function sajax_get_js_repr($value) { $type = gettype($value); if ($type == "boolean") { return $value ? "Boolean(true)" : "Boolean(false)"; } elseif ($type == "integer") { return "parseInt({$value})"; } elseif ($type == "double") { return "parseFloat({$value})"; } elseif ($type == "array" || $type == "object") { // // XXX Arrays with non-numeric indices are not // permitted according to ECMAScript, yet everyone // uses them.. We'll use an object. // $s = "{ "; if ($type == "object") { $value = get_object_vars($value); } foreach ($value as $k => $v) { $esc_key = sajax_esc($k); if (is_numeric($k)) { $s .= "{$k}: " . sajax_get_js_repr($v) . ", "; } else { $s .= "\"{$esc_key}\": " . sajax_get_js_repr($v) . ", "; } } if (count($value)) { $s = substr($s, 0, -2); } return $s . " }"; } else { $esc_val = sajax_esc($value); $s = "'{$esc_val}'"; return $s; } }
function sajax_handle_client_request() { global $sajax_export_list; $mode = ""; if (!empty($_GET["rs"])) { $mode = "get"; } if (!empty($_POST["rs"])) { $mode = "post"; } if (empty($mode)) { return; } $target = ""; if ($mode == "get") { ### Bust cache in the head header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); ### Date in the past header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); ### always modified header("Cache-Control: no-cache, must-revalidate"); ### HTTP/1.1 header("Pragma: no-cache"); ### HTTP/1.0 $func_name = $_GET["rs"]; if (!empty($_GET["rsargs"])) { $args = $_GET["rsargs"]; } else { $args = array(); } } else { $func_name = $_POST["rs"]; if (!empty($_POST["rsargs"])) { $args = $_POST["rsargs"]; } else { $args = array(); } } if (!in_array($func_name, $sajax_export_list)) { echo "-:{$func_name} not callable"; } else { $result = call_user_func_array($func_name, $args); echo "+:"; echo "var res = " . trim(sajax_get_js_repr($result)) . "; res;"; } exit; }
function sajax_handle_client_request() { global $sajax_export_list; $mode = ""; if (!empty($_GET["rs"])) { $mode = "get"; } if (!empty($_POST["rs"])) { $mode = "post"; } if (empty($mode)) { return; } $target = ""; ### 10.02. Added header header('Content-Type: text/javascript'); header('X-Content-Type-Options: nosniff'); if ($mode == "get") { ### Bust cache in the head header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); ### Date in the past header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); ### always modified header("Cache-Control: no-cache, must-revalidate"); ### HTTP/1.1 header("Pragma: no-cache"); ### HTTP/1.0 $func_name = $_GET["rs"]; ### 10.2.2012 sajax_sanitize removed if (!empty($_GET["rsargs"])) { $args = $_GET["rsargs"]; } else { $args = array(); } } else { $func_name = $_POST["rs"]; ### 10.2.2012 sajax_sanitize removed if (!empty($_POST["rsargs"])) { $args = $_POST["rsargs"]; } else { $args = array(); } } ### Kousuke Ebihara if (!in_array($func_name, $sajax_export_list)) { echo "-:" . sajax_esc($func_name) . " not callable"; } else { $result = call_user_func_array($func_name, $args); echo "+:"; echo "var res = " . trim(sajax_get_js_repr($result)) . "; res;"; // adjusted: removed sajax_esc } exit; }
function sajax_handle_client_request(&$object) { global $sajax_export_list, $ISPHP4; $mode = ""; if (!empty($_GET["rs"])) { $mode = "get"; } if (!empty($_POST["rs"])) { $mode = "post"; } if (empty($mode)) { return; } $target = ""; ob_clean(); if ($mode == "get") { // Bust cache in the head header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Pragma: no-cache"); // HTTP/1.0 $func_name = urldecode($_GET["rs"]); if (!empty($_GET["rsargs"])) { $args = array(); foreach ($_GET["rsargs"] as $key => $value) { $args[$key] = html_entity_decode(preg_replace("/%u([0-9a-f]{3,4})/i", "&#x\\1;", urldecode($value)), null, 'UTF-8'); } //$args = $_GET["rsargs"]; } else { $args = array(); } } else { $func_name = $_POST["rs"]; if (!empty($_POST["rsargs"])) { /* $args = array(); foreach($_POST["rsargs"] as $key => $value) { if($ISPHP4) $args[$key] = html_entity_decode(preg_replace("/%u([0-9a-f]{3,4})/i","&#x\\1;",urldecode($value))); else $args[$key] = html_entity_decode(preg_replace("/%u([0-9a-f]{3,4})/i","&#x\\1;",urldecode($value)),null,'UTF-8'); } //$args = $_POST["rsargs"]; */ $args = JRequest::getVar('rsargs', array()); } else { $args = array(); } } if (!in_array($func_name, $sajax_export_list)) { echo "-:{$func_name} not callable"; } else { echo "+:"; ob_flush(); if (is_object($object)) { $result = call_user_func_array(array(&$object, $func_name), $args); } else { $result = call_user_func_array($func_name, $args); } echo "var res = " . trim(sajax_get_js_repr($result)) . "; res;"; ob_flush(); flush(); } exit; }