) 00116 { 00117 $dmap=$GLOBALS['_xmlrpcs_dmap']; $sysCall=1; 00118 } 00119 else 00120 { 00121 $dmap=$server->dmap; $sysCall=0; 00122 } 00123 if(isset($dmap[$methName])) 00124 { 00125 if(isset($dmap[$methName]['signature'])) 00126 { 00127 $sigs=array(); 00128 foreach($dmap[$methName]['signature'] as $inSig) 00129 { 00130 $cursig=array(); 00131 foreach($inSig as $sig) 00132 { 00133 $cursig[]=&new xmlrpcval($sig, 'string'); 00134 } 00135 $sigs[]=&new xmlrpcval($cursig, 'array'); 00136 } 00137 $r=&new xmlrpcresp(new xmlrpcval($sigs, 'array')); 00138 } 00139 else 00140 { 00141 // NB: according to the official docs, we should be returning a 00142 // "none-array" here, which means not-an-array 00143 $r=&new xmlrpcresp(new xmlrpcval('undef', 'string')); 00144 } 00145 } 00146 else 00147 { 00148 $r=&new xmlrpcresp(0,$GLOBALS['xmlrpcerr']['introspect_unknown'], $GLOBALS['xmlrpcstr']['introspect_unknown']); 00149 } 00150 return $r; 00151 } 00152 00153 $_xmlrpcs_methodHelp_sig=array(array($GLOBALS['xmlrpcString'], $GLOBALS['xmlrpcString'])); 00154 $_xmlrpcs_methodHelp_doc='Returns help text if defined for the method passed, otherwise returns an empty string'; 00155 $_xmlrpcs_methodHelp_sdoc=array(array('method description', 'name of the method to be described')); 00156 function _xmlrpcs_methodHelp($server, $m) 00157 { 00158 // let accept as parameter both an xmlrpcval or string 00159 if (is_object($m)) 00160 { 00161 $methName=$m->getParam(0); 00162 $methName=$methName->scalarval(); 00163 } 00164 else 00165 { 00166 $methName=$m; 00167 } 00168 if(strpos($methName, "system.") === 0) 00169 { 00170 $dmap=$GLOBALS['_xmlrpcs_dmap']; $sysCall=1; 00171 } 00172 else 00173 { 00174 $dmap=$server->dmap; $sysCall=0; 00175 } 00176 if(isset($dmap[$methName])) 00177 { 00178 if(isset($dmap[$methName]['docstring'])) 00179 { 00180 $r=&new xmlrpcresp(new xmlrpcval($dmap[$methName]['docstring']), 'string'); 00181 } 00182 else 00183 { 00184 $r=&new xmlrpcresp(new xmlrpcval('', 'string')); 00185 } 00186 } 00187 else 00188 { 00189 $r=&new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['introspect_unknown'], $GLOBALS['xmlrpcstr']['introspect_unknown']); 00190 } 00191 return $r; 00192 } 00193 00194 $_xmlrpcs_multicall_sig = array(array($GLOBALS['xmlrpcArray'], $GLOBALS['xmlrpcArray'])); 00195 $_xmlrpcs_multicall_doc = 'Boxcar multiple RPC calls in one request. See http://www.xmlrpc.com/discuss/msgReader$1208 for details'; 00196 $_xmlrpcs_multicall_sdoc = array(array('list of response structs, where each struct has the usual members', 'list of calls, with each call being represented as a struct, with members "methodname" and "params"')); 00197 function _xmlrpcs_multicall_error($err) 00198 { 00199 if(is_string($err)) 00200 { 00201 $str = $GLOBALS['xmlrpcstr']["multicall_${err}"]; 00202 $code = $GLOBALS['xmlrpcerr']["multicall_${err}"]; 00203 } 00204 else 00205 { 00206 $code = $err->faultCode(); 00207 $str = $err->faultString(); 00208 } 00209 $struct = array(); 00210 $struct['faultCode'] =& new xmlrpcval($code, 'int'); 00211 $struct['faultString'] =& new xmlrpcval($str, 'string'); 00212 return new xmlrpcval($struct, 'struct'); 00213 } 00214 00215 function _xmlrpcs_multicall_do_call($server, $call) 00216 { 00217 if($call->kindOf() != 'struct') 00218 { 00219 return _xmlrpcs_multicall_error('notstruct'); 00220 } 00221 $methName = @$call->structmem('methodName'); 00222 if(!$methName) 00223 { 00224 return _xmlrpcs_multicall_error('nomethod'); 00225 } 00226 if($methName->kindOf() != 'scalar' || $methName->scalartyp() != 'string') 00227 { 00228 return _xmlrpcs_multicall_error('notstring'); 00229 } 00230 if($methName->scalarval() == 'system.multicall') 00231 { 00232 return _xmlrpcs_multicall_error('recursion'); 00233 } 00234 00235 $params = @$call->structmem('params'); 00236 if(!$params) 00237 { 00238 return _xmlrpcs_multicall_error('noparams'); 00239 } 00240 if($params->kindOf() != 'array') 00241 { 00242 return _xmlrpcs_multicall_error('notarray'); 00243 } 00244 $numParams = $params->arraysize(); 00245 00246 $msg =& new xmlrpcmsg($methName->scalarval()); 00247 for($i = 0; $i < $numParams; $i++) 00248 { 00249 if(!$msg->addParam($params->arraymem($i))) 00250 { 00251 $i++; 00252 return _xmlrpcs_multicall_error(new xmlrpcresp(0, 00253 $GLOBALS['xmlrpcerr']['incorrect_params'], 00254 $GLOBALS['xmlrpcstr']['incorrect_params'] . ": probable xml error in param " . $i)); 00255 } 00256 } 00257 00258 $result = $server->execute($msg); 00259 00260 if($result->faultCode() != 0) 00261 { 00262 return _xmlrpcs_multicall_error($result); // Method returned fault. 00263 } 00264 00265 return new xmlrpcval(array($result->value()), 'array'); 00266 } 00267 00268 function _xmlrpcs_multicall_do_call_phpvals($server, $call) 00269 { 00270 if(!is_array($call)) 00271 { 00272 return _xmlrpcs_multicall_error('notstruct'); 00273 } 00274 if(!array_key_exists('methodName', $call)) 00275 { 00276 return _xmlrpcs_multicall_error('nomethod'); 00277 } 00278 if (!is_string($call['methodName'])) 00279 { 00280 return _xmlrpcs_multicall_error('notstring'); 00281 } 00282 if($call['methodName'] == 'system.multicall') 00283 { 00284 return _xmlrpcs_multicall_error('recursion'); 00285 } 00286 if(!array_key_exists('params', $call)) 00287 { 00288 return _xmlrpcs_multicall_error('noparams'); 00289 } 00290 if(!is_array($call['params'])) 00291 { 00292 return _xmlrpcs_multicall_error('notarray'); 00293 } 00294 00295 // this is a real dirty and simplistic hack, since we might have received a 00296 // base64 or datetime values, but they will be listed as strings here... 00297 $numParams = count($call['params']); 00298 $pt = array(); 00299 foreach($call['params'] as $val) 00300 $pt[] = php_2_xmlrpc_type(gettype($val)); 00301 00302 $result = $server->execute($call['methodName'], $call['params'], $pt); 00303 00304 if($result->faultCode() != 0) 00305 { 00306 return _xmlrpcs_multicall_error($result); // Method returned fault. 00307 } 00308 00309 return new xmlrpcval(array($result->value()), 'array'); 00310 } 00311 00312 function _xmlrpcs_multicall($server, $m) 00313 { 00314 $result = array(); 00315 // let accept a plain list of php parameters, beside a single xmlrpc msg object 00316 if (is_object($m)) 00317 { 00318 $calls = $m->getParam(0); 00319 $numCalls = $calls->arraysize(); 00320 for($i = 0; $i < $numCalls; $i++) 00321 { 00322 $call = $calls->arraymem($i); 00323 $result[$i] = _xmlrpcs_multicall_do_call($server, $call); 00324 } 00325 } 00326 else 00327 { 00328 $numCalls=count($m); 00329 for($i = 0; $i < $numCalls; $i++) 00330 { 00331 $result[$i] = _xmlrpcs_multicall_do_call_phpvals($server, $m[$i]); 00332 } 00333 } 00334 00335 return new xmlrpcresp(new xmlrpcval($result, 'array')); 00336 } 00337 00338 $GLOBALS['_xmlrpcs_dmap']=array( 00339 'system.listMethods' => array( 00340 'function' => '_xmlrpcs_listMethods', 00341 'signature' => $_xmlrpcs_listMethods_sig, 00342 'docstring' => $_xmlrpcs_listMethods_doc, 00343 'signature_docs' => $_xmlrpcs_listMethods_sdoc), 00344 'system.methodHelp' => array( 00345 'function' => '_xmlrpcs_methodHelp', 00346 'signature' => $_xmlrpcs_methodHelp_sig, 00347 'docstring' => $_xmlrpcs_methodHelp_doc, 00348 'signature_docs' => $_xmlrpcs_methodHelp_sdoc), 00349 'system.methodSignature' => array( 00350 'function' => '_xmlrpcs_methodSignature', 00351 'signature' => $_xmlrpcs_methodSignature_sig, 00352 'docstring' => $_xmlrpcs_methodSignature_doc, 00353 'signature_docs' => $_xmlrpcs_methodSignature_sdoc), 00354 'system.multicall' => array( 00355 'function' => '_xmlrpcs_multicall', 00356 'signature' => $_xmlrpcs_multicall_sig, 00357 'docstring' => $_xmlrpcs_multicall_doc, 00358 'signature_docs' => $_xmlrpcs_multicall_sdoc), 00359 'system.getCapabilities' => array( 00360 'function' => '_xmlrpcs_getCapabilities', 00361 'signature' => $_xmlrpcs_getCapabilities_sig, 00362 'docstring' => $_xmlrpcs_getCapabilities_doc, 00363 'signature_docs' => $_xmlrpcs_getCapabilities_sdoc) 00364 ); 00365 00366 $GLOBALS['_xmlrpcs_occurred_errors'] = ''; 00367 $GLOBALS['_xmlrpcs_prev_ehandler'] = ''; 00377 function _xmlrpcs_errorHandler($errcode, $errstring, $filename=null, $lineno=null, $context=null) 00378 { 00379 // obey the @ protocol 00380 if (error_reporting() == 0) 00381 return; 00382 00383 //if($errcode != E_NOTICE && $errcode != E_WARNING && $errcode != E_USER_NOTICE && $errcode != E_USER_WARNING) 00384 if($errcode != 2048) // do not use E_STRICT by name, since on PHP 4 it will not be defined 00385 { 00386 $GLOBALS['_xmlrpcs_occurred_errors'] = $GLOBALS['_xmlrpcs_occurred_errors'] . $errstring . "\n"; 00387 } 00388 // Try to avoid as much as possible disruption to the previous error handling 00389 // mechanism in place 00390 if($GLOBALS['_xmlrpcs_prev_ehandler'] == '') 00391 { 00392 // The previous error handler was the default: all we should do is log error 00393 // to the default error log (if level high enough) 00394 if(ini_get('log_errors') && (intval(ini_get('error_reporting')) & $errcode)) 00395 { 00396 error_log($errstring); 00397 } 00398 } 00399 else 00400 { 00401 // Pass control on to previous error handler, trying to avoid loops... 00402 if($GLOBALS['_xmlrpcs_prev_ehandler'] != '_xmlrpcs_errorHandler') 00403 { 00404 // NB: this code will NOT work on php < 4.0.2: only 2 params were used for error handlers 00405 if(is_array($GLOBALS['_xmlrpcs_prev_ehandler'])) 00406 { 00407 // the following works both with static class methods and plain object methods as error handler 00408 call_user_func_array($GLOBALS['_xmlrpcs_prev_ehandler'], array($errcode, $errstring, $filename, $lineno, $context)); 00409 } 00410 else 00411 { 00412 $GLOBALS['_xmlrpcs_prev_ehandler']($errcode, $errstring, $filename, $lineno, $context); 00413 } 00414 } 00415 } 00416 } 00417 00418 $GLOBALS['_xmlrpc_debuginfo']=''; 00419 00428 function xmlrpc_debugmsg($m) 00429 { 00430 $GLOBALS['_xmlrpc_debuginfo'] .= $m . "\n"; 00431 } 00432 00433 class xmlrpc_server 00434 { 00436 var $dmap=array(); 00442 var $functions_parameters_type='xmlrpcvals'; 00444 var $debug = 1; 00449 var $compress_response = false; 00454 var $accepted_compression = array(); 00456 var $allow_system_funcs = true; 00458 var $accepted_charset_encodings = array(); 00468 var $response_charset_encoding = ''; 00470 var $debug_info = ''; 00472 var $user_data = null; 00473 00478 function xmlrpc_server($dispMap=null, $serviceNow=true) 00479 { 00480 // if ZLIB is enabled, let the server by default accept compressed requests, 00481 // and compress responses sent to clients that support them 00482 if(function_exists('gzinflate')) 00483 { 00484 $this->accepted_compression = array('gzip', 'deflate'); 00485 $this->compress_response = true; 00486 } 00487 00488 // by default the xml parser can support these 3 charset encodings 00489 $this->accepted_charset_encodings = array('UTF-8', 'ISO-8859-1', 'US-ASCII'); 00490 00491 // dispMap is a dispatch array of methods 00492 // mapped to function names and signatures 00493 // if a method 00494 // doesn't appear in the map then an unknown 00495 // method error is generated 00496 /* milosch - changed to make passing dispMap optional. 00497 * instead, you can use the class add_to_map() function 00498 * to add functions manually (borrowed from SOAPX4) 00499 */ 00500 if($dispMap) 00501 { 00502 $this->dmap = $dispMap; 00503 if($serviceNow) 00504 { 00505 $this->service(); 00506 } 00507 } 00508 } 00509 00524 function setDebug($in) 00525 { 00526 $this->debug=$in; 00527 } 00528 00534 function serializeDebug($charset_encoding='') 00535 { 00536 // Tough encoding problem: which internal charset should we assume for debug info? 00537 // It might contain a copy of raw data received from client, ie with unknown encoding, 00538 // intermixed with php generated data and user generated data... 00539 // so we split it: system debug is base 64 encoded, 00540 // user debug info should be encoded by the end user using the INTERNAL_ENCODING 00541 $out = ''; 00542 if ($this->debug_info != '') 00543 { 00544 $out .= "<!-- SERVER DEBUG INFO (BASE64 ENCODED):\n".base64_encode($this->debug_info)."\n-->\n"; 00545 } 00546 if($GLOBALS['_xmlrpc_debuginfo']!='') 00547 { 00548 00549 $out .= "<!-- DEBUG INFO:\n" . xmlrpc_encode_entitites(str_replace('--', '_-', $GLOBALS['_xmlrpc_debuginfo']), $GLOBALS['xmlrpc_internalencoding'], $charset_encoding) . "\n-->\n"; 00550 // NB: a better solution MIGHT be to use CDATA, but we need to insert it 00551 // into return payload AFTER the beginning tag 00552 //$out .= "<![CDATA[ DEBUG INFO:\n\n" . str_replace(']]>', ']_]_>', $GLOBALS['_xmlrpc_debuginfo']) . "\n]]>\n"; 00553 } 00554 return $out; 00555 } 00556 00563 function service($data=null, $return_payload=false) 00564 { 00565 if ($data === null) 00566 { 00567 // workaround for a known bug in php ver. 5.2.2 that broke $HTTP_RAW_POST_DATA 00568 $ver = phpversion(); 00569 if ($ver[0] >= 5) 00570 { 00571 $data = file_get_contents('php://input'); 00572 } 00573 else 00574 { 00575 $data = isset($GLOBALS['HTTP_RAW_POST_DATA']) ? $GLOBALS['HTTP_RAW_POST_DATA'] : ''; 00576 } 00577 } 00578 $raw_data = $data; 00579 00580 // reset internal debug info 00581 $this->debug_info = ''; 00582 00583 // Echo back what we received, before parsing it 00584 if($this->debug > 1) 00585 { 00586 $this->debugmsg("+++GOT+++\n" . $data . "\n+++END+++"); 00587 } 00588 00589 $r = $this->parseRequestHeaders($data, $req_charset, $resp_charset, $resp_encoding); 00590 if (!$r) 00591 { 00592 $r=$this->parseRequest($data, $req_charset); 00593 } 00594 00595 // save full body of request into response, for more debugging usages 00596 $r->raw_data = $raw_data; 00597 00598 if($this->debug > 2 && $GLOBALS['_xmlrpcs_occurred_errors']) 00599 { 00600 $this->debugmsg("+++PROCESSING ERRORS AND WARNINGS+++\n" . 00601 $GLOBALS['_xmlrpcs_occurred_errors'] . "+++END+++"); 00602 } 00603 00604 $payload=$this->xml_header($resp_charset); 00605 if($this->debug > 0) 00606 { 00607 $payload = $payload . $this->serializeDebug($resp_charset); 00608 } 00609 00610 // G. Giunta 2006-01-27: do not create response serialization if it has 00611 // already happened. Helps building json magic 00612 if (empty($r->payload)) 00613 { 00614 $r->serialize($resp_charset); 00615 } 00616 $payload = $payload . $r->payload; 00617 00618 if ($return_payload) 00619 { 00620 return $payload; 00621 } 00622 00623 // if we get a warning/error that has output some text before here, then we cannot 00624 // add a new header. We cannot say we are sending xml, either... 00625 if(!headers_sent()) 00626 { 00627 header('Content-Type: '.$r->content_type); 00628 // we do not know if client actually told us an accepted charset, but if he did 00629 // we have to tell him what we did 00630 header("Vary: Accept-Charset"); 00631 00632 // http compression of output: only 00633 // if we can do it, and we want to do it, and client asked us to, 00634 // and php ini settings do not force it already 00635 $php_no_self_compress = !ini_get('zlib.output_compression') && (ini_get('output_handler') != 'ob_gzhandler'); 00636 if($this->compress_response && function_exists('gzencode') && $resp_encoding != '' 00637 && $php_no_self_compress) 00638 { 00639 if(strpos($resp_encoding, 'gzip') !== false) 00640 { 00641 $payload = gzencode($payload); 00642 header("Content-Encoding: gzip"); 00643 header("Vary: Accept-Encoding"); 00644 } 00645 elseif (strpos($resp_encoding, 'deflate') !== false) 00646 { 00647 $payload = gzcompress($payload); 00648 header("Content-Encoding: deflate"); 00649 header("Vary: Accept-Encoding"); 00650 } 00651 } 00652 00653 // do not ouput content-length header if php is compressing output for us: 00654 // it will mess up measurements 00655 if($php_no_self_compress) 00656 { 00657 header('Content-Length: ' . (int)strlen($payload)); 00658 } 00659 } 00660 else 00661 { 00662 error_log('XML-RPC: xmlrpc_server::service: http headers already sent before response is fully generated. Check for php warning or error messages'); 00663 } 00664 00665 print $payload; 00666 00667 // return request, in case subclasses want it 00668 return $r; 00669 } 00670 00680 function add_to_map($methodname,$function,$sig=null,$doc=false,$sigdoc=false) 00681 { 00682 $this->dmap[$methodname] = array( 00683 'function' => $function, 00684 'docstring' => $doc 00685 ); 00686 if ($sig) 00687 { 00688 $this->dmap[$methodname]['signature'] = $sig; 00689 } 00690 if ($sigdoc) 00691 { 00692 $this->dmap[$methodname]['signature_docs'] = $sigdoc; 00693 } 00694 } 00695 00702 function verifySignature($in, $sig) 00703 { 00704 // check each possible signature in turn 00705 if (is_object($in)) 00706 { 00707 $numParams = $in->getNumParams(); 00708 } 00709 else 00710 { 00711 $numParams = count($in); 00712 } 00713 foreach($sig as $cursig) 00714 { 00715 if(count($cursig)==$numParams+1) 00716 { 00717 $itsOK=1; 00718 for($n=0; $n<$numParams; $n++) 00719 { 00720 if (is_object($in)) 00721 { 00722 $p=$in->getParam($n); 00723 if($p->kindOf() == 'scalar') 00724 { 00725 $pt=$p->scalartyp(); 00726 } 00727 else 00728 { 00729 $pt=$p->kindOf(); 00730 } 00731 } 00732 else 00733 { 00734 $pt= $in[$n] == 'i4' ? 'int' : $in[$n]; // dispatch maps never use i4... 00735 } 00736 00737 // param index is $n+1, as first member of sig is return type 00738 if($pt != $cursig[$n+1] && $cursig[$n+1] != $GLOBALS['xmlrpcValue']) 00739 { 00740 $itsOK=0; 00741 $pno=$n+1; 00742 $wanted=$cursig[$n+1]; 00743 $got=$pt; 00744 break; 00745 } 00746 } 00747 if($itsOK) 00748 { 00749 return array(1,''); 00750 } 00751 } 00752 } 00753 if(isset($wanted)) 00754 { 00755 return array(0, "Wanted ${wanted}, got ${got} at param ${pno}"); 00756 } 00757 else 00758 { 00759 return array(0, "No method signature matches number of parameters"); 00760 } 00761 } 00762 00768 function parseRequestHeaders(&$data, &$req_encoding, &$resp_encoding, &$resp_compression) 00769 { 00770 // Play nice to PHP 4.0.x: superglobals were not yet invented... 00771 if(!isset($_SERVER)) 00772 { 00773 $_SERVER = $GLOBALS['HTTP_SERVER_VARS']; 00774 } 00775 00776 if($this->debug > 1) 00777 { 00778 if(function_exists('getallheaders')) 00779 { 00780 $this->debugmsg(''); // empty line 00781 foreach(getallheaders() as $name => $val) 00782 { 00783 $this->debugmsg("HEADER: $name: $val"); 00784 } 00785 } 00786 00787 } 00788 00789 if(isset($_SERVER['HTTP_CONTENT_ENCODING'])) 00790 { 00791 $content_encoding = str_replace('x-', '', $_SERVER['HTTP_CONTENT_ENCODING']); 00792 } 00793 else 00794 { 00795 $content_encoding = ''; 00796 } 00797 00798 // check if request body has been compressed and decompress it 00799 if($content_encoding != '' && strlen($data)) 00800 { 00801 if($content_encoding == 'deflate' || $content_encoding == 'gzip') 00802 { 00803 // if decoding works, use it. else assume data wasn't gzencoded 00804 if(function_exists('gzinflate') && in_array($content_encoding, $this->accepted_compression)) 00805 { 00806 if($content_encoding == 'deflate' && $degzdata = @gzuncompress($data)) 00807 { 00808 $data = $degzdata; 00809 if($this->debug > 1) 00810 { 00811 $this->debugmsg("\n+++INFLATED REQUEST+++[".strlen($data)." chars]+++\n" . $data . "\n+++END+++"); 00812 } 00813 } 00814 elseif($content_encoding == 'gzip' && $degzdata = @gzinflate(substr($data, 10))) 00815 { 00816 $data = $degzdata; 00817 if($this->debug > 1) 00818 $this->debugmsg("+++INFLATED REQUEST+++[".strlen($data)." chars]+++\n" . $data . "\n+++END+++"); 00819 } 00820 else 00821 { 00822 $r =& new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['server_decompress_fail'], $GLOBALS['xmlrpcstr']['server_decompress_fail']); 00823 return $r; 00824 } 00825 } 00826 else 00827 { 00828 //error_log('The server sent deflated data. Your php install must have the Zlib extension compiled in to support this.'); 00829 $r =& new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['server_cannot_decompress'], $GLOBALS['xmlrpcstr']['server_cannot_decompress']); 00830 return $r; 00831 } 00832 } 00833 } 00834 00835 // check if client specified accepted charsets, and if we know how to fulfill 00836 // the request 00837 if ($this->response_charset_encoding == 'auto') 00838 { 00839 $resp_encoding = ''; 00840 if (isset($_SERVER['HTTP_ACCEPT_CHARSET'])) 00841 { 00842 // here we should check if we can match the client-requested encoding 00843 // with the encodings we know we can generate. 00845 $client_accepted_charsets = explode(',', strtoupper($_SERVER['HTTP_ACCEPT_CHARSET'])); 00846 // Give preference to internal encoding 00847 $known_charsets = array($GLOBALS['xmlrpc_internalencoding'], 'UTF-8', 'ISO-8859-1', 'US-ASCII'); 00848 foreach ($known_charsets as $charset) 00849 { 00850 foreach ($client_accepted_charsets as $accepted) 00851 if (strpos($accepted, $charset) === 0) 00852 { 00853 $resp_encoding = $charset; 00854 break; 00855 } 00856 if ($resp_encoding) 00857 break; 00858 } 00859 } 00860 } 00861 else 00862 { 00863 $resp_encoding = $this->response_charset_encoding; 00864 } 00865 00866 if (isset($_SERVER['HTTP_ACCEPT_ENCODING'])) 00867 { 00868 $resp_compression = $_SERVER['HTTP_ACCEPT_ENCODING']; 00869 } 00870 else 00871 { 00872 $resp_compression = ''; 00873 } 00874 00875 // 'guestimate' request encoding 00877 $req_encoding = guess_encoding(isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : '', 00878 $data); 00879 00880 return null; 00881 } 00882 00891 function parseRequest($data, $req_encoding='') 00892 { 00893 // 2005/05/07 commented and moved into caller function code 00894 //if($data=='') 00895 //{ 00896 // $data=$GLOBALS['HTTP_RAW_POST_DATA']; 00897 //} 00898 00899 // G. Giunta 2005/02/13: we do NOT expect to receive html entities 00900 // so we do not try to convert them into xml character entities 00901 //$data = xmlrpc_html_entity_xlate($data); 00902 00903 $GLOBALS['_xh']=array(); 00904 $GLOBALS['_xh']['ac']=''; 00905 $GLOBALS['_xh']['stack']=array(); 00906 $GLOBALS['_xh']['valuestack'] = array(); 00907 $GLOBALS['_xh']['params']=array(); 00908 $GLOBALS['_xh']['pt']=array(); 00909 $GLOBALS['_xh']['isf']=0; 00910 $GLOBALS['_xh']['isf_reason']=''; 00911 $GLOBALS['_xh']['method']=false; // so we can check later if we got a methodname or not 00912 $GLOBALS['_xh']['rt']=''; 00913 00914 // decompose incoming XML into request structure 00915 if ($req_encoding != '') 00916 { 00917 if (!in_array($req_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) 00918 // the following code might be better for mb_string enabled installs, but 00919 // makes the lib about 200% slower... 00920 //if (!is_valid_charset($req_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) 00921 { 00922 error_log('XML-RPC: xmlrpc_server::parseRequest: invalid charset encoding of received request: '.$req_encoding); 00923 $req_encoding = $GLOBALS['xmlrpc_defencoding']; 00924 } 00926 // the encoding is not UTF8 and there are non-ascii chars in the text... 00928 $parser = xml_parser_create($req_encoding); 00929 } 00930 else 00931 { 00932 $parser = xml_parser_create(); 00933 } 00934 00935 xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true); 00936 // G. Giunta 2005/02/13: PHP internally uses ISO-8859-1, so we have to tell 00937 // the xml parser to give us back data in the expected charset 00938 // What if internal encoding is not in one of the 3 allowed? 00939 // we use the broadest one, ie. utf8 00940 // This allows to send data which is native in various charset, 00941 // by extending xmlrpc_encode_entitites() and setting xmlrpc_internalencoding 00942 if (!in_array($GLOBALS['xmlrpc_internalencoding'], array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) 00943 { 00944 xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, 'UTF-8'); 00945 } 00946 else 00947 { 00948 xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $GLOBALS['xmlrpc_internalencoding']); 00949 } 00950 00951 if ($this->functions_parameters_type != 'xmlrpcvals') 00952 xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_fast'); 00953 else 00954 xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee'); 00955 xml_set_character_data_handler($parser, 'xmlrpc_cd'); 00956 xml_set_default_handler($parser, 'xmlrpc_dh'); 00957 if(!xml_parse($parser, $data, 1)) 00958 { 00959 // return XML error as a faultCode 00960 $r=&new xmlrpcresp(0, 00961 $GLOBALS['xmlrpcerrxml']+xml_get_error_code($parser), 00962 sprintf('XML error: %s at line %d, column %d', 00963 xml_error_string(xml_get_error_code($parser)), 00964 xml_get_current_line_number($parser), xml_get_current_column_number($parser))); 00965 xml_parser_free($parser); 00966 } 00967 elseif ($GLOBALS['_xh']['isf']) 00968 { 00969 xml_parser_free($parser); 00970 $r=&new xmlrpcresp(0, 00971 $GLOBALS['xmlrpcerr']['invalid_request'], 00972 $GLOBALS['xmlrpcstr']['invalid_request'] . ' ' . $GLOBALS['_xh']['isf_reason']); 00973 } 00974 else 00975 { 00976 xml_parser_free($parser); 00977 if ($this->functions_parameters_type != 'xmlrpcvals') 00978 { 00979 if($this->debug > 1) 00980 { 00981 $this->debugmsg("\n+++PARSED+++\n".var_export($GLOBALS['_xh']['params'], true)."\n+++END+++"); 00982 } 00983 $r = $this->execute($GLOBALS['_xh']['method'], $GLOBALS['_xh']['params'], $GLOBALS['_xh']['pt']); 00984 } 00985 else 00986 { 00987 // build an xmlrpcmsg object with data parsed from xml 00988 $m=&new xmlrpcmsg($GLOBALS['_xh']['method']); 00989 // now add parameters in 00990 for($i=0; $i<count($GLOBALS['_xh']['params']); $i++) 00991 { 00992 $m->addParam($GLOBALS['_xh']['params'][$i]); 00993 } 00994 00995 if($this->debug > 1) 00996 { 00997 $this->debugmsg("\n+++PARSED+++\n".var_export($m, true)."\n+++END+++"); 00998 } 00999 $r = $this->execute($m); 01000 } 01001 } 01002 return $r; 01003 } 01004 01013 function execute($m, $params=null, $paramtypes=null) 01014 { 01015 if (is_object($m)) 01016 { 01017 $methName = $m->method(); 01018 } 01019 else 01020 { 01021 $methName = $m; 01022 } 01023 $sysCall = $this->allow_system_funcs && (strpos($methName, "system.") === 0); 01024 $dmap = $sysCall ? $GLOBALS['_xmlrpcs_dmap'] : $this->dmap; 01025 01026 if(!isset($dmap[$methName]['function'])) 01027 { 01028 // No such method 01029 return new xmlrpcresp(0, 01030 $GLOBALS['xmlrpcerr']['unknown_method'], 01031 $GLOBALS['xmlrpcstr']['unknown_method']); 01032 } 01033 01034 // Check signature 01035 if(isset($dmap[$methName]['signature'])) 01036 { 01037 $sig = $dmap[$methName]['signature']; 01038 if (is_object($m)) 01039 { 01040 list($ok, $errstr) = $this->verifySignature($m, $sig); 01041 } 01042 else 01043 { 01044 list($ok, $errstr) = $this->verifySignature($paramtypes, $sig); 01045 } 01046 if(!$ok) 01047 { 01048 // Didn't match. 01049 return new xmlrpcresp( 01050 0, 01051 $GLOBALS['xmlrpcerr']['incorrect_params'], 01052 $GLOBALS['xmlrpcstr']['incorrect_params'] . ": ${errstr}" 01053 ); 01054 } 01055 } 01056 01057 $func = $dmap[$methName]['function']; 01058 // let the 'class::function' syntax be accepted in dispatch maps 01059 if(is_string($func) && strpos($func, '::')) 01060 { 01061 $func = explode('::', $func); 01062 } 01063 // verify that function to be invoked is in fact callable 01064 if(!is_callable($func)) 01065 { 01066 error_log("XML-RPC: xmlrpc_server::execute: function $func registered as method handler is not callable"); 01067 return new xmlrpcresp( 01068 0, 01069 $GLOBALS['xmlrpcerr']['server_error'], 01070 $GLOBALS['xmlrpcstr']['server_error'] . ": no function matches method" 01071 ); 01072 } 01073 01074 // If debug level is 3, we should catch all errors generated during 01075 // processing of user function, and log them as part of response 01076 if($this->debug > 2) 01077 { 01078 $GLOBALS['_xmlrpcs_prev_ehandler'] = set_error_handler('_xmlrpcs_errorHandler'); 01079 } 01080 if (is_object($m)) 01081 { 01082 if($sysCall) 01083 { 01084 $r = call_user_func($func, $this, $m); 01085 } 01086 else 01087 { 01088 $r = call_user_func($func, $m); 01089 } 01090 if (!is_a($r, 'xmlrpcresp')) 01091 { 01092 error_log("XML-RPC: xmlrpc_server::execute: function $func registered as method handler does not return an xmlrpcresp object"); 01093 if (is_a($r, 'xmlrpcval')) 01094 { 01095 $r =& new xmlrpcresp($r); 01096 } 01097 else 01098 { 01099 $r =& new xmlrpcresp( 01100 0, 01101 $GLOBALS['xmlrpcerr']['server_error'], 01102 $GLOBALS['xmlrpcstr']['server_error'] . ": function does not return xmlrpcresp object" 01103 ); 01104 } 01105 } 01106 } 01107 else 01108 { 01109 // call a 'plain php' function 01110 if($sysCall) 01111 { 01112 array_unshift($params, $this); 01113 $r = call_user_func_array($func, $params); 01114 } 01115 else 01116 { 01117 // 3rd API convention for method-handling functions: EPI-style 01118 if ($this->functions_parameters_type == 'epivals') 01119 { 01120 $r = call_user_func_array($func, array($methName, $params, $this->user_data)); 01121 // mimic EPI behaviour: if we get an array that looks like an error, make it 01122 // an eror response 01123 if (is_array($r) && array_key_exists('faultCode', $r) && array_key_exists('faultString', $r)) 01124 { 01125 $r =& new xmlrpcresp(0, (integer)$r['faultCode'], (string)$r['faultString']); 01126 } 01127 else 01128 { 01129 // functions using EPI api should NOT return resp objects, 01130 // so make sure we encode the return type correctly 01131 $r =& new xmlrpcresp(php_xmlrpc_encode($r, array('extension_api'))); 01132 } 01133 } 01134 else 01135 { 01136 $r = call_user_func_array($func, $params); 01137 } 01138 } 01139 // the return type can be either an xmlrpcresp object or a plain php value... 01140 if (!is_a($r, 'xmlrpcresp')) 01141 { 01142 // what should we assume here about automatic encoding of datetimes 01143 // and php classes instances??? 01144 $r =& new xmlrpcresp(php_xmlrpc_encode($r, array('auto_dates'))); 01145 } 01146 } 01147 if($this->debug > 2) 01148 { 01149 // note: restore the error handler we found before calling the 01150 // user func, even if it has been changed inside the func itself 01151 if($GLOBALS['_xmlrpcs_prev_ehandler']) 01152 { 01153 set_error_handler($GLOBALS['_xmlrpcs_prev_ehandler']); 01154 } 01155 else 01156 { 01157 restore_error_handler(); 01158 } 01159 } 01160 return $r; 01161 } 01162 01168 function debugmsg($string) 01169 { 01170 $this->debug_info .= $string."\n"; 01171 } 01172 01176 function xml_header($charset_encoding='') 01177 { 01178 if ($charset_encoding != '') 01179 { 01180 return "<?xml version=\"1.0\" encoding=\"$charset_encoding\"?" . ">\n"; 01181 } 01182 else 01183 { 01184 return "<?xml version=\"1.0\"?" . ">\n"; 01185 } 01186 } 01187 01192 function echoInput() 01193 { 01194 $r=&new xmlrpcresp(new xmlrpcval( "'Aha said I: '" . $GLOBALS['HTTP_RAW_POST_DATA'], 'string')); 01195 print $r->serialize(); 01196 } 01197 } 01198 ?>
Copyright © 2003 - 2009 MyOOS [Shopsystem]. All rights reserved. MyOOS [Shopsystem] is Free Software released under the GNU/GPL License. Webmaster: info@r23.de (Impressum) |
|