1 | <?php |
||
2 | |||
3 | namespace PhpXmlRpc; |
||
4 | |||
5 | use PhpXmlRpc\Helper\XMLParser; |
||
6 | use PhpXmlRpc\Traits\LoggerAware; |
||
7 | use PhpXmlRpc\Traits\ParserAware; |
||
8 | |||
9 | /** |
||
10 | * A helper class to easily convert between Value objects and php native values. |
||
11 | * |
||
12 | * @todo implement an interface |
||
13 | * @todo add class constants for the options values |
||
14 | */ |
||
15 | class Encoder |
||
16 | { |
||
17 | use LoggerAware; |
||
18 | use ParserAware; |
||
19 | |||
20 | /** |
||
21 | * Takes an xml-rpc Value in object instance and translates it into native PHP types, recursively. |
||
22 | * Works with xml-rpc Request objects as input, too. |
||
23 | * Xmlrpc dateTime values will be converted to strings or DateTime objects depending on an $options parameter |
||
24 | * Supports i8 and NIL xml-rpc values without the need for specific options. |
||
25 | * Both xml-rpc arrays and structs are decoded into PHP arrays, with the exception described below: |
||
26 | * Given proper options parameter, can rebuild generic php object instances (provided those have been encoded to |
||
27 | * xml-rpc format using a corresponding option in php_xmlrpc_encode()). |
||
28 | * PLEASE NOTE that rebuilding php objects involves calling their constructor function. |
||
29 | * This means that the remote communication end can decide which php code will get executed on your server, leaving |
||
30 | * the door possibly open to 'php-injection' style of attacks (provided you have some classes defined on your server |
||
31 | 3 | * that might wreak havoc if instances are built outside an appropriate context). |
|
32 | * Make sure you trust the remote server/client before enabling this! |
||
33 | 3 | * |
|
34 | 1 | * @author Dan Libby |
|
35 | * |
||
36 | 3 | * @param Value|Request $xmlrpcVal |
|
37 | * @param array $options accepted elements: |
||
38 | * - 'decode_php_objs': if set in the options array, xml-rpc structs can be decoded into php |
||
39 | * objects, see the details above; |
||
40 | * - 'dates_as_objects': when set xml-rpc dateTimes are decoded as php DateTime objects |
||
41 | * - 'extension_api': reserved for usage by phpxmlrpc-polyfill |
||
42 | * @return mixed |
||
43 | * |
||
44 | * Feature creep -- add an option to allow converting xml-rpc dateTime values to unix timestamps (integers) |
||
45 | */ |
||
46 | public function decode($xmlrpcVal, $options = array()) |
||
47 | { |
||
48 | switch ($xmlrpcVal->kindOf()) { |
||
49 | case 'scalar': |
||
50 | if (in_array('extension_api', $options)) { |
||
51 | $val = $xmlrpcVal->scalarVal(); |
||
52 | $typ = $xmlrpcVal->scalarTyp(); |
||
53 | switch ($typ) { |
||
54 | case 'dateTime.iso8601': |
||
55 | $xmlrpcVal = array( |
||
56 | 'xmlrpc_type' => 'datetime', |
||
57 | 'scalar' => $val, |
||
58 | 'timestamp' => \PhpXmlRpc\Helper\Date::iso8601Decode($val) |
||
59 | ); |
||
60 | return (object)$xmlrpcVal; |
||
61 | case 'base64': |
||
62 | $xmlrpcVal = array( |
||
63 | 'xmlrpc_type' => 'base64', |
||
64 | 'scalar' => $val |
||
65 | 279 | ); |
|
66 | return (object)$xmlrpcVal; |
||
67 | 279 | case 'string': |
|
68 | 279 | if (isset($options['extension_api_encoding'])) { |
|
69 | 279 | // if iconv is not available, we use mb_convert_encoding |
|
70 | if (function_exists('iconv')) { |
||
71 | $dval = @iconv('UTF-8', $options['extension_api_encoding'], $val); |
||
72 | } elseif (function_exists('mb_convert_encoding')) { |
||
73 | /// @todo check for discrepancies between the supported charset names |
||
74 | $dval = @mb_convert_encoding($val, $options['extension_api_encoding'], 'UTF-8'); |
||
75 | } else { |
||
76 | $dval = false; |
||
77 | } |
||
78 | if ($dval !== false) { |
||
79 | return $dval; |
||
80 | } |
||
81 | } |
||
82 | // break through voluntarily |
||
83 | default: |
||
84 | return $val; |
||
85 | } |
||
86 | } |
||
87 | if (in_array('dates_as_objects', $options) && $xmlrpcVal->scalarTyp() == 'dateTime.iso8601') { |
||
88 | // we return a Datetime object instead of a string; since now the constructor of xml-rpc value accepts |
||
89 | // safely string, int and DateTimeInterface, we cater to all 3 cases here |
||
90 | $out = $xmlrpcVal->scalarVal(); |
||
91 | if (is_string($out)) { |
||
92 | $out = strtotime($out); |
||
93 | // NB: if the string does not convert into a timestamp, this will return false. |
||
94 | // We avoid logging an error here, as we presume it was already done when parsing the xml |
||
95 | /// @todo we could return null, to be more in line with what the XMLParser does... |
||
96 | } |
||
97 | if (is_int($out)) { |
||
98 | $result = new \DateTime(); |
||
99 | 279 | $result->setTimestamp($out); |
|
100 | |||
101 | return $result; |
||
102 | } elseif (is_a($out, 'DateTimeInterface') || is_a($out, 'DateTime')) { |
||
103 | return $out; |
||
104 | } |
||
105 | } |
||
106 | return $xmlrpcVal->scalarVal(); |
||
107 | |||
108 | case 'array': |
||
109 | $arr = array(); |
||
110 | foreach ($xmlrpcVal as $value) { |
||
111 | $arr[] = $this->decode($value, $options); |
||
112 | } |
||
113 | return $arr; |
||
114 | |||
115 | 279 | case 'struct': |
|
116 | // If user said so, try to rebuild php objects for specific struct vals. |
||
117 | 277 | /// @todo should we raise a warning for class not found? |
|
118 | 106 | // shall we check for proper subclass of xml-rpc value instead of presence of _php_class to detect |
|
119 | 106 | // what we can do? |
|
120 | 106 | if (in_array('decode_php_objs', $options) && $xmlrpcVal->_php_class != '' |
|
121 | && class_exists($xmlrpcVal->_php_class) |
||
122 | 106 | ) { |
|
123 | $obj = @new $xmlrpcVal->_php_class(); |
||
124 | 214 | foreach ($xmlrpcVal as $key => $value) { |
|
125 | $obj->$key = $this->decode($value, $options); |
||
126 | } |
||
127 | return $obj; |
||
128 | } else { |
||
129 | 65 | $arr = array(); |
|
130 | 43 | foreach ($xmlrpcVal as $key => $value) { |
|
131 | $arr[$key] = $this->decode($value, $options); |
||
132 | 22 | } |
|
133 | 22 | return $arr; |
|
134 | 22 | } |
|
135 | |||
136 | 22 | case 'msg': |
|
137 | $paramCount = $xmlrpcVal->getNumParams(); |
||
138 | 44 | $arr = array(); |
|
139 | 44 | for ($i = 0; $i < $paramCount; $i++) { |
|
140 | 44 | $arr[] = $this->decode($xmlrpcVal->getParam($i), $options); |
|
141 | } |
||
142 | 44 | return $arr; |
|
143 | |||
144 | /// @todo throw on unsupported type |
||
145 | 150 | } |
|
146 | 150 | } |
|
147 | 150 | ||
148 | 150 | /** |
|
149 | 150 | * Takes native php types and encodes them into xml-rpc Value objects, recursively. |
|
150 | * PHP strings, integers, floats and booleans have a straightforward encoding - note that integers will _not_ be |
||
151 | 150 | * converted to xml-rpc <i8> elements, even if they exceed the 32-bit range. |
|
152 | * PHP arrays will be encoded to either xml-rpc structs or arrays, depending on whether they are hashes |
||
153 | * or plain 0..N integer indexed. |
||
154 | * PHP objects will be encoded into xml-rpc structs, except if they implement DateTimeInterface, in which case they |
||
155 | * will be encoded as dateTime values. |
||
156 | * PhpXmlRpc\Value objects will not be double-encoded - which makes it possible to pass in a pre-created base64 Value |
||
157 | * as part of a php array. |
||
158 | * If given a proper $options parameter, php object instances will be encoded into 'special' xml-rpc values, that can |
||
159 | * later be decoded into php object instances by calling php_xmlrpc_decode() with a corresponding option. |
||
160 | * PHP resource and NULL variables will be converted into uninitialized Value objects (which will lead to invalid |
||
161 | * xml-rpc when later serialized); to support encoding of the latter use the appropriate $options parameter. |
||
162 | * |
||
163 | * @author Dan Libby |
||
164 | * |
||
165 | * @param mixed $phpVal the value to be converted into an xml-rpc value object |
||
166 | * @param array $options can include: |
||
167 | * - 'encode_php_objs' when set, some out-of-band info will be added to the xml produced by |
||
168 | * serializing the built Value, which can later be decoced by this library to rebuild an |
||
169 | * instance of the same php object |
||
170 | * - 'auto_dates': when set, any string which respects the xml-rpc datetime format will be converted to a dateTime Value |
||
171 | * - 'null_extension': when set, php NULL values will be converted to an xml-rpc <NIL> (or <EX:NIL>) Value |
||
172 | * - 'extension_api': reserved for usage by phpxmlrpc-polyfill |
||
173 | * @return Value |
||
174 | 263 | * |
|
175 | * Feature creep -- could support more types via optional type argument (string => datetime support has been added, |
||
176 | 263 | * ??? => base64 not yet). Also: allow auto-encoding of integers to i8 when too-big to fit into i4 |
|
177 | 263 | */ |
|
178 | 263 | public function encode($phpVal, $options = array()) |
|
179 | { |
||
180 | 258 | $type = gettype($phpVal); |
|
181 | 2 | switch ($type) { |
|
182 | case 'string': |
||
183 | 258 | if (in_array('auto_dates', $options) && preg_match(PhpXmlRpc::$xmlrpc_datetime_format, $phpVal)) { |
|
184 | $xmlrpcVal = new Value($phpVal, Value::$xmlrpcDateTime); |
||
185 | 258 | } else { |
|
186 | 116 | $xmlrpcVal = new Value($phpVal, Value::$xmlrpcString); |
|
187 | 111 | } |
|
188 | 111 | break; |
|
189 | 30 | case 'integer': |
|
190 | 2 | $xmlrpcVal = new Value($phpVal, Value::$xmlrpcInt); |
|
191 | 2 | break; |
|
192 | case 'double': |
||
193 | 30 | $xmlrpcVal = new Value($phpVal, Value::$xmlrpcDouble); |
|
194 | 2 | break; |
|
195 | 2 | case 'boolean': |
|
196 | 30 | $xmlrpcVal = new Value($phpVal, Value::$xmlrpcBoolean); |
|
197 | break; |
||
198 | case 'array': |
||
199 | // A shorter one-liner would be |
||
200 | // $tmp = array_diff(array_keys($phpVal), range(0, count($phpVal)-1)); |
||
201 | // but execution time skyrockets! |
||
202 | 26 | $j = 0; |
|
203 | 26 | $arr = array(); |
|
204 | 26 | $ko = false; |
|
205 | 26 | foreach ($phpVal as $key => $val) { |
|
206 | 26 | $arr[$key] = $this->encode($val, $options); |
|
207 | 26 | if (!$ko && $key !== $j) { |
|
208 | 24 | $ko = true; |
|
209 | } |
||
210 | 26 | $j++; |
|
211 | } |
||
212 | 26 | if ($ko) { |
|
213 | 24 | $xmlrpcVal = new Value($arr, Value::$xmlrpcStruct); |
|
214 | } else { |
||
215 | 4 | $xmlrpcVal = new Value($arr, Value::$xmlrpcArray); |
|
216 | } |
||
217 | 26 | break; |
|
218 | 5 | case 'object': |
|
219 | 3 | if (is_a($phpVal, 'PhpXmlRpc\Value')) { |
|
220 | 1 | $xmlrpcVal = $phpVal; |
|
221 | 2 | // DateTimeInterface is not present in php 5.4... |
|
222 | 1 | } elseif (is_a($phpVal, 'DateTimeInterface') || is_a($phpVal, 'DateTime')) { |
|
223 | 1 | $xmlrpcVal = new Value($phpVal->format('Ymd\TH:i:s'), Value::$xmlrpcDateTime); |
|
224 | } elseif (in_array('extension_api', $options) && $phpVal instanceof \stdClass && isset($phpVal->xmlrpc_type)) { |
||
225 | // Handle the 'pre-converted' base64 and datetime values |
||
226 | if (isset($phpVal->scalar)) { |
||
227 | switch ($phpVal->xmlrpc_type) { |
||
228 | case 'base64': |
||
229 | $xmlrpcVal = new Value($phpVal->scalar, Value::$xmlrpcBase64); |
||
230 | break; |
||
231 | case 'datetime': |
||
232 | $xmlrpcVal = new Value($phpVal->scalar, Value::$xmlrpcDateTime); |
||
233 | break; |
||
234 | default: |
||
235 | $xmlrpcVal = new Value(); |
||
236 | } |
||
237 | } else { |
||
238 | $xmlrpcVal = new Value(); |
||
239 | } |
||
240 | |||
241 | 1 | } else { |
|
242 | 1 | $arr = array(); |
|
243 | 1 | foreach ($phpVal as $k => $v) { |
|
244 | $arr[$k] = $this->encode($v, $options); |
||
245 | 1 | } |
|
246 | 1 | $xmlrpcVal = new Value($arr, Value::$xmlrpcStruct); |
|
247 | if (in_array('encode_php_objs', $options)) { |
||
248 | // let's save original class name into xml-rpc value: it might be useful later on... |
||
249 | 1 | $xmlrpcVal->_php_class = get_class($phpVal); |
|
250 | } |
||
251 | } |
||
252 | 3 | break; |
|
253 | 2 | case 'NULL': |
|
254 | 2 | if (in_array('extension_api', $options)) { |
|
255 | $xmlrpcVal = new Value('', Value::$xmlrpcString); |
||
256 | 2 | } elseif (in_array('null_extension', $options)) { |
|
257 | $xmlrpcVal = new Value('', Value::$xmlrpcNull); |
||
258 | } else { |
||
259 | 2 | $xmlrpcVal = new Value(); |
|
260 | } |
||
261 | 2 | break; |
|
262 | case 'resource': |
||
263 | if (in_array('extension_api', $options)) { |
||
264 | $xmlrpcVal = new Value((int)$phpVal, Value::$xmlrpcInt); |
||
265 | } else { |
||
266 | $xmlrpcVal = new Value(); |
||
267 | } |
||
268 | break; |
||
269 | // catch "user function", "unknown type" |
||
270 | default: |
||
271 | // it has to return an empty object in case, not a boolean. (giancarlo pinerolo) |
||
272 | $xmlrpcVal = new Value(); |
||
273 | break; |
||
274 | } |
||
275 | |||
276 | return $xmlrpcVal; |
||
277 | 263 | } |
|
278 | |||
279 | /** |
||
280 | * Convert the xml representation of a method response, method request or single |
||
281 | * xml-rpc value into the appropriate object (a.k.a. deserialize). |
||
282 | * |
||
283 | * @param string $xmlVal |
||
284 | * @param array $options unused atm |
||
285 | * @return Value|Request|Response|false false on error, or an instance of either Value, Request or Response |
||
286 | * |
||
287 | * @todo is this a good name/class for this method? It does something quite different from 'decode' after all |
||
288 | * (returning objects vs returns plain php values)... In fact, it belongs rather to a Parser class |
||
289 | * @todo feature creep -- we should allow an option to return php native types instead of PhpXmlRpc objects instances |
||
290 | * @todo feature creep -- allow source charset to be passed in as an option, in case the xml misses its declaration |
||
291 | * @todo feature creep -- allow expected type (val/req/resp) to be passed in as an option |
||
292 | 3 | */ |
|
293 | public function decodeXml($xmlVal, $options = array()) |
||
0 ignored issues
–
show
|
|||
294 | { |
||
295 | 3 | // 'guestimate' encoding |
|
296 | 3 | $valEncoding = XMLParser::guessEncoding('', $xmlVal); |
|
297 | if ($valEncoding != '') { |
||
298 | |||
299 | // Since parsing will fail if |
||
300 | // - charset is not specified in the xml declaration, |
||
301 | // - the encoding is not UTF8 and |
||
302 | // - there are non-ascii chars in the text, |
||
303 | // we try to work round that... |
||
304 | // The following code might be better for mb_string enabled installs, but makes the lib about 200% slower... |
||
305 | 3 | //if (!is_valid_charset($valEncoding, array('UTF-8')) |
|
306 | if (!in_array($valEncoding, array('UTF-8', 'US-ASCII')) && !XMLParser::hasEncoding($xmlVal)) { |
||
307 | if (function_exists('mb_convert_encoding')) { |
||
308 | $xmlVal = mb_convert_encoding($xmlVal, 'UTF-8', $valEncoding); |
||
309 | } else { |
||
310 | if ($valEncoding == 'ISO-8859-1') { |
||
311 | $xmlVal = utf8_encode($xmlVal); |
||
312 | } else { |
||
313 | $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': invalid charset encoding of xml text: ' . $valEncoding); |
||
314 | } |
||
315 | } |
||
316 | } |
||
317 | } |
||
318 | |||
319 | 3 | // What if internal encoding is not in one of the 3 allowed? We use the broadest one, i.e. utf8! |
|
320 | /// @todo with php < 5.6, this does not work. We should add a manual conversion of the xml string to UTF8 |
||
321 | if (in_array(PhpXmlRpc::$xmlrpc_internalencoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) { |
||
322 | $parserOptions = array(XML_OPTION_TARGET_ENCODING => PhpXmlRpc::$xmlrpc_internalencoding); |
||
323 | 3 | } else { |
|
324 | $parserOptions = array(XML_OPTION_TARGET_ENCODING => 'UTF-8', 'target_charset' => PhpXmlRpc::$xmlrpc_internalencoding); |
||
325 | } |
||
326 | 3 | ||
327 | 3 | $xmlRpcParser = $this->getParser(); |
|
328 | 3 | $_xh = $xmlRpcParser->parse( |
|
329 | 3 | $xmlVal, |
|
330 | 3 | XMLParser::RETURN_XMLRPCVALS, |
|
331 | XMLParser::ACCEPT_REQUEST | XMLParser::ACCEPT_RESPONSE | XMLParser::ACCEPT_VALUE | XMLParser::ACCEPT_FAULT, |
||
332 | $parserOptions |
||
333 | ); |
||
334 | 3 | // BC |
|
335 | if (!is_array($_xh)) { |
||
336 | $_xh = $xmlRpcParser->_xh; |
||
337 | } |
||
338 | |||
339 | if ($_xh['isf'] > 1) { |
||
340 | // test that $_xh['value'] is an obj, too??? |
||
341 | |||
342 | 3 | $this->getLogger()->error('XML-RPC: ' . $_xh['isf_reason']); |
|
343 | 3 | ||
344 | 3 | return false; |
|
345 | 3 | } |
|
346 | |||
347 | switch ($_xh['rt']) { |
||
348 | case 'methodresponse': |
||
349 | $v = $_xh['value']; |
||
350 | if ($_xh['isf'] == 1) { |
||
351 | /** @var Value $vc */ |
||
352 | 3 | $vc = $v['faultCode']; |
|
353 | /** @var Value $vs */ |
||
354 | 3 | $vs = $v['faultString']; |
|
355 | $r = new Response(0, $vc->scalarVal(), $vs->scalarVal()); |
||
356 | 1 | } else { |
|
357 | 1 | $r = new Response($v); |
|
358 | 1 | } |
|
359 | 1 | return $r; |
|
360 | |||
361 | 1 | case 'methodcall': |
|
362 | $req = new Request($_xh['method']); |
||
363 | 1 | for ($i = 0; $i < count($_xh['params']); $i++) { |
|
364 | 1 | $req->addParam($_xh['params'][$i]); |
|
365 | } |
||
366 | return $req; |
||
367 | |||
368 | case 'value': |
||
369 | return $_xh['value']; |
||
370 | |||
371 | case 'fault': |
||
372 | // EPI api emulation |
||
373 | $v = $_xh['value']; |
||
374 | // use a known error code |
||
375 | /** @var Value $vc */ |
||
376 | $vc = isset($v['faultCode']) ? $v['faultCode']->scalarVal() : PhpXmlRpc::$xmlrpcerr['invalid_return']; |
||
377 | /** @var Value $vs */ |
||
378 | $vs = isset($v['faultString']) ? $v['faultString']->scalarVal() : ''; |
||
379 | if (!is_int($vc) || $vc == 0) { |
||
380 | $vc = PhpXmlRpc::$xmlrpcerr['invalid_return']; |
||
381 | } |
||
382 | return new Response(0, $vc, $vs); |
||
383 | |||
384 | default: |
||
385 | return false; |
||
386 | } |
||
387 | } |
||
388 | } |
||
389 |
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.