}
if ($wstype == 1) {
- if (!class_exists('\PhpXmlRpc\JsonRpc\Client')) {
- die('Error: to debug the jsonrpc protocol the phpxmlrpc/jsonrpc package is needed');
- }
$clientClass = '\PhpXmlRpc\JsonRpc\Client';
$requestClass = '\PhpXmlRpc\JsonRpc\Request';
$protoName = 'JSON-RPC';
"<input type=\"hidden\" name=\"methodpayload\" value=\"" . htmlspecialchars($payload, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"altmethodpayload\" value=\"" . htmlspecialchars($alt_payload, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"wstype\" value=\"$wstype\" />" .
- "<input type=\"hidden\" name=\"run\" value=\"now\" />" .
"<input type=\"hidden\" name=\"action\" value=\"wrap\" />" .
+ "<input type=\"hidden\" name=\"run\" value=\"now\" />" .
"<input type=\"submit\" value=\"Generate method call stub code\" />";
echo "</form></td></tr>\n";
}
<li>Run a 'list available methods' action against desired server</li>
<li>If list of methods appears, click on 'describe method' for desired method</li>
<li>To run method: click on 'load method synopsis' for desired method. This will load a skeleton for method call
- parameters in the form above. Complete all xmlrpc values with appropriate data and click 'Execute'
+ parameters in the form above. Complete all xml-rpc values with appropriate data and click 'Execute'
</li>
</ol>
<?php
<h3>Changelog</h3>
<ul>
+ <li>2023-XX-YY: display in the top row the version of the libraries in use; fixes for the json-rpc debugger</li>
<li>2022-12-18: fix XSS vulnerability in the debugger; load jsxmlrpc from CDN; minor improvements</li>
<li>2022-11-28: allow to use http/2 protocol; two security issues fixed in the underlying library</li>
<li>2020-12-11: fix problems with running the debugger on php 8</li>
</li>
<li>2006-04-22: added option for setting custom CA certs to verify peer with in SSLmode</li>
<li>2006-03-05: added option for setting Basic/Digest/NTLM auth type</li>
- <li>2006-01-18: added option echoing to screen xmlrpc request before sending it ('More' debug)</li>
+ <li>2006-01-18: added option echoing to screen xml-rpc request before sending it ('More' debug)</li>
<li>2005-10-01: added option for setting cookies to be sent to server</li>
<li>2005-08-07: added switches for compression of requests and responses and http 1.1</li>
<li>2005-06-27: fixed possible security breach in parsing malformed xml</li>
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
function stripslashes_deep($value)
{
- $value = is_array($value) ?
- array_map('stripslashes_deep', $value) :
- stripslashes($value);
+ $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
return $value;
}
$_GET = array_map('stripslashes_deep', $_GET);
}
-$preferredEncodings = 'UTF-8, ASCII, ISO-8859-1, UTF-7, EUC-JP, SJIS, eucJP-win, SJIS-win, JIS, ISO-2022-JP';
-$inputcharset = mb_detect_encoding(urldecode($_SERVER['REQUEST_URI']), $preferredEncodings);
-if (isset($_GET['usepost']) && $_GET['usepost'] === 'true') {
- $_GET = $_POST;
- $inputcharset = mb_detect_encoding(implode('', $_GET), $preferredEncodings);
+if (function_exists('mb_detect_encoding')) {
+ $preferredEncodings = 'UTF-8, ASCII, ISO-8859-1, UTF-7, EUC-JP, SJIS, eucJP-win, SJIS-win, JIS, ISO-2022-JP';
+ if (isset($_GET['usepost']) && $_GET['usepost'] === 'true') {
+ $_GET = $_POST;
+ $inputcharset = mb_detect_encoding(implode('', $_GET), $preferredEncodings);
+ } else {
+ $inputcharset = mb_detect_encoding(urldecode($_SERVER['REQUEST_URI']), $preferredEncodings);
+ }
+} else {
+ /// @todo do is there a better strategy? At least for the POST case, there is probably an http header to look at...
+ $inputcharset = 'UTF8';
}
/// @todo if $inputcharset is not UTF8, we should probably re-encode $_GET to make it UTF-8
// recover input parameters
/// @todo instead of using globals, move them to an array. Also: use a class for this parsing...
-$debug = false;
+$debug = 0;
$protocol = 0;
$run = false;
+$hasjsonrpcclient = class_exists('\PhpXmlRpc\JsonRpc\Client');
$wstype = defined('DEFAULT_WSTYPE') ? DEFAULT_WSTYPE : 0;
$id = '';
if (isset($_GET['action'])) {
if (isset($_GET['wstype']) && ($_GET['wstype'] == '1' || $_GET['wstype'] == '0')) {
$wstype = (int)$_GET['wstype'];
- if ($wstype == 1 && isset($_GET['id'])) {
+ if ($wstype === 1 && !$hasjsonrpcclient) {
+ $wstype = 0;
+ }
+ if ($wstype === 1 && isset($_GET['id'])) {
$id = $_GET['id'];
}
}
- $host = isset($_GET['host']) ? $_GET['host'] : 'localhost'; // using '' will trigger an xmlrpc error...
+ $host = isset($_GET['host']) ? $_GET['host'] : 'localhost'; // using '' will trigger an xml-rpc error...
if (isset($_GET['protocol']) && ($_GET['protocol'] == '1' || $_GET['protocol'] == '2' || $_GET['protocol'] == '3'
|| $_GET['protocol'] == '4')) {
- $protocol = $_GET['protocol'];
+ $protocol = (int)$_GET['protocol'];
}
if (strpos($host, 'http://') === 0) {
// NB: if protocol is https or h2, it will override http://
$protocol = 2;
}
}
- $port = isset($_GET['port']) ? $_GET['port'] : '';
+ $port = isset($_GET['port']) ? (int)$_GET['port'] : '';
+ if ($port === 0) {
+ $port = '';
+ }
$path = isset($_GET['path']) ? $_GET['path'] : '';
- // in case user forgot initial '/' in xmlrpc server path, add it back
+ // in case user forgot initial '/' in xml-rpc server path, add it back
if ($path && ($path[0]) != '/') {
$path = '/' . $path;
}
if (isset($_GET['debug']) && ($_GET['debug'] == '1' || $_GET['debug'] == '2')) {
- $debug = $_GET['debug'];
+ $debug = (int)$_GET['debug'];
}
$verifyhost = (isset($_GET['verifyhost']) && ($_GET['verifyhost'] == '1' || $_GET['verifyhost'] == '2')) ? $_GET['verifyhost'] : 0;
if (strpos($proxy, 'http://') === 0) {
$proxy = substr($proxy, 7);
}
+ /// @todo what about an https proxy?
$proxyuser = isset($_GET['proxyuser']) ? $_GET['proxyuser'] : '';
$proxypwd = isset($_GET['proxypwd']) ? $_GET['proxypwd'] : '';
- $timeout = isset($_GET['timeout']) ? $_GET['timeout'] : 0;
- if (!is_numeric($timeout)) {
- $timeout = 0;
- }
+ $timeout = isset($_GET['timeout']) ? (int)$_GET['timeout'] : 0;
$action = $_GET['action'];
$method = isset($_GET['method']) ? $_GET['method'] : '';
$username = isset($_GET['username']) ? $_GET['username'] : '';
$password = isset($_GET['password']) ? $_GET['password'] : '';
- $authtype = (isset($_GET['authtype']) && ($_GET['authtype'] == '2' || $_GET['authtype'] == '8')) ? $_GET['authtype'] : 1;
+ $authtype = (isset($_GET['authtype']) && ($_GET['authtype'] == '2' || $_GET['authtype'] == '8')) ? (int)$_GET['authtype'] : 1;
if (isset($_GET['requestcompression']) && ($_GET['requestcompression'] == '1' || $_GET['requestcompression'] == '2')) {
- $requestcompression = $_GET['requestcompression'];
+ (int)$requestcompression = $_GET['requestcompression'];
} else {
$requestcompression = 0;
}
if (isset($_GET['responsecompression']) && ($_GET['responsecompression'] == '1' || $_GET['responsecompression'] == '2' || $_GET['responsecompression'] == '3')) {
- $responsecompression = $_GET['responsecompression'];
+ $responsecompression = (int)$_GET['responsecompression'];
} else {
$responsecompression = 0;
}
$clientcookies = '';
}
-// check input for known XMLRPC attacks against this or other libs
+// check input for known attacks against this or other libs
function payload_is_safe($input)
{
return true;
$haseditor = false;
$editorurlpath = null;
-// @const JSXMLRPC_BASEURL Url to the visual xmlrpc editing dialog's containing folder. We allow to easily configure this
+// @const JSXMLRPC_BASEURL Url to the visual xml-rpc editing dialog's containing folder. We allow to easily configure this
if (defined('JSXMLRPC_BASEURL')) {
$editorurlpath = JSXMLRPC_BASEURL;
$haseditor = true;
} else {
/// @deprecated
- /// @const JSXMLRPC_PATH Path to the visual xmlrpc editing dialog's containing folder. Can be absolute, or
+ /// @const JSXMLRPC_PATH Path to the visual xml-rpc editing dialog's containing folder. Can be absolute, or
/// relative to this debugger's folder.
if (defined('JSXMLRPC_PATH')) {
$editorpaths = array(JSXMLRPC_PATH[0] === '/' ? JSXMLRPC_PATH : (__DIR__ . '/' . JSXMLRPC_PATH));
if (window.name != 'frmcontroller')
top.location.replace('index.php?run=' + escape(self.location));
</script>
- <!-- xmlrpc/jsonrpc base library -->
+ <!-- xml-rpc/json-rpc base library -->
<script type="module">
import {base64_decode} from 'https://cdn.jsdelivr.net/npm/@jsxmlrpc/jsxmlrpc@0.6/lib/index.js';
window.base64_decode = base64_decode;
</script>
</head>
<body
- onload="<?php if (class_exists('\PhpXmlRpc\JsonRpc\Client')) echo "switchtransport($wstype); " ?>switchaction(); switchssl(); switchauth(); swicthcainfo();<?php if ($run) {
+ onload="<?php if ($hasjsonrpcclient) echo "switchtransport($wstype); " ?>switchaction(); switchssl(); switchauth(); swicthcainfo();<?php if ($run) {
echo ' document.forms[2].submit();';
} ?>">
<h1>XML-RPC
-<?php if (class_exists('\PhpXmlRpc\JsonRpc\Client')) {
+<?php if ($hasjsonrpcclient) {
echo '<form name="frmxmlrpc" style="display: inline;" action="."><input name="yes" type="radio" onclick="switchtransport(0);"';
+ // q: does this if make sense at all?
if (!class_exists('\PhpXmlRpc\Client')) echo ' disabled="disabled"';
echo ' /></form> / <form name="frmjsonrpc" style="display: inline;" action="."><input name="yes" type="radio" onclick="switchtransport(1);"/></form>
JSON-RPC';
git://git.onelab.eu / plcapi.git / commitdiff