public static function load($in_type_name) { /* determine and sanitise the type and name */ $parts = explode('/', str_replace('.', '', substr($in_type_name, 0, 1024))); if (count($parts) != 2) { CinsImpError::malformed('Plugin type-name must be of form: <type>/<name>'); } $type = $parts[0] . 's'; $name = $parts[1]; unset($parts); /* load the main plugin definition file */ global $config; $plugin_base = $config->base . 'plugins/' . $type . '/' . $name . '/'; $plugin_file_path = $plugin_base . $name . '.js'; if (!file_exists($plugin_file_path)) { CinsImpError::missing('Plugin', $plugin_file_path); } $plugin_file = file_get_contents($plugin_file_path); /* output the file to the requestor */ Util::response_is_ajax_only(); print $plugin_file; }
public static function handle_request() { global $g_error_log; global $config; /* handle debug test mode; ?io=test */ $debug = false; if (isset($_REQUEST['debug']) && $_REQUEST['debug'] == true) { $debug = true; } if (!$config->debug && $debug) { Util::respond_with_http_error(403, 'Forbidden'); } if ($_REQUEST['io'] == 'test') { $debug = true; if (!$config->debug && $debug) { Util::respond_with_http_error(403, 'Forbidden'); } Gateway::print_test_form(''); exit; } /* normal processing of AJAX request */ Util::response_is_ajax_only(); /* log errors with custom handler and process at conclusion of request */ //set_error_handler(array('Gateway', 'custom_error_handler')); /* in testing, it may be useful to be able to submit a request in this way */ if (isset($_REQUEST['request'])) { $inbound = $_REQUEST['request']; } else { $inbound = ''; } /* invoke the method as specified in the cmd field of the request */ $outbound = array(); try { if ($inbound != '') { $inbound = json_decode($inbound, true); } else { $inbound = json_decode(@file_get_contents('php://input'), true); } if ($inbound === null) { CinsImpError::malformed('JSON input malformed'); } $outbound['cmd'] = $inbound['cmd']; try { $action_method = new ReflectionMethod('Gateway', $inbound['cmd']); } catch (Exception $err) { throw new Exception("Gateway: Command " . $inbound['cmd'] . " unrecognised."); } $outbound = $action_method->invoke(null, $inbound, $outbound); } catch (Exception $err) { $err = new CinsImpError($err); $outbound = array(); $outbound['cmd'] = 'error'; $outbound['msg'] = 'Server: ' . $err->getMessage() . ': ' . $err->getDetail(); $outbound['cde'] = $err->getID(); } /* if we're debugging the gateway, output the response on the test form, otherwise send a standard JSON response */ if ($debug) { Gateway::print_test_form(json_encode($outbound, JSON_PRETTY_PRINT)); } else { header('Content-type: application/json'); print json_encode($outbound); } }
public static function keys_required(&$in_array, $in_keys) { if (!is_array($in_array)) { CinsImpError::malformed('Input is not an array'); } foreach ($in_keys as $key) { if (!array_key_exists($key, $in_array)) { CinsImpError::malformed('"' . $key . '" missing from request'); } } }
public function stack_save_card($card) { $this->_check_growability(); // ** TODO ** some card properties, such as Cant_Delete, Marked, Dont_search, script // might only be available in certain user-levels? may want to check later during a security audit Util::keys_required($card, array('id')); $card_id = intval($card['id']); $this->file_db->beginTransaction(); $sql = Stack::_sql_optional_update('card', $card, array('name:str255', 'cant_delete:bool', 'dont_search:bool', 'marked:bool', 'script:text16', 'art:image', 'art_hidden:bool')); if ($sql !== null) { $stmt = $this->file_db->prepare($sql['sql'] . ' WHERE id=?'); $sql['params'][] = $card_id; $stmt->execute($sql['params']); } if (array_key_exists('objects', $card)) { $this->_save_layer_parts(-$card_id, $card['objects']); } if (array_key_exists('content', $card)) { if (!is_array($card['content'])) { CinsImpError::malformed('layer content must be an array'); } $this->file_db->exec('DELETE FROM card_data WHERE card_id=' . $card_id); $stmt = $this->file_db->prepare('INSERT INTO card_data (card_id,bkgnd_object_id,content) VALUES (?,?,?)'); foreach ($card['content'] as $content_def) { if (count($content_def) != 2) { CinsImpError::malformed('card content form is not [id,content]'); } $content = $content_def[1]; $content_def[1] = null; Stack::_sql_type_verify($content, 'text20'); $def = array($card_id, intval($content_def[0]), $content); $stmt->execute($def); } } $this->file_db->commit(); return $card_id; }