/** * handler for JSON api requests * * @return JSON */ public function handle() { try { // init server and request first $server = new Zend_Json_Server(); $server->setClass('Setup_Frontend_Json', 'Setup'); $server->setClass('Tinebase_Frontend_Json', 'Tinebase'); $server->setAutoHandleExceptions(false); $server->setAutoEmitResponse(false); $request = new Zend_Json_Server_Request_Http(); Setup_Core::initFramework(); $method = $request->getMethod(); $jsonKey = isset($_SERVER['HTTP_X_TINE20_JSONKEY']) ? $_SERVER['HTTP_X_TINE20_JSONKEY'] : ''; Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' is JSON request. method: ' . $method); $anonymnousMethods = array('Setup.getAllRegistryData', 'Setup.login', 'Tinebase.getAvailableTranslations', 'Tinebase.getTranslations', 'Tinebase.setLocale'); if (!Setup_Core::configFileExists()) { $anonymnousMethods = array_merge($anonymnousMethods, array('Setup.envCheck')); } // check json key for all methods but some exceptoins if (!in_array($method, $anonymnousMethods) && Setup_Core::configFileExists() && (empty($jsonKey) || $jsonKey != Setup_Core::get('jsonKey') || !Setup_Core::isRegistered(Setup_Core::USER))) { if (!Setup_Core::isRegistered(Setup_Core::USER)) { Setup_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . ' Attempt to request a privileged Json-API method without authorisation from "' . $_SERVER['REMOTE_ADDR'] . '". (session timeout?)'); throw new Tinebase_Exception_AccessDenied('Not Authorised', 401); } else { Setup_Core::getLogger()->WARN(__METHOD__ . '::' . __LINE__ . ' Fatal: got wrong json key! (' . $jsonKey . ') Possible CSRF attempt!' . ' affected account: ' . print_r(Setup_Core::getUser(), true) . ' request: ' . print_r($_REQUEST, true)); throw new Tinebase_Exception_AccessDenied('Not Authorised', 401); } } $response = $server->handle($request); } catch (Exception $exception) { $response = $this->_handleException($server, $request, $exception); } echo $response; }
/** * Get redirect Settings from config table. * If Tinebase is not installed, default values will be returned. * * @return array */ protected function _getRedirectSettings() { $return = array(Tinebase_Config::REDIRECTURL => '', Tinebase_Config::REDIRECTTOREFERRER => '0'); if (Setup_Core::get(Setup_Core::CHECKDB) && $this->isInstalled('Tinebase')) { $return[Tinebase_Config::REDIRECTURL] = Tinebase_Config::getInstance()->get(Tinebase_Config::REDIRECTURL, ''); $return[Tinebase_Config::REDIRECTTOREFERRER] = Tinebase_Config::getInstance()->get(Tinebase_Config::REDIRECTTOREFERRER, ''); } return $return; }
/** * Returns registry data of all applications current user has access to * @see Tinebase_Application_Json_Abstract * * @return mixed array 'variable name' => 'data' */ public function getAllRegistryData() { $registryData['Setup'] = $this->getRegistryData(); // setup also need some core tinebase regdata $locale = Tinebase_Core::get('locale'); $registryData['Tinebase'] = array('serviceMap' => Setup_Frontend_Http::getServiceMap(), 'timeZone' => Setup_Core::get('userTimeZone'), 'jsonKey' => Setup_Core::get('jsonKey'), 'locale' => array('locale' => $locale->toString(), 'language' => Zend_Locale::getTranslation($locale->getLanguage(), 'language', $locale), 'region' => Zend_Locale::getTranslation($locale->getRegion(), 'country', $locale)), 'version' => array('buildType' => TINE20_BUILDTYPE, 'codeName' => TINE20SETUP_CODENAME, 'packageString' => TINE20SETUP_PACKAGESTRING, 'releaseTime' => TINE20SETUP_RELEASETIME), 'changepw' => FALSE); return $registryData; }
/** * update to 0.28 * - repair db charset for users with non default utf8 client charset */ public function update_27() { $config = Setup_Core::get(Setup_Core::CONFIG); $tableprefix = $config->database->tableprefix; // have a second db connection with default charset $orgDb = Zend_Db::factory('Pdo_Mysql', $config->database->toArray()); // fix for signed / unsigned problem $declaration = new Setup_Backend_Schema_Field_Xml(' <field> <name>id</name> <type>integer</type> <autoincrement>true</autoincrement> </field> '); $this->_backend->alterCol('addressbook', $declaration); /** addressbook: store image in separate table **/ $tableDefinition = ' <table> <name>addressbook_image</name> <version>1</version> <declaration> <field> <name>contact_id</name> <type>integer</type> <notnull>true</notnull> </field> <field> <name>image</name> <type>blob</type> </field> <index> <name>contact_id</name> <primary>true</primary> <field> <name>contact_id</name> </field> </index> <index> <name>addressbook_image::contact_id-addressbook::id</name> <field> <name>contact_id</name> </field> <foreign>true</foreign> <reference> <table>addressbook</table> <field>id</field> <ondelete>CASCADE</ondelete> </reference> </index> </declaration> </table> '; $table = Setup_Backend_Schema_Table_Factory::factory('String', $tableDefinition); $this->_backend->createTable($table); $select = $orgDb->select()->from("{$tableprefix}addressbook", array('id'))->where($orgDb->quoteIdentifier('jpegphoto') . " IS NOT NULL"); $contactIds = $orgDb->fetchAll($select); foreach ($contactIds as $contactId) { $contactId = $contactId['id']; $select = $orgDb->select()->from("{$tableprefix}addressbook", array('id', 'jpegphoto'))->where($orgDb->quoteInto($orgDb->quoteIdentifier('id') . ' = ?', $contactId)); $imageData = $orgDb->fetchRow($select); $orgDb->insert("{$tableprefix}addressbook_image", array('contact_id' => $imageData['id'], 'image' => base64_encode($imageData['jpegphoto']))); } $this->_backend->dropCol('addressbook', 'jpegphoto'); /** convert serialized object into json objects **/ $select = $orgDb->select()->from("{$tableprefix}filter", array('id', 'filters')); $filters = $orgDb->fetchAll($select); foreach ($filters as $filter) { $filterObject = unserialize($filter['filters']); $orgDb->update("{$tableprefix}filter", array('filters' => Zend_Json::encode($filterObject)), $orgDb->quoteInto($orgDb->quoteIdentifier('id') . ' = ?', $filter['id'])); } /** convert db contenets for installations which had a clientcharset != utf8 **/ $originalCharset = Tinebase_Helper::array_value('Value', Tinebase_Helper::array_value(0, $orgDb->query("SHOW VARIABLES LIKE 'character_set_client'")->fetchAll())); if (strtolower($originalCharset) != 'utf8') { $this->_db->query("SET FOREIGN_KEY_CHECKS=0"); $orgDb->query("SET FOREIGN_KEY_CHECKS=0"); // build the list of tables to convert $tables = array(); $rawTables = $this->_db->query("SHOW TABLES")->fetchAll(); foreach ($rawTables as $rawTable) { $tableName = array_values($rawTable); $tableName = $tableName[0]; if (preg_match("/^{$tableprefix}/", $tableName) && $tableName != "{$tableprefix}addressbook_image") { $tables[] = $tableName; } } // the actual charset conversion is done by the db. foreach ($tables as $tableName) { Setup_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Converting table ' . $tableName); //$this->_db->query("SET character_set_client = '$originalCharset'"); $select = $orgDb->select()->from($tableName); $result = $orgDb->fetchAll($select); $orgDb->query("TRUNCATE TABLE " . $this->_db->quoteIdentifier($tableName)); //$this->_db->query("SET character_set_client = 'utf8'"); foreach ($result as $row) { try { $this->_db->insert($tableName, $row); } catch (Zend_Db_Statement_Exception $zdse) { Setup_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' ' . $zdse->getMessage()); // try to convert strings if failure if (preg_match('/(description|title|note|old_value|org_name|adr_one_street)/', $zdse->getMessage(), $match)) { $field = $match[1]; Setup_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' Converting field ' . $field . (isset($row['id']) || array_key_exists('id', $row) ? ' of record ' . $row['id'] : '')); $row[$field] = utf8_encode($row[$field]); $this->_db->insert($tableName, $row); } else { Setup_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' Could not convert field'); throw $zdse; } } } } $this->_db->query("SET FOREIGN_KEY_CHECKS=1"); } $orgDb->closeConnection(); $this->setApplicationVersion('Tinebase', '0.28'); }
/** * Returns registry data of all applications current user has access to * @see Tinebase_Application_Json_Abstract * * @return mixed array 'variable name' => 'data' * * TODO DRY: most of this already is part of Tinebase_Frontend_Json::_getAnonymousRegistryData */ public function getAllRegistryData() { $registryData['Setup'] = $this->getRegistryData(); // setup also need some core tinebase regdata $locale = Tinebase_Core::get('locale'); $registryData['Tinebase'] = array('serviceMap' => Setup_Frontend_Http::getServiceMap(), 'timeZone' => Setup_Core::getUserTimezone(), 'jsonKey' => Setup_Core::get('jsonKey'), 'locale' => array('locale' => $locale->toString(), 'language' => Zend_Locale::getTranslation($locale->getLanguage(), 'language', $locale), 'region' => Zend_Locale::getTranslation($locale->getRegion(), 'country', $locale)), 'version' => array('buildType' => TINE20_BUILDTYPE, 'codeName' => TINE20SETUP_CODENAME, 'packageString' => TINE20SETUP_PACKAGESTRING, 'releaseTime' => TINE20SETUP_RELEASETIME), 'maxFileUploadSize' => Tinebase_Helper::convertToBytes(ini_get('upload_max_filesize')), 'maxPostSize' => Tinebase_Helper::convertToBytes(ini_get('post_max_size'))); return $registryData; }