These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Handle ajax requests and send them to the proper handler. |
||
4 | * |
||
5 | * This program is free software; you can redistribute it and/or modify |
||
6 | * it under the terms of the GNU General Public License as published by |
||
7 | * the Free Software Foundation; either version 2 of the License, or |
||
8 | * (at your option) any later version. |
||
9 | * |
||
10 | * This program is distributed in the hope that it will be useful, |
||
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
13 | * GNU General Public License for more details. |
||
14 | * |
||
15 | * You should have received a copy of the GNU General Public License along |
||
16 | * with this program; if not, write to the Free Software Foundation, Inc., |
||
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
||
18 | * http://www.gnu.org/copyleft/gpl.html |
||
19 | * |
||
20 | * @file |
||
21 | * @ingroup Ajax |
||
22 | */ |
||
23 | |||
24 | /** |
||
25 | * @defgroup Ajax Ajax |
||
26 | */ |
||
27 | |||
28 | /** |
||
29 | * Object-Oriented Ajax functions. |
||
30 | * @ingroup Ajax |
||
31 | */ |
||
32 | class AjaxDispatcher { |
||
33 | /** |
||
34 | * The way the request was made, either a 'get' or a 'post' |
||
35 | * @var string $mode |
||
36 | */ |
||
37 | private $mode; |
||
38 | |||
39 | /** |
||
40 | * Name of the requested handler |
||
41 | * @var string $func_name |
||
42 | */ |
||
43 | private $func_name; |
||
44 | |||
45 | /** Arguments passed |
||
46 | * @var array $args |
||
47 | */ |
||
48 | private $args; |
||
49 | |||
50 | /** |
||
51 | * @var Config |
||
52 | */ |
||
53 | private $config; |
||
54 | |||
55 | /** |
||
56 | * Load up our object with user supplied data |
||
57 | */ |
||
58 | function __construct( Config $config ) { |
||
0 ignored issues
–
show
__construct uses the super-global variable $_POST which is generally not recommended.
Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad
class Router
{
public function generate($path)
{
return $_SERVER['HOST'].$path;
}
}
// Better
class Router
{
private $host;
public function __construct($host)
{
$this->host = $host;
}
public function generate($path)
{
return $this->host.$path;
}
}
class Controller
{
public function myAction(Request $request)
{
// Instead of
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
// Better (assuming you use the Symfony2 request)
$page = $request->query->get('page', 1);
}
}
Loading history...
|
|||
59 | $this->config = $config; |
||
60 | |||
61 | $this->mode = ""; |
||
62 | |||
63 | if ( !empty( $_GET["rs"] ) ) { |
||
64 | $this->mode = "get"; |
||
65 | } |
||
66 | |||
67 | if ( !empty( $_POST["rs"] ) ) { |
||
68 | $this->mode = "post"; |
||
69 | } |
||
70 | |||
71 | switch ( $this->mode ) { |
||
72 | View Code Duplication | case 'get': |
|
73 | $this->func_name = isset( $_GET["rs"] ) ? $_GET["rs"] : ''; |
||
74 | if ( !empty( $_GET["rsargs"] ) ) { |
||
75 | $this->args = $_GET["rsargs"]; |
||
76 | } else { |
||
77 | $this->args = []; |
||
78 | } |
||
79 | break; |
||
80 | View Code Duplication | case 'post': |
|
81 | $this->func_name = isset( $_POST["rs"] ) ? $_POST["rs"] : ''; |
||
82 | if ( !empty( $_POST["rsargs"] ) ) { |
||
83 | $this->args = $_POST["rsargs"]; |
||
84 | } else { |
||
85 | $this->args = []; |
||
86 | } |
||
87 | break; |
||
88 | default: |
||
89 | return; |
||
90 | # Or we could throw an exception: |
||
91 | # throw new MWException( __METHOD__ . ' called without any data (mode empty).' ); |
||
92 | } |
||
93 | |||
94 | } |
||
95 | |||
96 | /** |
||
97 | * Pass the request to our internal function. |
||
98 | * BEWARE! Data are passed as they have been supplied by the user, |
||
99 | * they should be carefully handled in the function processing the |
||
100 | * request. |
||
101 | * |
||
102 | * @param User $user |
||
103 | */ |
||
104 | function performAction( User $user ) { |
||
105 | if ( empty( $this->mode ) ) { |
||
106 | return; |
||
107 | } |
||
108 | |||
109 | if ( !in_array( $this->func_name, $this->config->get( 'AjaxExportList' ) ) ) { |
||
110 | wfDebug( __METHOD__ . ' Bad Request for unknown function ' . $this->func_name . "\n" ); |
||
111 | wfHttpError( |
||
112 | 400, |
||
113 | 'Bad Request', |
||
114 | "unknown function " . $this->func_name |
||
115 | ); |
||
116 | } elseif ( !User::isEveryoneAllowed( 'read' ) && !$user->isAllowed( 'read' ) ) { |
||
117 | wfHttpError( |
||
118 | 403, |
||
119 | 'Forbidden', |
||
120 | 'You are not allowed to view pages.' ); |
||
121 | } else { |
||
122 | wfDebug( __METHOD__ . ' dispatching ' . $this->func_name . "\n" ); |
||
123 | try { |
||
124 | $result = call_user_func_array( $this->func_name, $this->args ); |
||
125 | |||
126 | if ( $result === false || $result === null ) { |
||
127 | wfDebug( __METHOD__ . ' ERROR while dispatching ' . |
||
128 | $this->func_name . "(" . var_export( $this->args, true ) . "): " . |
||
129 | "no data returned\n" ); |
||
130 | |||
131 | wfHttpError( 500, 'Internal Error', |
||
132 | "{$this->func_name} returned no data" ); |
||
133 | } else { |
||
134 | if ( is_string( $result ) ) { |
||
135 | $result = new AjaxResponse( $result ); |
||
136 | } |
||
137 | |||
138 | // Make sure DB commit succeeds before sending a response |
||
139 | wfGetLBFactory()->commitMasterChanges( __METHOD__ ); |
||
140 | |||
141 | $result->sendHeaders(); |
||
142 | $result->printText(); |
||
143 | |||
144 | wfDebug( __METHOD__ . ' dispatch complete for ' . $this->func_name . "\n" ); |
||
145 | } |
||
146 | } catch ( Exception $e ) { |
||
147 | wfDebug( __METHOD__ . ' ERROR while dispatching ' . |
||
148 | $this->func_name . "(" . var_export( $this->args, true ) . "): " . |
||
149 | get_class( $e ) . ": " . $e->getMessage() . "\n" ); |
||
150 | |||
151 | if ( !headers_sent() ) { |
||
152 | wfHttpError( 500, 'Internal Error', |
||
153 | $e->getMessage() ); |
||
154 | } else { |
||
155 | print $e->getMessage(); |
||
156 | } |
||
157 | } |
||
158 | } |
||
159 | |||
160 | } |
||
161 | } |
||
162 |
Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: