Cheetah
xmlrpcs.inc
Go to the documentation of this file.
1 <?php
2 // by Edd Dumbill (C) 1999-2002
3 // <edd@usefulinc.com>
4 // $Id: xmlrpcs.inc,v 1.69 2007/09/20 20:14:25 ggiunta Exp $
5 
6 // Copyright (c) 1999,2000,2002 Edd Dumbill.
7 // All rights reserved.
8 //
9 // Redistribution and use in source and binary forms, with or without
10 // modification, are permitted provided that the following conditions
11 // are met:
12 //
13 // * Redistributions of source code must retain the above copyright
14 // notice, this list of conditions and the following disclaimer.
15 //
16 // * Redistributions in binary form must reproduce the above
17 // copyright notice, this list of conditions and the following
18 // disclaimer in the documentation and/or other materials provided
19 // with the distribution.
20 //
21 // * Neither the name of the "XML-RPC for PHP" nor the names of its
22 // contributors may be used to endorse or promote products derived
23 // from this software without specific prior written permission.
24 //
25 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
28 // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29 // REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
30 // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
31 // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
32 // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
34 // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
36 // OF THE POSSIBILITY OF SUCH DAMAGE.
37 
38  // XML RPC Server class
39  // requires: xmlrpc.inc
40 
41  $GLOBALS['xmlrpcs_capabilities'] = array(
42  // xmlrpc spec: always supported
43  'xmlrpc' => new xmlrpcval(array(
44  'specUrl' => new xmlrpcval('http://www.xmlrpc.com/spec', 'string'),
45  'specVersion' => new xmlrpcval(1, 'int')
46  ), 'struct'),
47  // if we support system.xxx functions, we always support multicall, too...
48  // Note that, as of 2006/09/17, the following URL does not respond anymore
49  'system.multicall' => new xmlrpcval(array(
50  'specUrl' => new xmlrpcval('http://www.xmlrpc.com/discuss/msgReader$1208', 'string'),
51  'specVersion' => new xmlrpcval(1, 'int')
52  ), 'struct'),
53  // introspection: version 2! we support 'mixed', too
54  'introspection' => new xmlrpcval(array(
55  'specUrl' => new xmlrpcval('http://phpxmlrpc.sourceforge.net/doc-2/ch10.html', 'string'),
56  'specVersion' => new xmlrpcval(2, 'int')
57  ), 'struct')
58  );
59 
60  /* Functions that implement system.XXX methods of xmlrpc servers */
61  $_xmlrpcs_getCapabilities_sig=array(array($GLOBALS['xmlrpcStruct']));
62  $_xmlrpcs_getCapabilities_doc='This method lists all the capabilites that the XML-RPC server has: the (more or less standard) extensions to the xmlrpc spec that it adheres to';
63  $_xmlrpcs_getCapabilities_sdoc=array(array('list of capabilities, described as structs with a version number and url for the spec'));
64  function _xmlrpcs_getCapabilities($server, $m=null)
65  {
66  $outAr = $GLOBALS['xmlrpcs_capabilities'];
67  // NIL extension
68  if ($GLOBALS['xmlrpc_null_extension']) {
69  $outAr['nil'] = new xmlrpcval(array(
70  'specUrl' => new xmlrpcval('http://www.ontosys.com/xml-rpc/extensions.php', 'string'),
71  'specVersion' => new xmlrpcval(1, 'int')
72  ), 'struct');
73  }
74  return new xmlrpcresp(new xmlrpcval($outAr, 'struct'));
75  }
76 
77  // listMethods: signature was either a string, or nothing.
78  // The useless string variant has been removed
79  $_xmlrpcs_listMethods_sig=array(array($GLOBALS['xmlrpcArray']));
80  $_xmlrpcs_listMethods_doc='This method lists all the methods that the XML-RPC server knows how to dispatch';
81  $_xmlrpcs_listMethods_sdoc=array(array('list of method names'));
82  function _xmlrpcs_listMethods($server, $m=null) // if called in plain php values mode, second param is missing
83  {
84 
85  $outAr=array();
86  foreach($server->dmap as $key => $val)
87  {
88  $outAr[]=new xmlrpcval($key, 'string');
89  }
90  if($server->allow_system_funcs)
91  {
92  foreach($GLOBALS['_xmlrpcs_dmap'] as $key => $val)
93  {
94  $outAr[]=new xmlrpcval($key, 'string');
95  }
96  }
97  return new xmlrpcresp(new xmlrpcval($outAr, 'array'));
98  }
99 
100  $_xmlrpcs_methodSignature_sig=array(array($GLOBALS['xmlrpcArray'], $GLOBALS['xmlrpcString']));
101  $_xmlrpcs_methodSignature_doc='Returns an array of known signatures (an array of arrays) for the method name passed. If no signatures are known, returns a none-array (test for type != array to detect missing signature)';
102  $_xmlrpcs_methodSignature_sdoc=array(array('list of known signatures, each sig being an array of xmlrpc type names', 'name of method to be described'));
103  function _xmlrpcs_methodSignature($server, $m)
104  {
105  // let accept as parameter both an xmlrpcval or string
106  if (is_object($m))
107  {
108  $methName=$m->getParam(0);
109  $methName=$methName->scalarval();
110  }
111  else
112  {
113  $methName=$m;
114  }
115  if(strpos($methName, "system.") === 0)
116  {
117  $dmap=$GLOBALS['_xmlrpcs_dmap']; $sysCall=1;
118  }
119  else
120  {
121  $dmap=$server->dmap; $sysCall=0;
122  }
123  if(isset($dmap[$methName]))
124  {
125  if(isset($dmap[$methName]['signature']))
126  {
127  $sigs=array();
128  foreach($dmap[$methName]['signature'] as $inSig)
129  {
130  $cursig=array();
131  foreach($inSig as $sig)
132  {
133  $cursig[]=new xmlrpcval($sig, 'string');
134  }
135  $sigs[]=new xmlrpcval($cursig, 'array');
136  }
137  $r=new xmlrpcresp(new xmlrpcval($sigs, 'array'));
138  }
139  else
140  {
141  // NB: according to the official docs, we should be returning a
142  // "none-array" here, which means not-an-array
143  $r=new xmlrpcresp(new xmlrpcval('undef', 'string'));
144  }
145  }
146  else
147  {
148  $r=new xmlrpcresp(0,$GLOBALS['xmlrpcerr']['introspect_unknown'], $GLOBALS['xmlrpcstr']['introspect_unknown']);
149  }
150  return $r;
151  }
152 
153  $_xmlrpcs_methodHelp_sig=array(array($GLOBALS['xmlrpcString'], $GLOBALS['xmlrpcString']));
154  $_xmlrpcs_methodHelp_doc='Returns help text if defined for the method passed, otherwise returns an empty string';
155  $_xmlrpcs_methodHelp_sdoc=array(array('method description', 'name of the method to be described'));
156  function _xmlrpcs_methodHelp($server, $m)
157  {
158  // let accept as parameter both an xmlrpcval or string
159  if (is_object($m))
160  {
161  $methName=$m->getParam(0);
162  $methName=$methName->scalarval();
163  }
164  else
165  {
166  $methName=$m;
167  }
168  if(strpos($methName, "system.") === 0)
169  {
170  $dmap=$GLOBALS['_xmlrpcs_dmap']; $sysCall=1;
171  }
172  else
173  {
174  $dmap=$server->dmap; $sysCall=0;
175  }
176  if(isset($dmap[$methName]))
177  {
178  if(isset($dmap[$methName]['docstring']))
179  {
180  $r=new xmlrpcresp(new xmlrpcval($dmap[$methName]['docstring']), 'string');
181  }
182  else
183  {
184  $r=new xmlrpcresp(new xmlrpcval('', 'string'));
185  }
186  }
187  else
188  {
189  $r=new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['introspect_unknown'], $GLOBALS['xmlrpcstr']['introspect_unknown']);
190  }
191  return $r;
192  }
193 
194  $_xmlrpcs_multicall_sig = array(array($GLOBALS['xmlrpcArray'], $GLOBALS['xmlrpcArray']));
195  $_xmlrpcs_multicall_doc = 'Boxcar multiple RPC calls in one request. See http://www.xmlrpc.com/discuss/msgReader$1208 for details';
196  $_xmlrpcs_multicall_sdoc = array(array('list of response structs, where each struct has the usual members', 'list of calls, with each call being represented as a struct, with members "methodname" and "params"'));
197  function _xmlrpcs_multicall_error($err)
198  {
199  if(is_string($err))
200  {
201  $str = $GLOBALS['xmlrpcstr']["multicall_${err}"];
202  $code = $GLOBALS['xmlrpcerr']["multicall_${err}"];
203  }
204  else
205  {
206  $code = $err->faultCode();
207  $str = $err->faultString();
208  }
209  $struct = array();
210  $struct['faultCode'] = new xmlrpcval($code, 'int');
211  $struct['faultString'] = new xmlrpcval($str, 'string');
212  return new xmlrpcval($struct, 'struct');
213  }
214 
215  function _xmlrpcs_multicall_do_call($server, $call)
216  {
217  if($call->kindOf() != 'struct')
218  {
219  return _xmlrpcs_multicall_error('notstruct');
220  }
221  $methName = @$call->structmem('methodName');
222  if(!$methName)
223  {
224  return _xmlrpcs_multicall_error('nomethod');
225  }
226  if($methName->kindOf() != 'scalar' || $methName->scalartyp() != 'string')
227  {
228  return _xmlrpcs_multicall_error('notstring');
229  }
230  if($methName->scalarval() == 'system.multicall')
231  {
232  return _xmlrpcs_multicall_error('recursion');
233  }
234 
235  $params = @$call->structmem('params');
236  if(!$params)
237  {
238  return _xmlrpcs_multicall_error('noparams');
239  }
240  if($params->kindOf() != 'array')
241  {
242  return _xmlrpcs_multicall_error('notarray');
243  }
244  $numParams = $params->arraysize();
245 
246  $msg = new xmlrpcmsg($methName->scalarval());
247  for($i = 0; $i < $numParams; $i++)
248  {
249  if(!$msg->addParam($params->arraymem($i)))
250  {
251  $i++;
252  return _xmlrpcs_multicall_error(new xmlrpcresp(0,
253  $GLOBALS['xmlrpcerr']['incorrect_params'],
254  $GLOBALS['xmlrpcstr']['incorrect_params'] . ": probable xml error in param " . $i));
255  }
256  }
257 
258  $result = $server->execute($msg);
259 
260  if($result->faultCode() != 0)
261  {
262  return _xmlrpcs_multicall_error($result); // Method returned fault.
263  }
264 
265  return new xmlrpcval(array($result->value()), 'array');
266  }
267 
268  function _xmlrpcs_multicall_do_call_phpvals($server, $call)
269  {
270  if(!is_array($call))
271  {
272  return _xmlrpcs_multicall_error('notstruct');
273  }
274  if(!array_key_exists('methodName', $call))
275  {
276  return _xmlrpcs_multicall_error('nomethod');
277  }
278  if (!is_string($call['methodName']))
279  {
280  return _xmlrpcs_multicall_error('notstring');
281  }
282  if($call['methodName'] == 'system.multicall')
283  {
284  return _xmlrpcs_multicall_error('recursion');
285  }
286  if(!array_key_exists('params', $call))
287  {
288  return _xmlrpcs_multicall_error('noparams');
289  }
290  if(!is_array($call['params']))
291  {
292  return _xmlrpcs_multicall_error('notarray');
293  }
294 
295  // this is a real dirty and simplistic hack, since we might have received a
296  // base64 or datetime values, but they will be listed as strings here...
297  $numParams = count($call['params']);
298  $pt = array();
299  foreach($call['params'] as $val)
300  $pt[] = php_2_xmlrpc_type(gettype($val));
301 
302  $result = $server->execute($call['methodName'], $call['params'], $pt);
303 
304  if($result->faultCode() != 0)
305  {
306  return _xmlrpcs_multicall_error($result); // Method returned fault.
307  }
308 
309  return new xmlrpcval(array($result->value()), 'array');
310  }
311 
312  function _xmlrpcs_multicall($server, $m)
313  {
314  $result = array();
315  // let accept a plain list of php parameters, beside a single xmlrpc msg object
316  if (is_object($m))
317  {
318  $calls = $m->getParam(0);
319  $numCalls = $calls->arraysize();
320  for($i = 0; $i < $numCalls; $i++)
321  {
322  $call = $calls->arraymem($i);
323  $result[$i] = _xmlrpcs_multicall_do_call($server, $call);
324  }
325  }
326  else
327  {
328  $numCalls=count($m);
329  for($i = 0; $i < $numCalls; $i++)
330  {
331  $result[$i] = _xmlrpcs_multicall_do_call_phpvals($server, $m[$i]);
332  }
333  }
334 
335  return new xmlrpcresp(new xmlrpcval($result, 'array'));
336  }
337 
338  $GLOBALS['_xmlrpcs_dmap']=array(
339  'system.listMethods' => array(
340  'function' => '_xmlrpcs_listMethods',
341  'signature' => $_xmlrpcs_listMethods_sig,
342  'docstring' => $_xmlrpcs_listMethods_doc,
343  'signature_docs' => $_xmlrpcs_listMethods_sdoc),
344  'system.methodHelp' => array(
345  'function' => '_xmlrpcs_methodHelp',
346  'signature' => $_xmlrpcs_methodHelp_sig,
347  'docstring' => $_xmlrpcs_methodHelp_doc,
348  'signature_docs' => $_xmlrpcs_methodHelp_sdoc),
349  'system.methodSignature' => array(
350  'function' => '_xmlrpcs_methodSignature',
351  'signature' => $_xmlrpcs_methodSignature_sig,
352  'docstring' => $_xmlrpcs_methodSignature_doc,
353  'signature_docs' => $_xmlrpcs_methodSignature_sdoc),
354  'system.multicall' => array(
355  'function' => '_xmlrpcs_multicall',
356  'signature' => $_xmlrpcs_multicall_sig,
357  'docstring' => $_xmlrpcs_multicall_doc,
358  'signature_docs' => $_xmlrpcs_multicall_sdoc),
359  'system.getCapabilities' => array(
360  'function' => '_xmlrpcs_getCapabilities',
361  'signature' => $_xmlrpcs_getCapabilities_sig,
362  'docstring' => $_xmlrpcs_getCapabilities_doc,
363  'signature_docs' => $_xmlrpcs_getCapabilities_sdoc)
364  );
365 
366  $GLOBALS['_xmlrpcs_occurred_errors'] = '';
367  $GLOBALS['_xmlrpcs_prev_ehandler'] = '';
377  function _xmlrpcs_errorHandler($errcode, $errstring, $filename=null, $lineno=null, $context=null)
378  {
379  // obey the @ protocol
380  if (error_reporting() == 0)
381  return;
382 
383  //if($errcode != E_NOTICE && $errcode != E_WARNING && $errcode != E_USER_NOTICE && $errcode != E_USER_WARNING)
384  if($errcode != 2048) // do not use E_STRICT by name, since on PHP 4 it will not be defined
385  {
386  $GLOBALS['_xmlrpcs_occurred_errors'] = $GLOBALS['_xmlrpcs_occurred_errors'] . $errstring . "\n";
387  }
388  // Try to avoid as much as possible disruption to the previous error handling
389  // mechanism in place
390  if($GLOBALS['_xmlrpcs_prev_ehandler'] == '')
391  {
392  // The previous error handler was the default: all we should do is log error
393  // to the default error log (if level high enough)
394  if(ini_get('log_errors') && (intval(ini_get('error_reporting')) & $errcode))
395  {
396  error_log($errstring);
397  }
398  }
399  else
400  {
401  // Pass control on to previous error handler, trying to avoid loops...
402  if($GLOBALS['_xmlrpcs_prev_ehandler'] != '_xmlrpcs_errorHandler')
403  {
404  // NB: this code will NOT work on php < 4.0.2: only 2 params were used for error handlers
405  if(is_array($GLOBALS['_xmlrpcs_prev_ehandler']))
406  {
407  // the following works both with static class methods and plain object methods as error handler
408  call_user_func_array($GLOBALS['_xmlrpcs_prev_ehandler'], array($errcode, $errstring, $filename, $lineno, $context));
409  }
410  else
411  {
412  $GLOBALS['_xmlrpcs_prev_ehandler']($errcode, $errstring, $filename, $lineno, $context);
413  }
414  }
415  }
416  }
417 
418  $GLOBALS['_xmlrpc_debuginfo']='';
419 
428  function xmlrpc_debugmsg($m)
429  {
430  $GLOBALS['_xmlrpc_debuginfo'] .= $m . "\n";
431  }
432 
433  class xmlrpc_server
434  {
436  var $dmap=array();
442  var $functions_parameters_type='xmlrpcvals';
444  var $debug = 1;
449  var $compress_response = false;
454  var $accepted_compression = array();
456  var $allow_system_funcs = true;
458  var $accepted_charset_encodings = array();
468  var $response_charset_encoding = '';
470  var $debug_info = '';
472  var $user_data = null;
473 
478  function __construct($dispMap=null, $serviceNow=true)
479  {
480  // if ZLIB is enabled, let the server by default accept compressed requests,
481  // and compress responses sent to clients that support them
482  if(function_exists('gzinflate'))
483  {
484  $this->accepted_compression = array(); //array('gzip', 'deflate'); !!!
485  $this->compress_response = true;
486  }
487 
488  // by default the xml parser can support these 3 charset encodings
489  $this->accepted_charset_encodings = array('UTF-8', 'ISO-8859-1', 'US-ASCII');
490 
491  // dispMap is a dispatch array of methods
492  // mapped to function names and signatures
493  // if a method
494  // doesn't appear in the map then an unknown
495  // method error is generated
496  /* milosch - changed to make passing dispMap optional.
497  * instead, you can use the class add_to_map() function
498  * to add functions manually (borrowed from SOAPX4)
499  */
500  if($dispMap)
501  {
502  $this->dmap = $dispMap;
503  if($serviceNow)
504  {
505  $this->service();
506  }
507  }
508  }
509 
524  function setDebug($in)
525  {
526  $this->debug=$in;
527  }
528 
534  function serializeDebug($charset_encoding='')
535  {
536  // Tough encoding problem: which internal charset should we assume for debug info?
537  // It might contain a copy of raw data received from client, ie with unknown encoding,
538  // intermixed with php generated data and user generated data...
539  // so we split it: system debug is base 64 encoded,
540  // user debug info should be encoded by the end user using the INTERNAL_ENCODING
541  $out = '';
542  if ($this->debug_info != '')
543  {
544  $out .= "<!-- SERVER DEBUG INFO (BASE64 ENCODED):\n".base64_encode($this->debug_info)."\n-->\n";
545  }
546  if($GLOBALS['_xmlrpc_debuginfo']!='')
547  {
548 
549  $out .= "<!-- DEBUG INFO:\n" . xmlrpc_encode_entitites(str_replace('--', '_-', $GLOBALS['_xmlrpc_debuginfo']), $GLOBALS['xmlrpc_internalencoding'], $charset_encoding) . "\n-->\n";
550  // NB: a better solution MIGHT be to use CDATA, but we need to insert it
551  // into return payload AFTER the beginning tag
552  //$out .= "<![CDATA[ DEBUG INFO:\n\n" . str_replace(']]>', ']_]_>', $GLOBALS['_xmlrpc_debuginfo']) . "\n]]>\n";
553  }
554  return $out;
555  }
556 
563  function service($data=null, $return_payload=false)
564  {
565  if ($data === null)
566  {
567  // workaround for a known bug in php ver. 5.2.2 that broke $HTTP_RAW_POST_DATA
568  $ver = phpversion();
569  if ($ver[0] >= 5)
570  {
571  $data = file_get_contents('php://input');
572  }
573  else
574  {
575  $data = isset($GLOBALS['HTTP_RAW_POST_DATA']) ? $GLOBALS['HTTP_RAW_POST_DATA'] : '';
576  }
577  }
578  $raw_data = $data;
579 
580  // reset internal debug info
581  $this->debug_info = '';
582 
583  // Echo back what we received, before parsing it
584  if($this->debug > 1)
585  {
586  $this->debugmsg("+++GOT+++\n" . $data . "\n+++END+++");
587  }
588 
589  $r = $this->parseRequestHeaders($data, $req_charset, $resp_charset, $resp_encoding);
590  if (!$r)
591  {
592  $r=$this->parseRequest($data, $req_charset);
593  }
594 
595  // save full body of request into response, for more debugging usages
596  $r->raw_data = $raw_data;
597 
598  if($this->debug > 2 && $GLOBALS['_xmlrpcs_occurred_errors'])
599  {
600  $this->debugmsg("+++PROCESSING ERRORS AND WARNINGS+++\n" .
601  $GLOBALS['_xmlrpcs_occurred_errors'] . "+++END+++");
602  }
603 
604  $payload=$this->xml_header($resp_charset);
605  if($this->debug > 0)
606  {
607  $payload = $payload . $this->serializeDebug($resp_charset);
608  }
609 
610  // G. Giunta 2006-01-27: do not create response serialization if it has
611  // already happened. Helps building json magic
612  if (empty($r->payload))
613  {
614  $r->serialize($resp_charset);
615  }
616  $payload = $payload . $r->payload;
617 
618  if ($return_payload)
619  {
620  return $payload;
621  }
622 
623  // if we get a warning/error that has output some text before here, then we cannot
624  // add a new header. We cannot say we are sending xml, either...
625  if(!headers_sent())
626  {
627  header('Content-Type: '.$r->content_type);
628  // we do not know if client actually told us an accepted charset, but if he did
629  // we have to tell him what we did
630  header("Vary: Accept-Charset");
631 
632  // http compression of output: only
633  // if we can do it, and we want to do it, and client asked us to,
634  // and php ini settings do not force it already
635  $php_no_self_compress = ini_get('zlib.output_compression') == '' && (ini_get('output_handler') != 'ob_gzhandler');
636  if($this->compress_response && function_exists('gzencode') && $resp_encoding != ''
637  && $php_no_self_compress)
638  {
639  if(strpos($resp_encoding, 'gzip') !== false)
640  {
641  $payload = gzencode($payload);
642  header("Content-Encoding: gzip");
643  header("Vary: Accept-Encoding");
644  }
645  elseif (strpos($resp_encoding, 'deflate') !== false)
646  {
647  $payload = gzcompress($payload);
648  header("Content-Encoding: deflate");
649  header("Vary: Accept-Encoding");
650  }
651  }
652 
653  // do not ouput content-length header if php is compressing output for us:
654  // it will mess up measurements
655  if($php_no_self_compress)
656  {
657  header('Content-Length: ' . (int)strlen($payload));
658  }
659  }
660  else
661  {
662  error_log('XML-RPC: xmlrpc_server::service: http headers already sent before response is fully generated. Check for php warning or error messages');
663  }
664 
665  print $payload;
666 
667  // return request, in case subclasses want it
668  return $r;
669  }
670 
679  function add_to_map($methodname,$function,$sig=null,$doc='')
680  {
681  $this->dmap[$methodname] = array(
682  'function' => $function,
683  'docstring' => $doc
684  );
685  if ($sig)
686  {
687  $this->dmap[$methodname]['signature'] = $sig;
688  }
689  }
690 
697  function verifySignature($in, $sig)
698  {
699  // check each possible signature in turn
700  if (is_object($in))
701  {
702  $numParams = $in->getNumParams();
703  }
704  else
705  {
706  $numParams = count($in);
707  }
708  foreach($sig as $cursig)
709  {
710  if(count($cursig)==$numParams+1)
711  {
712  $itsOK=1;
713  for($n=0; $n<$numParams; $n++)
714  {
715  if (is_object($in))
716  {
717  $p=$in->getParam($n);
718  if($p->kindOf() == 'scalar')
719  {
720  $pt=$p->scalartyp();
721  }
722  else
723  {
724  $pt=$p->kindOf();
725  }
726  }
727  else
728  {
729  $pt= $in[$n] == 'i4' ? 'int' : $in[$n]; // dispatch maps never use i4...
730  }
731 
732  // param index is $n+1, as first member of sig is return type
733  if($pt != $cursig[$n+1] && $cursig[$n+1] != $GLOBALS['xmlrpcValue'])
734  {
735  $itsOK=0;
736  $pno=$n+1;
737  $wanted=$cursig[$n+1];
738  $got=$pt;
739  break;
740  }
741  }
742  if($itsOK)
743  {
744  return array(1,'');
745  }
746  }
747  }
748  if(isset($wanted))
749  {
750  return array(0, "Wanted ${wanted}, got ${got} at param ${pno}");
751  }
752  else
753  {
754  return array(0, "No method signature matches number of parameters");
755  }
756  }
757 
763  function parseRequestHeaders(&$data, &$req_encoding, &$resp_encoding, &$resp_compression)
764  {
765  // Play nice to PHP 4.0.x: superglobals were not yet invented...
766  if(!isset($_SERVER))
767  {
768  $_SERVER = $GLOBALS['HTTP_SERVER_VARS'];
769  }
770 
771  if($this->debug > 1)
772  {
773  if(function_exists('getallheaders'))
774  {
775  $this->debugmsg(''); // empty line
776  foreach(getallheaders() as $name => $val)
777  {
778  $this->debugmsg("HEADER: $name: $val");
779  }
780  }
781 
782  }
783 
784  if(isset($_SERVER['HTTP_CONTENT_ENCODING']))
785  {
786  $content_encoding = str_replace('x-', '', $_SERVER['HTTP_CONTENT_ENCODING']);
787  }
788  else
789  {
790  $content_encoding = '';
791  }
792 
793  // check if request body has been compressed and decompress it
794  if($content_encoding != '' && strlen($data))
795  {
796  if($content_encoding == 'deflate' || $content_encoding == 'gzip')
797  {
798  // if decoding works, use it. else assume data wasn't gzencoded
799  if(function_exists('gzinflate') && in_array($content_encoding, $this->accepted_compression))
800  {
801  if($content_encoding == 'deflate' && $degzdata = @gzuncompress($data))
802  {
803  $data = $degzdata;
804  if($this->debug > 1)
805  {
806  $this->debugmsg("\n+++INFLATED REQUEST+++[".strlen($data)." chars]+++\n" . $data . "\n+++END+++");
807  }
808  }
809  elseif($content_encoding == 'gzip' && $degzdata = @gzinflate(substr($data, 10)))
810  {
811  $data = $degzdata;
812  if($this->debug > 1)
813  $this->debugmsg("+++INFLATED REQUEST+++[".strlen($data)." chars]+++\n" . $data . "\n+++END+++");
814  }
815  else
816  {
817  $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['server_decompress_fail'], $GLOBALS['xmlrpcstr']['server_decompress_fail']);
818  return $r;
819  }
820  }
821  else
822  {
823  //error_log('The server sent deflated data. Your php install must have the Zlib extension compiled in to support this.');
824  $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['server_cannot_decompress'], $GLOBALS['xmlrpcstr']['server_cannot_decompress']);
825  return $r;
826  }
827  }
828  }
829 
830  // check if client specified accepted charsets, and if we know how to fulfill
831  // the request
832  if ($this->response_charset_encoding == 'auto')
833  {
834  $resp_encoding = '';
835  if (isset($_SERVER['HTTP_ACCEPT_CHARSET']))
836  {
837  // here we should check if we can match the client-requested encoding
838  // with the encodings we know we can generate.
840  $client_accepted_charsets = explode(',', strtoupper($_SERVER['HTTP_ACCEPT_CHARSET']));
841  // Give preference to internal encoding
842  $known_charsets = array($GLOBALS['xmlrpc_internalencoding'], 'UTF-8', 'ISO-8859-1', 'US-ASCII');
843  foreach ($known_charsets as $charset)
844  {
845  foreach ($client_accepted_charsets as $accepted)
846  if (strpos($accepted, $charset) === 0)
847  {
848  $resp_encoding = $charset;
849  break;
850  }
851  if ($resp_encoding)
852  break;
853  }
854  }
855  }
856  else
857  {
858  $resp_encoding = $this->response_charset_encoding;
859  }
860 
861  if (isset($_SERVER['HTTP_ACCEPT_ENCODING']))
862  {
863  $resp_compression = $_SERVER['HTTP_ACCEPT_ENCODING'];
864  }
865  else
866  {
867  $resp_compression = '';
868  }
869 
870  // 'guestimate' request encoding
872  $req_encoding = guess_encoding(isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : '',
873  $data);
874 
875  return null;
876  }
877 
886  function parseRequest($data, $req_encoding='')
887  {
888  // 2005/05/07 commented and moved into caller function code
889  //if($data=='')
890  //{
891  // $data=$GLOBALS['HTTP_RAW_POST_DATA'];
892  //}
893 
894  // G. Giunta 2005/02/13: we do NOT expect to receive html entities
895  // so we do not try to convert them into xml character entities
896  //$data = xmlrpc_html_entity_xlate($data);
897 
898  $GLOBALS['_xh']=array();
899  $GLOBALS['_xh']['ac']='';
900  $GLOBALS['_xh']['stack']=array();
901  $GLOBALS['_xh']['valuestack'] = array();
902  $GLOBALS['_xh']['params']=array();
903  $GLOBALS['_xh']['pt']=array();
904  $GLOBALS['_xh']['isf']=0;
905  $GLOBALS['_xh']['isf_reason']='';
906  $GLOBALS['_xh']['method']=false; // so we can check later if we got a methodname or not
907  $GLOBALS['_xh']['rt']='';
908 
909  // decompose incoming XML into request structure
910  if ($req_encoding != '')
911  {
912  if (!in_array($req_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
913  // the following code might be better for mb_string enabled installs, but
914  // makes the lib about 200% slower...
915  //if (!is_valid_charset($req_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
916  {
917  error_log('XML-RPC: xmlrpc_server::parseRequest: invalid charset encoding of received request: '.$req_encoding);
918  $req_encoding = $GLOBALS['xmlrpc_defencoding'];
919  }
921  // the encoding is not UTF8 and there are non-ascii chars in the text...
923  $parser = xml_parser_create($req_encoding);
924  }
925  else
926  {
927  $parser = xml_parser_create();
928  }
929 
930  xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true);
931  // G. Giunta 2005/02/13: PHP internally uses ISO-8859-1, so we have to tell
932  // the xml parser to give us back data in the expected charset
933  // What if internal encoding is not in one of the 3 allowed?
934  // we use the broadest one, ie. utf8
935  // This allows to send data which is native in various charset,
936  // by extending xmlrpc_encode_entitites() and setting xmlrpc_internalencoding
937  if (!in_array($GLOBALS['xmlrpc_internalencoding'], array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
938  {
939  xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, 'UTF-8');
940  }
941  else
942  {
943  xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $GLOBALS['xmlrpc_internalencoding']);
944  }
945 
946  if ($this->functions_parameters_type != 'xmlrpcvals')
947  xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_fast');
948  else
949  xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee');
950  xml_set_character_data_handler($parser, 'xmlrpc_cd');
951  xml_set_default_handler($parser, 'xmlrpc_dh');
952  if(!xml_parse($parser, $data, 1))
953  {
954  // return XML error as a faultCode
955  $r=new xmlrpcresp(0,
956  $GLOBALS['xmlrpcerrxml']+xml_get_error_code($parser),
957  sprintf('XML error: %s at line %d, column %d',
958  xml_error_string(xml_get_error_code($parser)),
959  xml_get_current_line_number($parser), xml_get_current_column_number($parser)));
960  xml_parser_free($parser);
961  }
962  elseif ($GLOBALS['_xh']['isf'])
963  {
964  xml_parser_free($parser);
965  $r=new xmlrpcresp(0,
966  $GLOBALS['xmlrpcerr']['invalid_request'],
967  $GLOBALS['xmlrpcstr']['invalid_request'] . ' ' . $GLOBALS['_xh']['isf_reason']);
968  }
969  else
970  {
971  xml_parser_free($parser);
972  if ($this->functions_parameters_type != 'xmlrpcvals')
973  {
974  if($this->debug > 1)
975  {
976  $this->debugmsg("\n+++PARSED+++\n".var_export($GLOBALS['_xh']['params'], true)."\n+++END+++");
977  }
978  $r = $this->execute($GLOBALS['_xh']['method'], $GLOBALS['_xh']['params'], $GLOBALS['_xh']['pt']);
979  }
980  else
981  {
982  // build an xmlrpcmsg object with data parsed from xml
983  $m=new xmlrpcmsg($GLOBALS['_xh']['method']);
984  // now add parameters in
985  for($i=0; $i<count($GLOBALS['_xh']['params']); $i++)
986  {
987  $m->addParam($GLOBALS['_xh']['params'][$i]);
988  }
989 
990  if($this->debug > 1)
991  {
992  $this->debugmsg("\n+++PARSED+++\n".var_export($m, true)."\n+++END+++");
993  }
994  $r = $this->execute($m);
995  }
996  }
997  return $r;
998  }
999 
1008  function execute($m, $params=null, $paramtypes=null)
1009  {
1010  if (is_object($m))
1011  {
1012  $methName = $m->method();
1013  }
1014  else
1015  {
1016  $methName = $m;
1017  }
1018  $sysCall = $this->allow_system_funcs && (strpos($methName, "system.") === 0);
1019  $dmap = $sysCall ? $GLOBALS['_xmlrpcs_dmap'] : $this->dmap;
1020 
1021  if(!isset($dmap[$methName]['function']))
1022  {
1023  // No such method
1024  return new xmlrpcresp(0,
1025  $GLOBALS['xmlrpcerr']['unknown_method'],
1026  $GLOBALS['xmlrpcstr']['unknown_method']);
1027  }
1028 
1029  // Check signature
1030  if(isset($dmap[$methName]['signature']))
1031  {
1032  $sig = $dmap[$methName]['signature'];
1033  if (is_object($m))
1034  {
1035  list($ok, $errstr) = $this->verifySignature($m, $sig);
1036  }
1037  else
1038  {
1039  list($ok, $errstr) = $this->verifySignature($paramtypes, $sig);
1040  }
1041  if(!$ok)
1042  {
1043  // Didn't match.
1044  return new xmlrpcresp(
1045  0,
1046  $GLOBALS['xmlrpcerr']['incorrect_params'],
1047  $GLOBALS['xmlrpcstr']['incorrect_params'] . ": ${errstr}"
1048  );
1049  }
1050  }
1051 
1052  $func = $dmap[$methName]['function'];
1053  // let the 'class::function' syntax be accepted in dispatch maps
1054  if(is_string($func) && strpos($func, '::'))
1055  {
1056  $func = explode('::', $func);
1057  }
1058  // verify that function to be invoked is in fact callable
1059  if(!is_callable($func))
1060  {
1061  error_log("XML-RPC: xmlrpc_server::execute: function $func registered as method handler is not callable");
1062  return new xmlrpcresp(
1063  0,
1064  $GLOBALS['xmlrpcerr']['server_error'],
1065  $GLOBALS['xmlrpcstr']['server_error'] . ": no function matches method"
1066  );
1067  }
1068 
1069  // If debug level is 3, we should catch all errors generated during
1070  // processing of user function, and log them as part of response
1071  if($this->debug > 2)
1072  {
1073  $GLOBALS['_xmlrpcs_prev_ehandler'] = set_error_handler('_xmlrpcs_errorHandler');
1074  }
1075  if (is_object($m))
1076  {
1077  if($sysCall)
1078  {
1079  $r = call_user_func($func, $this, $m);
1080  }
1081  else
1082  {
1083  $r = call_user_func($func, $m);
1084  }
1085  if (!is_a($r, 'xmlrpcresp'))
1086  {
1087  error_log("XML-RPC: xmlrpc_server::execute: function $func registered as method handler does not return an xmlrpcresp object");
1088  if (is_a($r, 'xmlrpcval'))
1089  {
1090  $r = new xmlrpcresp($r);
1091  }
1092  else
1093  {
1094  $r = new xmlrpcresp(
1095  0,
1096  $GLOBALS['xmlrpcerr']['server_error'],
1097  $GLOBALS['xmlrpcstr']['server_error'] . ": function does not return xmlrpcresp object"
1098  );
1099  }
1100  }
1101  }
1102  else
1103  {
1104  // call a 'plain php' function
1105  if($sysCall)
1106  {
1107  array_unshift($params, $this);
1108  $r = call_user_func_array($func, $params);
1109  }
1110  else
1111  {
1112  // 3rd API convention for method-handling functions: EPI-style
1113  if ($this->functions_parameters_type == 'epivals')
1114  {
1115  $r = call_user_func_array($func, array($methName, $params, $this->user_data));
1116  // mimic EPI behaviour: if we get an array that looks like an error, make it
1117  // an eror response
1118  if (is_array($r) && array_key_exists('faultCode', $r) && array_key_exists('faultString', $r))
1119  {
1120  $r = new xmlrpcresp(0, (integer)$r['faultCode'], (string)$r['faultString']);
1121  }
1122  else
1123  {
1124  // functions using EPI api should NOT return resp objects,
1125  // so make sure we encode the return type correctly
1126  $r = new xmlrpcresp(php_xmlrpc_encode($r, array('extension_api')));
1127  }
1128  }
1129  else
1130  {
1131  $r = call_user_func_array($func, $params);
1132  }
1133  }
1134  // the return type can be either an xmlrpcresp object or a plain php value...
1135  if (!is_a($r, 'xmlrpcresp'))
1136  {
1137  // what should we assume here about automatic encoding of datetimes
1138  // and php classes instances???
1139  $r = new xmlrpcresp(php_xmlrpc_encode($r, array('auto_dates')));
1140  }
1141  }
1142  if($this->debug > 2)
1143  {
1144  // note: restore the error handler we found before calling the
1145  // user func, even if it has been changed inside the func itself
1146  if($GLOBALS['_xmlrpcs_prev_ehandler'])
1147  {
1148  set_error_handler($GLOBALS['_xmlrpcs_prev_ehandler']);
1149  }
1150  else
1151  {
1152  restore_error_handler();
1153  }
1154  }
1155  return $r;
1156  }
1157 
1163  function debugmsg($string)
1164  {
1165  $this->debug_info .= $string."\n";
1166  }
1167 
1171  function xml_header($charset_encoding='')
1172  {
1173  if ($charset_encoding != '')
1174  {
1175  return "<?xml version=\"1.0\" encoding=\"$charset_encoding\"?" . ">\n";
1176  }
1177  else
1178  {
1179  return "<?xml version=\"1.0\"?" . ">\n";
1180  }
1181  }
1182 
1187  function echoInput()
1188  {
1189  $r=new xmlrpcresp(new xmlrpcval( "'Aha said I: '" . $GLOBALS['HTTP_RAW_POST_DATA'], 'string'));
1190  print $r->serialize();
1191  }
1192  }
1193 ?>
header
</code > Be careful enabling this directive if you have a redirector script that does not use the< code > Location</code > HTTP header
Definition: URI.MungeResources.txt:10
xmlrpc_server\$accepted_charset_encodings
$accepted_charset_encodings
list of charset encodings natively accepted for requests
Definition: xmlrpcs.inc:458
xmlrpc_server\debugmsg
debugmsg($string)
Definition: xmlrpcs.inc:1163
xmlrpc_server\echoInput
echoInput()
Definition: xmlrpcs.inc:1187
$_xmlrpcs_methodSignature_doc
$_xmlrpcs_methodSignature_doc
Definition: xmlrpcs.inc:101
xmlrpc_server\$dmap
$dmap
array defining php functions exposed as xmlrpc methods by this server
Definition: xmlrpcs.inc:436
xmlrpcval
Definition: xmlrpc.inc:2696
$_xmlrpcs_methodHelp_sdoc
$_xmlrpcs_methodHelp_sdoc
Definition: xmlrpcs.inc:155
php
xmlrpc_server\$debug_info
$debug_info
storage for internal debug info
Definition: xmlrpcs.inc:470
xmlrpc_server\verifySignature
verifySignature($in, $sig)
Definition: xmlrpcs.inc:697
_xmlrpcs_errorHandler
_xmlrpcs_errorHandler($errcode, $errstring, $filename=null, $lineno=null, $context=null)
Definition: xmlrpcs.inc:377
xmlrpc_server\$accepted_compression
$accepted_compression
Definition: xmlrpcs.inc:454
$_xmlrpcs_getCapabilities_sdoc
$_xmlrpcs_getCapabilities_sdoc
Definition: xmlrpcs.inc:63
xmlrpc_encode_entitites
xmlrpc_encode_entitites($data, $src_encoding='', $dest_encoding='')
Definition: xmlrpc.inc:276
$_xmlrpcs_methodHelp_doc
$_xmlrpcs_methodHelp_doc
Definition: xmlrpcs.inc:154
$_xmlrpcs_multicall_sig
$_xmlrpcs_multicall_sig
Definition: xmlrpcs.inc:194
xmlrpc_server\$compress_response
$compress_response
Definition: xmlrpcs.inc:449
php_xmlrpc_encode
& php_xmlrpc_encode($php_val, $options=array())
Definition: xmlrpc.inc:3342
_xmlrpcs_multicall_do_call_phpvals
_xmlrpcs_multicall_do_call_phpvals($server, $call)
Definition: xmlrpcs.inc:268
xmlrpcmsg
Definition: xmlrpc.inc:2069
xmlrpc_server
Definition: xmlrpcs.inc:434
$_xmlrpcs_listMethods_sdoc
$_xmlrpcs_listMethods_sdoc
Definition: xmlrpcs.inc:81
$_xmlrpcs_methodHelp_sig
$_xmlrpcs_methodHelp_sig
Definition: xmlrpcs.inc:153
xmlrpc_server\add_to_map
add_to_map($methodname, $function, $sig=null, $doc='')
Definition: xmlrpcs.inc:679
_xmlrpcs_multicall_error
_xmlrpcs_multicall_error($err)
Definition: xmlrpcs.inc:197
_xmlrpcs_listMethods
_xmlrpcs_listMethods($server, $m=null)
Definition: xmlrpcs.inc:82
xmlrpc_server\xml_header
xml_header($charset_encoding='')
Definition: xmlrpcs.inc:1171
$GLOBALS
$GLOBALS['xmlrpcs_capabilities']
Definition: xmlrpcs.inc:41
php_2_xmlrpc_type
php_2_xmlrpc_type($phptype)
Definition: xmlrpc_wrappers.inc:28
xmlrpc_server\$user_data
$user_data
extra data passed at runtime to method handling functions. Used only by EPI layer
Definition: xmlrpcs.inc:472
xmlrpc_server\parseRequestHeaders
parseRequestHeaders(&$data, &$req_encoding, &$resp_encoding, &$resp_compression)
Definition: xmlrpcs.inc:763
xmlrpc_server\service
service($data=null, $return_payload=false)
Definition: xmlrpcs.inc:563
xmlrpc_server\__construct
__construct($dispMap=null, $serviceNow=true)
Definition: xmlrpcs.inc:478
guess_encoding
guess_encoding($httpheader='', $xmlchunk='', $encoding_prefs=null)
Definition: xmlrpc.inc:3595
xmlrpc_server\$debug
$debug
controls wether the server is going to echo debugging messages back to the client as comments in resp...
Definition: xmlrpcs.inc:444
xmlrpc_server\$response_charset_encoding
$response_charset_encoding
Definition: xmlrpcs.inc:468
xmlrpc_server\$allow_system_funcs
$allow_system_funcs
shall we serve calls to system.* methods?
Definition: xmlrpcs.inc:456
$_xmlrpcs_getCapabilities_doc
$_xmlrpcs_getCapabilities_doc
Definition: xmlrpcs.inc:62
$_xmlrpcs_multicall_doc
$_xmlrpcs_multicall_doc
Definition: xmlrpcs.inc:195
$_xmlrpcs_listMethods_sig
$_xmlrpcs_listMethods_sig
Definition: xmlrpcs.inc:79
xmlrpc_server\setDebug
setDebug($in)
Definition: xmlrpcs.inc:524
xmlrpc_server\serializeDebug
serializeDebug($charset_encoding='')
Definition: xmlrpcs.inc:534
_xmlrpcs_methodSignature
_xmlrpcs_methodSignature($server, $m)
Definition: xmlrpcs.inc:103
$_xmlrpcs_multicall_sdoc
$_xmlrpcs_multicall_sdoc
Definition: xmlrpcs.inc:196
_xmlrpcs_getCapabilities
_xmlrpcs_getCapabilities($server, $m=null)
Definition: xmlrpcs.inc:64
functions_parameters_type
$s functions_parameters_type
Definition: index.php:284
xmlrpcresp
Definition: xmlrpc.inc:1911
_xmlrpcs_methodHelp
_xmlrpcs_methodHelp($server, $m)
Definition: xmlrpcs.inc:156
$_xmlrpcs_methodSignature_sig
$_xmlrpcs_methodSignature_sig
Definition: xmlrpcs.inc:100
_xmlrpcs_multicall
_xmlrpcs_multicall($server, $m)
Definition: xmlrpcs.inc:312
xmlrpc_server\$functions_parameters_type
$functions_parameters_type
Definition: xmlrpcs.inc:442
empty
Attr AllowedRel this is empty
Definition: Attr.AllowedRel.txt:7
$_xmlrpcs_listMethods_doc
$_xmlrpcs_listMethods_doc
Definition: xmlrpcs.inc:80
xmlrpc_server\parseRequest
parseRequest($data, $req_encoding='')
Definition: xmlrpcs.inc:886
as
as
Definition: Filter.ExtractStyleBlocks.Escaping.txt:10
xmlrpc_server\execute
execute($m, $params=null, $paramtypes=null)
Definition: xmlrpcs.inc:1008
$_xmlrpcs_methodSignature_sdoc
$_xmlrpcs_methodSignature_sdoc
Definition: xmlrpcs.inc:102
_xmlrpcs_multicall_do_call
_xmlrpcs_multicall_do_call($server, $call)
Definition: xmlrpcs.inc:215
$_xmlrpcs_getCapabilities_sig
$_xmlrpcs_getCapabilities_sig
Definition: xmlrpcs.inc:61
xmlrpc_debugmsg
xmlrpc_debugmsg($m)
Definition: xmlrpcs.inc:428
Generated by doxygen 1.8.20