From 5778715c8a02888c49be042506ca16c10c7f8f10 Mon Sep 17 00:00:00 2001
From: gggeek <giunta.gaetano@gmail.com>
Date: Mon, 9 Jan 2023 12:10:07 +0000
Subject: [PATCH] demo improvements

---
 demo/client/agesort.php                    |  6 ++--
 demo/client/getstatename.php               |  4 +--
 demo/client/introspect.php                 |  2 +-
 demo/client/proxy.php                      |  2 +-
 demo/client/which.php                      |  2 +-
 demo/client/wrap.php                       |  4 +--
 demo/server/discuss.php                    | 14 ++++++++-
 demo/server/methodProviders/functions.php  |  4 +--
 demo/server/methodProviders/interop.php    |  2 +-
 demo/server/methodProviders/testsuite.php  |  4 +--
 demo/server/methodProviders/validator1.php |  2 +-
 demo/server/methodProviders/wrapper.php    |  8 ++---
 demo/server/proxy.php                      | 36 +++++++++++++++-------
 demo/server/server.php                     | 19 ++++++------
 demo/vardemo.php                           |  4 +--
 15 files changed, 70 insertions(+), 43 deletions(-)

diff --git a/demo/client/agesort.php b/demo/client/agesort.php
index 7ab2b959..6a599b13 100644
--- a/demo/client/agesort.php
+++ b/demo/client/agesort.php
@@ -2,11 +2,11 @@
 require_once __DIR__ . "/_prepend.php";
 
 output('<html lang="en">
-<head><title>xmlrpc - Agesort demo</title></head>
+<head><title>phpxmlrpc - Agesort demo</title></head>
 <body>
 <h1>Agesort demo</h1>
 <h2>Send an array of "name" => "age" pairs to the server that will send it back sorted.</h2>
-<h3>The code demonstrates usage of automatic encoding/decoding of php variables into xmlrpc values such as arrays and structs</h3>
+<h3>The code demonstrates usage of automatic encoding/decoding of php variables into xml-rpc values such as arrays and structs</h3>
 <p>Have a look at <a href="../vardemo.php">vardemo.php</a> for more examples of manual encoding and decoding</p>
 <p>You can see the source to this page here: <a href="agesort.php?showSource=1">agesort.php</a></p>
 ');
@@ -31,7 +31,7 @@ output('</pre>');
 // Create xml-rpc parameters from the input array: an array of structs
 $encoder = new Encoder();
 $v = $encoder->encode($inAr);
-output("Encoded into xmlrpc format it looks like this: <pre>\n" . htmlentities($v->serialize()) . "</pre>\n");
+output("Encoded into xml-rpc format it looks like this: <pre>\n" . htmlentities($v->serialize()) . "</pre>\n");
 
 // create client and request objects
 $req = new Request('examples.sortByAge', array($v));
diff --git a/demo/client/getstatename.php b/demo/client/getstatename.php
index ee838b56..dfcef9ff 100644
--- a/demo/client/getstatename.php
+++ b/demo/client/getstatename.php
@@ -2,11 +2,11 @@
 require_once __DIR__ . "/_prepend.php";
 
 output('<html lang="en">
-<head><title>xmlrpc - Getstatename demo</title></head>
+<head><title>phpxmlrpc - Getstatename demo</title></head>
 <body>
 <h1>Getstatename demo</h1>
 <h2>Send a U.S. state number to the server and get back the state name</h2>
-<h3>The source code demonstrates basic lib usage, including manual creation and decoding of of xml-rpc values</h3>
+<h3>The source code demonstrates basic lib usage, including manual creation and decoding of xml-rpc values</h3>
 <p>You can see the source to this page here: <a href="getstatename.php?showSource=1">getstatename.php</a></p>
 ');
 
diff --git a/demo/client/introspect.php b/demo/client/introspect.php
index 683ad907..b0919806 100644
--- a/demo/client/introspect.php
+++ b/demo/client/introspect.php
@@ -2,7 +2,7 @@
 require_once __DIR__ . "/_prepend.php";
 
 output('<html lang="en">
-<head><title>xmlrpc - Introspect demo</title></head>
+<head><title>phpxmlrpc - Introspect demo</title></head>
 <body>
 <h1>Introspect demo</h1>
 <h2>Query server for available methods, their description and their signatures</h2>
diff --git a/demo/client/proxy.php b/demo/client/proxy.php
index f776c023..35b70584 100644
--- a/demo/client/proxy.php
+++ b/demo/client/proxy.php
@@ -2,7 +2,7 @@
 require_once __DIR__ . "/_prepend.php";
 
 output('<html lang="en">
-<head><title>xmlrpc - Proxy demo</title></head>
+<head><title>phpxmlrpc - Proxy demo</title></head>
 <body>
 <h1>proxy demo</h1>
 <h2>Query server using a "proxy" object</h2>
diff --git a/demo/client/which.php b/demo/client/which.php
index 07fb3dc6..21f06e7b 100644
--- a/demo/client/which.php
+++ b/demo/client/which.php
@@ -2,7 +2,7 @@
 require_once __DIR__ . "/_prepend.php";
 
 output('<html lang="en">
-<head><title>xmlrpc - Which toolkit demo</title></head>
+<head><title>phpxmlrpc - Which toolkit demo</title></head>
 <body>
 <h1>Which toolkit demo</h1>
 <h2>Query server for toolkit information</h2>
diff --git a/demo/client/wrap.php b/demo/client/wrap.php
index a97e1685..aaf7b70a 100644
--- a/demo/client/wrap.php
+++ b/demo/client/wrap.php
@@ -2,14 +2,14 @@
 require_once __DIR__ . "/_prepend.php";
 
 output('<html lang="en">
-<head><title>xmlrpc - Webservice wrapper demo</title></head>
+<head><title>phpxmlrpc - Webservice wrapper demo</title></head>
 <body>
 <h1>Webservice wrapper demo</h1>
 
 <h2>Wrap methods exposed by server into php functions</h2>
 
 <h3>The code demonstrates usage of some of the most automagic client usage possible:<br/>
-    1) client that returns php values instead of xmlrpc value objects<br/>
+    1) client that returns php values instead of xml-rpc Value objects<br/>
     2) wrapping of remote methods into php functions<br/>
     See also proxy.php for an alternative take
 </h3>
diff --git a/demo/server/discuss.php b/demo/server/discuss.php
index 6ee592c8..2a490043 100644
--- a/demo/server/discuss.php
+++ b/demo/server/discuss.php
@@ -1,7 +1,12 @@
 <?php
 /**
  * A basic comment server. Given an ID it will store a list of names and comment texts against it.
- * It uses a SQLite DB database for storage.
+ * It uses a SQLite3 database for storage.
+ *
+ * The source code demonstrates:
+ * - registration of php class methods as xml-rpc method handlers
+ * - usage as method handlers of php code which is completely unaware of xml-rpc, via the Server's properties
+ *   `$functions_parameters_type` and `$exception_handling`
  */
 
 require_once __DIR__ . "/_prepend.php";
@@ -20,6 +25,9 @@ class CommentManager
     }
 
     /**
+     * NB: we know for a fact that this will be called with 3 string arguments because of the signature used to register
+     * this method in the dispatch map. But nothing prevents the client from sending empty strings, nor sql-injection attempts!
+     *
      * @param string $msgID
      * @param string $name
      * @param string $comment
@@ -36,6 +44,7 @@ class CommentManager
         $statement->bindValue(':name', $name);
         $statement->bindValue(':comment', $comment);
         $statement->execute();
+
         /// @todo this insert-then-count is not really atomic - we should use a transaction
 
         $statement = $db->prepare("SELECT count(*) AS tot FROM comments WHERE msg_id = :id");
@@ -51,6 +60,9 @@ class CommentManager
     }
 
     /**
+     * NB: we know for a fact that this will be called with 1 strin arguments because of the signature used to register
+     * this method in the dispatch map. But nothing prevents the client from sending empty strings, nor sql-injection attempts!
+     *
      * @param string $msgID
      * @return Response|array[]
      * @throws \Exception
diff --git a/demo/server/methodProviders/functions.php b/demo/server/methodProviders/functions.php
index d2ccc84d..dededd81 100644
--- a/demo/server/methodProviders/functions.php
+++ b/demo/server/methodProviders/functions.php
@@ -1,11 +1,11 @@
 <?php
 /**
- * Defines functions and signatures which can be registered as methods exposed by an XMLRPC Server
+ * Defines functions and signatures which can be registered as methods exposed by an XML-RPC Server
  *
  * To use this, use something akin to:
  * $signatures = include('functions.php');
  *
- * Simplest possible way to implement webservices: create xmlrpc-aware php functions in the global namespace
+ * Simplest possible way to implement webservices: create xml-rpc-aware php functions in the global namespace
  */
 
 use PhpXmlRpc\Encoder;
diff --git a/demo/server/methodProviders/interop.php b/demo/server/methodProviders/interop.php
index b911cb62..54f00d40 100644
--- a/demo/server/methodProviders/interop.php
+++ b/demo/server/methodProviders/interop.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Defines functions and signatures which can be registered as methods exposed by an XMLRPC Server.
+ * Defines functions and signatures which can be registered as methods exposed by an XML-RPC Server.
  *
  * To use this, use something akin to:
  * $signatures = include('interop.php');
diff --git a/demo/server/methodProviders/testsuite.php b/demo/server/methodProviders/testsuite.php
index a76566c5..61b79d0c 100644
--- a/demo/server/methodProviders/testsuite.php
+++ b/demo/server/methodProviders/testsuite.php
@@ -1,11 +1,11 @@
 <?php
 /**
- * Defines functions and signatures which can be registered as methods exposed by an XMLRPC Server.
+ * Defines functions and signatures which can be registered as methods exposed by an XML-RPC Server.
  *
  * To use this, use something akin to:
  * $signatures = include('tests.php');
  *
- * Methods used by the xmlrpc testsuite
+ * Methods used by the phpxmlrpc testsuite
  */
 
 use PhpXmlRpc\Encoder;
diff --git a/demo/server/methodProviders/validator1.php b/demo/server/methodProviders/validator1.php
index f2f66012..4024eb6a 100644
--- a/demo/server/methodProviders/validator1.php
+++ b/demo/server/methodProviders/validator1.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Defines functions and signatures which can be registered as methods exposed by an XMLRPC Server
+ * Defines functions and signatures which can be registered as methods exposed by an XML-RPC Server
  *
  * To use this, use something akin to:
  * $signatures = include('validator1.php');
diff --git a/demo/server/methodProviders/wrapper.php b/demo/server/methodProviders/wrapper.php
index 07069009..488b9777 100644
--- a/demo/server/methodProviders/wrapper.php
+++ b/demo/server/methodProviders/wrapper.php
@@ -1,12 +1,12 @@
 <?php
 /**
- * Defines functions and signatures which can be registered as methods exposed by an XMLRPC Server
+ * Defines functions and signatures which can be registered as methods exposed by an XML-RPC Server
  *
  * To use this, use something akin to:
  * $signatures = include('wrapper.php');
  * NB: requires 'functions.php' to be included first
  *
- * Wrap methods of xmlrpc-unaware php classes and xmlrpc-unaware php functions so that they can be used transparently.
+ * Wrap methods of xml-rpc-unaware php classes and xml-rpc-unaware php functions so that they can be used transparently.
  */
 
 use PhpXmlRpc\Response;
@@ -16,7 +16,7 @@ use PhpXmlRpc\Value;
 
 /**
  * Inner code of the state-number server.
- * Used to test wrapping of PHP functions into xmlrpc methods.
+ * Used to test wrapping of PHP functions into xml-rpc methods.
  *
  * @param integer $stateNo the state number
  *
@@ -80,7 +80,7 @@ class xmlrpcServerMethodsContainer
 
     /**
      * A PHP version of the state-number server. Send me an integer and i'll sell you a state.
-     * Used to test wrapping of PHP methods into xmlrpc methods.
+     * Used to test wrapping of PHP methods into xml-rpc methods.
      *
      * @param integer $num
      * @return string
diff --git a/demo/server/proxy.php b/demo/server/proxy.php
index 8950a7e6..95b4390f 100644
--- a/demo/server/proxy.php
+++ b/demo/server/proxy.php
@@ -1,10 +1,15 @@
 <?php
 /**
- * XMLRPC server acting as proxy for requests to other servers
- * (useful e.g. for ajax-originated calls that can only connect back to the originating server).
+ * XML-RPC server acting as proxy for requests to other servers
+ * (useful e.g. for js-originated calls that can only connect back to the originating server because of the same-domain policy).
  * NB: this is an OPEN RELAY. It is meant as a demo, not to be used in production!
  * For an example of a transparent reverse-proxy, see the ReverseProxy class in package phpxmlrpc/extras.
  *
+ * The source code demonstrates:
+ * - usage of the PhpXmlRpc\Encoder class to convert between php values and xml-rpc Value objects
+ * - setting of options related to the http transport to a Client
+ * - usage of multiple signatures for one xml-rpc method
+ *
  * @author Gaetano Giunta
  * @copyright (C) 2006-2023 G. Giunta
  * @license code licensed under the BSD License: see file license.txt
@@ -14,6 +19,7 @@ require_once __DIR__ . "/_prepend.php";
 
 // *** NB: WE BLOCK THIS FROM RUNNING BY DEFAULT IN CASE ACCESS IS GRANTED TO IT IN PRODUCTION BY MISTAKE ***
 // Comment out the following safeguard if you want to use it as is, but remember: this is an open relay !!!
+// Open relays can easily be abused as trojan horses, allowing access to your private network.
 if (!defined('TESTMODE')) {
     die("Server disabled by default for safety");
 }
@@ -24,7 +30,7 @@ use PhpXmlRpc\Request;
 use PhpXmlRpc\Server;
 
 /**
- * Forward an xmlrpc request to another server, and return to client the response received.
+ * Forward an xml-rpc request to another server, and return to client the response received.
  *
  * @param PhpXmlRpc\Request $req (see method docs below for a description of the expected parameters)
  * @return PhpXmlRpc\Response
@@ -35,8 +41,9 @@ function forward_request($req)
 
     // create client
     $timeout = 0;
-    $url = $encoder->decode($req->getParam(0));
-    // NB: here we should validate the received url, using f.e. a whitelist...
+    $url = $req->getParam(0)->scalarval();
+    // *** NB *** here we should validate the received url, using f.e. a whitelist of approved servers _and protocols_...
+    //            fe. any url using the 'file://' protocol might be considered a hacking attempt
     $client = new Client($url);
 
     if ($req->getNumParams() > 3) {
@@ -68,14 +75,17 @@ function forward_request($req)
     }
 
     // build call for remote server
-    /// @todo find a way to forward client info (such as IP) to server, either
+    /// @todo find a way to forward client info (such as IP) to the upstream server, either
     ///       - as xml comments in the payload, or
-    ///       - using std http header conventions, such as X-forwarded-for...
+    ///       - using std http header conventions, such as X-forwarded-for (but public servers should strip
+    ///         X-forwarded-for anyway, unless they consider this server as trusted...)
     $reqMethod = $req->getParam(1)->scalarval();
-    $pars = $req->getParam(2);
     $req = new Request($reqMethod);
-    foreach ($pars as $par) {
-        $req->addParam($par);
+    if ($req->getNumParams() > 1) {
+        $pars = $req->getParam(2);
+        foreach ($pars as $par) {
+            $req->addParam($par);
+        }
     }
 
     // add debug info into response we give back to caller
@@ -84,6 +94,9 @@ function forward_request($req)
     return $client->send($req, $timeout);
 }
 
+// Given that the target server is left to be picked by the caller, it might support the '<NIL/>' xml-rpc extension
+PhpXmlRpc\PhpXmlRpc::$xmlrpc_null_extension = true;
+
 // Run the server
 // NB: take care not to output anything else after this call, as it will mess up the responses and it will be hard to
 // debug. In case you have to do so, at least re-emit a correct Content-Length http header (requires output buffering)
@@ -92,10 +105,11 @@ $server = new Server(
         'xmlrpcproxy.call' => array(
             'function' => 'forward_request',
             'signature' => array(
+                array('mixed', 'string', 'string'),
                 array('mixed', 'string', 'string', 'array'),
                 array('mixed', 'string', 'string', 'array', 'struct'),
             ),
-            'docstring' => 'forwards xmlrpc calls to remote servers. Returns remote method\'s response. Accepts params: remote server url (might include basic auth credentials), method name, array of params, and (optionally) a struct containing call options',
+            'docstring' => 'forwards xml-rpc calls to remote servers. Returns remote method\'s response. Accepts params: remote server url (might include basic auth credentials), method name, array of params (optional), and a struct containing call options (optional)',
         ),
     )
 );
diff --git a/demo/server/server.php b/demo/server/server.php
index d8737750..93691b66 100644
--- a/demo/server/server.php
+++ b/demo/server/server.php
@@ -1,10 +1,11 @@
 <?php
 /**
- * Demo server for xmlrpc library.
+ * Demo server for phpxmlrpc library.
  *
- * Implements a lot of webservices, including a suite of services used for interoperability testing (validator1 methods),
- * and some whose only purpose is to be used for unit-testing the library.
- * It also allows the caller to configure specific features by using "out of band" query string parameters.
+ * Implements a lot of webservices, including a suite of services used for interoperability testing (validator1 and
+ * interopEchoTests methods), and some whose only purpose is to be used for testing the library.
+ * It also allows the caller to configure specific server features by using "out of band" query string parameters when
+ * in test mode.
  *
  * Please _do not_ copy this file verbatim into your production server.
  */
@@ -16,10 +17,10 @@ use PhpXmlRpc\Response;
 use PhpXmlRpc\Server;
 use PhpXmlRpc\Value;
 
-// Most of the code used to implement the webservices, and their signatures, are stowed away in neatly organized
-// files, each demoing a different topic
+// Most of the code used to implement the webservices, and their signatures, are stowed away in neatly organized files,
+// each demoing a different topic
 
-// The simplest way of implementing webservices: as xmlrpc-aware global functions
+// The simplest way of implementing webservices: as xml-rpc-aware global functions
 $signatures1 = include(__DIR__.'/methodProviders/functions.php');
 
 // Definitions of webservices used for interoperability testing
@@ -27,12 +28,13 @@ $signatures2 = include(__DIR__.'/methodProviders/interop.php');
 $signatures3 = include(__DIR__.'/methodProviders/validator1.php');
 
 // And finally a few examples inline
+/// @todo bring back a few, basic examples here
 $signatures = array();
 
 $signatures = array_merge($signatures, $signatures1, $signatures2, $signatures3);
 
 if (defined('TESTMODE')) {
-    // Webservices used only by the testuite
+    // Webservices used only by the testsuite - do not use them in production
     $signatures4 = include(__DIR__.'/methodProviders/testsuite.php');
     $signatures5 = include(__DIR__.'/methodProviders/wrapper.php');
 
@@ -44,7 +46,6 @@ PhpXmlRpc::$xmlrpc_null_extension = true;
 
 $s = new Server($signatures, false);
 $s->setDebug(3);
-$s->compress_response = true;
 
 // Out-of-band information: let the client manipulate the server operations.
 // We do this to help the testsuite script: do not reproduce in production!
diff --git a/demo/vardemo.php b/demo/vardemo.php
index 66ed3ea7..22c54295 100644
--- a/demo/vardemo.php
+++ b/demo/vardemo.php
@@ -2,7 +2,7 @@
 require_once __DIR__ . "/client/_prepend.php";
 
 output('<html lang="en">
-<head><title>xmlrpc</title></head>
+<head><title>phpxmlrpc</title></head>
 <body>
 ');
 
@@ -76,7 +76,7 @@ $myObject->public = new \PhpXmlRpc\Value('a public property, wrapped');
 $w = new PhpXmlRpc\Value($myObject, 'struct');
 output("Struct encoding a php object: <PRE>" . htmlentities($w->serialize()) . "</PRE>");
 
-output("<h3>Testing value serialization - xmlrpc extensions</h3>\n");
+output("<h3>Testing value serialization - xml-rpc extensions</h3>\n");
 $v = new PhpXmlRpc\Value(1234, 'i8');
 output("I8: <PRE>" . htmlentities($v->serialize()) . "</PRE>");
 $v = new PhpXmlRpc\Value(null, 'null');
-- 
2.47.0