|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* EGroupware - general JSON handler for EGroupware |
|
4
|
|
|
* |
|
5
|
|
|
* @link http://www.egroupware.org |
|
6
|
|
|
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License |
|
7
|
|
|
* @package api |
|
8
|
|
|
* @subpackage ajax |
|
9
|
|
|
* @author Andreas Stoeckel <[email protected]> |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
use EGroupware\Api; |
|
13
|
|
|
use EGroupware\Api\Egw; |
|
14
|
|
|
use EGroupware\Api\Json; |
|
15
|
|
|
|
|
16
|
|
|
/** |
|
17
|
|
|
* callback if the session-check fails, redirects to login.php, if no valid basic auth credentials given |
|
18
|
|
|
* |
|
19
|
|
|
* @param array &$anon_account anon account_info with keys 'login', 'passwd' and optional 'passwd_type' |
|
20
|
|
|
* @return boolean|string true if we allow anon access and anon_account is set, a sessionid or false otherwise |
|
21
|
|
|
*/ |
|
22
|
|
|
function login_redirect(&$anon_account) |
|
23
|
|
|
{ |
|
24
|
|
|
// allow to make json calls via basic auth |
|
25
|
|
|
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW']) && |
|
26
|
|
|
($session_id = Api\Header\Authenticate::autocreate_session_callback($anon_account))) |
|
27
|
|
|
{ |
|
28
|
|
|
return $session_id; |
|
29
|
|
|
} |
|
30
|
|
|
Json\Request::isJSONRequest(true); // because Api\Json\Request::parseRequest() is not (yet) called |
|
31
|
|
|
$response = Json\Response::get(); |
|
32
|
|
|
$response->apply('framework.callOnLogout'); |
|
33
|
|
|
$response->redirect($GLOBALS['egw_info']['server']['webserver_url'].'/login.php?cd=10', true); |
|
34
|
|
|
|
|
35
|
|
|
exit(); |
|
|
|
|
|
|
36
|
|
|
} |
|
37
|
|
|
|
|
38
|
|
|
/** |
|
39
|
|
|
* Exception handler for xajax, return the message (and trace, if enabled) as alert() to the user |
|
40
|
|
|
* |
|
41
|
|
|
* Does NOT return! |
|
42
|
|
|
* |
|
43
|
|
|
* @param Exception|Error $e |
|
44
|
|
|
*/ |
|
45
|
|
|
function ajax_exception_handler($e) |
|
46
|
|
|
{ |
|
47
|
|
|
// handle redirects without logging |
|
48
|
|
|
if (is_a($e, 'EGroupware\\Api\\Exception\\Redirect')) |
|
49
|
|
|
{ |
|
50
|
|
|
Egw::redirect($e->url, $e->app); |
|
51
|
|
|
} |
|
52
|
|
|
// logging all exceptions to the error_log |
|
53
|
|
|
$message = null; |
|
54
|
|
|
if (function_exists('_egw_log_exception')) |
|
55
|
|
|
{ |
|
56
|
|
|
_egw_log_exception($e,$message); |
|
57
|
|
|
} |
|
58
|
|
|
$response = Json\Response::get(); |
|
59
|
|
|
$message .= ($message ? "\n\n" : '').$e->getMessage(); |
|
60
|
|
|
|
|
61
|
|
|
// only show trace (incl. function arguments) if explicitly enabled, eg. on a development system |
|
62
|
|
|
if ($GLOBALS['egw_info']['server']['exception_show_trace']) |
|
63
|
|
|
{ |
|
64
|
|
|
$message .= "\n\n".$e->getTraceAsString(); |
|
65
|
|
|
} |
|
66
|
|
|
$response->alert($message); |
|
67
|
|
|
|
|
68
|
|
|
exit; |
|
|
|
|
|
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
|
|
// set our own exception handler, to not get the html from eGW's default one |
|
72
|
|
|
set_exception_handler('ajax_exception_handler'); |
|
73
|
|
|
|
|
74
|
|
|
try { |
|
75
|
|
|
if (!isset($_GET['menuaction'])) |
|
76
|
|
|
{ |
|
77
|
|
|
throw new InvalidArgumentException('Missing menuaction GET parameter', 998); |
|
78
|
|
|
} |
|
79
|
|
|
if (strpos($_GET['menuaction'],'::') !== false && strpos($_GET['menuaction'],'.') === false) // static method name app_something::method |
|
80
|
|
|
{ |
|
81
|
|
|
@list($className,$functionName,$handler) = explode('::',$_GET['menuaction']); |
|
82
|
|
|
|
|
83
|
|
|
if (substr($className, 0, 11) == 'EGroupware\\') |
|
84
|
|
|
{ |
|
85
|
|
|
list(,$appName) = explode('\\', strtolower($className)); |
|
86
|
|
|
} |
|
87
|
|
|
else |
|
88
|
|
|
{ |
|
89
|
|
|
list($appName) = explode('_',$className); |
|
90
|
|
|
} |
|
91
|
|
|
} |
|
92
|
|
|
else |
|
93
|
|
|
{ |
|
94
|
|
|
@list($appName, $className, $functionName, $handler) = explode('.',$_GET['menuaction']); |
|
95
|
|
|
} |
|
96
|
|
|
//error_log("json.php: appName=$appName, className=$className, functionName=$functionName, handler=$handler"); |
|
97
|
|
|
|
|
98
|
|
|
$GLOBALS['egw_info'] = array( |
|
99
|
|
|
'flags' => array( |
|
100
|
|
|
'currentapp' => $appName, |
|
101
|
|
|
'noheader' => True, |
|
102
|
|
|
'disable_Template_class' => True, |
|
103
|
|
|
'autocreate_session_callback' => 'login_redirect', |
|
104
|
|
|
'no_exception_handler' => true, // we already installed our own |
|
105
|
|
|
// only log ajax requests which represent former GET requests or submits |
|
106
|
|
|
// cuts down updates to egw_access_log table |
|
107
|
|
|
'no_dla_update' => !preg_match('/(Etemplate::ajax_process_content|\.jdots_framework\.ajax_exec\.template)/', $_GET['menuaction']), |
|
108
|
|
|
) |
|
109
|
|
|
); |
|
110
|
|
|
include_once('./header.inc.php'); |
|
111
|
|
|
|
|
112
|
|
|
|
|
113
|
|
|
//Create a new json handler |
|
114
|
|
|
$json = new Json\Request(); |
|
115
|
|
|
|
|
116
|
|
|
//Check whether the request data is set |
|
117
|
|
|
if (isset($GLOBALS['egw_unset_vars']['_POST[json_data]'])) |
|
118
|
|
|
{ |
|
119
|
|
|
$json->isJSONRequest(true); // otherwise exception is not send back to client, as we have not yet called parseRequest() |
|
120
|
|
|
throw new Json\Exception\ScriptTags("JSON Data contains script tags. Aborting..."); |
|
121
|
|
|
} |
|
122
|
|
|
// check if we have a real json request |
|
123
|
|
|
if (strpos($_SERVER['CONTENT_TYPE'], 'application/json') === 0) |
|
124
|
|
|
{ |
|
125
|
|
|
$json->parseRequest($_GET['menuaction'], file_get_contents('php://input')); |
|
126
|
|
|
} |
|
127
|
|
|
else |
|
128
|
|
|
{ |
|
129
|
|
|
$json->parseRequest($_GET['menuaction'], $_REQUEST['json_data']); |
|
130
|
|
|
} |
|
131
|
|
|
Json\Response::get(); |
|
132
|
|
|
exit(); |
|
133
|
|
|
} |
|
134
|
|
|
// missing menuaction GET parameter or request:parameters object or unparsable JSON |
|
135
|
|
|
catch (\InvalidArgumentException $e) { |
|
136
|
|
|
if (isset($json)) $json->isJSONRequest(false); // no regular json request processing |
|
137
|
|
|
|
|
138
|
|
|
// give a proper HTTP status 400 Bad Request with some JSON payload explaining the problem |
|
139
|
|
|
http_response_code(400); |
|
140
|
|
|
header('Content-Type: application/json'); |
|
141
|
|
|
echo json_encode(array('error' => $e->getMessage(), 'errno' => $e->getCode())); |
|
142
|
|
|
} |
|
143
|
|
|
// other exceptions are handled by our ajax_exception_handler sending them back as alerts to client-side |
EGroupware /
egroupware
Ralf Becker
Loading history...
In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.