From 9f1caed0525f28d265f497bf3c63ae1e37384ae1 Mon Sep 17 00:00:00 2001 From: systopia Date: Wed, 28 Feb 2018 17:06:02 +0100 Subject: [PATCH 1/5] implementing #20 --- proxy/config.php | 12 ++++++++++-- proxy/proxy.php | 17 ++++++++++++++--- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/proxy/config.php b/proxy/config.php index cb1f740..6b6e9c6 100644 --- a/proxy/config.php +++ b/proxy/config.php @@ -19,7 +19,7 @@ $target_civicrm = 'https://your.civicrm.installation.org'; /**************************************************************** - ** DEFAULT PATHS ** + ** FEATURES / DEFAULT PATHS ** ** ** ** set to NULL to disable a feature ** ****************************************************************/ @@ -32,6 +32,15 @@ $target_file = $target_civicrm . '/sites/default/files/civicrm/persist/'; $target_mosaico = NULL; // (disabled by default): $target_civicrm . '/civicrm/mosaico/img?src='; $target_mail_view = $target_civicrm . '/civicrm/mailing/view'; +/**************************************************************** + ** GENERAL OPTIONS ** + ****************************************************************/ + +// if you enable this, the system will also try to +// parse a parameter called 'json' as a JSON file +// when looking for a certain parameter +$evaluate_json_parameter = FALSE; + // Set api-key for mail subscribe/unsubscribe user // Set to NULL/FALSE to disable the feature $mail_subscription_user_key = NULL; @@ -102,4 +111,3 @@ $rest_allowed_actions = array( ), ), ); - diff --git a/proxy/proxy.php b/proxy/proxy.php index cd9f3e2..bcdce5c 100644 --- a/proxy/proxy.php +++ b/proxy/proxy.php @@ -167,6 +167,17 @@ function civiproxy_security_check($target, $quit=TRUE) { * where type can be 'int', 'string' (unchecked), */ function civiproxy_get_parameters($valid_parameters) { + $request = $_REQUEST; + + // explode civicrm's json parameter + global $evaluate_json_parameter; + if (!emtpy($evaluate_json_parameter) && isset($request['json'])) { + $json_data = json_decode($request['json']); + if (is_array($json_data)) { + $request = $request + $json_data; + } + } + $result = array(); $default_sanitation = NULL; @@ -177,8 +188,8 @@ function civiproxy_get_parameters($valid_parameters) { continue; } - if (isset($_REQUEST[$name])) { - $result[$name] = civiproxy_sanitise($_REQUEST[$name], $type); + if (isset($request[$name])) { + $result[$name] = civiproxy_sanitise($request[$name], $type); } } @@ -186,7 +197,7 @@ function civiproxy_get_parameters($valid_parameters) { if ($default_sanitation !== NULL) { // i.e. we want the others too $remove_parameters = array('key', 'api_key', 'version', 'entity', 'action'); - foreach ($_REQUEST as $name => $value) { + foreach ($request as $name => $value) { if (!in_array($name, $remove_parameters) && !isset($valid_parameters[$name])) { $result[$name] = civiproxy_sanitise($value, $default_sanitation); } From 2346076e723400f49f9c0450b22b27cb3e46d951 Mon Sep 17 00:00:00 2001 From: systopia Date: Thu, 1 Mar 2018 10:15:59 +0100 Subject: [PATCH 2/5] implementing #20 --- proxy/proxy.php | 25 ++++++++++++++----------- proxy/rest.php | 14 +++++++++++++- 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/proxy/proxy.php b/proxy/proxy.php index bcdce5c..244f167 100644 --- a/proxy/proxy.php +++ b/proxy/proxy.php @@ -8,7 +8,7 @@ +---------------------------------------------------------*/ require_once "config.php"; -$civiproxy_version = '0.5.beta1'; +$civiproxy_version = '0.5.beta1+dev20'; $civiproxy_logo = "SYSTOPIA Organisationsberatung"; /** @@ -165,17 +165,12 @@ function civiproxy_security_check($target, $quit=TRUE) { * * @param $valid_parameters array ' => '' * where type can be 'int', 'string' (unchecked), + * @param $request provides the request data to use, + * defaults to $_REQUEST */ -function civiproxy_get_parameters($valid_parameters) { - $request = $_REQUEST; - - // explode civicrm's json parameter - global $evaluate_json_parameter; - if (!emtpy($evaluate_json_parameter) && isset($request['json'])) { - $json_data = json_decode($request['json']); - if (is_array($json_data)) { - $request = $request + $json_data; - } +function civiproxy_get_parameters($valid_parameters, $request = NULL) { + if ($request === NULL) { + $request = $_REQUEST; } $result = array(); @@ -231,6 +226,14 @@ function civiproxy_sanitise($value, $type) { error_log("CiviProxy: removed invalid email parameter: " . $value); $value = ''; } + } elseif ($type == 'json') { + // valid json + $json_data = json_decode($value); + if ($json_data === NULL) { + $value = ''; + } else { + $value = json_encode($value); + } } elseif (is_array($type)) { // this is a list of valid options $requested_value = $value; diff --git a/proxy/rest.php b/proxy/rest.php index d97efb7..4018a6e 100644 --- a/proxy/rest.php +++ b/proxy/rest.php @@ -64,7 +64,7 @@ if (isset($rest_allowed_actions['all'])) { } else { civiproxy_rest_error("Invalid entity/action."); } -} +} // extract parameters and add credentials and action data $parameters = civiproxy_get_parameters($valid_parameters); @@ -75,6 +75,18 @@ foreach ($action as $key => $value) { $parameters[$key] = $value; } +// evaluate the JSON parameter +global $evaluate_json_parameter; +if ($evaluate_json_parameter) { + if (isset($_REQUEST['json'])) { + $json_data = json_decode($_REQUEST['json']); + if (!empty($json_data)) { + $json_parameters = civiproxy_get_parameters($valid_parameters, $json_data); + $parameters['json'] = json_encode($json_parameters); + } + } +} + // finally execute query civiproxy_redirect($target_rest, $parameters); From e4a99279198e3bdca16346b4144c9274bd089264 Mon Sep 17 00:00:00 2001 From: systopia Date: Thu, 1 Mar 2018 10:18:49 +0100 Subject: [PATCH 3/5] released 0.5 --- de.systopia.civiproxy/info.xml | 6 +++--- proxy/proxy.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/de.systopia.civiproxy/info.xml b/de.systopia.civiproxy/info.xml index c1d3f79..781ff38 100644 --- a/de.systopia.civiproxy/info.xml +++ b/de.systopia.civiproxy/info.xml @@ -8,9 +8,9 @@ B. Endres endres@systopia.de - 2017-12-11 - 0.5.beta1 - beta + 2018-03-01 + 0.5 + stable 4.4 4.6 diff --git a/proxy/proxy.php b/proxy/proxy.php index cd9f3e2..fc954e9 100644 --- a/proxy/proxy.php +++ b/proxy/proxy.php @@ -8,7 +8,7 @@ +---------------------------------------------------------*/ require_once "config.php"; -$civiproxy_version = '0.5.beta1'; +$civiproxy_version = '0.5'; $civiproxy_logo = "SYSTOPIA Organisationsberatung"; /** From a23f0cfb05ef3e8ba151862e9ca62c9c2c9255ea Mon Sep 17 00:00:00 2001 From: systopia Date: Thu, 1 Mar 2018 11:08:44 +0100 Subject: [PATCH 4/5] implementing #20 --- proxy/config.php | 14 ++++++++++---- proxy/proxy.php | 10 +++++++--- proxy/rest.php | 6 +++--- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/proxy/config.php b/proxy/config.php index 6b6e9c6..0423a9d 100644 --- a/proxy/config.php +++ b/proxy/config.php @@ -36,10 +36,10 @@ $target_mail_view = $target_civicrm . '/civicrm/mailing/view'; ** GENERAL OPTIONS ** ****************************************************************/ -// if you enable this, the system will also try to -// parse a parameter called 'json' as a JSON file -// when looking for a certain parameter -$evaluate_json_parameter = FALSE; +// This logo is shown if the proxy server is address with a web browser +// add your own logo here +$civiproxy_logo = "SYSTOPIA Organisationsberatung"; + // Set api-key for mail subscribe/unsubscribe user // Set to NULL/FALSE to disable the feature @@ -86,6 +86,12 @@ $file_cache_include = array( /**************************************************************** ** REST API OPTIONS ** ****************************************************************/ + +// if you enable this, the system will also try to +// parse the 'json' parameter, which holds additional +// input data according to the CiviCRM REST API specs +$rest_evaluate_json_parameter = FALSE; + // whitelisting is done per IP address ($_SERVER['REMOTE_ADDR']) with a 'all' for the generic stuff that applies to all IP addresses // - if a request comes in and the IP is not a key in the array, the whitelisted in 'all' are used // - if a request comes in and the IP is indeed a key in the array, the whitelisted in the IP are checked first. If nothing is diff --git a/proxy/proxy.php b/proxy/proxy.php index 244f167..20168c7 100644 --- a/proxy/proxy.php +++ b/proxy/proxy.php @@ -8,8 +8,7 @@ +---------------------------------------------------------*/ require_once "config.php"; -$civiproxy_version = '0.5.beta1+dev20'; -$civiproxy_logo = "SYSTOPIA Organisationsberatung"; +$civiproxy_version = '0.6.dev1'; /** * this will redirect the request to another URL, @@ -228,12 +227,17 @@ function civiproxy_sanitise($value, $type) { } } elseif ($type == 'json') { // valid json - $json_data = json_decode($value); + $json_data = json_decode($value, true); if ($json_data === NULL) { $value = ''; } else { $value = json_encode($value); } + } elseif ($type == 'array') { + // this should only happen _inside_ the json field + if (!is_array($value)) { + $value = ''; + } } elseif (is_array($type)) { // this is a list of valid options $requested_value = $value; diff --git a/proxy/rest.php b/proxy/rest.php index 4018a6e..a8848d4 100644 --- a/proxy/rest.php +++ b/proxy/rest.php @@ -76,10 +76,10 @@ foreach ($action as $key => $value) { } // evaluate the JSON parameter -global $evaluate_json_parameter; -if ($evaluate_json_parameter) { +global $rest_evaluate_json_parameter; +if ($rest_evaluate_json_parameter) { if (isset($_REQUEST['json'])) { - $json_data = json_decode($_REQUEST['json']); + $json_data = json_decode($_REQUEST['json'], true); if (!empty($json_data)) { $json_parameters = civiproxy_get_parameters($valid_parameters, $json_data); $parameters['json'] = json_encode($json_parameters); From d846c1d9fff943625e79fb3b35dfcb801d7104f3 Mon Sep 17 00:00:00 2001 From: systopia Date: Thu, 1 Mar 2018 11:12:11 +0100 Subject: [PATCH 5/5] implemented #22 --- proxy/file.php | 2 +- proxy/mosaico.php | 2 +- proxy/proxy.php | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/proxy/file.php b/proxy/file.php index 36684dd..768072f 100644 --- a/proxy/file.php +++ b/proxy/file.php @@ -76,7 +76,7 @@ curl_setopt($curlSession, CURLOPT_URL, $url); curl_setopt($curlSession, CURLOPT_HEADER, 1); curl_setopt($curlSession, CURLOPT_RETURNTRANSFER,1); curl_setopt($curlSession, CURLOPT_TIMEOUT, 30); -curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 1); +curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 2); if (!empty($target_interface)) { curl_setopt($curlSession, CURLOPT_INTERFACE, $target_interface); } diff --git a/proxy/mosaico.php b/proxy/mosaico.php index 91ad5fe..34e7dc6 100644 --- a/proxy/mosaico.php +++ b/proxy/mosaico.php @@ -75,7 +75,7 @@ curl_setopt($curlSession, CURLOPT_URL, $url); curl_setopt($curlSession, CURLOPT_HEADER, 1); curl_setopt($curlSession, CURLOPT_RETURNTRANSFER,1); curl_setopt($curlSession, CURLOPT_TIMEOUT, 30); -curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 1); +curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 2); if (!empty($target_interface)) { curl_setopt($curlSession, CURLOPT_INTERFACE, $target_interface); } diff --git a/proxy/proxy.php b/proxy/proxy.php index 20168c7..65382bd 100644 --- a/proxy/proxy.php +++ b/proxy/proxy.php @@ -48,7 +48,7 @@ function civiproxy_redirect($url_requested, $parameters) { curl_setopt($curlSession, CURLOPT_HEADER, 1); curl_setopt($curlSession, CURLOPT_RETURNTRANSFER,1); curl_setopt($curlSession, CURLOPT_TIMEOUT, 30); - curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 1); + curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 2); if (!empty($target_interface)) { curl_setopt($curlSession, CURLOPT_INTERFACE, $target_interface); } @@ -300,7 +300,7 @@ function civicrm_api3($entity, $action, $data) { curl_setopt($curlSession, CURLOPT_INTERFACE, $target_interface); } // curl_setopt($curlSession, CURLOPT_SSL_VERIFYPEER, 1); - curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 1); + curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 2); if (file_exists(dirname(__FILE__).'/target.pem')) { curl_setopt($curlSession, CURLOPT_CAINFO, dirname(__FILE__).'/target.pem'); }