3 * @author Gaetano Giunta
4 * @copyright (C) 2005-2014 G. Giunta
5 * @license code licensed under the BSD License: http://phpxmlrpc.sourceforge.net/license.txt
7 * @todo switch params for http compression from 0,1,2 to values to be used directly
8 * @todo do some more sanitization of received parameters
11 // work around magic quotes
12 if (get_magic_quotes_gpc())
14 function stripslashes_deep($value)
16 $value = is_array($value) ?
17 array_map('stripslashes_deep', $value) :
22 $_GET = array_map('stripslashes_deep', $_GET);
25 $preferredEncodings = 'UTF-8, ASCII, ISO-8859-1, UTF-7, EUC-JP, SJIS, eucJP-win, SJIS-win, JIS, ISO-2022-JP';
26 $inputcharset = mb_detect_encoding(urldecode($_SERVER['REQUEST_URI']), $preferredEncodings);
28 if ( isset( $_GET['usepost'] ) && $_GET['usepost'] === 'true' )
31 $inputcharset = mb_detect_encoding(implode('', $_GET), $preferredEncodings);
34 // recover input parameters
40 if (isset($_GET['action']))
42 if (isset($_GET['wstype']) && $_GET['wstype'] == '1')
45 if (isset($_GET['id']))
48 $host = isset($_GET['host']) ? $_GET['host'] : 'localhost'; // using '' will trigger an xmlrpc error...
49 if (isset($_GET['protocol']) && ($_GET['protocol'] == '1' || $_GET['protocol'] == '2'))
50 $protocol = $_GET['protocol'];
51 if (strpos($host, 'http://') === 0)
52 $host = substr($host, 7);
53 else if (strpos($host, 'https://') === 0)
55 $host = substr($host, 8);
58 $port = isset($_GET['port']) ? $_GET['port'] : '';
59 $path = isset($_GET['path']) ? $_GET['path'] : '';
60 // in case user forgot initial '/' in xmlrpc server path, add it back
61 if ($path && ($path[0]) != '/')
64 if (isset($_GET['debug']) && ($_GET['debug'] == '1' || $_GET['debug'] == '2'))
65 $debug = $_GET['debug'];
67 $verifyhost = (isset($_GET['verifyhost']) && ($_GET['verifyhost'] == '1' || $_GET['verifyhost'] == '2')) ? $_GET['verifyhost'] : 0;
68 if (isset($_GET['verifypeer']) && $_GET['verifypeer'] == '1')
72 $cainfo= isset($_GET['cainfo']) ? $_GET['cainfo'] : '';
73 $proxy = isset($_GET['proxy']) ? $_GET['proxy'] : 0;
74 if (strpos($proxy, 'http://') === 0)
75 $proxy = substr($proxy, 7);
76 $proxyuser= isset($_GET['proxyuser']) ? $_GET['proxyuser'] : '';
77 $proxypwd = isset($_GET['proxypwd']) ? $_GET['proxypwd'] : '';
78 $timeout = isset($_GET['timeout']) ? $_GET['timeout'] : 0;
79 if (!is_numeric($timeout))
81 $action = $_GET['action'];
83 $method = isset($_GET['method']) ? $_GET['method'] : '';
84 $methodsig = isset($_GET['methodsig']) ? $_GET['methodsig'] : 0;
85 $payload = isset($_GET['methodpayload']) ? $_GET['methodpayload'] : '';
86 $alt_payload = isset($_GET['altmethodpayload']) ? $_GET['altmethodpayload'] : '';
88 if (isset($_GET['run']) && $_GET['run'] == 'now')
91 $username = isset($_GET['username']) ? $_GET['username'] : '';
92 $password = isset($_GET['password']) ? $_GET['password'] : '';
94 $authtype = (isset($_GET['authtype']) && ($_GET['authtype'] == '2' || $_GET['authtype'] == '8')) ? $_GET['authtype'] : 1;
96 if (isset($_GET['requestcompression']) && ($_GET['requestcompression'] == '1' || $_GET['requestcompression'] == '2'))
97 $requestcompression = $_GET['requestcompression'];
99 $requestcompression = 0;
100 if (isset($_GET['responsecompression']) && ($_GET['responsecompression'] == '1' || $_GET['responsecompression'] == '2' || $_GET['responsecompression'] == '3'))
101 $responsecompression = $_GET['responsecompression'];
103 $responsecompression = 0;
105 $clientcookies = isset($_GET['clientcookies']) ? $_GET['clientcookies'] : '';
127 $requestcompression = 0;
128 $responsecompression = 0;
132 // check input for known XMLRPC attacks against this or other libs
133 function payload_is_safe($input)