X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=lib%2Fxmlrpc.inc;h=7123184ab7ee72ce9684512a5056b83078b47be1;hb=fa9fa7bcea0b663f147e2044ecc320acee36bd59;hp=52424b00aaaf7f50cc7d231e34a758e13fca58a1;hpb=9decb91e487db7cf575f6a4cbdd43afba7ea1cac;p=plcapi.git

diff --git a/lib/xmlrpc.inc b/lib/xmlrpc.inc
index 52424b0..7123184 100644
--- a/lib/xmlrpc.inc
+++ b/lib/xmlrpc.inc
@@ -1,7 +1,6 @@
 <?php
 // by Edd Dumbill (C) 1999-2002
 // <edd@usefulinc.com>
-// $Id: xmlrpc.inc,v 1.174 2009/03/16 19:36:38 ggiunta Exp $
 
 // Copyright (c) 1999,2000,2002 Edd Dumbill.
 // All rights reserved.
@@ -209,7 +208,7 @@
 	$GLOBALS['xmlrpc_internalencoding']='ISO-8859-1';
 
 	$GLOBALS['xmlrpcName']='XML-RPC for PHP';
-	$GLOBALS['xmlrpcVersion']='3.0.0.beta';
+	$GLOBALS['xmlrpcVersion']='3.1.0';
 
 	// let user errors start at 800
 	$GLOBALS['xmlrpcerruser']=800;
@@ -226,6 +225,7 @@
 
 	// set to TRUE to enable encoding of php NULL values to <EX:NIL/> instead of <NIL/>
 	$GLOBALS['xmlrpc_null_apache_encoding']=false;
+	$GLOBALS['xmlrpc_null_apache_encoding_ns']='http://ws.apache.org/xmlrpc/namespaces/extensions';
 
 	// used to store state during parsing
 	// quick explanation of components:
@@ -821,6 +821,7 @@
 		var $keypass='';
 		var $verifypeer=true;
 		var $verifyhost=1;
+		var $sslversion=0; // corresponds to CURL_SSLVERSION_DEFAULT
 		var $no_multicall=false;
 		var $proxy='';
 		var $proxyport=0;
@@ -850,7 +851,7 @@
 		* http://curl.haxx.se/docs/faq.html#7.3)
 		*/
 		var $xmlrpc_curl_handle = null;
-		/// Wheter to use persistent connections for http 1.1 and https
+		/// Whether to use persistent connections for http 1.1 and https
 		var $keepalive = false;
 		/// Charset encodings that can be decoded without problems by the client
 		var $accepted_charset_encodings = array();
@@ -872,7 +873,7 @@
 		* @param integer $port the port the server is listening on, defaults to 80 or 443 depending on protocol used
 		* @param string $method the http protocol variant: defaults to 'http', 'https' and 'http11' can be used if CURL is installed
 		*/
-		function xmlrpc_client($path, $server='', $port='', $method='')
+		function __construct($path, $server='', $port='', $method='')
 		{
 			// allow user to specify all params in $path
 			if($server == '' and $port == '' and $method == '')
@@ -942,9 +943,17 @@
 			$this->user_agent = $GLOBALS['xmlrpcName'] . ' ' . $GLOBALS['xmlrpcVersion'];
 		}
 
+		/**
+		* @deprecated
+		*/
+		function xmlrpc_client($path, $server='', $port='', $method='')
+		{
+			self::__construct($path, $server, $port, $method);
+		}
+
 		/**
 		* Enables/disables the echoing to screen of the xmlrpc responses received
-		* @param integer $debug values 0, 1 and 2 are supported (2 = echo sent msg too, before received response)
+		* @param integer $in values 0, 1 and 2 are supported (2 = echo sent msg too, before received response)
 		* @access public
 		*/
 		function setDebug($in)
@@ -980,7 +989,7 @@
 
 		/**
 		* Add a CA certificate to verify server with (see man page about
-		* CURLOPT_CAINFO for more details
+		* CURLOPT_CAINFO for more details)
 		* @param string $cacert certificate file name (or dir holding certificates)
 		* @param bool $is_dir set to true to indicate cacert is a dir. defaults to false
 		* @access public
@@ -1031,6 +1040,16 @@
 			$this->verifyhost = $i;
 		}
 
+		/**
+		* Set attributes for SSL communication: SSL version to use. Best left at 0 (default value ): let cURL decide
+		*
+		* @param int $i
+		*/
+		public function setSSLVersion($i)
+		{
+			$this->sslversion = $i;
+		}
+
 		/**
 		* Set proxy info
 		* @param string $proxyhost
@@ -1062,7 +1081,10 @@
 			if ($compmethod == 'any')
 				$this->accepted_compression = array('gzip', 'deflate');
 			else
-				$this->accepted_compression = array($compmethod);
+				if ($compmethod == false )
+					$this->accepted_compression = array();
+				else
+					$this->accepted_compression = array($compmethod);
 		}
 
 		/**
@@ -1109,7 +1131,7 @@
 		/**
 		* Directly set cURL options, for extra flexibility
 		* It allows eg. to bind client to a specific IP interface / address
-		* @param $options array
+		* @param array $options
 		*/
 		function SetCurlOptions( $options )
 		{
@@ -1179,7 +1201,8 @@
 					$this->proxy_authtype,
 					$this->keepalive,
 					$this->key,
-					$this->keypass
+					$this->keypass,
+					$this->sslversion
 				);
 			}
 			elseif($method == 'http11')
@@ -1342,9 +1365,12 @@
 				$cookieheader = 'Cookie:' . $version . substr($cookieheader, 0, -1) . "\r\n";
 			}
 
+			// omit port if 80
+			$port = ($port == 80) ? '' : (':' . $port);
+
 			$op= 'POST ' . $uri. " HTTP/1.0\r\n" .
 				'User-Agent: ' . $this->user_agent . "\r\n" .
-				'Host: '. $server . ':' . $port . "\r\n" .
+				'Host: '. $server . $port . "\r\n" .
 				$credentials .
 				$proxy_credentials .
 				$accepted_encoding .
@@ -1393,11 +1419,11 @@
 			}
 			else
 			{
-				// reset errno and errstr on succesful socket connection
+				// reset errno and errstr on successful socket connection
 				$this->errstr = '';
 			}
 			// G. Giunta 2005/10/24: close socket before parsing.
-			// should yeld slightly better execution times, and make easier recursive calls (e.g. to follow http redirects)
+			// should yield slightly better execution times, and make easier recursive calls (e.g. to follow http redirects)
 			$ipd='';
 			do
 			{
@@ -1417,11 +1443,11 @@
 		function &sendPayloadHTTPS($msg, $server, $port, $timeout=0, $username='',
 			$password='', $authtype=1, $cert='',$certpass='', $cacert='', $cacertdir='',
 			$proxyhost='', $proxyport=0, $proxyusername='', $proxypassword='', $proxyauthtype=1,
-			$keepalive=false, $key='', $keypass='')
+			$keepalive=false, $key='', $keypass='', $sslVersion = 0)
 		{
 			$r =& $this->sendPayloadCURL($msg, $server, $port, $timeout, $username,
 				$password, $authtype, $cert, $certpass, $cacert, $cacertdir, $proxyhost, $proxyport,
-				$proxyusername, $proxypassword, $proxyauthtype, 'https', $keepalive, $key, $keypass);
+				$proxyusername, $proxypassword, $proxyauthtype, 'https', $keepalive, $key, $keypass, $sslVersion);
 			return $r;
 		}
 
@@ -1434,7 +1460,7 @@
 		function &sendPayloadCURL($msg, $server, $port, $timeout=0, $username='',
 			$password='', $authtype=1, $cert='', $certpass='', $cacert='', $cacertdir='',
 			$proxyhost='', $proxyport=0, $proxyusername='', $proxypassword='', $proxyauthtype=1, $method='https',
-			$keepalive=false, $key='', $keypass='')
+			$keepalive=false, $key='', $keypass='', $sslVersion = 0)
 		{
 			if(!function_exists('curl_init'))
 			{
@@ -1535,7 +1561,6 @@
 			// return the header too
 			curl_setopt($curl, CURLOPT_HEADER, 1);
 
-			// will only work with PHP >= 5.0
 			// NB: if we set an empty string, CURL will add http header indicating
 			// ALL methods it is supporting. This is possibly a better option than
 			// letting the user tell what curl can / cannot do...
@@ -1616,8 +1641,17 @@
 				{
 					curl_setopt($curl, CURLOPT_SSLKEYPASSWD, $keypass);
 				}
+
+				// Upgrade transparently to more stringent check for versions of php which do not support otherwise.
+				// Doing it in constructor would be cleaner; doing it here saves us a couple of function calls
+				if($this->verifyhost == 1 && $info = curl_version() && version_compare($info['version'], '7.28.1') >= 0)
+				{
+					$this->verifyhost = 2;
+				}
 				// whether to verify cert's common name (CN); 0 for no, 1 to verify that it exists, and 2 to verify that it matches the hostname used
 				curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, $this->verifyhost);
+				// allow usage of different SSL versions
+				curl_setopt($curl, CURLOPT_SSLVERSION, $sslVersion);
 			}
 
 			// proxy info
@@ -1667,7 +1701,14 @@
 			{
 				print "<PRE>\n---CURL INFO---\n";
 				foreach(curl_getinfo($curl) as $name => $val)
-					 print $name . ': ' . htmlentities($val). "\n";
+				{
+					if (is_array($val))
+					{
+						$val = implode("\n", $val);
+					}
+					print $name . ': ' . htmlentities($val) . "\n";
+				}
+
 				print "---END---\n</PRE>";
 			}
 
@@ -1688,6 +1729,12 @@
 					curl_close($curl);
 				}
 				$resp =& $msg->parseResponse($result, true, $this->return_type);
+				// if we got back a 302, we can not reuse the curl handle for later calls
+				if($resp->faultCode() == $GLOBALS['xmlrpcerr']['http_error'] && $keepalive)
+				{
+					curl_close($curl);
+					$this->xmlrpc_curl_handle = null;
+				}
 			}
 			return $resp;
 		}
@@ -1710,7 +1757,7 @@
 		* @param array $msgs an array of xmlrpcmsg objects
 		* @param integer $timeout connection timeout (in seconds)
 		* @param string $method the http protocol variant to be used
-		* @param boolean fallback When true, upon receiveing an error during multicall, multiple single calls will be attempted
+		* @param boolean fallback When true, upon receiving an error during multicall, multiple single calls will be attempted
 		* @return array
 		* @access public
 		*/
@@ -1943,7 +1990,7 @@
 		* NB: as of now we do not do it, since it might be either an xmlrpcval or a plain
 		* php val, or a complete xml chunk, depending on usage of xmlrpc_client::send() inside which creator is called...
 		*/
-		function xmlrpcresp($val, $fcode = 0, $fstr = '', $valtyp='')
+		function __construct($val, $fcode = 0, $fstr = '', $valtyp='')
 		{
 			if($fcode != 0)
 			{
@@ -1981,6 +2028,14 @@
 			}
 		}
 
+		/**
+		* @deprecated
+		*/
+		function xmlrpcresp($val, $fcode = 0, $fstr = '', $valtyp='')
+		{
+			self::__construct($val, $fcode, $fstr, $valtyp);
+		}
+
 		/**
 		* Returns the error code of the response.
 		* @return integer the error code of this response (0 for not-error responses)
@@ -2017,7 +2072,7 @@
 		* with attributes being e.g. 'expires', 'path', domain'.
 		* NB: cookies sent as 'expired' by the server (i.e. with an expiry date in the past)
 		* are still present in the array. It is up to the user-defined code to decide
-		* how to use the received cookies, and wheter they have to be sent back with the next
+		* how to use the received cookies, and whether they have to be sent back with the next
 		* request to the server (using xmlrpc_client::setCookie) or not
 		* @return array array of cookies received from the server
 		* @access public
@@ -2039,7 +2094,14 @@
 				$this->content_type = 'text/xml; charset=' . $charset_encoding;
 			else
 				$this->content_type = 'text/xml';
+			if ($GLOBALS['xmlrpc_null_apache_encoding'])
+			{
+				$result = "<methodResponse xmlns:ex=\"".$GLOBALS['xmlrpc_null_apache_encoding_ns']."\">\n";
+			}
+			else
+			{
 			$result = "<methodResponse>\n";
+			}
 			if($this->errno)
 			{
 				// G. Giunta 2005/2/13: let non-ASCII response messages be tolerated by clients
@@ -2089,9 +2151,9 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 
 		/**
 		* @param string $meth the name of the method to invoke
-		* @param array $pars array of parameters to be paased to the method (xmlrpcval objects)
+		* @param array $pars array of parameters to be passed to the method (xmlrpcval objects)
 		*/
-		function xmlrpcmsg($meth, $pars=0)
+		function __construct($meth, $pars=0)
 		{
 			$this->methodname=$meth;
 			if(is_array($pars) && count($pars)>0)
@@ -2103,6 +2165,14 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 			}
 		}
 
+				/**
+		* @deprecated
+		*/
+		function xmlrpcmsg($meth, $pars=0)
+		{
+			self::__construct($meth, $pars);
+		}
+
 		/**
 		* @access private
 		*/
@@ -2144,7 +2214,7 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 			else
 				$this->content_type = 'text/xml';
 			$this->payload=$this->xml_header($charset_encoding);
-			$this->payload.='<methodName>' . $this->methodname . "</methodName>\n";
+			$this->payload.='<methodName>' . xmlrpc_encode_entitites($this->methodname, $GLOBALS['xmlrpc_internalencoding'], $charset_encoding) . "</methodName>\n";
 			$this->payload.="<params>\n";
 			for($i=0; $i<count($this->params); $i++)
 			{
@@ -2173,6 +2243,7 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 
 		/**
 		* Returns xml representation of the message. XML prologue included
+		* @param string $charset_encoding
 		* @return string the xml representation of the message, xml prologue included
 		* @access public
 		*/
@@ -2226,6 +2297,7 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 		*      infinite loop in that case, because we cannot trust the caller
 		*      to give us a valid pointer to an open file...
 		* @access public
+		* @param resource $fp stream pointer
 		* @return xmlrpcresp
 		* @todo add 2nd & 3rd param to be passed to ParseResponse() ???
 		*/
@@ -2381,7 +2453,7 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 									{
 										if ($tag != 'value')
 										{
-										  $GLOBALS['_xh']['cookies'][$cookiename][$tag] = $val;
+											$GLOBALS['_xh']['cookies'][$cookiename][$tag] = $val;
 										}
 									}
 								}
@@ -2565,17 +2637,24 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 			$GLOBALS['_xh']['isf_reason']='';
 			$GLOBALS['_xh']['rt']=''; // 'methodcall or 'methodresponse'
 
-			// if response charset encoding is not known / supported, try to use
-			// the default encoding and parse the xml anyway, but log a warning...
-			if (!in_array($resp_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
-			// the following code might be better for mb_string enabled installs, but
+			// Since parsing will fail if charset is not specified in the xml prologue,
+			// the encoding is not UTF8 and there are non-ascii chars in the text, we try to work round that...
+			// The following code might be better for mb_string enabled installs, but
 			// makes the lib about 200% slower...
-			//if (!is_valid_charset($resp_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
-			{
-				error_log('XML-RPC: '.__METHOD__.': invalid charset encoding of received response: '.$resp_encoding);
-				$resp_encoding = $GLOBALS['xmlrpc_defencoding'];
+			//if (!is_valid_charset($resp_encoding, array('UTF-8')))
+			if (!in_array($resp_encoding, array('UTF-8', 'US-ASCII')) && !has_encoding($data)) {
+				if ($resp_encoding == 'ISO-8859-1') {
+					$data = utf8_encode($data);
+				} else {
+					if (extension_loaded('mbstring')) {
+						$data = mb_convert_encoding($data, 'UTF-8', $resp_encoding);
+					} else {
+						error_log('XML-RPC: ' . __METHOD__ . ': invalid charset encoding of received request: ' . $resp_encoding);
+					}
+				}
 			}
-			$parser = xml_parser_create($resp_encoding);
+
+			$parser = xml_parser_create();
 			xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true);
 			// G. Giunta 2005/02/13: PHP internally uses ISO-8859-1, so we have to tell
 			// the xml parser to give us back data in the expected charset.
@@ -2714,7 +2793,7 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 		* @param mixed $val
 		* @param string $type any valid xmlrpc type name (lowercase). If null, 'string' is assumed
 		*/
-		function xmlrpcval($val=-1, $type='')
+		function __construct($val=-1, $type='')
 		{
 			/// @todo: optimization creep - do not call addXX, do it all inline.
 			/// downside: booleans will not be coerced anymore
@@ -2768,6 +2847,14 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 			}
 		}
 
+		/**
+		* @deprecated
+		*/
+		function xmlrpcval($val=-1, $type='')
+		{
+			self::__construct($val, $type);
+		}
+
 		/**
 		* Add a single php value to an (unitialized) xmlrpcval
 		* @param mixed $val
@@ -3055,7 +3142,7 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 		}
 
 		/**
-		* Checks wheter a struct member with a given name is present.
+		* Checks whether a struct member with a given name is present.
 		* Works only on xmlrpcvals of type struct.
 		* @param string $m the name of the struct member to be looked up
 		* @return boolean
@@ -3316,7 +3403,7 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 					$out = $xmlrpc_val->scalarval();
 					if (is_string($out))
 					{
-						$out= strtotime($out);
+						$out = strtotime($out);
 					}
 					if (is_int($out))
 					{
@@ -3532,7 +3619,27 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 		$GLOBALS['_xh']['isf_reason'] = '';
 		$GLOBALS['_xh']['method'] = false;
 		$GLOBALS['_xh']['rt'] = '';
-		/// @todo 'guestimate' encoding
+
+		// 'guestimate' encoding
+		$val_encoding = guess_encoding('', $xml_val);
+
+		// Since parsing will fail if charset is not specified in the xml prologue,
+		// the encoding is not UTF8 and there are non-ascii chars in the text, we try to work round that...
+		// The following code might be better for mb_string enabled installs, but
+		// makes the lib about 200% slower...
+		//if (!is_valid_charset($val_encoding, array('UTF-8')))
+		if (!in_array($val_encoding, array('UTF-8', 'US-ASCII')) && !has_encoding($xml_val)) {
+			if ($val_encoding == 'ISO-8859-1') {
+				$xml_val = utf8_encode($xml_val);
+			} else {
+				if (extension_loaded('mbstring')) {
+					$xml_val = mb_convert_encoding($xml_val, 'UTF-8', $val_encoding);
+				} else {
+					error_log('XML-RPC: ' . __METHOD__ . ': invalid charset encoding of received request: ' . $val_encoding);
+				}
+			}
+		}
+
 		$parser = xml_parser_create();
 		xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true);
 		// What if internal encoding is not in one of the 3 allowed?
@@ -3654,9 +3761,10 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 	* we SHOULD assume it is strictly US-ASCII. But we try to be more tolerant of unconforming (legacy?) clients/servers,
 	* which will be most probably using UTF-8 anyway...
 	*
-	* @param string $httpheaders the http Content-type header
+	* @param string $httpheader the http Content-type header
 	* @param string $xmlchunk xml content buffer
 	* @param string $encoding_prefs comma separated list of character encodings to be used as default (when mb extension is enabled)
+	* @return string
 	*
 	* @todo explore usage of mb_http_input(): does it detect http headers + post data? if so, use it instead of hand-detection!!!
 	*/
@@ -3744,11 +3852,49 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 		}
 	}
 
+	/**
+	 * Helper function: checks if an xml chunk as a charset declaration (BOM or in the xml declaration)
+	 *
+	 * @param string $xmlChunk
+	 * @return bool
+	 */
+	function has_encoding($xmlChunk)
+	{
+		// scan the first bytes of the data for a UTF-16 (or other) BOM pattern
+		//	 (source: http://www.w3.org/TR/2000/REC-xml-20001006)
+		if (preg_match('/^(\x00\x00\xFE\xFF|\xFF\xFE\x00\x00|\x00\x00\xFF\xFE|\xFE\xFF\x00\x00)/', $xmlChunk))
+		{
+			return true;
+		}
+		elseif (preg_match('/^(\xFE\xFF|\xFF\xFE)/', $xmlChunk))
+		{
+			return true;
+		}
+		elseif (preg_match('/^(\xEF\xBB\xBF)/', $xmlChunk))
+		{
+			return true;
+		}
+
+		// test if encoding is specified in the xml declaration
+		// Details:
+		// SPACE:		(#x20 | #x9 | #xD | #xA)+ === [ \x9\xD\xA]+
+		// EQ:			SPACE?=SPACE? === [ \x9\xD\xA]*=[ \x9\xD\xA]*
+		if (preg_match('/^<\?xml\s+version\s*=\s*' . "((?:\"[a-zA-Z0-9_.:-]+\")|(?:'[a-zA-Z0-9_.:-]+'))" .
+			'\s+encoding\s*=\s*' . "((?:\"[A-Za-z][A-Za-z0-9._-]*\")|(?:'[A-Za-z][A-Za-z0-9._-]*'))/",
+			$xmlChunk, $matches))
+		{
+			return true;
+		}
+
+		return false;
+	}
+
 	/**
 	* Checks if a given charset encoding is present in a list of encodings or
 	* if it is a valid subset of any encoding in the list
 	* @param string $encoding charset to be tested
 	* @param mixed $validlist comma separated list of valid charsets (or array of charsets)
+	* @return bool
 	*/
 	function is_valid_charset($encoding, $validlist)
 	{
@@ -3769,7 +3915,7 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 				foreach ($validlist as $allowed)
 					if (in_array($allowed, $charset_supersets[$encoding]))
 						return true;
-				return false;
+			return false;
 		}
 	}