marc
/
CiviProxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

implementing #16

This commit is contained in:
systopia 2017-07-31 16:32:58 +02:00
parent 053c3f5fb9
commit 3c825a8f55
3 changed files with 82 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
proxy/config.php
View File

@ -91,6 +91,10 @@ $rest_allowed_actions = array(
'getsingle' => array( 'getsingle' => array(
'first_name' => 'string', 'first_name' => 'string',
'last_name' => 'string', 'last_name' => 'string',
// the following means *all* remaining parameters will be
// added and sanitised as 'string'. Better leave it out
// if you know which parameters you expect
'*' => 'string',
), ),
), ),
), ),

36
proxy/proxy.php
View File

@ -152,10 +152,38 @@ function civiproxy_security_check($target, $quit=TRUE) {
*/ */
function civiproxy_get_parameters($valid_parameters) { function civiproxy_get_parameters($valid_parameters) {
$result = array(); $result = array();
$default_sanitation = NULL;
foreach ($valid_parameters as $name => $type) { foreach ($valid_parameters as $name => $type) {
if ($name == '*') {
// this sets default_sanitation
$default_sanitation = $type;
continue;
}
if (isset($_REQUEST[$name])) { if (isset($_REQUEST[$name])) {
$value = $_REQUEST[$name]; $result[$name] = civiproxy_sanitise($_REQUEST[$name], $type);
}
}
// process wildcard elements
if ($default_sanitation !== NULL) {
// i.e. we want the others too
$remove_parameters = array('key', 'api_key', 'version', 'entity', 'action');
foreach ($_REQUEST as $name => $value) {
if (!in_array($name, $remove_parameters) && !isset($valid_parameters[$name])) {
$result[$name] = civiproxy_sanitise($value, $default_sanitation);
}
}
}
return $result;
}
/**
* sanitise the given value with the given sanitiation type
*/
function civiproxy_sanitise($value, $type) {
if ($type=='int') { if ($type=='int') {
$value = (int) $value; $value = (int) $value;
} elseif ($type == 'string') { } elseif ($type == 'string') {
@ -190,13 +218,9 @@ function civiproxy_get_parameters($valid_parameters) {
error_log("CiviProxy: unknown type '$type'. Ignored."); error_log("CiviProxy: unknown type '$type'. Ignored.");
$value = ''; $value = '';
} }
$result[$name] = $value;
}
}
return $result;
} }
/** /**
* generates a CiviCRM REST API compliant error * generates a CiviCRM REST API compliant error
* and ends processing * and ends processing

2
proxy/rest.php
View File

@ -44,7 +44,7 @@ if (empty($credentials['api_key'])) {
// check if the call itself is allowed // check if the call itself is allowed
$action = civiproxy_get_parameters(array('entity' => 'string', 'action' => 'string', 'version' => 'int', 'json' => 'int', 'sequential' => 'int')); $action = civiproxy_get_parameters(array('entity' => 'string', 'action' => 'string', 'version' => 'int', 'json' => 'int', 'sequential' => 'int'));
if (!isset($action['version']) || $action['version'] != 3) { if (!isset($action['version']) || $action['version'] != 3) {
civiproxy_rest_error("Invalid entity/action."); civiproxy_rest_error("API 'version' information missing.");
} }
// in release 0.4, allowed entity/actions per IP were introduced. To introduce backward compatibility, // in release 0.4, allowed entity/actions per IP were introduced. To introduce backward compatibility,