marc
/
CiviProxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

implementing #20

This commit is contained in:
systopia 2018-02-28 17:06:02 +01:00
parent 9e9bae4015
commit 9f1caed052
2 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
proxy/config.php
View File

@ -19,7 +19,7 @@ $target_civicrm = 'https://your.civicrm.installation.org';
/**************************************************************** /****************************************************************
** DEFAULT PATHS ** ** FEATURES / DEFAULT PATHS **
** ** ** **
** set to NULL to disable a feature ** ** set to NULL to disable a feature **
****************************************************************/ ****************************************************************/
@ -32,6 +32,15 @@ $target_file = $target_civicrm . '/sites/default/files/civicrm/persist/';
$target_mosaico = NULL; // (disabled by default): $target_civicrm . '/civicrm/mosaico/img?src='; $target_mosaico = NULL; // (disabled by default): $target_civicrm . '/civicrm/mosaico/img?src=';
$target_mail_view = $target_civicrm . '/civicrm/mailing/view'; $target_mail_view = $target_civicrm . '/civicrm/mailing/view';
/****************************************************************
** GENERAL OPTIONS **
****************************************************************/
// if you enable this, the system will also try to
// parse a parameter called 'json' as a JSON file
// when looking for a certain parameter
$evaluate_json_parameter = FALSE;
// Set api-key for mail subscribe/unsubscribe user // Set api-key for mail subscribe/unsubscribe user
// Set to NULL/FALSE to disable the feature // Set to NULL/FALSE to disable the feature
$mail_subscription_user_key = NULL; $mail_subscription_user_key = NULL;
@ -102,4 +111,3 @@ $rest_allowed_actions = array(
), ),
), ),
); );

17
proxy/proxy.php
View File

@ -167,6 +167,17 @@ function civiproxy_security_check($target, $quit=TRUE) {
* where type can be 'int', 'string' (unchecked), * where type can be 'int', 'string' (unchecked),
*/ */
function civiproxy_get_parameters($valid_parameters) { function civiproxy_get_parameters($valid_parameters) {
$request = $_REQUEST;
// explode civicrm's json parameter
global $evaluate_json_parameter;
if (!emtpy($evaluate_json_parameter) && isset($request['json'])) {
$json_data = json_decode($request['json']);
if (is_array($json_data)) {
$request = $request + $json_data;
}
}
$result = array(); $result = array();
$default_sanitation = NULL; $default_sanitation = NULL;
@ -177,8 +188,8 @@ function civiproxy_get_parameters($valid_parameters) {
continue; continue;
} }
if (isset($_REQUEST[$name])) { if (isset($request[$name])) {
$result[$name] = civiproxy_sanitise($_REQUEST[$name], $type); $result[$name] = civiproxy_sanitise($request[$name], $type);
} }
} }
@ -186,7 +197,7 @@ function civiproxy_get_parameters($valid_parameters) {
if ($default_sanitation !== NULL) { if ($default_sanitation !== NULL) {
// i.e. we want the others too // i.e. we want the others too
$remove_parameters = array('key', 'api_key', 'version', 'entity', 'action'); $remove_parameters = array('key', 'api_key', 'version', 'entity', 'action');
foreach ($_REQUEST as $name => $value) { foreach ($request as $name => $value) {
if (!in_array($name, $remove_parameters) && !isset($valid_parameters[$name])) { if (!in_array($name, $remove_parameters) && !isset($valid_parameters[$name])) {
$result[$name] = civiproxy_sanitise($value, $default_sanitation); $result[$name] = civiproxy_sanitise($value, $default_sanitation);
} }