/** * @inheritdoc * @throws \Amfphp_Core_Exception * @throws \Exception */ protected function handleRequestMessage(Amfphp_Core_Amf_Message $requestMessage, Amfphp_Core_Common_ServiceRouter $serviceRouter) { $filterManager = \Amfphp_Core_FilterManager::getInstance(); $fromFilters = $filterManager->callFilters(self::FILTER_AMF_REQUEST_MESSAGE_HANDLER, null, $requestMessage); if ($fromFilters) { $handler = $fromFilters; return $handler->handleRequestMessage($requestMessage, $serviceRouter); } //plugins didn't do any special handling. Assumes this is a simple Amfphp_Core_Amf_ RPC call $serviceCallParameters = $this->getServiceCallParameters($requestMessage); $this->vulnService->goDown($serviceCallParameters->serviceName); $this->vulnService->goDown($serviceCallParameters->methodName); $ret = $serviceRouter->executeServiceCall($serviceCallParameters->serviceName, $serviceCallParameters->methodName, $serviceCallParameters->methodParameters); $this->vulnService->goUp()->goUp(); $responseMessage = new Amfphp_Core_Amf_Message(); $responseMessage->data = $ret; $responseMessage->targetUri = $requestMessage->responseUri . \Amfphp_Core_Amf_Constants::CLIENT_SUCCESS_METHOD; //not specified $responseMessage->responseUri = 'null'; return $responseMessage; }
/** * @inheritdoc */ public function run($action) { $action = 'action_' . $action; $forceHyphens = $this->request->param('force_hyphens'); if (!method_exists($this, $action)) { // Try to change hyphens to underscores in action name $underscoredAction = str_replace('-', '_', $action); if (!$forceHyphens || !method_exists($this, $underscoredAction)) { throw new NotFoundException("Method {$action} doesn't exist in " . get_class($this)); } else { $action = $underscoredAction; } } $this->execute = true; $this->before(); $service = null; $isControllerLevel = true; if ($this->execute) { // Check referrer vulnerabilities $service = $this->pixie->getVulnService(); $config = $service->getConfig(); $isControllerLevel = $config->getLevel() <= 1; $actionName = $this->request->param('action'); if ($isControllerLevel) { if (!$config->has($actionName)) { $context = $config->getCurrentContext(); $context->addContext(Context::createFromData($actionName, [], $context)); } $service->goDown($actionName); // Check referrer for action level $this->vulninjection->checkReferrer(); } } if ($this->execute) { $this->{$action}(); } if ($this->execute) { $this->after(); } if ($this->execute && $isControllerLevel) { $service->goUp(); } }
/** * @inheritdoc */ public function run($action) { $actionName = $action; $action = 'action_' . $action; $forceHyphens = $this->request->param('force_hyphens'); if (!method_exists($this, $action)) { // Try to change hyphens to underscores in action name $underscoredAction = str_replace('-', '_', $action); if (!$forceHyphens || !method_exists($this, $underscoredAction)) { throw new NotFoundException("Action '{$actionName}' doesn't exist"); } else { $action = $underscoredAction; } } $this->execute = true; $this->before(); $service = $this->pixie->getVulnService(); if ($this->execute) { $service->getConfig()->getCurrentContext()->setRequest($this->request); $service->setRequest($this->request); } if ($this->execute) { $actionName = $this->request->param('action'); $service->goDown($actionName); $service->getConfig()->getCurrentContext()->setRequest($this->request); // Check referrer if (!$this instanceof Error && !$this instanceof \App\Admin\Controller\Error && !$this instanceof ErrorController) { $this->vulninjection->checkReferrer(); } } if ($this->execute) { $this->{$action}(); } if ($this->execute) { $this->after(); } if ($this->execute) { $service->goUp(); } }