public function query($q) { $parser = new Parser($this->user, $q); $error = $parser->parse(); if ($error) { return $parser->getError(); } $mysql_query = $parser->getSql(); $meta = $parser->getObjectMetaData(); $this->pearDB->startTransaction(); $result = $this->pearDB->pquery($mysql_query, array()); $error = $this->pearDB->hasFailedTransaction(); $this->pearDB->completeTransaction(); if ($error) { throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, "Database error while performing required operation"); } $noofrows = $this->pearDB->num_rows($result); $output = array(); for ($i = 0; $i < $noofrows; $i++) { $row = $this->pearDB->fetchByAssoc($result, $i); if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $row["crmid"])) { continue; } $output[] = DataTransform::sanitizeDataWithColumn($row, $meta); } return $output; }
public function query($q) { $parser = new Parser($this->user, $q); if (stripos($q, 'related.') > 0) { // related query require_once 'include/Webservices/Utils.php'; require_once 'include/Webservices/GetRelatedRecords.php'; $queryParameters['columns'] = trim(substr($q, 6, stripos($q, ' from ') - 5)); $moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)/"; preg_match($moduleRegex, $q, $m); $relatedModule = trim($m[1]); $moduleRegex = "/[rR][eE][lL][aA][tT][eE][dD]\\.([^\\s;]+)\\s*=\\s*([^\\s;]+)/"; preg_match($moduleRegex, $q, $m); $moduleName = trim($m[1]); $id = trim($m[2], "(')"); $mysql_query = __getRLQuery($id, $moduleName, $relatedModule, $queryParameters, $this->user); // where, limit and order $afterwhere = substr($q, stripos($q, ' where ') + 6); // eliminate related conditions $relatedCond = "/\\(*[rR][eE][lL][aA][tT][eE][dD]\\.([^\\s;]+)\\s*=\\s*([^\\s;]+)\\)*\\s*([aA][nN][dD]|[oO][rR]\\s)*/"; preg_match($relatedCond, $afterwhere, $pieces); $glue = isset($pieces[3]) ? trim($pieces[3]) : 'and'; $afterwhere = trim(preg_replace($relatedCond, '', $afterwhere), ' ;'); $relatedCond = "/\\s+([aA][nN][dD]|[oO][rR])+\\s+([oO][rR][dD][eE][rR])+/"; $afterwhere = trim(preg_replace($relatedCond, ' order ', $afterwhere), ' ;'); $relatedCond = "/\\s+([aA][nN][dD]|[oO][rR])+\\s+([lL][iI][mM][iI][tT])+/"; $afterwhere = trim(preg_replace($relatedCond, ' limit ', $afterwhere), ' ;'); // if related is at the end of condition we need to strip last and|or if (strtolower(substr($afterwhere, -3)) == 'and') { $afterwhere = substr($afterwhere, 0, strlen($afterwhere) - 3); } if (strtolower(substr($afterwhere, -2)) == 'or') { $afterwhere = substr($afterwhere, 0, strlen($afterwhere) - 2); } // transform REST ids $relatedCond = "/=\\s*'*\\d+x(\\d+)'*/"; $afterwhere = preg_replace($relatedCond, ' = $1 ', $afterwhere); // kill unbalanced parenthesis $balanced = 0; $pila = array(); for ($ch = 0; $ch < strlen($afterwhere); $ch++) { if ($afterwhere[$ch] == '(') { $pila[$balanced] = array('pos' => $ch, 'dir' => '('); $balanced++; } elseif ($afterwhere[$ch] == ')') { if ($balanced > 0 and $pila[$balanced - 1]['dir'] == '(') { array_pop($pila); $balanced--; } else { $pila[$balanced] = array('pos' => $ch, 'dir' => ')'); $balanced++; } } } foreach ($pila as $paren) { $afterwhere[$paren['pos']] = ' '; } // transform artificial commentcontent for FAQ and Ticket comments if (strtolower($relatedModule) == 'modcomments' and (strtolower($moduleName) == 'helpdesk' or strtolower($moduleName) == 'faq')) { $afterwhere = str_ireplace('commentcontent', 'comments', $afterwhere); } // transform fieldnames to columnnames $handler = vtws_getModuleHandlerFromName($relatedModule, $this->user); $meta = $handler->getMeta(); $fldmap = $meta->getFieldColumnMapping(); $tblmap = $meta->getColumnTableMapping(); $tok = strtok($afterwhere, ' '); $chgawhere = ''; while ($tok !== false) { if (!empty($fldmap[$tok])) { $chgawhere .= (strpos($tok, '.') ? '' : $tblmap[$fldmap[$tok]] . '.') . $fldmap[$tok] . ' '; } else { $chgawhere .= $tok . ' '; } $tok = strtok(' '); } $afterwhere = $chgawhere; if (!empty($afterwhere)) { $start = strtolower(substr(trim($afterwhere), 0, 5)); if ($start != 'limit' and $start != 'order') { // there is a condition we add the glue $mysql_query .= " {$glue} "; } $mysql_query .= " {$afterwhere}"; } if (stripos($q, 'count(*)') > 0) { $mysql_query = str_ireplace(' as count ', '', mkCountQuery($mysql_query)); } } else { $error = $parser->parse(); if ($error) { return $parser->getError(); } $mysql_query = $parser->getSql(); $meta = $parser->getObjectMetaData(); } $this->pearDB->startTransaction(); $result = $this->pearDB->pquery($mysql_query, array()); $error = $this->pearDB->hasFailedTransaction(); $this->pearDB->completeTransaction(); if ($error) { throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, vtws_getWebserviceTranslatedString('LBL_' . WebServiceErrorCode::$DATABASEQUERYERROR)); } $noofrows = $this->pearDB->num_rows($result); $output = array(); for ($i = 0; $i < $noofrows; $i++) { $row = $this->pearDB->fetchByAssoc($result, $i); if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $row["crmid"])) { continue; } $output[] = DataTransform::sanitizeDataWithColumn($row, $meta); } return $output; }
function post() { global $page; if (config::get("post_password") == '' || crypt($_POST['password'], config::get("post_password")) == config::get("post_password") || $page->isAdmin()) { $parser = new Parser($_POST['killmail']); // Filtering if (config::get('filter_apply')) { $filterdate = config::get('filter_date'); $year = substr($_POST['killmail'], 0, 4); $month = substr($_POST['killmail'], 5, 2); $day = substr($_POST['killmail'], 8, 2); $killstamp = mktime(0, 0, 0, $month, $day, $year); if ($killstamp < $filterdate) { $killid = -3; } else { $killid = $parser->parse(true, null, false); } } else { $killid = $parser->parse(true, null, false); } if ($killid <= 0) { if ($killid == 0) { $html = "Killmail is malformed.<br/>"; if ($errors = $parser->getError()) { foreach ($errors as $error) { $html .= 'Error: ' . $error[0]; if ($error[1]) { $html .= ' The text leading to this error was: "' . $error[1] . '"'; } $html .= '<br/>'; } } } elseif ($killid == -1) { $url = edkURI::page('kill_detail', $parser->getDupeID(), 'kll_id'); $html = "That killmail has already been posted <a href=\"" . edkURI::page('kill_detail', $parser->getDupeID(), 'kll_id') . "\">here</a>."; } elseif ($killid == -2) { $html = "You are not authorized to post this killmail."; } elseif ($killid == -3) { $filterdate = kbdate("j F Y", config::get("filter_date")); $html = "You are not allowed to post killmails older than" . " {$filterdate}."; } elseif ($killid == -4) { $html = "That mail has been deleted. Kill id was " . $parser->getDupeID(); if ($page->isAdmin()) { $html .= '<br /> <form id="postform" name="postform" class="f_killmail" method="post" action="' . edkURI::page('post') . '"> <input type="hidden" name="killmail" id="killmail" value = "' . htmlentities($_POST['killmail']) . '"/> <input type="hidden" name="kll_id" id="kill_id" value = "' . $parser->getDupeID() . '"/> <input type="hidden" name="undelete" id="undelete" value = "1"/> <input id="submit" name="submit" type="submit" value="Undelete" /> </form>'; } } } else { if (config::get('post_mailto') != "") { $mailer = new PHPMailer(); $kill = new Kill($killid); if (!($server = config::get('post_mailserver'))) { $server = 'localhost'; } $mailer->From = "mailer@" . config::get('post_mailhost'); $mailer->FromName = config::get('post_mailhost'); $mailer->Subject = "Killmail #" . $killid; $mailer->Host = $server; $mailer->Port = 25; $mailer->Helo = $server; $mailer->Mailer = "smtp"; $mailer->AddReplyTo("no_reply@" . config::get('post_mailhost'), "No-Reply"); $mailer->Sender = "mailer@" . config::get('post_mailhost'); $mailer->Body = $_POST['killmail']; $mailer->AddAddress(config::get('post_mailhost')); $mailer->Send(); } logger::logKill($killid); header("Location: " . htmlspecialchars_decode(edkURI::page('kill_detail', $killid, 'kll_id'))); exit; } } else { $html = "Invalid password."; } return $html; }
public function wsVTQL2SQL($q, &$meta, &$queryRelatedModules) { require_once 'include/Webservices/GetExtendedQuery.php'; if (__FQNExtendedQueryIsRelatedQuery($q)) { // related query require_once 'include/Webservices/GetRelatedRecords.php'; $queryParameters = array(); $queryParameters['columns'] = trim(substr($q, 6, stripos($q, ' from ') - 5)); $moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)/"; preg_match($moduleRegex, $q, $m); $relatedModule = trim($m[1]); $moduleRegex = "/[rR][eE][lL][aA][tT][eE][dD]\\.([^\\s;]+)\\s*=\\s*([^\\s;]+)/"; preg_match($moduleRegex, $q, $m); $moduleName = trim($m[1]); $id = trim($m[2], "(')"); $mysql_query = __getRLQuery($id, $moduleName, $relatedModule, $queryParameters, $this->user); // where, limit and order $afterwhere = substr($q, stripos($q, ' where ') + 6); // eliminate related conditions $relatedCond = "/\\(*[rR][eE][lL][aA][tT][eE][dD]\\.([^\\s;]+)\\s*=\\s*([^\\s;]+)\\)*\\s*([aA][nN][dD]|[oO][rR]\\s)*/"; preg_match($relatedCond, $afterwhere, $pieces); $glue = isset($pieces[3]) ? trim($pieces[3]) : 'and'; $afterwhere = trim(preg_replace($relatedCond, '', $afterwhere), ' ;'); $relatedCond = "/\\s+([aA][nN][dD]|[oO][rR])+\\s+([oO][rR][dD][eE][rR])+/"; $afterwhere = trim(preg_replace($relatedCond, ' order ', $afterwhere), ' ;'); $relatedCond = "/\\s+([aA][nN][dD]|[oO][rR])+\\s+([lL][iI][mM][iI][tT])+/"; $afterwhere = trim(preg_replace($relatedCond, ' limit ', $afterwhere), ' ;'); // if related is at the end of condition we need to strip last and|or if (strtolower(substr($afterwhere, -3)) == 'and') { $afterwhere = substr($afterwhere, 0, strlen($afterwhere) - 3); } if (strtolower(substr($afterwhere, -2)) == 'or') { $afterwhere = substr($afterwhere, 0, strlen($afterwhere) - 2); } // transform REST ids $relatedCond = "/=\\s*'*\\d+x(\\d+)'*/"; $afterwhere = preg_replace($relatedCond, ' = $1 ', $afterwhere); // kill unbalanced parenthesis $balanced = 0; $pila = array(); for ($ch = 0; $ch < strlen($afterwhere); $ch++) { if ($afterwhere[$ch] == '(') { $pila[$balanced] = array('pos' => $ch, 'dir' => '('); $balanced++; } elseif ($afterwhere[$ch] == ')') { if ($balanced > 0 and $pila[$balanced - 1]['dir'] == '(') { array_pop($pila); $balanced--; } else { $pila[$balanced] = array('pos' => $ch, 'dir' => ')'); $balanced++; } } } foreach ($pila as $paren) { $afterwhere[$paren['pos']] = ' '; } // transform artificial commentcontent for FAQ and Ticket comments if (strtolower($relatedModule) == 'modcomments' and (strtolower($moduleName) == 'helpdesk' or strtolower($moduleName) == 'faq')) { $afterwhere = str_ireplace('commentcontent', 'comments', $afterwhere); } $relhandler = vtws_getModuleHandlerFromName($moduleName, $this->user); $relmeta = $relhandler->getMeta(); $queryRelatedModules[$moduleName] = $relmeta; // transform fieldnames to columnnames $handler = vtws_getModuleHandlerFromName($relatedModule, $this->user); $meta = $handler->getMeta(); $fldmap = $meta->getFieldColumnMapping(); $tblmap = $meta->getColumnTableMapping(); $tok = strtok($afterwhere, ' '); $chgawhere = ''; while ($tok !== false) { if (!empty($fldmap[$tok])) { $chgawhere .= (strpos($tok, '.') ? '' : $tblmap[$fldmap[$tok]] . '.') . $fldmap[$tok] . ' '; } else { $chgawhere .= $tok . ' '; } $tok = strtok(' '); } $afterwhere = $chgawhere; if (!empty($afterwhere)) { $start = strtolower(substr(trim($afterwhere), 0, 5)); if ($start != 'limit' and $start != 'order') { // there is a condition we add the glue $mysql_query .= " {$glue} "; } $mysql_query .= " {$afterwhere}"; } if (stripos($q, 'count(*)') > 0) { $mysql_query = str_ireplace(' as count ', '', mkCountQuery($mysql_query)); } } elseif (__FQNExtendedQueryIsFQNQuery($q)) { // FQN extended syntax list($mysql_query, $queryRelatedModules) = __FQNExtendedQueryGetQuery($q, $this->user); $moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)/"; preg_match($moduleRegex, $q, $m); $fromModule = trim($m[1]); $handler = vtws_getModuleHandlerFromName($fromModule, $this->user); $meta = $handler->getMeta(); } else { $parser = new Parser($this->user, $q); $error = $parser->parse(); if ($error) { return $parser->getError(); } $mysql_query = $parser->getSql(); $meta = $parser->getObjectMetaData(); } return $mysql_query; }
/** * processes SOAP message received from client. * * @param array $headers The HTTP headers * @param string $data unprocessed request data from client * * @return mixed value of the message, decoded into a PHP type */ public function parseRequest($headers, $data) { $this->debug('Entering parseRequest() for data of length ' . strlen($data) . ' headers:'); $this->appendDebug($this->varDump($headers)); if (!isset($headers['content-type'])) { $this->setError('Request not of type text/xml (no content-type header)'); return false; } if (!strstr($headers['content-type'], 'text/xml')) { $this->setError('Request not of type text/xml'); return false; } if (strpos($headers['content-type'], '=')) { $enc = str_replace('"', '', substr(strstr($headers['content-type'], '='), 1)); $this->debug('Got response encoding: ' . $enc); if (preg_match('/^(ISO-8859-1|US-ASCII|UTF-8)$/i', $enc)) { $this->xml_encoding = strtoupper($enc); } else { $this->xml_encoding = 'US-ASCII'; } } else { // should be US-ASCII for HTTP 1.0 or ISO-8859-1 for HTTP 1.1 $this->xml_encoding = 'ISO-8859-1'; } $this->debug('Use encoding: ' . $this->xml_encoding . ' when creating Boskee\\Soap\\Parser'); // parse response, get soap parser obj $parser = new Parser($data, $this->xml_encoding, '', $this->decode_utf8); // parser debug $this->debug("parser debug: \n" . $parser->getDebug()); // if fault occurred during message parsing if ($err = $parser->getError()) { $this->result = 'fault: error in msg parsing: ' . $err; $this->fault('SOAP-ENV:Client', "error in msg parsing:\n" . $err); // else successfully parsed request into soapval object } else { // get/set methodname $this->methodURI = $parser->root_struct_namespace; $this->methodname = $parser->root_struct_name; $this->debug('methodname: ' . $this->methodname . ' methodURI: ' . $this->methodURI); $this->debug('calling parser->get_soapbody()'); $this->methodparams = $parser->get_soapbody(); // get SOAP headers $this->requestHeaders = $parser->getHeaders(); // get SOAP Header $this->requestHeader = $parser->get_soapheader(); // add document for doclit support $this->document = $parser->document; } }
/** * processes SOAP message returned from server. * * @param array $headers The HTTP headers * @param string $data unprocessed response data from server * * @return mixed value of the message, decoded into a PHP type */ public function parseResponse($headers, $data) { $this->debug('Entering parseResponse() for data of length ' . strlen($data) . ' headers:'); $this->appendDebug($this->varDump($headers)); if (!isset($headers['content-type'])) { $this->setError('Response not of type text/xml (no content-type header)'); return false; } if (!strstr($headers['content-type'], 'text/xml')) { $this->setError('Response not of type text/xml: ' . $headers['content-type']); return false; } if (strpos($headers['content-type'], '=')) { $enc = str_replace('"', '', substr(strstr($headers['content-type'], '='), 1)); $this->debug('Got response encoding: ' . $enc); if (preg_match('/^(ISO-8859-1|US-ASCII|UTF-8)$/i', $enc)) { $this->xml_encoding = strtoupper($enc); } else { $this->xml_encoding = 'US-ASCII'; } } else { // should be US-ASCII for HTTP 1.0 or ISO-8859-1 for HTTP 1.1 $this->xml_encoding = 'ISO-8859-1'; } $this->debug('Use encoding: ' . $this->xml_encoding . ' when creating Boskee\\Soap\\Parser'); $parser = new Parser($data, $this->xml_encoding, $this->operation, $this->decode_utf8); // add parser debug data to our debug $this->appendDebug($parser->getDebug()); // if parse errors if ($errstr = $parser->getError()) { $this->setError($errstr); // destroy the parser object unset($parser); return false; } else { // get SOAP headers $this->responseHeaders = $parser->getHeaders(); // get SOAP headers $this->responseHeader = $parser->get_soapheader(); // get decoded message $return = $parser->get_soapbody(); // add document for doclit support $this->document = $parser->document; // destroy the parser object unset($parser); // return decode message return $return; } }