Example #1
0
function VerifyPageArguments($argspec, $required)
{
    global $drewheader;
    if ($drewheader) {
        trigger_error("PAGEHEADER called before VerifyPageArguments " . "(called by RequiredPageArguments or OptionalPageArguments). " . "Won't be able to return proper HTTP status code on Error " . "in " . $_SERVER['SCRIPT_FILENAME'] . ",", E_USER_WARNING);
    }
    $result = array();
    while ($argspec and count($argspec) > 1) {
        $name = array_shift($argspec);
        $type = array_shift($argspec);
        $yep = 0;
        unset($object);
        switch ($type) {
            case PAGEARG_EXPERIMENT:
                if (isset($_REQUEST[URL_EXPERIMENT])) {
                    $idx = $_REQUEST[URL_EXPERIMENT];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_EXPERIMENT, $idx)) {
                        $object = Experiment::Lookup($idx);
                    }
                } elseif (isset($_REQUEST[URL_EXPTIDX])) {
                    $idx = $_REQUEST[URL_EXPTIDX];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_EXPERIMENT, $idx)) {
                        $object = Experiment::Lookup($idx);
                    }
                } elseif (isset($_REQUEST[URL_PID]) && isset($_REQUEST[URL_EID])) {
                    $pid = $_REQUEST[URL_PID];
                    $eid = $_REQUEST[URL_EID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_PID, $pid) && ValidateArgument(PAGEARG_EID, $eid)) {
                        $object = Experiment::LookupByPidEid($pid, $eid);
                    }
                }
                break;
            case PAGEARG_TEMPLATE:
                if (isset($_REQUEST[URL_GUID]) && isset($_REQUEST[URL_VERS])) {
                    $guid = $_REQUEST[URL_GUID];
                    $vers = $_REQUEST[URL_VERS];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_GUID, $guid) && ValidateArgument(PAGEARG_VERS, $vers)) {
                        $object = Template::Lookup($guid, $vers);
                    }
                } elseif (isset($_REQUEST[URL_TEMPLATE])) {
                    $guidvers = $_REQUEST[URL_TEMPLATE];
                    $yep = 1;
                    if (preg_match("/^([\\d]+)\\/([\\d]+)\$/", $guidvers, $matches)) {
                        $guid = $matches[1];
                        $vers = $matches[2];
                        $object = Template::Lookup($guid, $vers);
                    } else {
                        PAGEARGERROR("Invalid argument for '{$type}': {$guidvers}");
                    }
                }
                break;
            case PAGEARG_INSTANCE:
                if (isset($_REQUEST[URL_INSTANCE])) {
                    $idx = $_REQUEST[URL_INSTANCE];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_INSTANCE, $idx)) {
                        $object = TemplateInstance::LookupByExptidx($idx);
                    }
                }
                break;
            case PAGEARG_METADATA:
                if (isset($_REQUEST[URL_METADATA])) {
                    $guidvers = $_REQUEST[URL_METADATA];
                    $yep = 1;
                    if (preg_match("/^([\\d]+)\\/([\\d]+)\$/", $guidvers, $matches)) {
                        $guid = $matches[1];
                        $vers = $matches[2];
                        $object = TemplateMetadata::Lookup($guid, $vers);
                    } else {
                        PAGEARGERROR("Invalid argument for '{$type}': {$guidvers}");
                    }
                }
                break;
            case PAGEARG_PROJECT:
                if (isset($_REQUEST[URL_PROJECT])) {
                    $idx = $_REQUEST[URL_PROJECT];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_PROJECT, $idx)) {
                        $object = Project::Lookup($idx);
                    }
                } elseif (isset($_REQUEST[URL_PID])) {
                    $pid = $_REQUEST[URL_PID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_PID, $pid)) {
                        $object = Project::Lookup($pid);
                    }
                }
                break;
            case PAGEARG_GROUP:
                if (isset($_REQUEST[URL_GROUP])) {
                    $idx = $_REQUEST[URL_GROUP];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_GROUP, $idx)) {
                        $object = Group::Lookup($idx);
                    }
                } elseif (isset($_REQUEST[URL_PID]) && isset($_REQUEST[URL_GID])) {
                    $pid = $_REQUEST[URL_PID];
                    $gid = $_REQUEST[URL_GID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_PID, $pid) && ValidateArgument(PAGEARG_GID, $gid)) {
                        $object = Group::LookupByPidGid($pid, $gid);
                    }
                }
                break;
            case PAGEARG_NODE:
                if (isset($_REQUEST[URL_NODE])) {
                    $idx = $_REQUEST[URL_NODE];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_NODE, $idx)) {
                        $object = Node::Lookup($idx);
                    }
                } elseif (isset($_REQUEST[URL_NODEID])) {
                    $nodeid = $_REQUEST[URL_NODEID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_NODEID, $nodeid)) {
                        $object = Node::Lookup($nodeid);
                    }
                } elseif (isset($_REQUEST[URL_NODEID_ALT])) {
                    $nodeid = $_REQUEST[URL_NODEID_ALT];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_NODEID, $nodeid)) {
                        $object = Node::Lookup($nodeid);
                    }
                }
                break;
            case PAGEARG_USER:
                if (isset($_REQUEST[URL_USER])) {
                    $idx = $_REQUEST[URL_USER];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_USER, $idx)) {
                        $object = User::Lookup($idx);
                    }
                } elseif (isset($_REQUEST[URL_UID])) {
                    $uid = $_REQUEST[URL_UID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_UID, $uid)) {
                        $object = User::Lookup($uid);
                    }
                }
                break;
            case PAGEARG_IMAGE:
                if (isset($_REQUEST[URL_IMAGEID])) {
                    $imageid = $_REQUEST[URL_IMAGEID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_IMAGE, $imageid)) {
                        $object = Image::Lookup($imageid);
                    }
                } elseif (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") {
                    $imageid = $_REQUEST[$name];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_IMAGE, $imageid)) {
                        $object = Image::Lookup($imageid);
                    }
                }
                break;
            case PAGEARG_OSINFO:
                if (isset($_REQUEST[URL_OSID])) {
                    $osid = $_REQUEST[URL_OSID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_OSINFO, $osid)) {
                        $object = OSinfo::Lookup($osid);
                    }
                }
                break;
            case PAGEARG_BOOLEAN:
                if (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") {
                    $object = $_REQUEST[$name];
                    $yep = 1;
                    if (strcasecmp("{$object}", "yes") == 0 || strcasecmp("{$object}", "1") == 0 || strcasecmp("{$object}", "true") == 0 || strcasecmp("{$object}", "on") == 0) {
                        $object = True;
                    } elseif (strcasecmp("{$object}", "no") == 0 || strcasecmp("{$object}", "0") == 0 || strcasecmp("{$object}", "false") == 0 || strcasecmp("{$object}", "off") == 0) {
                        $object = False;
                    }
                }
                break;
            case PAGEARG_INTEGER:
            case PAGEARG_NUMERIC:
            case PAGEARG_ARRAY:
                if (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") {
                    $object = $_REQUEST[$name];
                    $yep = 1;
                    if (!ValidateArgument($type, $object)) {
                        unset($object);
                    }
                }
                break;
            case PAGEARG_ANYTHING:
                if (isset($_REQUEST[$name])) {
                    $object = $_REQUEST[$name];
                    $yep = 1;
                    # Anything allowed, caller BETTER check it.
                }
                break;
            case PAGEARG_ALPHALIST:
                if (isset($_REQUEST[$name])) {
                    $object = $_REQUEST[$name];
                    if (!preg_match("/^[\\d\\w\\-\\ \\,]+\$/", $object)) {
                        unset($object);
                    } else {
                        $object = preg_split("/[\\,\\;]+\\s*/", $_REQUEST[$name]);
                    }
                }
                break;
            case PAGEARG_STRING:
            default:
                if (isset($_REQUEST[$name])) {
                    $object = $_REQUEST[$name];
                    $yep = 1;
                    # Pages never get arguments with special chars. Check.
                    if (preg_match("/[\\'\"]/", $object)) {
                        $object = htmlspecialchars($object);
                        PAGEARGERROR("Invalid characters in '{$name}': {$object}");
                    }
                }
                break;
            case PAGEARG_PASSWORD:
            default:
                if (isset($_REQUEST[$name])) {
                    $object = $_REQUEST[$name];
                    $yep = 1;
                    # Only printable chars.
                    if (!preg_match("/^[ -~]+\$/", $object)) {
                        PAGEARGERROR("Invalid characters in '{$name}'");
                    }
                }
                break;
            case PAGEARG_LOGFILE:
                if (isset($_REQUEST[URL_LOGFILE])) {
                    $logid = $_REQUEST[URL_LOGFILE];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_LOGFILE, $logid)) {
                        $object = Logfile::Lookup($logid);
                    }
                }
                break;
        }
        if (isset($object)) {
            $result[$name] = $object;
            $GLOBALS[$name] = $object;
        } elseif ($yep) {
            #
            # Value supplied but could not be mapped to object.
            # Lets make that clear in the error message.
            #
            USERERROR("Could not map page arguments to '{$name}'", 1);
        } elseif ($required) {
            PAGEARGERROR("Must provide '{$name}' page argument");
        } else {
            unset($GLOBALS[$name]);
        }
    }
    return $result;
}
    # Fatal Error. Report to the user, even though there is not much he can
    # do with the error. Also reports to tbops.
    #
    if ($retval < 0) {
        SUEXECERROR(SUEXEC_ACTION_CONTINUE);
    }
    # User error. Tell user and exit.
    SUEXECERROR(SUEXEC_ACTION_USERERROR);
    return;
}
#
# Parse the last line of output. Ick.
#
if (preg_match("/^Template\\s+(\\w+)\\/(\\w+)\\s+is being/", $suexec_output_array[count($suexec_output_array) - 1], $matches)) {
    $guid = $matches[1];
    $vers = $matches[2];
    $template = Template::Lookup($guid, $vers);
    if (!$template) {
        TBERROR("Could not lookup template object for {$guid}/{$vers}", 1);
        return;
    }
    echo $template->PageHeader();
    echo "<br><br>\n";
    STARTLOG($template);
} else {
    SUEXECERROR(SUEXEC_ACTION_DIE);
}
#
# Standard Testbed Footer
#
PAGEFOOTER();
if (!isset($submit)) {
    #
    # In show mode, we can show any metadata entry, but it cannot be modified
    # unless its in the context of a template. That might change later?
    #
    if ($action == "show") {
        if (!isset($metadata)) {
            PAGEARGERROR("Must provide a metadata guid");
        }
        $metadata_guid = $metadata->guid();
        $metadata_vers = $metadata->vers();
        #
        # Verify Permission. Need permission for the template, any version.
        #
        if (!isset($template)) {
            $template = Template::Lookup($metadata->template_guid(), 1);
        }
        if (!$template || !$template->AccessCheck($this_user, $TB_EXPT_READINFO)) {
            USERERROR("You do not have permission to view metadata in " . " template {$template_guid}!", 1);
        }
        PAGEHEADER("Show Metadata");
        $metadata->Show();
        PAGEFOOTER();
        return;
    } elseif ($action == "modify" || $action == "delete") {
        if (!isset($template)) {
            PAGEARGERROR("Must provide a template guid");
        }
        $template_guid = $template->guid();
        $template_vers = $template->vers();
        if (!isset($metadata)) {