/** * Parse the xmlrpc response contained in the string $data and return an xmlrpcresp object. * @param string $data the xmlrpc response, eventually including http headers * @param bool $headers_processed when true prevents parsing HTTP headers for interpretation of content-encoding and consequent decoding * @param string $return_type decides return type, i.e. content of response->value(). Either 'xmlrpcvals', 'xml' or 'phpvals' * @return xmlrpcresp * @access public */ function &parseResponse($data = '', $headers_processed = false, $return_type = 'xmlrpcvals') { if ($this->debug) { //by maHo, replaced htmlspecialchars with htmlentities print "<PRE>---GOT---\n" . htmlentities($data) . "\n---END---\n</PRE>"; } if ($data == '') { error_log('XML-RPC: ' . __METHOD__ . ': no response received from server.'); $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['no_data'], $GLOBALS['xmlrpcstr']['no_data']); return $r; } $GLOBALS['_xh'] = array(); $raw_data = $data; // parse the HTTP headers of the response, if present, and separate them from data if (substr($data, 0, 4) == 'HTTP') { $r =& $this->parseResponseHeaders($data, $headers_processed); if ($r) { // failed processing of HTTP response headers // save into response obj the full payload received, for debugging $r->raw_data = $data; return $r; } } else { $GLOBALS['_xh']['headers'] = array(); $GLOBALS['_xh']['cookies'] = array(); } if ($this->debug) { $start = strpos($data, '<!-- SERVER DEBUG INFO (BASE64 ENCODED):'); if ($start) { $start += strlen('<!-- SERVER DEBUG INFO (BASE64 ENCODED):'); $end = strpos($data, '-->', $start); $comments = substr($data, $start, $end - $start); print "<PRE>---SERVER DEBUG INFO (DECODED) ---\n\t" . htmlentities(str_replace("\n", "\n\t", base64_decode($comments))) . "\n---END---\n</PRE>"; } } // be tolerant of extra whitespace in response body $data = trim($data); /// @todo return an error msg if $data=='' ? // be tolerant of junk after methodResponse (e.g. javascript ads automatically inserted by free hosts) // idea from Luca Mariano <*****@*****.**> originally in PEARified version of the lib $pos = strrpos($data, '</methodResponse>'); if ($pos !== false) { $data = substr($data, 0, $pos + 17); } // if user wants back raw xml, give it to him if ($return_type == 'xml') { $r = new xmlrpcresp($data, 0, '', 'xml'); $r->hdrs = $GLOBALS['_xh']['headers']; $r->_cookies = $GLOBALS['_xh']['cookies']; $r->raw_data = $raw_data; return $r; } // try to 'guestimate' the character encoding of the received response $resp_encoding = guess_encoding(@$GLOBALS['_xh']['headers']['content-type'], $data); $GLOBALS['_xh']['ac'] = ''; //$GLOBALS['_xh']['qt']=''; //unused... $GLOBALS['_xh']['stack'] = array(); $GLOBALS['_xh']['valuestack'] = array(); $GLOBALS['_xh']['isf'] = 0; // 0 = OK, 1 for xmlrpc fault responses, 2 = invalid xmlrpc $GLOBALS['_xh']['isf_reason'] = ''; $GLOBALS['_xh']['rt'] = ''; // 'methodcall or 'methodresponse' // if response charset encoding is not known / supported, try to use // the default encoding and parse the xml anyway, but log a warning... if (!in_array($resp_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) { error_log('XML-RPC: ' . __METHOD__ . ': invalid charset encoding of received response: ' . $resp_encoding); $resp_encoding = $GLOBALS['xmlrpc_defencoding']; } $parser = xml_parser_create($resp_encoding); xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true); // G. Giunta 2005/02/13: PHP internally uses ISO-8859-1, so we have to tell // the xml parser to give us back data in the expected charset. // What if internal encoding is not in one of the 3 allowed? // we use the broadest one, ie. utf8 // This allows to send data which is native in various charset, // by extending xmlrpc_encode_entitites() and setting xmlrpc_internalencoding if (!in_array($GLOBALS['xmlrpc_internalencoding'], array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) { xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, 'UTF-8'); } else { xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $GLOBALS['xmlrpc_internalencoding']); } if ($return_type == 'phpvals') { xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_fast'); } else { xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee'); } xml_set_character_data_handler($parser, 'xmlrpc_cd'); xml_set_default_handler($parser, 'xmlrpc_dh'); // first error check: xml not well formed if (!xml_parse($parser, $data, count($data))) { // thanks to Peter Kocks <*****@*****.**> if (xml_get_current_line_number($parser) == 1) { $errstr = 'XML error at line 1, check URL'; } else { $errstr = sprintf('XML error: %s at line %d, column %d', xml_error_string(xml_get_error_code($parser)), xml_get_current_line_number($parser), xml_get_current_column_number($parser)); } error_log($errstr); $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['invalid_return'], $GLOBALS['xmlrpcstr']['invalid_return'] . ' (' . $errstr . ')'); xml_parser_free($parser); if ($this->debug) { print $errstr; } $r->hdrs = $GLOBALS['_xh']['headers']; $r->_cookies = $GLOBALS['_xh']['cookies']; $r->raw_data = $raw_data; return $r; } xml_parser_free($parser); // second error check: xml well formed but not xml-rpc compliant if ($GLOBALS['_xh']['isf'] > 1) { if ($this->debug) { /// @todo echo something for user? } $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['invalid_return'], $GLOBALS['xmlrpcstr']['invalid_return'] . ' ' . $GLOBALS['_xh']['isf_reason']); } elseif ($return_type == 'xmlrpcvals' && !is_object($GLOBALS['_xh']['value'])) { // something odd has happened // and it's time to generate a client side error // indicating something odd went on $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['invalid_return'], $GLOBALS['xmlrpcstr']['invalid_return']); } else { if ($this->debug) { print "<PRE>---PARSED---\n"; // somehow htmlentities chokes on var_export, and some full html string... //print htmlentitites(var_export($GLOBALS['_xh']['value'], true)); print htmlspecialchars(var_export($GLOBALS['_xh']['value'], true)); print "\n---END---</PRE>"; } // note that using =& will raise an error if $GLOBALS['_xh']['st'] does not generate an object. $v =& $GLOBALS['_xh']['value']; if ($GLOBALS['_xh']['isf']) { /// @todo we should test here if server sent an int and a string, /// and/or coerce them into such... if ($return_type == 'xmlrpcvals') { $errno_v = $v->structmem('faultCode'); $errstr_v = $v->structmem('faultString'); $errno = $errno_v->scalarval(); $errstr = $errstr_v->scalarval(); } else { $errno = $v['faultCode']; $errstr = $v['faultString']; } if ($errno == 0) { // FAULT returned, errno needs to reflect that $errno = -1; } $r = new xmlrpcresp(0, $errno, $errstr); } else { $r = new xmlrpcresp($v, 0, '', $return_type); } } $r->hdrs = $GLOBALS['_xh']['headers']; $r->_cookies = $GLOBALS['_xh']['cookies']; $r->raw_data = $raw_data; return $r; }
/** * Parse http headers received along with xmlrpc request. If needed, inflate request * @return null on success or an xmlrpcresp * @access private */ function parseRequestHeaders(&$data, &$req_encoding, &$resp_encoding, &$resp_compression) { // Play nice to PHP 4.0.x: superglobals were not yet invented... if (!isset($_SERVER)) { $_SERVER = $GLOBALS['HTTP_SERVER_VARS']; } if ($this->debug > 1) { if (function_exists('getallheaders')) { $this->debugmsg(''); // empty line foreach (getallheaders() as $name => $val) { $this->debugmsg("HEADER: {$name}: {$val}"); } } } if (isset($_SERVER['HTTP_CONTENT_ENCODING'])) { $content_encoding = str_replace('x-', '', $_SERVER['HTTP_CONTENT_ENCODING']); } else { $content_encoding = ''; } // check if request body has been compressed and decompress it if ($content_encoding != '' && strlen($data)) { if ($content_encoding == 'deflate' || $content_encoding == 'gzip') { // if decoding works, use it. else assume data wasn't gzencoded if (function_exists('gzinflate') && in_array($content_encoding, $this->accepted_compression)) { if ($content_encoding == 'deflate' && ($degzdata = @gzuncompress($data))) { $data = $degzdata; if ($this->debug > 1) { $this->debugmsg("\n+++INFLATED REQUEST+++[" . strlen($data) . " chars]+++\n" . $data . "\n+++END+++"); } } elseif ($content_encoding == 'gzip' && ($degzdata = @gzinflate(substr($data, 10)))) { $data = $degzdata; if ($this->debug > 1) { $this->debugmsg("+++INFLATED REQUEST+++[" . strlen($data) . " chars]+++\n" . $data . "\n+++END+++"); } } else { $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['server_decompress_fail'], $GLOBALS['xmlrpcstr']['server_decompress_fail']); return $r; } } else { //error_log('The server sent deflated data. Your php install must have the Zlib extension compiled in to support this.'); $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['server_cannot_decompress'], $GLOBALS['xmlrpcstr']['server_cannot_decompress']); return $r; } } } // check if client specified accepted charsets, and if we know how to fulfill // the request if ($this->response_charset_encoding == 'auto') { $resp_encoding = ''; if (isset($_SERVER['HTTP_ACCEPT_CHARSET'])) { // here we should check if we can match the client-requested encoding // with the encodings we know we can generate. /// @todo we should parse q=0.x preferences instead of getting first charset specified... $client_accepted_charsets = explode(',', strtoupper($_SERVER['HTTP_ACCEPT_CHARSET'])); // Give preference to internal encoding $known_charsets = array($this->internal_encoding, 'UTF-8', 'ISO-8859-1', 'US-ASCII'); foreach ($known_charsets as $charset) { foreach ($client_accepted_charsets as $accepted) { if (strpos($accepted, $charset) === 0) { $resp_encoding = $charset; break; } } if ($resp_encoding) { break; } } } } else { $resp_encoding = $this->response_charset_encoding; } if (isset($_SERVER['HTTP_ACCEPT_ENCODING'])) { $resp_compression = $_SERVER['HTTP_ACCEPT_ENCODING']; } else { $resp_compression = ''; } // 'guestimate' request encoding /// @todo check if mbstring is enabled and automagic input conversion is on: it might mingle with this check??? $req_encoding = guess_encoding(isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : '', $data); return null; }
function &parseResponse($data = '', $headers_processed = false, $return_type = 'xmlrpcvals') { //$hdrfnd = 0; if ($this->debug) { //by maHo, replaced htmlspecialchars with htmlentities print "<PRE>---GOT---\n" . htmlentities($data) . "\n---END---\n</PRE>"; } if ($data == '') { error_log('XML-RPC: xmlrpcmsg::parseResponse: no response received from server.'); $r =& new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['no_data'], $GLOBALS['xmlrpcstr']['no_data']); return $r; } $GLOBALS['_xh'] = array(); // parse the HTTP headers of the response, if present, and separate them from data if (ereg("^HTTP", $data)) { $r =& $this->parseResponseHeaders($data, $headers_processed); if ($r) { return $r; } } else { $GLOBALS['_xh']['headers'] = array(); $GLOBALS['_xh']['cookies'] = array(); } // be tolerant of extra whitespace in response body $data = trim($data); /// @todo return an error msg if $data=='' ? // be tolerant of junk after methodResponse (e.g. javascript ads automatically inserted by free hosts) // idea from Luca Mariano <*****@*****.**> originally in PEARified version of the lib $bd = false; // Poor man's version of strrpos for php 4... $pos = strpos($data, '</methodResponse>'); while ($pos || is_int($pos)) { $bd = $pos + 17; $pos = strpos($data, '</methodResponse>', $bd); } if ($bd) { $data = substr($data, 0, $bd); } // if user wants back raw xml, give it to him if ($return_type == 'xml') { $r =& new xmlrpcresp($data, 0, '', 'xml'); $r->hdrs = $GLOBALS['_xh']['headers']; $r->_cookies = $GLOBALS['_xh']['cookies']; return $r; } // try to 'guestimate' the character encoding of the received response $resp_encoding = guess_encoding(@$GLOBALS['_xh']['headers']['content-encoding'], $data); $GLOBALS['_xh']['stack'] = array(); $GLOBALS['_xh']['valuestack'] = array(); $GLOBALS['_xh']['isf'] = 0; $GLOBALS['_xh']['isf_reason'] = ''; $GLOBALS['_xh']['ac'] = ''; $GLOBALS['_xh']['qt'] = ''; // if response charset encoding is not known / supported, try to use // the default encoding and parse the xml anyway, but log a warning... if (!in_array($resp_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) { error_log('XML-RPC: xmlrpcmsg::parseResponse: invalid charset encoding of received response: ' . $resp_encoding); $resp_encoding = $GLOBALS['xmlrpc_defencoding']; } $parser = xml_parser_create($resp_encoding); xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true); // G. Giunta 2005/02/13: PHP internally uses ISO-8859-1, so we have to tell // the xml parser to give us back data in the expected charset xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $GLOBALS['xmlrpc_internalencoding']); if ($return_type == 'phpvals') { xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_fast'); } else { xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee'); } xml_set_character_data_handler($parser, 'xmlrpc_cd'); xml_set_default_handler($parser, 'xmlrpc_dh'); //$xmlrpc_value=new xmlrpcval; if (!xml_parse($parser, $data, sizeof($data))) { // thanks to Peter Kocks <*****@*****.**> if (xml_get_current_line_number($parser) == 1) { $errstr = 'XML error at line 1, check URL'; } else { $errstr = sprintf('XML error: %s at line %d', xml_error_string(xml_get_error_code($parser)), xml_get_current_line_number($parser)); } error_log($errstr); $r =& new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['invalid_return'], $GLOBALS['xmlrpcstr']['invalid_return'] . ' (' . $errstr . ')'); xml_parser_free($parser); if ($this->debug) { print $errstr; } $r->hdrs = $GLOBALS['_xh']['headers']; $r->_cookies = $GLOBALS['_xh']['cookies']; return $r; } xml_parser_free($parser); if ($GLOBALS['_xh']['isf'] > 1) { if ($this->debug) { /// @todo echo something for user? } $r =& new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['invalid_return'], $GLOBALS['xmlrpcstr']['invalid_return'] . ' ' . $GLOBALS['_xh']['isf_reason']); } elseif ($return_type == 'xmlrpcvals' && !is_object($GLOBALS['_xh']['value'])) { // then something odd has happened // and it's time to generate a client side error // indicating something odd went on $r =& new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['invalid_return'], $GLOBALS['xmlrpcstr']['invalid_return']); } else { if ($this->debug) { print "<PRE>---PARSED---\n"; var_dump($GLOBALS['_xh']['value']); print "\n---END---</PRE>"; } // note that using =& will raise an error if $GLOBALS['_xh']['st'] does not generate an object. $v =& $GLOBALS['_xh']['value']; if ($GLOBALS['_xh']['isf']) { if ($return_type == 'xmlrpcvals') { $errno_v = $v->structmem('faultCode'); $errstr_v = $v->structmem('faultString'); $errno = $errno_v->scalarval(); $errstr = $errstr_v->scalarval(); } else { $errno = $v['faultCode']; $errstr = $v['faultString']; } if ($errno == 0) { // FAULT returned, errno needs to reflect that $errno = -1; } $r =& new xmlrpcresp($v, $errno, $errstr); } else { $r =& new xmlrpcresp($v, 0, '', 'phpvals'); } } $r->hdrs = $GLOBALS['_xh']['headers']; $r->_cookies = $GLOBALS['_xh']['cookies']; return $r; }