/** * loadXml() test */ public function testLoadXml() { $dom = new DOMDocument('1.0', 'UTF-8'); $mCall = $dom->appendChild($dom->createElement('methodCall')); $mName = $mCall->appendChild($dom->createElement('methodName', 'do.Something')); $params = $mCall->appendChild($dom->createElement('params')); $param1 = $params->appendChild($dom->createElement('param')); $value1 = $param1->appendChild($dom->createElement('value')); $value1->appendChild($dom->createElement('string', 'string1')); $param2 = $params->appendChild($dom->createElement('param')); $value2 = $param2->appendChild($dom->createElement('value')); $value2->appendChild($dom->createElement('boolean', 1)); $xml = $dom->saveXML(); try { $parsed = $this->_request->loadXml($xml); } catch (Exception $e) { $this->fail('Failed to parse XML: ' . $e->getMessage()); } $this->assertTrue($parsed, $xml); $this->assertEquals('do.Something', $this->_request->getMethod()); $test = array('string1', true); $params = $this->_request->getParams(); $this->assertSame($test, $params); try { $parsed = $this->_request->loadXml('foo'); } catch (Exception $e) { $this->fail('Failed to parse XML: ' . $e->getMessage()); } $this->assertFalse($parsed, 'Parsed non-XML string?'); }
/** * @group ZF-12293 */ public function testDoesNotAllowExternalEntities() { $payload = file_get_contents(dirname(__FILE__) . '/_files/ZF12293-request.xml'); $payload = sprintf($payload, 'file://' . realpath(dirname(__FILE__) . '/_files/ZF12293-payload.txt')); $this->_request->loadXml($payload); $method = $this->_request->getMethod(); $this->assertTrue(empty($method)); if (is_string($method)) { $this->assertNotContains('Local file inclusion', $method); } }
/** * Handle an xmlrpc call (actual work) * * @param Zend_XmlRpc_Request $request * @return Zend_XmlRpc_Response * @throws Zend_XmlRpcServer_Exception|Exception * Zend_XmlRpcServer_Exceptions are thrown for internal errors; otherwise, * any other exception may be thrown by the callback */ protected function _handle(Zend_XmlRpc_Request $request) { $method = $request->getMethod(); // Check for valid method if (!$this->_table->hasMethod($method)) { require_once 'Zend/XmlRpc/Server/Exception.php'; throw new Zend_XmlRpc_Server_Exception('Method "' . $method . '" does not exist', 620); } $info = $this->_table->getMethod($method); $params = $request->getParams(); $argv = $info->getInvokeArguments(); if (0 < count($argv) and $this->sendArgumentsToAllMethods()) { $params = array_merge($params, $argv); } // Check calling parameters against signatures $matched = false; $sigCalled = $request->getTypes(); $sigLength = count($sigCalled); $paramsLen = count($params); if ($sigLength < $paramsLen) { for ($i = $sigLength; $i < $paramsLen; ++$i) { $xmlRpcValue = Zend_XmlRpc_Value::getXmlRpcValue($params[$i]); $sigCalled[] = $xmlRpcValue->getType(); } } $signatures = $info->getPrototypes(); foreach ($signatures as $signature) { $sigParams = $signature->getParameters(); if ($sigCalled === $sigParams) { $matched = true; break; } } if (!$matched) { require_once 'Zend/XmlRpc/Server/Exception.php'; throw new Zend_XmlRpc_Server_Exception('Calling parameters do not match signature', 623); } $return = $this->_dispatch($info, $params); $responseClass = $this->getResponseClass(); return new $responseClass($return); }
/** * Handle an xmlrpc call (actual work) * * @param Zend_XmlRpc_Request $request * @return Zend_XmlRpc_Response * @throws Zend_XmlRpcServer_Exception|Exception * Zend_XmlRpcServer_Exceptions are thrown for internal errors; otherwise, * any other exception may be thrown by the callback */ protected function _handle(Zend_XmlRpc_Request $request) { $method = $request->getMethod(); // Check for valid method if (!isset($this->_table[$method])) { throw new Zend_XmlRpc_Server_Exception('Method "' . $method . '" does not exist', 620); } $info = $this->_table[$method]; $params = $request->getParams(); $argv = $info->getInvokeArguments(); if (0 < count($argv)) { $params = array_merge($params, $argv); } // Check calling parameters against signatures $matched = false; $sigCalled = array(); foreach ($params as $param) { $value = Zend_XmlRpc_Value::getXmlRpcValue($param); $sigCalled[] = $value->getType(); } $signatures = $info->getPrototypes(); foreach ($signatures as $signature) { $sigParams = $signature->getParameters(); $tmpParams = array(); foreach ($sigParams as $param) { $tmpParams[] = $param->getType(); } if ($sigCalled === $tmpParams) { $matched = true; break; } } if (!$matched) { throw new Zend_XmlRpc_Server_Exception('Calling parameters do not match signature', 623); } if ($info instanceof Zend_Server_Reflection_Function) { $func = $info->getName(); $return = call_user_func_array($func, $params); } elseif ($info instanceof Zend_Server_Reflection_Method && $info->system) { // System methods $return = $info->invokeArgs($this, $params); } elseif ($info instanceof Zend_Server_Reflection_Method) { // Get class $class = $info->getDeclaringClass()->getName(); if ('static' == $info->isStatic()) { // for some reason, invokeArgs() does not work the same as // invoke(), and expects the first argument to be an object. // So, using a callback if the method is static. $return = call_user_func_array(array($class, $info->getName()), $params); } else { // Object methods try { $object = $info->getDeclaringClass()->newInstance(); } catch (Exception $e) { throw new Zend_XmlRpc_Server_Exception('Error instantiating class ' . $class . ' to invoke method ' . $info->getName(), 621); } $return = $info->invokeArgs($object, $params); } } else { throw new Zend_XmlRpc_Server_Exception('Method missing implementation ' . get_class($info), 622); } $response = new ReflectionClass($this->_responseClass); return $response->newInstance($return); }