public static function load($in_type_name)
{
/* determine and sanitise the type and name */
$parts = explode('/', str_replace('.', '', substr($in_type_name, 0, 1024)));
if (count($parts) != 2) {
CinsImpError::malformed('Plugin type-name must be of form: <type>/<name>');
}
$type = $parts[0] . 's';
$name = $parts[1];
unset($parts);
/* load the main plugin definition file */
global $config;
$plugin_base = $config->base . 'plugins/' . $type . '/' . $name . '/';
$plugin_file_path = $plugin_base . $name . '.js';
if (!file_exists($plugin_file_path)) {
CinsImpError::missing('Plugin', $plugin_file_path);
}
$plugin_file = file_get_contents($plugin_file_path);
/* output the file to the requestor */
Util::response_is_ajax_only();
print $plugin_file;
}
public static function handle_request()
{
global $g_error_log;
global $config;
/* handle debug test mode; ?io=test */
$debug = false;
if (isset($_REQUEST['debug']) && $_REQUEST['debug'] == true) {
$debug = true;
}
if (!$config->debug && $debug) {
Util::respond_with_http_error(403, 'Forbidden');
}
if ($_REQUEST['io'] == 'test') {
$debug = true;
if (!$config->debug && $debug) {
Util::respond_with_http_error(403, 'Forbidden');
}
Gateway::print_test_form('');
exit;
}
/* normal processing of AJAX request */
Util::response_is_ajax_only();
/* log errors with custom handler and process at conclusion of request */
//set_error_handler(array('Gateway', 'custom_error_handler'));
/* in testing, it may be useful to be able to submit a request in this way */
if (isset($_REQUEST['request'])) {
$inbound = $_REQUEST['request'];
} else {
$inbound = '';
}
/* invoke the method as specified in the cmd field of the request */
$outbound = array();
try {
if ($inbound != '') {
$inbound = json_decode($inbound, true);
} else {
$inbound = json_decode(@file_get_contents('php://input'), true);
}
if ($inbound === null) {
CinsImpError::malformed('JSON input malformed');
}
$outbound['cmd'] = $inbound['cmd'];
try {
$action_method = new ReflectionMethod('Gateway', $inbound['cmd']);
} catch (Exception $err) {
throw new Exception("Gateway: Command " . $inbound['cmd'] . " unrecognised.");
}
$outbound = $action_method->invoke(null, $inbound, $outbound);
} catch (Exception $err) {
$err = new CinsImpError($err);
$outbound = array();
$outbound['cmd'] = 'error';
$outbound['msg'] = 'Server: ' . $err->getMessage() . ': ' . $err->getDetail();
$outbound['cde'] = $err->getID();
}
/* if we're debugging the gateway, output the response on the test form,
otherwise send a standard JSON response */
if ($debug) {
Gateway::print_test_form(json_encode($outbound, JSON_PRETTY_PRINT));
} else {
header('Content-type: application/json');
print json_encode($outbound);
}
}
public static function keys_required(&$in_array, $in_keys)
{
if (!is_array($in_array)) {
CinsImpError::malformed('Input is not an array');
}
foreach ($in_keys as $key) {
if (!array_key_exists($key, $in_array)) {
CinsImpError::malformed('"' . $key . '" missing from request');
}
}
}
public function stack_save_card($card)
{
$this->_check_growability();
// ** TODO ** some card properties, such as Cant_Delete, Marked, Dont_search, script
// might only be available in certain user-levels? may want to check later during a security audit
Util::keys_required($card, array('id'));
$card_id = intval($card['id']);
$this->file_db->beginTransaction();
$sql = Stack::_sql_optional_update('card', $card, array('name:str255', 'cant_delete:bool', 'dont_search:bool', 'marked:bool', 'script:text16', 'art:image', 'art_hidden:bool'));
if ($sql !== null) {
$stmt = $this->file_db->prepare($sql['sql'] . ' WHERE id=?');
$sql['params'][] = $card_id;
$stmt->execute($sql['params']);
}
if (array_key_exists('objects', $card)) {
$this->_save_layer_parts(-$card_id, $card['objects']);
}
if (array_key_exists('content', $card)) {
if (!is_array($card['content'])) {
CinsImpError::malformed('layer content must be an array');
}
$this->file_db->exec('DELETE FROM card_data WHERE card_id=' . $card_id);
$stmt = $this->file_db->prepare('INSERT INTO card_data (card_id,bkgnd_object_id,content) VALUES (?,?,?)');
foreach ($card['content'] as $content_def) {
if (count($content_def) != 2) {
CinsImpError::malformed('card content form is not [id,content]');
}
$content = $content_def[1];
$content_def[1] = null;
Stack::_sql_type_verify($content, 'text20');
$def = array($card_id, intval($content_def[0]), $content);
$stmt->execute($def);
}
}
$this->file_db->commit();
return $card_id;
}
