marc
/
CiviProxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/dev_20'

This commit is contained in:
systopia 2018-03-01 11:09:58 +01:00
parent e4a9927919 a23f0cfb05
commit 1e280e1f0e
3 changed files with 53 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
proxy/config.php
View File

@ -19,7 +19,7 @@ $target_civicrm = 'https://your.civicrm.installation.org';
/**************************************************************** /****************************************************************
** DEFAULT PATHS ** ** FEATURES / DEFAULT PATHS **
** ** ** **
** set to NULL to disable a feature ** ** set to NULL to disable a feature **
****************************************************************/ ****************************************************************/
@ -32,6 +32,15 @@ $target_file = $target_civicrm . '/sites/default/files/civicrm/persist/';
$target_mosaico = NULL; // (disabled by default): $target_civicrm . '/civicrm/mosaico/img?src='; $target_mosaico = NULL; // (disabled by default): $target_civicrm . '/civicrm/mosaico/img?src=';
$target_mail_view = $target_civicrm . '/civicrm/mailing/view'; $target_mail_view = $target_civicrm . '/civicrm/mailing/view';
/****************************************************************
** GENERAL OPTIONS **
****************************************************************/
// This logo is shown if the proxy server is address with a web browser
// add your own logo here
$civiproxy_logo = "<img src='{$proxy_base}/static/images/proxy-logo.png' alt='SYSTOPIA Organisationsberatung'></img>";
// Set api-key for mail subscribe/unsubscribe user // Set api-key for mail subscribe/unsubscribe user
// Set to NULL/FALSE to disable the feature // Set to NULL/FALSE to disable the feature
$mail_subscription_user_key = NULL; $mail_subscription_user_key = NULL;
@ -77,6 +86,12 @@ $file_cache_include = array(
/**************************************************************** /****************************************************************
** REST API OPTIONS ** ** REST API OPTIONS **
****************************************************************/ ****************************************************************/
// if you enable this, the system will also try to
// parse the 'json' parameter, which holds additional
// input data according to the CiviCRM REST API specs
$rest_evaluate_json_parameter = FALSE;
// whitelisting is done per IP address ($_SERVER['REMOTE_ADDR']) with a 'all' for the generic stuff that applies to all IP addresses // whitelisting is done per IP address ($_SERVER['REMOTE_ADDR']) with a 'all' for the generic stuff that applies to all IP addresses
// - if a request comes in and the IP is not a key in the array, the whitelisted in 'all' are used // - if a request comes in and the IP is not a key in the array, the whitelisted in 'all' are used
// - if a request comes in and the IP is indeed a key in the array, the whitelisted in the IP are checked first. If nothing is // - if a request comes in and the IP is indeed a key in the array, the whitelisted in the IP are checked first. If nothing is
@ -102,4 +117,3 @@ $rest_allowed_actions = array(
), ),
), ),
); );

30
proxy/proxy.php
View File

@ -8,8 +8,7 @@
+---------------------------------------------------------*/ +---------------------------------------------------------*/
require_once "config.php"; require_once "config.php";
$civiproxy_version = '0.5'; $civiproxy_version = '0.6.dev1';
$civiproxy_logo = "<img src='{$proxy_base}/static/images/proxy-logo.png' alt='SYSTOPIA Organisationsberatung'></img>";
/** /**
* this will redirect the request to another URL, * this will redirect the request to another URL,
@ -165,8 +164,14 @@ function civiproxy_security_check($target, $quit=TRUE) {
* *
* @param $valid_parameters array '<parameter name> => '<expected type>' * @param $valid_parameters array '<parameter name> => '<expected type>'
* where type can be 'int', 'string' (unchecked), * where type can be 'int', 'string' (unchecked),
* @param $request provides the request data to use,
* defaults to $_REQUEST
*/ */
function civiproxy_get_parameters($valid_parameters) { function civiproxy_get_parameters($valid_parameters, $request = NULL) {
if ($request === NULL) {
$request = $_REQUEST;
}
$result = array(); $result = array();
$default_sanitation = NULL; $default_sanitation = NULL;
@ -177,8 +182,8 @@ function civiproxy_get_parameters($valid_parameters) {
continue; continue;
} }
if (isset($_REQUEST[$name])) { if (isset($request[$name])) {
$result[$name] = civiproxy_sanitise($_REQUEST[$name], $type); $result[$name] = civiproxy_sanitise($request[$name], $type);
} }
} }
@ -186,7 +191,7 @@ function civiproxy_get_parameters($valid_parameters) {
if ($default_sanitation !== NULL) { if ($default_sanitation !== NULL) {
// i.e. we want the others too // i.e. we want the others too
$remove_parameters = array('key', 'api_key', 'version', 'entity', 'action'); $remove_parameters = array('key', 'api_key', 'version', 'entity', 'action');
foreach ($_REQUEST as $name => $value) { foreach ($request as $name => $value) {
if (!in_array($name, $remove_parameters) && !isset($valid_parameters[$name])) { if (!in_array($name, $remove_parameters) && !isset($valid_parameters[$name])) {
$result[$name] = civiproxy_sanitise($value, $default_sanitation); $result[$name] = civiproxy_sanitise($value, $default_sanitation);
} }
@ -220,6 +225,19 @@ function civiproxy_sanitise($value, $type) {
error_log("CiviProxy: removed invalid email parameter: " . $value); error_log("CiviProxy: removed invalid email parameter: " . $value);
$value = ''; $value = '';
} }
} elseif ($type == 'json') {
// valid json
$json_data = json_decode($value, true);
if ($json_data === NULL) {
$value = '';
} else {
$value = json_encode($value);
}
} elseif ($type == 'array') {
// this should only happen _inside_ the json field
if (!is_array($value)) {
$value = '';
}
} elseif (is_array($type)) { } elseif (is_array($type)) {
// this is a list of valid options // this is a list of valid options
$requested_value = $value; $requested_value = $value;

14
proxy/rest.php
View File

@ -64,7 +64,7 @@ if (isset($rest_allowed_actions['all'])) {
} else { } else {
civiproxy_rest_error("Invalid entity/action."); civiproxy_rest_error("Invalid entity/action.");
} }
} }
// extract parameters and add credentials and action data // extract parameters and add credentials and action data
$parameters = civiproxy_get_parameters($valid_parameters); $parameters = civiproxy_get_parameters($valid_parameters);
@ -75,6 +75,18 @@ foreach ($action as $key => $value) {
$parameters[$key] = $value; $parameters[$key] = $value;
} }
// evaluate the JSON parameter
global $rest_evaluate_json_parameter;
if ($rest_evaluate_json_parameter) {
if (isset($_REQUEST['json'])) {
$json_data = json_decode($_REQUEST['json'], true);
if (!empty($json_data)) {
$json_parameters = civiproxy_get_parameters($valid_parameters, $json_data);
$parameters['json'] = json_encode($json_parameters);
}
}
}
// finally execute query // finally execute query
civiproxy_redirect($target_rest, $parameters); civiproxy_redirect($target_rest, $parameters);