public static function clean_data($data)
{
if (is_object($data) || is_array($data)) {
$data_array = array();
foreach ($data as $key => $value) {
$clean_key = preg_replace("/[|`<>?;'\"]/", '', (string) $key);
$data_array[$clean_key] = RarsAPI::clean_data($value);
}
return $data_array;
} elseif (is_string($data)) {
// we do not have to do much checking here, the db class protects itself against harmfull chars
if (defined("RARS_CLEAN_DATA_ALLOWED_TAGS")) {
return strip_tags($data, RARS_CLEAN_DATA_ALLOWED_TAGS);
} else {
return $data;
}
} elseif (is_bool($data) || is_int($data) || is_float($data)) {
return $data;
} else {
return null;
}
}
$path_parts = explode("/", $_GET["path"]);
$filename = "";
$classname = "";
$found = false;
$c = 0;
foreach ($path_parts as $pp) {
$c++;
$filename .= "/" . preg_replace("/[^a-z0-9_-]/", '', strtolower($pp));
$classname .= ucfirst(preg_replace("/[^a-z0-9_]/", '', strtolower($pp)));
if (is_file(RARS_BASE_PATH . "api{$filename}.php")) {
$found = true;
break;
}
}
if (!$found) {
RarsAPI::response(null, null, $code = 404);
}
// grab any data or id's data
if ($method == "delete" || $method == "get") {
$data = count($path_parts) == $c + 1 ? RarsAPI::clean_data($path_parts[$c]) : (count($path_parts) == $c + 2 ? RarsAPI::clean_data($path_parts[$c + 1]) : null);
} else {
$data = RarsAPI::clean_data(!empty($_POST) ? $_POST : json_decode(file_get_contents('php://input')));
}
// load resource or throw error
include RARS_BASE_PATH . "api{$filename}.php";
$resource = new $classname();
if (!method_exists($resource, $method)) {
RarsAPI::response(null, null, $code = 405);
}
$response = $resource->{$method}($data);
/* EOF */
