Issues in json.php (master) - Issues in master - EGroupware/egroupware - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4868)

json.php (2 issues)

Labels

Best Practice 2

Severity

Major 2

<?php
/**
 * EGroupware - general JSON handler for EGroupware
 *
 * @link http://www.egroupware.org
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @package api
 * @subpackage ajax
 * @author Andreas Stoeckel <[email protected]>
 */

use EGroupware\Api;
use EGroupware\Api\Egw;
use EGroupware\Api\Json;

/**
 * callback if the session-check fails, redirects to login.php, if no valid basic auth credentials given
 *
 * @param array &$anon_account anon account_info with keys 'login', 'passwd' and optional 'passwd_type'
 * @return boolean|string true if we allow anon access and anon_account is set, a sessionid or false otherwise
 */
function login_redirect(&$anon_account)
{
	// allow to make json calls via basic auth
	if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW']) &&
		($session_id = Api\Header\Authenticate::autocreate_session_callback($anon_account)))
	{
		return $session_id;
	}
	Json\Request::isJSONRequest(true);	// because Api\Json\Request::parseRequest() is not (yet) called
	$response = Json\Response::get();
	$response->apply('framework.callOnLogout');
	$response->redirect($GLOBALS['egw_info']['server']['webserver_url'].'/login.php?cd=10', true);

	exit();

}

/**
 * Exception handler for xajax, return the message (and trace, if enabled) as alert() to the user
 *
 * Does NOT return!
 *
 * @param Exception|Error $e
 */
function ajax_exception_handler($e)
{
	// handle redirects without logging
	if (is_a($e, 'EGroupware\\Api\\Exception\\Redirect'))
	{
		Egw::redirect($e->url, $e->app);
	}
	// logging all exceptions to the error_log
	$message = null;
	if (function_exists('_egw_log_exception'))
	{
		_egw_log_exception($e,$message);
	}
	$response = Json\Response::get();
	$message .= ($message ? "\n\n" : '').$e->getMessage();

	// only show trace (incl. function arguments) if explicitly enabled, eg. on a development system
	if ($GLOBALS['egw_info']['server']['exception_show_trace'])
	{
		$message .= "\n\n".$e->getTraceAsString();
	}
	$response->alert($message);

	exit;

}

// set our own exception handler, to not get the html from eGW's default one
set_exception_handler('ajax_exception_handler');

try {
	if (!isset($_GET['menuaction']))
	{
		throw new InvalidArgumentException('Missing menuaction GET parameter', 998);
	}
	if (strpos($_GET['menuaction'],'::') !== false && strpos($_GET['menuaction'],'.') === false)	// static method name app_something::method
	{
		@list($className,$functionName,$handler) = explode('::',$_GET['menuaction']);

		if (substr($className, 0, 11) == 'EGroupware\\')
		{
			list(,$appName) = explode('\\', strtolower($className));
		}
		else
		{
			list($appName) = explode('_',$className);
		}
	}
	else
	{
		@list($appName, $className, $functionName, $handler) = explode('.',$_GET['menuaction']);
	}
	//error_log("json.php: appName=$appName, className=$className, functionName=$functionName, handler=$handler");

	$GLOBALS['egw_info'] = array(
		'flags' => array(
			'currentapp'			=> $appName,
			'noheader'		=> True,
			'disable_Template_class'	=> True,
			'autocreate_session_callback' => 'login_redirect',
			'no_exception_handler' => true,	// we already installed our own
			// only log ajax requests which represent former GET requests or submits
			// cuts down updates to egw_access_log table
			'no_dla_update' => !preg_match('/(Etemplate::ajax_process_content|\.jdots_framework\.ajax_exec\.template)/', $_GET['menuaction']),
		)
	);
	include_once('./header.inc.php');


	//Create a new json handler
	$json = new Json\Request();

	//Check whether the request data is set
	if (isset($GLOBALS['egw_unset_vars']['_POST[json_data]']))
	{
		$json->isJSONRequest(true);	// otherwise exception is not send back to client, as we have not yet called parseRequest()
		throw new Json\Exception\ScriptTags("JSON Data contains script tags. Aborting...");
	}
	// check if we have a real json request
	if (strpos($_SERVER['CONTENT_TYPE'], 'application/json') === 0)
	{
		$json->parseRequest($_GET['menuaction'], file_get_contents('php://input'));
	}
	else
	{
		$json->parseRequest($_GET['menuaction'], $_REQUEST['json_data']);
	}
	Json\Response::get();
	exit();
}
// missing menuaction GET parameter or request:parameters object or unparsable JSON
catch (\InvalidArgumentException $e) {
	if (isset($json)) $json->isJSONRequest(false);	// no regular json request processing

	// give a proper HTTP status 400 Bad Request with some JSON payload explaining the problem
	http_response_code(400);
	header('Content-Type: application/json');
	echo json_encode(array('error' => $e->getMessage(), 'errno' => $e->getCode()));
}
// other exceptions are handled by our ajax_exception_handler sending them back as alerts to client-side

1			<?php
2			/**
3			* EGroupware - general JSON handler for EGroupware
4			*
5			* @link http://www.egroupware.org
6			* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
7			* @package api
8			* @subpackage ajax
9			* @author Andreas Stoeckel <[email protected]>
10			*/
11
12			use EGroupware\Api;
13			use EGroupware\Api\Egw;
14			use EGroupware\Api\Json;
15
16			/**
17			* callback if the session-check fails, redirects to login.php, if no valid basic auth credentials given
18			*
19			* @param array &$anon_account anon account_info with keys 'login', 'passwd' and optional 'passwd_type'
20			* @return boolean\|string true if we allow anon access and anon_account is set, a sessionid or false otherwise
21			*/
22			function login_redirect(&$anon_account)
23			{
24			// allow to make json calls via basic auth
25			if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW']) &&
26			($session_id = Api\Header\Authenticate::autocreate_session_callback($anon_account)))
27			{
28			return $session_id;
29			}
30			Json\Request::isJSONRequest(true); // because Api\Json\Request::parseRequest() is not (yet) called
31			$response = Json\Response::get();
32			$response->apply('framework.callOnLogout');
33			$response->redirect($GLOBALS['egw_info']['server']['webserver_url'].'/login.php?cd=10', true);
34
35			exit();
			0 ignored issues – show Best Practice introduced 2019-02-28 11:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
36			}
37
38			/**
39			* Exception handler for xajax, return the message (and trace, if enabled) as alert() to the user
40			*
41			* Does NOT return!
42			*
43			* @param Exception\|Error $e
44			*/
45			function ajax_exception_handler($e)
46			{
47			// handle redirects without logging
48			if (is_a($e, 'EGroupware\\Api\\Exception\\Redirect'))
49			{
50			Egw::redirect($e->url, $e->app);
51			}
52			// logging all exceptions to the error_log
53			$message = null;
54			if (function_exists('_egw_log_exception'))
55			{
56			_egw_log_exception($e,$message);
57			}
58			$response = Json\Response::get();
59			$message .= ($message ? "\n\n" : '').$e->getMessage();
60
61			// only show trace (incl. function arguments) if explicitly enabled, eg. on a development system
62			if ($GLOBALS['egw_info']['server']['exception_show_trace'])
63			{
64			$message .= "\n\n".$e->getTraceAsString();
65			}
66			$response->alert($message);
67
68			exit;
			0 ignored issues – show Best Practice introduced 2019-02-28 11:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
69			}
70
71			// set our own exception handler, to not get the html from eGW's default one
72			set_exception_handler('ajax_exception_handler');
73
74			try {
75			if (!isset($_GET['menuaction']))
76			{
77			throw new InvalidArgumentException('Missing menuaction GET parameter', 998);
78			}
79			if (strpos($_GET['menuaction'],'::') !== false && strpos($_GET['menuaction'],'.') === false) // static method name app_something::method
80			{
81			@list($className,$functionName,$handler) = explode('::',$_GET['menuaction']);
82
83			if (substr($className, 0, 11) == 'EGroupware\\')
84			{
85			list(,$appName) = explode('\\', strtolower($className));
86			}
87			else
88			{
89			list($appName) = explode('_',$className);
90			}
91			}
92			else
93			{
94			@list($appName, $className, $functionName, $handler) = explode('.',$_GET['menuaction']);
95			}
96			//error_log("json.php: appName=$appName, className=$className, functionName=$functionName, handler=$handler");
97
98			$GLOBALS['egw_info'] = array(
99			'flags' => array(
100			'currentapp' => $appName,
101			'noheader' => True,
102			'disable_Template_class' => True,
103			'autocreate_session_callback' => 'login_redirect',
104			'no_exception_handler' => true, // we already installed our own
105			// only log ajax requests which represent former GET requests or submits
106			// cuts down updates to egw_access_log table
107			'no_dla_update' => !preg_match('/(Etemplate::ajax_process_content\|\.jdots_framework\.ajax_exec\.template)/', $_GET['menuaction']),
108			)
109			);
110			include_once('./header.inc.php');
111
112
113			//Create a new json handler
114			$json = new Json\Request();
115
116			//Check whether the request data is set
117			if (isset($GLOBALS['egw_unset_vars']['_POST[json_data]']))
118			{
119			$json->isJSONRequest(true); // otherwise exception is not send back to client, as we have not yet called parseRequest()
120			throw new Json\Exception\ScriptTags("JSON Data contains script tags. Aborting...");
121			}
122			// check if we have a real json request
123			if (strpos($_SERVER['CONTENT_TYPE'], 'application/json') === 0)
124			{
125			$json->parseRequest($_GET['menuaction'], file_get_contents('php://input'));
126			}
127			else
128			{
129			$json->parseRequest($_GET['menuaction'], $_REQUEST['json_data']);
130			}
131			Json\Response::get();
132			exit();
133			}
134			// missing menuaction GET parameter or request:parameters object or unparsable JSON
135			catch (\InvalidArgumentException $e) {
136			if (isset($json)) $json->isJSONRequest(false); // no regular json request processing
137
138			// give a proper HTTP status 400 Bad Request with some JSON payload explaining the problem
139			http_response_code(400);
140			header('Content-Type: application/json');
141			echo json_encode(array('error' => $e->getMessage(), 'errno' => $e->getCode()));
142			}
143			// other exceptions are handled by our ajax_exception_handler sending them back as alerts to client-side

EGroupware / egroupware

Issues (4868)

json.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like