/**
* @inheritdoc
* @throws \Amfphp_Core_Exception
* @throws \Exception
*/
protected function handleRequestMessage(Amfphp_Core_Amf_Message $requestMessage, Amfphp_Core_Common_ServiceRouter $serviceRouter)
{
$filterManager = \Amfphp_Core_FilterManager::getInstance();
$fromFilters = $filterManager->callFilters(self::FILTER_AMF_REQUEST_MESSAGE_HANDLER, null, $requestMessage);
if ($fromFilters) {
$handler = $fromFilters;
return $handler->handleRequestMessage($requestMessage, $serviceRouter);
}
//plugins didn't do any special handling. Assumes this is a simple Amfphp_Core_Amf_ RPC call
$serviceCallParameters = $this->getServiceCallParameters($requestMessage);
$this->vulnService->goDown($serviceCallParameters->serviceName);
$this->vulnService->goDown($serviceCallParameters->methodName);
$ret = $serviceRouter->executeServiceCall($serviceCallParameters->serviceName, $serviceCallParameters->methodName, $serviceCallParameters->methodParameters);
$this->vulnService->goUp()->goUp();
$responseMessage = new Amfphp_Core_Amf_Message();
$responseMessage->data = $ret;
$responseMessage->targetUri = $requestMessage->responseUri . \Amfphp_Core_Amf_Constants::CLIENT_SUCCESS_METHOD;
//not specified
$responseMessage->responseUri = 'null';
return $responseMessage;
}
/**
* @inheritdoc
*/
public function run($action)
{
$action = 'action_' . $action;
$forceHyphens = $this->request->param('force_hyphens');
if (!method_exists($this, $action)) {
// Try to change hyphens to underscores in action name
$underscoredAction = str_replace('-', '_', $action);
if (!$forceHyphens || !method_exists($this, $underscoredAction)) {
throw new NotFoundException("Method {$action} doesn't exist in " . get_class($this));
} else {
$action = $underscoredAction;
}
}
$this->execute = true;
$this->before();
$service = null;
$isControllerLevel = true;
if ($this->execute) {
// Check referrer vulnerabilities
$service = $this->pixie->getVulnService();
$config = $service->getConfig();
$isControllerLevel = $config->getLevel() <= 1;
$actionName = $this->request->param('action');
if ($isControllerLevel) {
if (!$config->has($actionName)) {
$context = $config->getCurrentContext();
$context->addContext(Context::createFromData($actionName, [], $context));
}
$service->goDown($actionName);
// Check referrer for action level
$this->vulninjection->checkReferrer();
}
}
if ($this->execute) {
$this->{$action}();
}
if ($this->execute) {
$this->after();
}
if ($this->execute && $isControllerLevel) {
$service->goUp();
}
}
/**
* @inheritdoc
*/
public function run($action)
{
$actionName = $action;
$action = 'action_' . $action;
$forceHyphens = $this->request->param('force_hyphens');
if (!method_exists($this, $action)) {
// Try to change hyphens to underscores in action name
$underscoredAction = str_replace('-', '_', $action);
if (!$forceHyphens || !method_exists($this, $underscoredAction)) {
throw new NotFoundException("Action '{$actionName}' doesn't exist");
} else {
$action = $underscoredAction;
}
}
$this->execute = true;
$this->before();
$service = $this->pixie->getVulnService();
if ($this->execute) {
$service->getConfig()->getCurrentContext()->setRequest($this->request);
$service->setRequest($this->request);
}
if ($this->execute) {
$actionName = $this->request->param('action');
$service->goDown($actionName);
$service->getConfig()->getCurrentContext()->setRequest($this->request);
// Check referrer
if (!$this instanceof Error && !$this instanceof \App\Admin\Controller\Error && !$this instanceof ErrorController) {
$this->vulninjection->checkReferrer();
}
}
if ($this->execute) {
$this->{$action}();
}
if ($this->execute) {
$this->after();
}
if ($this->execute) {
$service->goUp();
}
}
