| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394 | <?php/** * @file * Provides API for defining and handling XML-RPC requests. *//** * Invokes XML-RPC methods on this server. * * @param array $callbacks *   Either an associative array of external XML-RPC method names as keys with *   the callbacks they map to as values, or a more complex structure *   describing XML-RPC callbacks as returned from hook_xmlrpc(). */function xmlrpc_server($callbacks) {  $xmlrpc_server = new stdClass();  // Define built-in XML-RPC method names  $defaults = array(    'system.multicall' => 'xmlrpc_server_multicall',    array(      'system.methodSignature',      'xmlrpc_server_method_signature',      array('array', 'string'),      'Returns an array describing the return type and required parameters of a method.',    ),    array(      'system.getCapabilities',      'xmlrpc_server_get_capabilities',      array('struct'),      'Returns a struct describing the XML-RPC specifications supported by this server.',    ),    array(      'system.listMethods',      'xmlrpc_server_list_methods',      array('array'),      'Returns an array of available methods on this server.',    ),    array(      'system.methodHelp',      'xmlrpc_server_method_help',      array('string', 'string'),      'Returns a documentation string for the specified method.',    ),  );  // We build an array of all method names by combining the built-ins  // with those defined by modules implementing the _xmlrpc hook.  // Built-in methods are overridable.  $callbacks = array_merge($defaults, (array) $callbacks);  drupal_alter('xmlrpc', $callbacks);  foreach ($callbacks as $key => $callback) {    // we could check for is_array($callback)    if (is_int($key)) {      $method = $callback[0];      $xmlrpc_server->callbacks[$method] = $callback[1];      $xmlrpc_server->signatures[$method] = $callback[2];      $xmlrpc_server->help[$method] = $callback[3];    }    else {      $xmlrpc_server->callbacks[$key] = $callback;      $xmlrpc_server->signatures[$key] = '';      $xmlrpc_server->help[$key] = '';    }  }  $data = file_get_contents('php://input');  if (!$data) {    print 'XML-RPC server accepts POST requests only.';    drupal_exit();  }  $xmlrpc_server->message = xmlrpc_message($data);  if (!xmlrpc_message_parse($xmlrpc_server->message)) {    xmlrpc_server_error(-32700, t('Parse error. Request not well formed.'));  }  if ($xmlrpc_server->message->messagetype != 'methodCall') {    xmlrpc_server_error(-32600, t('Server error. Invalid XML-RPC. Request must be a methodCall.'));  }  if (!isset($xmlrpc_server->message->params)) {    $xmlrpc_server->message->params = array();  }  xmlrpc_server_set($xmlrpc_server);  $result = xmlrpc_server_call($xmlrpc_server, $xmlrpc_server->message->methodname, $xmlrpc_server->message->params);  if (is_object($result) && !empty($result->is_error)) {    xmlrpc_server_error($result);  }  // Encode the result  $r = xmlrpc_value($result);  // Create the XML  $xml = '<methodResponse>  <params>  <param>    <value>' . xmlrpc_value_get_xml($r) . '</value>  </param>  </params></methodResponse>';  // Send it  xmlrpc_server_output($xml);}/** * Throws an XML-RPC error. * * @param $error *   An error object or integer error code. * @param $message *   (optional) The description of the error. Used only if an integer error *   code was passed in. */function xmlrpc_server_error($error, $message = FALSE) {  if ($message && !is_object($error)) {    $error = xmlrpc_error($error, $message);  }  xmlrpc_server_output(xmlrpc_error_get_xml($error));}/** * Sends XML-RPC output to the browser. * * @param string $xml *   XML to send to the browser. */function xmlrpc_server_output($xml) {  $xml = '<?xml version="1.0"?>' . "\n" . $xml;  drupal_add_http_header('Content-Length', strlen($xml));  drupal_add_http_header('Content-Type', 'text/xml');  echo $xml;  drupal_exit();}/** * Stores a copy of an XML-RPC request temporarily. * * @param object $xmlrpc_server *   (optional) Request object created by xmlrpc_server(). Omit to leave the *   previous server object saved. * * @return *   The latest stored request. * * @see xmlrpc_server_get() */function xmlrpc_server_set($xmlrpc_server = NULL) {  static $server;  if (!isset($server)) {    $server = $xmlrpc_server;  }  return $server;}/** * Retrieves the latest stored XML-RPC request. * * @return object *   The stored request. * * @see xmlrpc_server_set() */function xmlrpc_server_get() {  return xmlrpc_server_set();}/** * Dispatches an XML-RPC request and any parameters to the appropriate handler. * * @param object $xmlrpc_server *   Object containing information about this XML-RPC server, the methods it *   provides, their signatures, etc. * @param string $methodname *   The external XML-RPC method name; e.g., 'system.methodHelp'. * @param array $args *   Array containing any parameters that are to be sent along with the request. * * @return *   The results of the call. */function xmlrpc_server_call($xmlrpc_server, $methodname, $args) {  // Make sure parameters are in an array  if ($args && !is_array($args)) {    $args = array($args);  }  // Has this method been mapped to a Drupal function by us or by modules?  if (!isset($xmlrpc_server->callbacks[$methodname])) {    return xmlrpc_error(-32601, t('Server error. Requested method @methodname not specified.', array("@methodname" => $xmlrpc_server->message->methodname)));  }  $method = $xmlrpc_server->callbacks[$methodname];  $signature = $xmlrpc_server->signatures[$methodname];  // If the method has a signature, validate the request against the signature  if (is_array($signature)) {    $ok = TRUE;    $return_type = array_shift($signature);    // Check the number of arguments    if (count($args) != count($signature)) {      return xmlrpc_error(-32602, t('Server error. Wrong number of method parameters.'));    }    // Check the argument types    foreach ($signature as $key => $type) {      $arg = $args[$key];      switch ($type) {        case 'int':        case 'i4':          if (is_array($arg) || !is_int($arg)) {            $ok = FALSE;          }          break;        case 'base64':        case 'string':          if (!is_string($arg)) {            $ok = FALSE;          }          break;        case 'boolean':          if ($arg !== FALSE && $arg !== TRUE) {            $ok = FALSE;          }          break;        case 'float':        case 'double':          if (!is_float($arg)) {            $ok = FALSE;          }          break;        case 'date':        case 'dateTime.iso8601':          if (!$arg->is_date) {            $ok = FALSE;          }          break;      }      if (!$ok) {        return xmlrpc_error(-32602, t('Server error. Invalid method parameters.'));      }    }  }  if (!function_exists($method)) {    return xmlrpc_error(-32601, t('Server error. Requested function @method does not exist.', array("@method" => $method)));  }  // Call the mapped function  return call_user_func_array($method, $args);}/** * Dispatches multiple XML-RPC requests. * * @param array $methodcalls *   An array of XML-RPC requests to make. Each request is an array with the *   following elements: *   - methodName: Name of the method to invoke. *   - params: Parameters to pass to the method. * * @return *   An array of the results of each request. * * @see xmlrpc_server_call() */function xmlrpc_server_multicall($methodcalls) {  // See http://www.xmlrpc.com/discuss/msgReader$1208  // To avoid multicall expansion attacks, limit the number of duplicate method  // calls allowed with a default of 1. Set to -1 for unlimited.  $duplicate_method_limit = variable_get('xmlrpc_multicall_duplicate_method_limit', 1);  $method_count = array();  $return = array();  $xmlrpc_server = xmlrpc_server_get();  foreach ($methodcalls as $call) {    $ok = TRUE;    if (!isset($call['methodName']) || !isset($call['params'])) {      $result = xmlrpc_error(3, t('Invalid syntax for system.multicall.'));      $ok = FALSE;    }    $method = $call['methodName'];    $method_count[$method] = isset($method_count[$method]) ? $method_count[$method] + 1 : 1;    $params = $call['params'];    if ($method == 'system.multicall') {      $result = xmlrpc_error(-32600, t('Recursive calls to system.multicall are forbidden.'));    }    elseif ($duplicate_method_limit > 0 && $method_count[$method] > $duplicate_method_limit) {      $result = xmlrpc_error(-156579, t('Too many duplicate method calls in system.multicall.'));    }    elseif ($ok) {      $result = xmlrpc_server_call($xmlrpc_server, $method, $params);    }    if (is_object($result) && !empty($result->is_error)) {      $return[] = array(        'faultCode' => $result->code,        'faultString' => $result->message,      );    }    else {      $return[] = array($result);    }  }  return $return;}/** * Lists the methods available on this XML-RPC server. * * XML-RPC method system.listMethods maps to this function. * * @return array *   Array of the names of methods available on this server. */function xmlrpc_server_list_methods() {  $xmlrpc_server = xmlrpc_server_get();  return array_keys($xmlrpc_server->callbacks);}/** * Returns a list of the capabilities of this server. * * XML-RPC method system.getCapabilities maps to this function. * * @return array *   Array of server capabilities. * * @see http://groups.yahoo.com/group/xml-rpc/message/2897 */function xmlrpc_server_get_capabilities() {  return array(    'xmlrpc' => array(      'specUrl' => 'http://www.xmlrpc.com/spec',      'specVersion' => 1,    ),    'faults_interop' => array(      'specUrl' => 'http://xmlrpc-epi.sourceforge.net/specs/rfc.fault_codes.php',      'specVersion' => 20010516,    ),    'system.multicall' => array(      'specUrl' => 'http://www.xmlrpc.com/discuss/msgReader$1208',      'specVersion' => 1,    ),    'introspection' => array(      'specUrl' => 'http://scripts.incutio.com/xmlrpc/introspection.html',      'specVersion' => 1,    ),  );}/** * Returns one method signature for a function. * * This is the function mapped to the XML-RPC method system.methodSignature. * * A method signature is an array of the input and output types of a method. For * instance, the method signature of this function is array('array', 'string'), * because it takes an array and returns a string. * * @param string $methodname *   Name of method to return a method signature for. * * @return array *   An array of arrays of types, each of the arrays representing one method *   signature of the function that $methodname maps to. */function xmlrpc_server_method_signature($methodname) {  $xmlrpc_server = xmlrpc_server_get();  if (!isset($xmlrpc_server->callbacks[$methodname])) {    return xmlrpc_error(-32601, t('Server error. Requested method @methodname not specified.', array("@methodname" => $methodname)));  }  if (!is_array($xmlrpc_server->signatures[$methodname])) {    return xmlrpc_error(-32601, t('Server error. Requested method @methodname signature not specified.', array("@methodname" => $methodname)));  }  // We array of types  $return = array();  foreach ($xmlrpc_server->signatures[$methodname] as $type) {    $return[] = $type;  }  return array($return);}/** * Returns the help for an XML-RPC method. * * XML-RPC method system.methodHelp maps to this function. * * @param string $method *   Name of method for which we return a help string. * * @return string *   Help text for $method. */function xmlrpc_server_method_help($method) {  $xmlrpc_server = xmlrpc_server_get();  return $xmlrpc_server->help[$method];}
 |