* param q : plugin tag
* calls the query function of the given plugin
*
*
* Returns : json
* {
* code: int,
* data: mixed,
* }
*
*
* NB : This file should be IP protected.
*
*/
include_once __DIR__ . '/../etc/config.php';
include_once 'MuDoCo/Server.php';
$server = new MuDoCo_Server();
$server->init('api');
$code = -1;
// >=0 for success or custom codes
$data = null;
if (isset($_GET['_s'])) {
// system call
$code = $server->apiSystem($_GET['_s'], array_diff_key($_GET, array('_s' => '')), $data);
} elseif (isset($_GET['_q'])) {
// plugin call
$plugin = $server->getPlugin($_GET['_q']);
$plugin->init('api');
$code = $plugin->query(array_diff_key($_GET, array('_q' => '')), $data);
}
$server->api($data, $code);
* MuDoCo - A Multi Domain Cookie
*
* Server side public xss script.
*
* @param _a cnonce|hnonce
* @param _q query plugin
* @param _r random
* @param _m variable name
* @param _i xss context
*
* hnonce = md5(cnonce nonce)
*
*/
include_once __DIR__ . '/../etc/config.php';
include_once 'MuDoCo/Server.php';
$server = new MuDoCo_Server(isset($_GET['_m']) ? $_GET['_m'] : null);
$data = null;
// negative code means nonce failure
$code = -1;
$init = false;
if (isset($_GET['_a'])) {
list($cnonce, $hnonce) = explode('|', $_GET['_a']);
if ($server->checkNonce($cnonce, $hnonce)) {
$code = 0;
$server->init('xss', true);
$init = true;
if (isset($_GET['_q'])) {
$params = array_diff_key($_GET, array('_a' => '', '_i' => '', '_r' => '', '_q' => ''));
$plugin = $server->getPlugin($_GET['_q']);
$plugin->init('xss', true);
$code = $plugin->query(array_diff_key($_GET, array('_q' => '')), $data);