/** * Retrieve the serviceName, methodName and parameters from the PHP object * representing the JSON string * @see Amfphp_Core_Common_IDeserializedRequestHandler * @return the service call response */ public function handleDeserializedRequest($deserializedRequest, Amfphp_Core_Common_ServiceRouter $serviceRouter) { if (isset($deserializedRequest->serviceName)) { $serviceName = $deserializedRequest->serviceName; } else { throw new Exception("Service name field missing in POST parameters \n" . print_r($deserializedRequest, true)); } if (isset($deserializedRequest->methodName)) { $methodName = $deserializedRequest->methodName; } else { throw new Exception("MethodName field missing in POST parameters \n" . print_r($deserializedRequest, true)); } $parameters = array(); if (isset($deserializedRequest->parameters)) { $parameters = $deserializedRequest->parameters; } return $serviceRouter->executeServiceCall($serviceName, $methodName, $parameters); }
/** * @param array|stdClass $deserializedRequest * @param Amfphp_Core_Common_ServiceRouter $serviceRouter * @return array */ public function handleDeserializedRequest($deserializedRequest, Amfphp_Core_Common_ServiceRouter $serviceRouter) { try { $serviceName = $deserializedRequest->serviceName; $methodName = $deserializedRequest->methodName; $parameters = array(); if (isset($deserializedRequest->parameters)) { $parameters = $deserializedRequest->parameters; } $this->pixie->vulnService->goDown($deserializedRequest->serviceName); $this->pixie->vulnService->goDown($deserializedRequest->methodName); $result = $serviceRouter->executeServiceCall($serviceName, $methodName, $parameters); $this->pixie->vulnService->goUp()->goUp(); $this->exception = null; return $result; } catch (\App\Exception\HttpException $ex) { $result = ['error' => true, 'code' => $ex->getCode(), 'message' => $ex->getMessage()]; if ($this->returnErrorDetails) { $result['trace'] = $ex->getTraceAsString(); } $this->exception = $ex; return $result; } catch (\App\Exception\SQLException $ex) { $result = ['error' => true, 'code' => $ex->getCode(), 'message' => $ex->isBlind() ? '' : $ex->getMessage()]; if (!$ex->isBlind() && $this->returnErrorDetails) { $result['trace'] = $ex->getTraceAsString(); } $this->exception = $ex; return $result; } catch (\Exception $ex) { $result = ['error' => true, 'code' => $ex->getCode(), 'message' => $ex->getMessage()]; if ($this->returnErrorDetails) { $result['trace'] = $ex->getTraceAsString(); } $this->exception = $ex; return $result; } }
/** * does the actual collection of data about available services * @return array of AmfphpDiscovery_ServiceInfo */ public function discover() { $availableServiceNames = $this->getAvailableServiceNames(self::$serviceFolderPaths, self::$serviceNames2ClassFindInfo); $ret = array(); foreach ($availableServiceNames as $availableServiceName) { $serviceObject = Amfphp_Core_Common_ServiceRouter::getServiceObjectStatically($availableServiceName, self::$serviceFolderPaths, self::$serviceNames2ClassFindInfo); $reflectionObj = new ReflectionObject($serviceObject); $availablePublicMethods = $reflectionObj->getMethods(ReflectionMethod::IS_PUBLIC); $methods = array(); foreach ($availablePublicMethods as $methodDescriptor) { $availableMethodName = $methodDescriptor->name; if (substr($availableMethodName, 0, 1) == '_') { //methods starting with a '_' as they are reserved, so filter them out continue; } $parameters = array(); $method = $reflectionObj->getMethod($availableMethodName); $parameterDescriptors = $method->getParameters(); foreach ($parameterDescriptors as $parameterDescriptor) { $availableParameterName = $parameterDescriptor->name; $type = ''; if ($parameterDescriptor->getClass()) { $type = $parameterDescriptor->getClass()->name; } $parameterInfo = new AmfphpDiscovery_ParameterDescriptor($availableParameterName, $type); $parameters[] = $parameterInfo; } $methodInfo = new AmfphpDiscovery_MethodDescriptor($availableMethodName, $parameters); $methods[$availableMethodName] = $methodInfo; } $serviceInfo = new AmfphpDiscovery_ServiceDescriptor($availableServiceName, $methods); $ret[$availableServiceName] = $serviceInfo; } //note : filtering must be done at the end, as for example excluding a Vo class needed by another creates issues foreach ($ret as $serviceName => $serviceObj) { foreach (self::$excludePaths as $excludePath) { if (strpos($serviceName, $excludePath) !== false) { unset($ret[$serviceName]); break; } } } return $ret; }
/** * @see Amfphp_Core_Common_IDeserializedRequestHandler */ public function handleDeserializedRequest($deserializedRequest, Amfphp_Core_Common_ServiceRouter $serviceRouter) { if (isset($deserializedRequest[self::FIELD_SERVICE_NAME])) { $serviceName = $deserializedRequest[self::FIELD_SERVICE_NAME]; } else { throw new Exception(self::FIELD_SERVICE_NAME . " field missing in url's get parameters \n" . print_r($deserializedRequest, true)); } if (isset($deserializedRequest[self::FIELD_METHOD_NAME])) { $methodName = $deserializedRequest[self::FIELD_METHOD_NAME]; } else { throw new Exception(self::FIELD_METHOD_NAME . " field missing in url's get parameters \n" . print_r($deserializedRequest, true)); } if (isset($deserializedRequest[self::FIELD_PARAMETERS])) { $parameters = explode(",", $deserializedRequest[self::FIELD_PARAMETERS]); } else { throw new Exception(self::FIELD_PARAMETERS . " field missing in url's get parameters \n" . print_r($deserializedRequest, true)); } return $serviceRouter->executeServiceCall($serviceName, $methodName, $parameters); }
/** * Retrieve the serviceName, methodName and parameters from the PHP object * representing the JSON string * @see Amfphp_Core_Common_IDeserializedRequestHandler * @return the service call response */ public function handleDeserializedRequest($deserializedRequest, Amfphp_Core_Common_ServiceRouter $serviceRouter) { if (isset($deserializedRequest['serviceName'])) { $serviceName = $deserializedRequest['serviceName']; } else { throw new Exception("Service name field missing in call parameters \n" . print_r($deserializedRequest, true)); } if (isset($deserializedRequest['methodName'])) { $methodName = $deserializedRequest['methodName']; } else { throw new Exception("MethodName field missing in call parameters \n" . print_r($deserializedRequest, true)); } $parameters = array(); $paramCounter = 1; while (isset($deserializedRequest["p{$paramCounter}"])) { $parameters[] = $deserializedRequest["p{$paramCounter}"]; $paramCounter++; } return $serviceRouter->executeServiceCall($serviceName, $methodName, $parameters); }
/** * @see Amfphp_Core_Common_IDeserializedRequestHandler */ public function handleDeserializedRequest($deserializedRequest, Amfphp_Core_Common_ServiceRouter $serviceRouter) { $this->serviceRouter = $serviceRouter; if (isset($deserializedRequest->get["serviceName"])) { $this->serviceName = $deserializedRequest->get["serviceName"]; } if (isset($deserializedRequest->get["methodName"])) { $this->methodName = $deserializedRequest->get["methodName"]; } //if a method has parameters, they are set in post. If it has no parameters, set noParams in the GET. //if neither case is applicable, an error message with a form allowing the user to set the values is shown $paramsGiven = false; if (isset($deserializedRequest->post) && $deserializedRequest->post != null) { $this->parameters = array(); $this->parametersAssoc = array(); //try to json decode each parameter, then push it to $thios->parameters $numParams = count($deserializedRequest->post); foreach ($deserializedRequest->post as $key => $value) { $this->parametersAssoc[$key] = $value; $decodedValue = json_decode($value); $valueToUse = $value; if ($decodedValue) { $valueToUse = $decodedValue; } $this->parameters[] = $valueToUse; } $paramsGiven = true; } else { if (isset($deserializedRequest->get["noParams"])) { $this->parameters = array(); $paramsGiven = true; //note: use $paramsGiven because somehow if $$this->parameters contains an empty array, ($this->parameters == null) is true. } } if ($this->serviceName && $this->methodName && $paramsGiven) { $this->showResult = true; return $serviceRouter->executeServiceCall($this->serviceName, $this->methodName, $this->parameters); } else { $this->showResult = false; return null; } }
/** * Retrieve the serviceName, methodName and parameters from the PHP object * representing the JSON string * call service * @see Amfphp_Core_Common_IDeserializedRequestHandler * @param array $deserializedRequest * @param Amfphp_Core_Common_ServiceRouter $serviceRouter * @return the service call response */ public function handleDeserializedRequest($deserializedRequest, Amfphp_Core_Common_ServiceRouter $serviceRouter) { $serviceName = $deserializedRequest->serviceName; $methodName = $deserializedRequest->methodName; $parameters = array(); if (isset($deserializedRequest->parameters)) { $parameters = $deserializedRequest->parameters; } return $serviceRouter->executeServiceCall($serviceName, $methodName, $parameters); }
/** * handle the request message instead of letting the Amf Handler do it. * @param AmfMessage $requestMessage * @param Amfphp_Core_Common_ServiceRouter $serviceRouter * @return AmfMessage */ public function handleRequestMessage(AmfMessage $requestMessage, Amfphp_Core_Common_ServiceRouter $serviceRouter){ $explicitTypeField = AmfConstants::FIELD_EXPLICIT_TYPE; $messageType = $requestMessage->data[0]->$explicitTypeField; $messageIdField = self::FIELD_MESSAGE_ID; $this->lastFlexMessageId = $requestMessage->data[0]->$messageIdField; $this->lastFlexMessageResponseUri = $requestMessage->responseUri; if($messageType == self::FLEX_TYPE_COMMAND_MESSAGE){ //command message. An empty AcknowledgeMessage is expected. $acknowledge = new AcknowledgeMessage($requestMessage->data[0]->$messageIdField); return new AmfMessage($requestMessage->responseUri . AmfConstants::CLIENT_SUCCESS_METHOD, null, $acknowledge); } if($messageType == self::FLEX_TYPE_REMOTING_MESSAGE){ //remoting message. An AcknowledgeMessage with the result of the service call is expected. $remoting = $requestMessage->data[0]; $serviceCallResult = $serviceRouter->executeServiceCall($remoting->source, $remoting->operation, $remoting->body); $acknowledge = new AcknowledgeMessage($remoting->$messageIdField); $acknowledge->body = $serviceCallResult; return new AmfMessage($requestMessage->responseUri . AmfConstants::CLIENT_SUCCESS_METHOD, null, $acknowledge); } throw new RemotingException("unrecognized flex message"); }
/** * call service * @see Amfphp_Core_Common_IDeserializedRequestHandler * @param array $deserializedRequest * @param Amfphp_Core_Common_ServiceRouter $serviceRouter * @return the service call response */ public function handleDeserializedRequest($deserializedRequest, Amfphp_Core_Common_ServiceRouter $serviceRouter) { return $serviceRouter->executeServiceCall($deserializedRequest->serviceName, $deserializedRequest->methodName, $deserializedRequest->parameters); }
/** * test reserved method exception * @expectedException Amfphp_Core_Exception */ public function testReservedMethodException() { $ret = $this->object->executeServiceCall('DummyService', '_reserved', array()); }
/** * does the actual collection of data about available services * @return array of AmfphpDiscovery_ServiceInfo */ public function discover() { $serviceNames = $this->getServiceNames(self::$serviceFolders, self::$serviceNames2ClassFindInfo); $ret = array(); foreach ($serviceNames as $serviceName) { $serviceObject = Amfphp_Core_Common_ServiceRouter::getServiceObjectStatically($serviceName, self::$serviceFolders, self::$serviceNames2ClassFindInfo); $objR = new ReflectionObject($serviceObject); $objComment = $this->formatComment($objR->getDocComment()); if (false !== strpos($objComment, '@amfphpHide')) { //methods including @amfHide should not appear in the back office but should still be accessible. continue; } $methodRs = $objR->getMethods(ReflectionMethod::IS_PUBLIC); $methods = array(); foreach ($methodRs as $methodR) { $methodName = $methodR->name; if (substr($methodName, 0, 1) == '_') { //methods starting with a '_' as they are reserved, so filter them out continue; } $parameters = array(); $paramRs = $methodR->getParameters(); $methodComment = $this->formatComment($methodR->getDocComment()); if (false !== strpos($methodComment, '@amfphpHide')) { //methods including @amfHide should not appear in the back office but should still be accessible. continue; } $parsedMethodComment = $this->parseMethodComment($methodComment); foreach ($paramRs as $paramR) { $parameterName = $paramR->name; //get type from type hinting or from parsed method comment. type hinting has priority $type = ''; //get example from parsed method comment only $example = ''; if (isset($parsedMethodComment['param'][$parameterName])) { $paramMeta = $parsedMethodComment['param'][$parameterName]; if (isset($paramMeta['type'])) { $type = $paramMeta['type']; } if (isset($paramMeta['example'])) { $example = $paramMeta['example']; } } try { //this code will throw an exception saying that the class does not exist, only if the class is a namespace. //in that case there's not much that can be done, so just ignore type. if ($paramR->getClass()) { $type = $paramR->getClass()->name; } } catch (Exception $e) { } $parameterInfo = new AmfphpDiscovery_ParameterDescriptor($parameterName, $type, $example); $parameters[] = $parameterInfo; } //get return from parsed return comment if exists $return = ''; if (isset($parsedMethodComment['return'])) { $return = $parsedMethodComment['return']; } $methods[$methodName] = new AmfphpDiscovery_MethodDescriptor($methodName, $parameters, $methodComment, $return); } $ret[$serviceName] = new AmfphpDiscovery_ServiceDescriptor($serviceName, $methods, $objComment); } //note : filtering must be done at the end, as for example excluding a Vo class needed by another creates issues foreach ($ret as $serviceName => $serviceObj) { foreach (self::$excludePaths as $excludePath) { if (strpos($serviceName, $excludePath) !== false) { unset($ret[$serviceName]); break; } } } return $ret; }
/** * does the actual collection of data about available services * @return array of AmfphpDiscovery_ServiceInfo */ public function discover() { $serviceNames = $this->getServiceNames(self::$serviceFolderPaths, self::$serviceNames2ClassFindInfo); $ret = array(); foreach ($serviceNames as $serviceName) { $serviceObject = Amfphp_Core_Common_ServiceRouter::getServiceObjectStatically($serviceName, self::$serviceFolderPaths, self::$serviceNames2ClassFindInfo); $objR = new ReflectionObject($serviceObject); $objComment = $objR->getDocComment(); $methodRs = $objR->getMethods(ReflectionMethod::IS_PUBLIC); $methods = array(); foreach ($methodRs as $methodR) { $methodName = $methodR->name; if (substr($methodName, 0, 1) == '_') { //methods starting with a '_' as they are reserved, so filter them out continue; } $parameters = array(); $paramRs = $methodR->getParameters(); $methodComment = $methodR->getDocComment(); $parsedMethodComment = $this->parseMethodComment($methodComment); foreach ($paramRs as $paramR) { $parameterName = $paramR->name; $type = ''; if ($paramR->getClass()) { $type = $paramR->getClass()->name; } else { if (isset($parsedMethodComment['param'][$parameterName])) { $type = $parsedMethodComment['param'][$parameterName]; } } $parameterInfo = new AmfphpDiscovery_ParameterDescriptor($parameterName, $type); $parameters[] = $parameterInfo; } $methods[$methodName] = new AmfphpDiscovery_MethodDescriptor($methodName, $parameters, $methodComment, $parsedMethodComment['return']); } $ret[$serviceName] = new AmfphpDiscovery_ServiceDescriptor($serviceName, $methods, $objComment); } //note : filtering must be done at the end, as for example excluding a Vo class needed by another creates issues foreach ($ret as $serviceName => $serviceObj) { foreach (self::$excludePaths as $excludePath) { if (strpos($serviceName, $excludePath) !== false) { unset($ret[$serviceName]); break; } } } return $ret; }