diff --git a/de.systopia.civiproxy/info.xml b/de.systopia.civiproxy/info.xml index c1d3f79..781ff38 100644 --- a/de.systopia.civiproxy/info.xml +++ b/de.systopia.civiproxy/info.xml @@ -8,9 +8,9 @@ B. Endres endres@systopia.de - 2017-12-11 - 0.5.beta1 - beta + 2018-03-01 + 0.5 + stable 4.4 4.6 diff --git a/proxy/config.php b/proxy/config.php index 8ef7c30..ea0e4f8 100644 --- a/proxy/config.php +++ b/proxy/config.php @@ -19,7 +19,7 @@ $target_civicrm = 'https://your.civicrm.installation.org'; /**************************************************************** - ** DEFAULT PATHS ** + ** FEATURES / DEFAULT PATHS ** ** ** ** set to NULL to disable a feature ** ****************************************************************/ @@ -32,6 +32,15 @@ $target_file = $target_civicrm . '/sites/default/files/civicrm/persist/'; $target_mosaico = NULL; // (disabled by default): $target_civicrm . '/civicrm/mosaico/img?src='; $target_mail_view = $target_civicrm . '/civicrm/mailing/view'; +/**************************************************************** + ** GENERAL OPTIONS ** + ****************************************************************/ + +// This logo is shown if the proxy server is address with a web browser +// add your own logo here +$civiproxy_logo = "SYSTOPIA Organisationsberatung"; + + // Set api-key for mail subscribe/unsubscribe user // Set to NULL/FALSE to disable the feature $mail_subscription_user_key = NULL; @@ -77,6 +86,12 @@ $file_cache_include = array( /**************************************************************** ** REST API OPTIONS ** ****************************************************************/ + +// if you enable this, the system will also try to +// parse the 'json' parameter, which holds additional +// input data according to the CiviCRM REST API specs +$rest_evaluate_json_parameter = FALSE; + // whitelisting is done per IP address ($_SERVER['REMOTE_ADDR']) with a 'all' for the generic stuff that applies to all IP addresses // - if a request comes in and the IP is not a key in the array, the whitelisted in 'all' are used // - if a request comes in and the IP is indeed a key in the array, the whitelisted in the IP are checked first. If nothing is diff --git a/proxy/file.php b/proxy/file.php index 36684dd..768072f 100644 --- a/proxy/file.php +++ b/proxy/file.php @@ -76,7 +76,7 @@ curl_setopt($curlSession, CURLOPT_URL, $url); curl_setopt($curlSession, CURLOPT_HEADER, 1); curl_setopt($curlSession, CURLOPT_RETURNTRANSFER,1); curl_setopt($curlSession, CURLOPT_TIMEOUT, 30); -curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 1); +curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 2); if (!empty($target_interface)) { curl_setopt($curlSession, CURLOPT_INTERFACE, $target_interface); } diff --git a/proxy/mosaico.php b/proxy/mosaico.php index 91ad5fe..34e7dc6 100644 --- a/proxy/mosaico.php +++ b/proxy/mosaico.php @@ -75,7 +75,7 @@ curl_setopt($curlSession, CURLOPT_URL, $url); curl_setopt($curlSession, CURLOPT_HEADER, 1); curl_setopt($curlSession, CURLOPT_RETURNTRANSFER,1); curl_setopt($curlSession, CURLOPT_TIMEOUT, 30); -curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 1); +curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 2); if (!empty($target_interface)) { curl_setopt($curlSession, CURLOPT_INTERFACE, $target_interface); } diff --git a/proxy/proxy.php b/proxy/proxy.php index cd9f3e2..65382bd 100644 --- a/proxy/proxy.php +++ b/proxy/proxy.php @@ -8,8 +8,7 @@ +---------------------------------------------------------*/ require_once "config.php"; -$civiproxy_version = '0.5.beta1'; -$civiproxy_logo = "SYSTOPIA Organisationsberatung"; +$civiproxy_version = '0.6.dev1'; /** * this will redirect the request to another URL, @@ -49,7 +48,7 @@ function civiproxy_redirect($url_requested, $parameters) { curl_setopt($curlSession, CURLOPT_HEADER, 1); curl_setopt($curlSession, CURLOPT_RETURNTRANSFER,1); curl_setopt($curlSession, CURLOPT_TIMEOUT, 30); - curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 1); + curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 2); if (!empty($target_interface)) { curl_setopt($curlSession, CURLOPT_INTERFACE, $target_interface); } @@ -165,8 +164,14 @@ function civiproxy_security_check($target, $quit=TRUE) { * * @param $valid_parameters array ' => '' * where type can be 'int', 'string' (unchecked), + * @param $request provides the request data to use, + * defaults to $_REQUEST */ -function civiproxy_get_parameters($valid_parameters) { +function civiproxy_get_parameters($valid_parameters, $request = NULL) { + if ($request === NULL) { + $request = $_REQUEST; + } + $result = array(); $default_sanitation = NULL; @@ -177,8 +182,8 @@ function civiproxy_get_parameters($valid_parameters) { continue; } - if (isset($_REQUEST[$name])) { - $result[$name] = civiproxy_sanitise($_REQUEST[$name], $type); + if (isset($request[$name])) { + $result[$name] = civiproxy_sanitise($request[$name], $type); } } @@ -186,7 +191,7 @@ function civiproxy_get_parameters($valid_parameters) { if ($default_sanitation !== NULL) { // i.e. we want the others too $remove_parameters = array('key', 'api_key', 'version', 'entity', 'action'); - foreach ($_REQUEST as $name => $value) { + foreach ($request as $name => $value) { if (!in_array($name, $remove_parameters) && !isset($valid_parameters[$name])) { $result[$name] = civiproxy_sanitise($value, $default_sanitation); } @@ -220,6 +225,19 @@ function civiproxy_sanitise($value, $type) { error_log("CiviProxy: removed invalid email parameter: " . $value); $value = ''; } + } elseif ($type == 'json') { + // valid json + $json_data = json_decode($value, true); + if ($json_data === NULL) { + $value = ''; + } else { + $value = json_encode($value); + } + } elseif ($type == 'array') { + // this should only happen _inside_ the json field + if (!is_array($value)) { + $value = ''; + } } elseif (is_array($type)) { // this is a list of valid options $requested_value = $value; @@ -282,7 +300,7 @@ function civicrm_api3($entity, $action, $data) { curl_setopt($curlSession, CURLOPT_INTERFACE, $target_interface); } // curl_setopt($curlSession, CURLOPT_SSL_VERIFYPEER, 1); - curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 1); + curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 2); if (file_exists(dirname(__FILE__).'/target.pem')) { curl_setopt($curlSession, CURLOPT_CAINFO, dirname(__FILE__).'/target.pem'); } diff --git a/proxy/rest.php b/proxy/rest.php index d97efb7..a8848d4 100644 --- a/proxy/rest.php +++ b/proxy/rest.php @@ -64,7 +64,7 @@ if (isset($rest_allowed_actions['all'])) { } else { civiproxy_rest_error("Invalid entity/action."); } -} +} // extract parameters and add credentials and action data $parameters = civiproxy_get_parameters($valid_parameters); @@ -75,6 +75,18 @@ foreach ($action as $key => $value) { $parameters[$key] = $value; } +// evaluate the JSON parameter +global $rest_evaluate_json_parameter; +if ($rest_evaluate_json_parameter) { + if (isset($_REQUEST['json'])) { + $json_data = json_decode($_REQUEST['json'], true); + if (!empty($json_data)) { + $json_parameters = civiproxy_get_parameters($valid_parameters, $json_data); + $parameters['json'] = json_encode($json_parameters); + } + } +} + // finally execute query civiproxy_redirect($target_rest, $parameters);