require_once __DIR__ . "/_prepend.php";
output('<html lang="en">
-<head><title>xmlrpc - Agesort demo</title></head>
+<head><title>phpxmlrpc - Agesort demo</title></head>
<body>
<h1>Agesort demo</h1>
<h2>Send an array of "name" => "age" pairs to the server that will send it back sorted.</h2>
-<h3>The code demonstrates usage of automatic encoding/decoding of php variables into xmlrpc values such as arrays and structs</h3>
+<h3>The code demonstrates usage of automatic encoding/decoding of php variables into xml-rpc values such as arrays and structs</h3>
<p>Have a look at <a href="../vardemo.php">vardemo.php</a> for more examples of manual encoding and decoding</p>
<p>You can see the source to this page here: <a href="agesort.php?showSource=1">agesort.php</a></p>
');
// Create xml-rpc parameters from the input array: an array of structs
$encoder = new Encoder();
$v = $encoder->encode($inAr);
-output("Encoded into xmlrpc format it looks like this: <pre>\n" . htmlentities($v->serialize()) . "</pre>\n");
+output("Encoded into xml
-rpc format it looks like this: <pre>\n" . htmlentities($v->serialize()) . "</pre>\n");
// create client and request objects
$req = new Request('examples.sortByAge', array($v));
require_once __DIR__ . "/_prepend.php";
output('<html lang="en">
-<head><title>xmlrpc - Getstatename demo</title></head>
+<head><title>phpxmlrpc - Getstatename demo</title></head>
<body>
<h1>Getstatename demo</h1>
<h2>Send a U.S. state number to the server and get back the state name</h2>
-<h3>The source code demonstrates basic lib usage, including manual creation and decoding of of xml-rpc values</h3>
+<h3>The source code demonstrates basic lib usage, including manual creation and decoding of xml-rpc values</h3>
<p>You can see the source to this page here: <a href="getstatename.php?showSource=1">getstatename.php</a></p>
');
require_once __DIR__ . "/_prepend.php";
output('<html lang="en">
-<head><title>xmlrpc - Introspect demo</title></head>
+<head><title>phpxmlrpc - Introspect demo</title></head>
<body>
<h1>Introspect demo</h1>
<h2>Query server for available methods, their description and their signatures</h2>
require_once __DIR__ . "/_prepend.php";
output('<html lang="en">
-<head><title>xmlrpc - Proxy demo</title></head>
+<head><title>phpxmlrpc - Proxy demo</title></head>
<body>
<h1>proxy demo</h1>
<h2>Query server using a "proxy" object</h2>
require_once __DIR__ . "/_prepend.php";
output('<html lang="en">
-<head><title>xmlrpc - Which toolkit demo</title></head>
+<head><title>phpxmlrpc - Which toolkit demo</title></head>
<body>
<h1>Which toolkit demo</h1>
<h2>Query server for toolkit information</h2>
require_once __DIR__ . "/_prepend.php";
output('<html lang="en">
-<head><title>xmlrpc - Webservice wrapper demo</title></head>
+<head><title>phpxmlrpc - Webservice wrapper demo</title></head>
<body>
<h1>Webservice wrapper demo</h1>
<h2>Wrap methods exposed by server into php functions</h2>
<h3>The code demonstrates usage of some of the most automagic client usage possible:<br/>
- 1) client that returns php values instead of xmlrpc value objects<br/>
+ 1) client that returns php values instead of xml-rpc Value objects<br/>
2) wrapping of remote methods into php functions<br/>
See also proxy.php for an alternative take
</h3>
<?php
/**
* A basic comment server. Given an ID it will store a list of names and comment texts against it.
- * It uses a SQLite DB database for storage.
+ * It uses a SQLite3 database for storage.
+ *
+ * The source code demonstrates:
+ * - registration of php class methods as xml-rpc method handlers
+ * - usage as method handlers of php code which is completely unaware of xml-rpc, via the Server's properties
+ * `$functions_parameters_type` and `$exception_handling`
*/
require_once __DIR__ . "/_prepend.php";
}
/**
+ * NB: we know for a fact that this will be called with 3 string arguments because of the signature used to register
+ * this method in the dispatch map. But nothing prevents the client from sending empty strings, nor sql-injection attempts!
+ *
* @param string $msgID
* @param string $name
* @param string $comment
$statement->bindValue(':name', $name);
$statement->bindValue(':comment', $comment);
$statement->execute();
+
/// @todo this insert-then-count is not really atomic - we should use a transaction
$statement = $db->prepare("SELECT count(*) AS tot FROM comments WHERE msg_id = :id");
}
/**
+ * NB: we know for a fact that this will be called with 1 strin arguments because of the signature used to register
+ * this method in the dispatch map. But nothing prevents the client from sending empty strings, nor sql-injection attempts!
+ *
* @param string $msgID
* @return Response|array[]
* @throws \Exception
<?php
/**
- * Defines functions and signatures which can be registered as methods exposed by an XMLRPC Server
+ * Defines functions and signatures which can be registered as methods exposed by an XML-RPC Server
*
* To use this, use something akin to:
* $signatures = include('functions.php');
*
- * Simplest possible way to implement webservices: create xmlrpc-aware php functions in the global namespace
+ * Simplest possible way to implement webservices: create xml-rpc-aware php functions in the global namespace
*/
use PhpXmlRpc\Encoder;
<?php
/**
- * Defines functions and signatures which can be registered as methods exposed by an XMLRPC Server.
+ * Defines functions and signatures which can be registered as methods exposed by an XML-RPC Server.
*
* To use this, use something akin to:
* $signatures = include('interop.php');
<?php
/**
- * Defines functions and signatures which can be registered as methods exposed by an XMLRPC Server.
+ * Defines functions and signatures which can be registered as methods exposed by an XML-RPC Server.
*
* To use this, use something akin to:
* $signatures = include('tests.php');
*
- * Methods used by the xmlrpc testsuite
+ * Methods used by the phpxmlrpc testsuite
*/
use PhpXmlRpc\Encoder;
<?php
/**
- * Defines functions and signatures which can be registered as methods exposed by an XMLRPC Server
+ * Defines functions and signatures which can be registered as methods exposed by an XML-RPC Server
*
* To use this, use something akin to:
* $signatures = include('validator1.php');
<?php
/**
- * Defines functions and signatures which can be registered as methods exposed by an XMLRPC Server
+ * Defines functions and signatures which can be registered as methods exposed by an XML-RPC Server
*
* To use this, use something akin to:
* $signatures = include('wrapper.php');
* NB: requires 'functions.php' to be included first
*
- * Wrap methods of xmlrpc-unaware php classes and xmlrpc-unaware php functions so that they can be used transparently.
+ * Wrap methods of xml-rpc-unaware php classes and xml-rpc-unaware php functions so that they can be used transparently.
*/
use PhpXmlRpc\Response;
/**
* Inner code of the state-number server.
- * Used to test wrapping of PHP functions into xmlrpc methods.
+ * Used to test wrapping of PHP functions into xml-rpc methods.
*
* @param integer $stateNo the state number
*
/**
* A PHP version of the state-number server. Send me an integer and i'll sell you a state.
- * Used to test wrapping of PHP methods into xmlrpc methods.
+ * Used to test wrapping of PHP methods into xml-rpc methods.
*
* @param integer $num
* @return string
<?php
/**
- * XMLRPC server acting as proxy for requests to other servers
- * (useful e.g. for ajax-originated calls that can only connect back to the originating server).
+ * XML-RPC server acting as proxy for requests to other servers
+ * (useful e.g. for js-originated calls that can only connect back to the originating server because of the same-domain policy).
* NB: this is an OPEN RELAY. It is meant as a demo, not to be used in production!
* For an example of a transparent reverse-proxy, see the ReverseProxy class in package phpxmlrpc/extras.
*
+ * The source code demonstrates:
+ * - usage of the PhpXmlRpc\Encoder class to convert between php values and xml-rpc Value objects
+ * - setting of options related to the http transport to a Client
+ * - usage of multiple signatures for one xml-rpc method
+ *
* @author Gaetano Giunta
* @copyright (C) 2006-2023 G. Giunta
* @license code licensed under the BSD License: see file license.txt
// *** NB: WE BLOCK THIS FROM RUNNING BY DEFAULT IN CASE ACCESS IS GRANTED TO IT IN PRODUCTION BY MISTAKE ***
// Comment out the following safeguard if you want to use it as is, but remember: this is an open relay !!!
+// Open relays can easily be abused as trojan horses, allowing access to your private network.
if (!defined('TESTMODE')) {
die("Server disabled by default for safety");
}
use PhpXmlRpc\Server;
/**
- * Forward an xmlrpc request to another server, and return to client the response received.
+ * Forward an xml-rpc request to another server, and return to client the response received.
*
* @param PhpXmlRpc\Request $req (see method docs below for a description of the expected parameters)
* @return PhpXmlRpc\Response
// create client
$timeout = 0;
- $url = $encoder->decode($req->getParam(0));
- // NB: here we should validate the received url, using f.e. a whitelist...
+ $url = $req->getParam(0)->scalarval();
+ // *** NB *** here we should validate the received url, using f.e. a whitelist of approved servers _and protocols_...
+ // fe. any url using the 'file://' protocol might be considered a hacking attempt
$client = new Client($url);
if ($req->getNumParams() > 3) {
}
// build call for remote server
- /// @todo find a way to forward client info (such as IP) to server, either
+ /// @todo find a way to forward client info (such as IP) to the upstream server, either
/// - as xml comments in the payload, or
- /// - using std http header conventions, such as X-forwarded-for...
+ /// - using std http header conventions, such as X-forwarded-for (but public servers should strip
+ /// X-forwarded-for anyway, unless they consider this server as trusted...)
$reqMethod = $req->getParam(1)->scalarval();
- $pars = $req->getParam(2);
$req = new Request($reqMethod);
- foreach ($pars as $par) {
- $req->addParam($par);
+ if ($req->getNumParams() > 1) {
+ $pars = $req->getParam(2);
+ foreach ($pars as $par) {
+ $req->addParam($par);
+ }
}
// add debug info into response we give back to caller
return $client->send($req, $timeout);
}
+// Given that the target server is left to be picked by the caller, it might support the '<NIL/>' xml-rpc extension
+PhpXmlRpc\PhpXmlRpc::$xmlrpc_null_extension = true;
+
// Run the server
// NB: take care not to output anything else after this call, as it will mess up the responses and it will be hard to
// debug. In case you have to do so, at least re-emit a correct Content-Length http header (requires output buffering)
'xmlrpcproxy.call' => array(
'function' => 'forward_request',
'signature' => array(
+ array('mixed', 'string', 'string'),
array('mixed', 'string', 'string', 'array'),
array('mixed', 'string', 'string', 'array', 'struct'),
),
- 'docstring' => 'forwards xmlrpc calls to remote servers. Returns remote method\'s response. Accepts params: remote server url (might include basic auth credentials), method name, array of params, and (optionally) a struct containing call options',
+ 'docstring' => 'forwards xml-rpc calls to remote servers. Returns remote method\'s response. Accepts params: remote server url (might include basic auth credentials), method name, array of params (optional), and a struct containing call options (optional)',
),
)
);
<?php
/**
- * Demo server for xmlrpc library.
+ * Demo server for phpxmlrpc library.
*
- * Implements a lot of webservices, including a suite of services used for interoperability testing (validator1 methods),
- * and some whose only purpose is to be used for unit-testing the library.
- * It also allows the caller to configure specific features by using "out of band" query string parameters.
+ * Implements a lot of webservices, including a suite of services used for interoperability testing (validator1 and
+ * interopEchoTests methods), and some whose only purpose is to be used for testing the library.
+ * It also allows the caller to configure specific server features by using "out of band" query string parameters when
+ * in test mode.
*
* Please _do not_ copy this file verbatim into your production server.
*/
use PhpXmlRpc\Server;
use PhpXmlRpc\Value;
-// Most of the code used to implement the webservices, and their signatures, are stowed away in neatly organized
-// files, each demoing a different topic
+// Most of the code used to implement the webservices, and their signatures, are stowed away in neatly organized files,
+// each demoing a different topic
-// The simplest way of implementing webservices: as xmlrpc-aware global functions
+// The simplest way of implementing webservices: as xml-rpc-aware global functions
$signatures1 = include(__DIR__.'/methodProviders/functions.php');
// Definitions of webservices used for interoperability testing
$signatures3 = include(__DIR__.'/methodProviders/validator1.php');
// And finally a few examples inline
+/// @todo bring back a few, basic examples here
$signatures = array();
$signatures = array_merge($signatures, $signatures1, $signatures2, $signatures3);
if (defined('TESTMODE')) {
- // Webservices used only by the testuite
+ // Webservices used only by the testsuite - do not use them in production
$signatures4 = include(__DIR__.'/methodProviders/testsuite.php');
$signatures5 = include(__DIR__.'/methodProviders/wrapper.php');
$s = new Server($signatures, false);
$s->setDebug(3);
-$s->compress_response = true;
// Out-of-band information: let the client manipulate the server operations.
// We do this to help the testsuite script: do not reproduce in production!
require_once __DIR__ . "/client/_prepend.php";
output('<html lang="en">
-<head><title>xmlrpc</title></head>
+<head><title>phpxmlrpc</title></head>
<body>
');
$w = new PhpXmlRpc\Value($myObject, 'struct');
output("Struct encoding a php object: <PRE>" . htmlentities($w->serialize()) . "</PRE>");
-output("<h3>Testing value serialization - xmlrpc extensions</h3>\n");
+output("<h3>Testing value serialization - xml-rpc extensions</h3>\n");
$v = new PhpXmlRpc\Value(1234, 'i8');
output("I8: <PRE>" . htmlentities($v->serialize()) . "</PRE>");
$v = new PhpXmlRpc\Value(null, 'null');
git://git.onelab.eu / plcapi.git / commitdiff