diff --git a/proxy/proxy.php b/proxy/proxy.php index bcdce5c..244f167 100644 --- a/proxy/proxy.php +++ b/proxy/proxy.php @@ -8,7 +8,7 @@ +---------------------------------------------------------*/ require_once "config.php"; -$civiproxy_version = '0.5.beta1'; +$civiproxy_version = '0.5.beta1+dev20'; $civiproxy_logo = "SYSTOPIA Organisationsberatung"; /** @@ -165,17 +165,12 @@ function civiproxy_security_check($target, $quit=TRUE) { * * @param $valid_parameters array ' => '' * where type can be 'int', 'string' (unchecked), + * @param $request provides the request data to use, + * defaults to $_REQUEST */ -function civiproxy_get_parameters($valid_parameters) { - $request = $_REQUEST; - - // explode civicrm's json parameter - global $evaluate_json_parameter; - if (!emtpy($evaluate_json_parameter) && isset($request['json'])) { - $json_data = json_decode($request['json']); - if (is_array($json_data)) { - $request = $request + $json_data; - } +function civiproxy_get_parameters($valid_parameters, $request = NULL) { + if ($request === NULL) { + $request = $_REQUEST; } $result = array(); @@ -231,6 +226,14 @@ function civiproxy_sanitise($value, $type) { error_log("CiviProxy: removed invalid email parameter: " . $value); $value = ''; } + } elseif ($type == 'json') { + // valid json + $json_data = json_decode($value); + if ($json_data === NULL) { + $value = ''; + } else { + $value = json_encode($value); + } } elseif (is_array($type)) { // this is a list of valid options $requested_value = $value; diff --git a/proxy/rest.php b/proxy/rest.php index d97efb7..4018a6e 100644 --- a/proxy/rest.php +++ b/proxy/rest.php @@ -64,7 +64,7 @@ if (isset($rest_allowed_actions['all'])) { } else { civiproxy_rest_error("Invalid entity/action."); } -} +} // extract parameters and add credentials and action data $parameters = civiproxy_get_parameters($valid_parameters); @@ -75,6 +75,18 @@ foreach ($action as $key => $value) { $parameters[$key] = $value; } +// evaluate the JSON parameter +global $evaluate_json_parameter; +if ($evaluate_json_parameter) { + if (isset($_REQUEST['json'])) { + $json_data = json_decode($_REQUEST['json']); + if (!empty($json_data)) { + $json_parameters = civiproxy_get_parameters($valid_parameters, $json_data); + $parameters['json'] = json_encode($json_parameters); + } + } +} + // finally execute query civiproxy_redirect($target_rest, $parameters);