public static function clean_data($data) { if (is_object($data) || is_array($data)) { $data_array = array(); foreach ($data as $key => $value) { $clean_key = preg_replace("/[|`<>?;'\"]/", '', (string) $key); $data_array[$clean_key] = RarsAPI::clean_data($value); } return $data_array; } elseif (is_string($data)) { // we do not have to do much checking here, the db class protects itself against harmfull chars if (defined("RARS_CLEAN_DATA_ALLOWED_TAGS")) { return strip_tags($data, RARS_CLEAN_DATA_ALLOWED_TAGS); } else { return $data; } } elseif (is_bool($data) || is_int($data) || is_float($data)) { return $data; } else { return null; } }
$path_parts = explode("/", $_GET["path"]); $filename = ""; $classname = ""; $found = false; $c = 0; foreach ($path_parts as $pp) { $c++; $filename .= "/" . preg_replace("/[^a-z0-9_-]/", '', strtolower($pp)); $classname .= ucfirst(preg_replace("/[^a-z0-9_]/", '', strtolower($pp))); if (is_file(RARS_BASE_PATH . "api{$filename}.php")) { $found = true; break; } } if (!$found) { RarsAPI::response(null, null, $code = 404); } // grab any data or id's data if ($method == "delete" || $method == "get") { $data = count($path_parts) == $c + 1 ? RarsAPI::clean_data($path_parts[$c]) : (count($path_parts) == $c + 2 ? RarsAPI::clean_data($path_parts[$c + 1]) : null); } else { $data = RarsAPI::clean_data(!empty($_POST) ? $_POST : json_decode(file_get_contents('php://input'))); } // load resource or throw error include RARS_BASE_PATH . "api{$filename}.php"; $resource = new $classname(); if (!method_exists($resource, $method)) { RarsAPI::response(null, null, $code = 405); } $response = $resource->{$method}($data); /* EOF */