From 9f1caed0525f28d265f497bf3c63ae1e37384ae1 Mon Sep 17 00:00:00 2001
From: systopia <endres@systopia.de>
Date: Wed, 28 Feb 2018 17:06:02 +0100
Subject: [PATCH] implementing #20

---
 proxy/config.php | 12 ++++++++++--
 proxy/proxy.php  | 17 ++++++++++++++---
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/proxy/config.php b/proxy/config.php
index cb1f740..6b6e9c6 100644
--- a/proxy/config.php
+++ b/proxy/config.php
@@ -19,7 +19,7 @@ $target_civicrm = 'https://your.civicrm.installation.org';
 
 
 /****************************************************************
- **                      DEFAULT PATHS                         **
+ **                FEATURES / DEFAULT PATHS                    **
  **                                                            **
  **          set to NULL to disable a feature                  **
  ****************************************************************/
@@ -32,6 +32,15 @@ $target_file      = $target_civicrm . '/sites/default/files/civicrm/persist/';
 $target_mosaico   = NULL; // (disabled by default): $target_civicrm . '/civicrm/mosaico/img?src=';
 $target_mail_view = $target_civicrm . '/civicrm/mailing/view';
 
+/****************************************************************
+ **                    GENERAL OPTIONS                         **
+ ****************************************************************/
+
+// if you enable this, the system will also try to
+// parse a parameter called 'json' as a JSON file
+// when looking for a certain parameter
+$evaluate_json_parameter = FALSE;
+
 // Set api-key for mail subscribe/unsubscribe user
 // Set to NULL/FALSE to disable the feature
 $mail_subscription_user_key = NULL;
@@ -102,4 +111,3 @@ $rest_allowed_actions = array(
     ),
   ),
 );
-
diff --git a/proxy/proxy.php b/proxy/proxy.php
index cd9f3e2..bcdce5c 100644
--- a/proxy/proxy.php
+++ b/proxy/proxy.php
@@ -167,6 +167,17 @@ function civiproxy_security_check($target, $quit=TRUE) {
  *                               where type can be 'int', 'string' (unchecked),
  */
 function civiproxy_get_parameters($valid_parameters) {
+  $request = $_REQUEST;
+
+  // explode civicrm's json parameter
+  global $evaluate_json_parameter;
+  if (!emtpy($evaluate_json_parameter) && isset($request['json'])) {
+    $json_data = json_decode($request['json']);
+    if (is_array($json_data)) {
+      $request = $request + $json_data;
+    }
+  }
+
   $result = array();
   $default_sanitation = NULL;
 
@@ -177,8 +188,8 @@ function civiproxy_get_parameters($valid_parameters) {
       continue;
     }
 
-    if (isset($_REQUEST[$name])) {
-      $result[$name] = civiproxy_sanitise($_REQUEST[$name], $type);
+    if (isset($request[$name])) {
+      $result[$name] = civiproxy_sanitise($request[$name], $type);
     }
   }
 
@@ -186,7 +197,7 @@ function civiproxy_get_parameters($valid_parameters) {
   if ($default_sanitation !== NULL) {
     // i.e. we want the others too
     $remove_parameters = array('key', 'api_key', 'version', 'entity', 'action');
-    foreach ($_REQUEST as $name => $value) {
+    foreach ($request as $name => $value) {
       if (!in_array($name, $remove_parameters) && !isset($valid_parameters[$name])) {
         $result[$name] = civiproxy_sanitise($value, $default_sanitation);
       }