xmlrpcs.inc 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394
  1. <?php
  2. /**
  3. * @file
  4. * Provides API for defining and handling XML-RPC requests.
  5. */
  6. /**
  7. * Invokes XML-RPC methods on this server.
  8. *
  9. * @param array $callbacks
  10. * Either an associative array of external XML-RPC method names as keys with
  11. * the callbacks they map to as values, or a more complex structure
  12. * describing XML-RPC callbacks as returned from hook_xmlrpc().
  13. */
  14. function xmlrpc_server($callbacks) {
  15. $xmlrpc_server = new stdClass();
  16. // Define built-in XML-RPC method names
  17. $defaults = array(
  18. 'system.multicall' => 'xmlrpc_server_multicall',
  19. array(
  20. 'system.methodSignature',
  21. 'xmlrpc_server_method_signature',
  22. array('array', 'string'),
  23. 'Returns an array describing the return type and required parameters of a method.',
  24. ),
  25. array(
  26. 'system.getCapabilities',
  27. 'xmlrpc_server_get_capabilities',
  28. array('struct'),
  29. 'Returns a struct describing the XML-RPC specifications supported by this server.',
  30. ),
  31. array(
  32. 'system.listMethods',
  33. 'xmlrpc_server_list_methods',
  34. array('array'),
  35. 'Returns an array of available methods on this server.',
  36. ),
  37. array(
  38. 'system.methodHelp',
  39. 'xmlrpc_server_method_help',
  40. array('string', 'string'),
  41. 'Returns a documentation string for the specified method.',
  42. ),
  43. );
  44. // We build an array of all method names by combining the built-ins
  45. // with those defined by modules implementing the _xmlrpc hook.
  46. // Built-in methods are overridable.
  47. $callbacks = array_merge($defaults, (array) $callbacks);
  48. drupal_alter('xmlrpc', $callbacks);
  49. foreach ($callbacks as $key => $callback) {
  50. // we could check for is_array($callback)
  51. if (is_int($key)) {
  52. $method = $callback[0];
  53. $xmlrpc_server->callbacks[$method] = $callback[1];
  54. $xmlrpc_server->signatures[$method] = $callback[2];
  55. $xmlrpc_server->help[$method] = $callback[3];
  56. }
  57. else {
  58. $xmlrpc_server->callbacks[$key] = $callback;
  59. $xmlrpc_server->signatures[$key] = '';
  60. $xmlrpc_server->help[$key] = '';
  61. }
  62. }
  63. $data = file_get_contents('php://input');
  64. if (!$data) {
  65. print 'XML-RPC server accepts POST requests only.';
  66. drupal_exit();
  67. }
  68. $xmlrpc_server->message = xmlrpc_message($data);
  69. if (!xmlrpc_message_parse($xmlrpc_server->message)) {
  70. xmlrpc_server_error(-32700, t('Parse error. Request not well formed.'));
  71. }
  72. if ($xmlrpc_server->message->messagetype != 'methodCall') {
  73. xmlrpc_server_error(-32600, t('Server error. Invalid XML-RPC. Request must be a methodCall.'));
  74. }
  75. if (!isset($xmlrpc_server->message->params)) {
  76. $xmlrpc_server->message->params = array();
  77. }
  78. xmlrpc_server_set($xmlrpc_server);
  79. $result = xmlrpc_server_call($xmlrpc_server, $xmlrpc_server->message->methodname, $xmlrpc_server->message->params);
  80. if (is_object($result) && !empty($result->is_error)) {
  81. xmlrpc_server_error($result);
  82. }
  83. // Encode the result
  84. $r = xmlrpc_value($result);
  85. // Create the XML
  86. $xml = '
  87. <methodResponse>
  88. <params>
  89. <param>
  90. <value>' . xmlrpc_value_get_xml($r) . '</value>
  91. </param>
  92. </params>
  93. </methodResponse>
  94. ';
  95. // Send it
  96. xmlrpc_server_output($xml);
  97. }
  98. /**
  99. * Throws an XML-RPC error.
  100. *
  101. * @param $error
  102. * An error object or integer error code.
  103. * @param $message
  104. * (optional) The description of the error. Used only if an integer error
  105. * code was passed in.
  106. */
  107. function xmlrpc_server_error($error, $message = FALSE) {
  108. if ($message && !is_object($error)) {
  109. $error = xmlrpc_error($error, $message);
  110. }
  111. xmlrpc_server_output(xmlrpc_error_get_xml($error));
  112. }
  113. /**
  114. * Sends XML-RPC output to the browser.
  115. *
  116. * @param string $xml
  117. * XML to send to the browser.
  118. */
  119. function xmlrpc_server_output($xml) {
  120. $xml = '<?xml version="1.0"?>' . "\n" . $xml;
  121. drupal_add_http_header('Content-Length', strlen($xml));
  122. drupal_add_http_header('Content-Type', 'text/xml');
  123. echo $xml;
  124. drupal_exit();
  125. }
  126. /**
  127. * Stores a copy of an XML-RPC request temporarily.
  128. *
  129. * @param object $xmlrpc_server
  130. * (optional) Request object created by xmlrpc_server(). Omit to leave the
  131. * previous server object saved.
  132. *
  133. * @return
  134. * The latest stored request.
  135. *
  136. * @see xmlrpc_server_get()
  137. */
  138. function xmlrpc_server_set($xmlrpc_server = NULL) {
  139. static $server;
  140. if (!isset($server)) {
  141. $server = $xmlrpc_server;
  142. }
  143. return $server;
  144. }
  145. /**
  146. * Retrieves the latest stored XML-RPC request.
  147. *
  148. * @return object
  149. * The stored request.
  150. *
  151. * @see xmlrpc_server_set()
  152. */
  153. function xmlrpc_server_get() {
  154. return xmlrpc_server_set();
  155. }
  156. /**
  157. * Dispatches an XML-RPC request and any parameters to the appropriate handler.
  158. *
  159. * @param object $xmlrpc_server
  160. * Object containing information about this XML-RPC server, the methods it
  161. * provides, their signatures, etc.
  162. * @param string $methodname
  163. * The external XML-RPC method name; e.g., 'system.methodHelp'.
  164. * @param array $args
  165. * Array containing any parameters that are to be sent along with the request.
  166. *
  167. * @return
  168. * The results of the call.
  169. */
  170. function xmlrpc_server_call($xmlrpc_server, $methodname, $args) {
  171. // Make sure parameters are in an array
  172. if ($args && !is_array($args)) {
  173. $args = array($args);
  174. }
  175. // Has this method been mapped to a Drupal function by us or by modules?
  176. if (!isset($xmlrpc_server->callbacks[$methodname])) {
  177. return xmlrpc_error(-32601, t('Server error. Requested method @methodname not specified.', array("@methodname" => $xmlrpc_server->message->methodname)));
  178. }
  179. $method = $xmlrpc_server->callbacks[$methodname];
  180. $signature = $xmlrpc_server->signatures[$methodname];
  181. // If the method has a signature, validate the request against the signature
  182. if (is_array($signature)) {
  183. $ok = TRUE;
  184. $return_type = array_shift($signature);
  185. // Check the number of arguments
  186. if (count($args) != count($signature)) {
  187. return xmlrpc_error(-32602, t('Server error. Wrong number of method parameters.'));
  188. }
  189. // Check the argument types
  190. foreach ($signature as $key => $type) {
  191. $arg = $args[$key];
  192. switch ($type) {
  193. case 'int':
  194. case 'i4':
  195. if (is_array($arg) || !is_int($arg)) {
  196. $ok = FALSE;
  197. }
  198. break;
  199. case 'base64':
  200. case 'string':
  201. if (!is_string($arg)) {
  202. $ok = FALSE;
  203. }
  204. break;
  205. case 'boolean':
  206. if ($arg !== FALSE && $arg !== TRUE) {
  207. $ok = FALSE;
  208. }
  209. break;
  210. case 'float':
  211. case 'double':
  212. if (!is_float($arg)) {
  213. $ok = FALSE;
  214. }
  215. break;
  216. case 'date':
  217. case 'dateTime.iso8601':
  218. if (!$arg->is_date) {
  219. $ok = FALSE;
  220. }
  221. break;
  222. }
  223. if (!$ok) {
  224. return xmlrpc_error(-32602, t('Server error. Invalid method parameters.'));
  225. }
  226. }
  227. }
  228. if (!function_exists($method)) {
  229. return xmlrpc_error(-32601, t('Server error. Requested function @method does not exist.', array("@method" => $method)));
  230. }
  231. // Call the mapped function
  232. return call_user_func_array($method, $args);
  233. }
  234. /**
  235. * Dispatches multiple XML-RPC requests.
  236. *
  237. * @param array $methodcalls
  238. * An array of XML-RPC requests to make. Each request is an array with the
  239. * following elements:
  240. * - methodName: Name of the method to invoke.
  241. * - params: Parameters to pass to the method.
  242. *
  243. * @return
  244. * An array of the results of each request.
  245. *
  246. * @see xmlrpc_server_call()
  247. */
  248. function xmlrpc_server_multicall($methodcalls) {
  249. // See http://www.xmlrpc.com/discuss/msgReader$1208
  250. // To avoid multicall expansion attacks, limit the number of duplicate method
  251. // calls allowed with a default of 1. Set to -1 for unlimited.
  252. $duplicate_method_limit = variable_get('xmlrpc_multicall_duplicate_method_limit', 1);
  253. $method_count = array();
  254. $return = array();
  255. $xmlrpc_server = xmlrpc_server_get();
  256. foreach ($methodcalls as $call) {
  257. $ok = TRUE;
  258. if (!isset($call['methodName']) || !isset($call['params'])) {
  259. $result = xmlrpc_error(3, t('Invalid syntax for system.multicall.'));
  260. $ok = FALSE;
  261. }
  262. $method = $call['methodName'];
  263. $method_count[$method] = isset($method_count[$method]) ? $method_count[$method] + 1 : 1;
  264. $params = $call['params'];
  265. if ($method == 'system.multicall') {
  266. $result = xmlrpc_error(-32600, t('Recursive calls to system.multicall are forbidden.'));
  267. }
  268. elseif ($duplicate_method_limit > 0 && $method_count[$method] > $duplicate_method_limit) {
  269. $result = xmlrpc_error(-156579, t('Too many duplicate method calls in system.multicall.'));
  270. }
  271. elseif ($ok) {
  272. $result = xmlrpc_server_call($xmlrpc_server, $method, $params);
  273. }
  274. if (is_object($result) && !empty($result->is_error)) {
  275. $return[] = array(
  276. 'faultCode' => $result->code,
  277. 'faultString' => $result->message,
  278. );
  279. }
  280. else {
  281. $return[] = array($result);
  282. }
  283. }
  284. return $return;
  285. }
  286. /**
  287. * Lists the methods available on this XML-RPC server.
  288. *
  289. * XML-RPC method system.listMethods maps to this function.
  290. *
  291. * @return array
  292. * Array of the names of methods available on this server.
  293. */
  294. function xmlrpc_server_list_methods() {
  295. $xmlrpc_server = xmlrpc_server_get();
  296. return array_keys($xmlrpc_server->callbacks);
  297. }
  298. /**
  299. * Returns a list of the capabilities of this server.
  300. *
  301. * XML-RPC method system.getCapabilities maps to this function.
  302. *
  303. * @return array
  304. * Array of server capabilities.
  305. *
  306. * @see http://groups.yahoo.com/group/xml-rpc/message/2897
  307. */
  308. function xmlrpc_server_get_capabilities() {
  309. return array(
  310. 'xmlrpc' => array(
  311. 'specUrl' => 'http://www.xmlrpc.com/spec',
  312. 'specVersion' => 1,
  313. ),
  314. 'faults_interop' => array(
  315. 'specUrl' => 'http://xmlrpc-epi.sourceforge.net/specs/rfc.fault_codes.php',
  316. 'specVersion' => 20010516,
  317. ),
  318. 'system.multicall' => array(
  319. 'specUrl' => 'http://www.xmlrpc.com/discuss/msgReader$1208',
  320. 'specVersion' => 1,
  321. ),
  322. 'introspection' => array(
  323. 'specUrl' => 'http://scripts.incutio.com/xmlrpc/introspection.html',
  324. 'specVersion' => 1,
  325. ),
  326. );
  327. }
  328. /**
  329. * Returns one method signature for a function.
  330. *
  331. * This is the function mapped to the XML-RPC method system.methodSignature.
  332. *
  333. * A method signature is an array of the input and output types of a method. For
  334. * instance, the method signature of this function is array('array', 'string'),
  335. * because it takes an array and returns a string.
  336. *
  337. * @param string $methodname
  338. * Name of method to return a method signature for.
  339. *
  340. * @return array
  341. * An array of arrays of types, each of the arrays representing one method
  342. * signature of the function that $methodname maps to.
  343. */
  344. function xmlrpc_server_method_signature($methodname) {
  345. $xmlrpc_server = xmlrpc_server_get();
  346. if (!isset($xmlrpc_server->callbacks[$methodname])) {
  347. return xmlrpc_error(-32601, t('Server error. Requested method @methodname not specified.', array("@methodname" => $methodname)));
  348. }
  349. if (!is_array($xmlrpc_server->signatures[$methodname])) {
  350. return xmlrpc_error(-32601, t('Server error. Requested method @methodname signature not specified.', array("@methodname" => $methodname)));
  351. }
  352. // We array of types
  353. $return = array();
  354. foreach ($xmlrpc_server->signatures[$methodname] as $type) {
  355. $return[] = $type;
  356. }
  357. return array($return);
  358. }
  359. /**
  360. * Returns the help for an XML-RPC method.
  361. *
  362. * XML-RPC method system.methodHelp maps to this function.
  363. *
  364. * @param string $method
  365. * Name of method for which we return a help string.
  366. *
  367. * @return string
  368. * Help text for $method.
  369. */
  370. function xmlrpc_server_method_help($method) {
  371. $xmlrpc_server = xmlrpc_server_get();
  372. return $xmlrpc_server->help[$method];
  373. }