public function export() { $result = parent::export(); if ($this->guid) { $result->guid = $this->guid; } return $result; }
/** * Executes a method. * A method is a function which you have previously exposed using expose_function. * * @param string $method Method, e.g. "foo.bar" * * @return GenericResult The result of the execution. * @throws APIException, CallException * @access private */ function execute_method($method) { global $API_METHODS, $CONFIG; // method must be exposed if (!isset($API_METHODS[$method])) { $msg = elgg_echo('APIException:MethodCallNotImplemented', array($method)); throw new APIException($msg); } // function must be callable if (!isset($API_METHODS[$method]["function"]) || !is_callable($API_METHODS[$method]["function"])) { $msg = elgg_echo('APIException:FunctionDoesNotExist', array($method)); throw new APIException($msg); } // check http call method if (strcmp(get_call_method(), $API_METHODS[$method]["call_method"]) != 0) { $msg = elgg_echo('CallException:InvalidCallMethod', array($method, $API_METHODS[$method]["call_method"])); throw new CallException($msg); } $parameters = get_parameters_for_method($method); if (verify_parameters($method, $parameters) == false) { // if verify_parameters fails, it throws exception which is not caught here } $serialised_parameters = serialise_parameters($method, $parameters); // Execute function: Construct function and calling parameters $function = $API_METHODS[$method]["function"]; $serialised_parameters = trim($serialised_parameters, ", "); // @todo document why we cannot use call_user_func_array here $result = eval("return {$function}({$serialised_parameters});"); // Sanity check result // If this function returns an api result itself, just return it if ($result instanceof GenericResult) { return $result; } if ($result === false) { $msg = elgg_echo('APIException:FunctionParseError', array($function, $serialised_parameters)); throw new APIException($msg); } if ($result === NULL) { // If no value $msg = elgg_echo('APIException:FunctionNoReturn', array($function, $serialised_parameters)); throw new APIException($msg); } // Otherwise assume that the call was successful and return it as a success object. return SuccessResult::getInstance($result); }
/** * Executes a method. * A method is a function which you have previously exposed using expose_function. * * @param string $method Method, e.g. "foo.bar" * * @return GenericResult The result of the execution. * @throws APIException|CallException * @access private */ function execute_method($method) { global $API_METHODS; // method must be exposed if (!isset($API_METHODS[$method])) { $msg = elgg_echo('APIException:MethodCallNotImplemented', array($method)); throw new APIException($msg); } // function must be callable $function = elgg_extract('function', $API_METHODS[$method]); if (!$function || !is_callable($function)) { $msg = elgg_echo('APIException:FunctionDoesNotExist', array($method)); throw new APIException($msg); } // check http call method if (strcmp(get_call_method(), $API_METHODS[$method]["call_method"]) != 0) { $msg = elgg_echo('CallException:InvalidCallMethod', array($method, $API_METHODS[$method]["call_method"])); throw new CallException($msg); } $parameters = get_parameters_for_method($method); // may throw exception, which is not caught here verify_parameters($method, $parameters); $serialised_parameters = serialise_parameters($method, $parameters); // Execute function: Construct function and calling parameters $serialised_parameters = trim($serialised_parameters, ", "); // Sadly we probably can't get rid of this eval() in 2.x. Doing so would involve // replacing serialise_parameters(), which does a bunch of weird stuff we need to // stay BC with 2.x. There are tests for a lot of these quirks in ElggCoreWebServicesApiTest // particularly in testSerialiseParametersCasting(). $arguments = eval("return [{$serialised_parameters}];"); if ($API_METHODS[$method]['assoc']) { $argument = array_combine(_elgg_ws_get_parameter_names($method), $arguments); $result = call_user_func($function, $argument); } else { $result = call_user_func_array($function, $arguments); } $result = elgg_trigger_plugin_hook('rest:output', $method, $parameters, $result); // Sanity check result // If this function returns an api result itself, just return it if ($result instanceof GenericResult) { return $result; } if ($result === false) { $msg = elgg_echo('APIException:FunctionParseError', array($function, $serialised_parameters)); throw new APIException($msg); } if ($result === NULL) { // If no value $msg = elgg_echo('APIException:FunctionNoReturn', array($function, $serialised_parameters)); throw new APIException($msg); } // Otherwise assume that the call was successful and return it as a success object. return SuccessResult::getInstance($result); }
/** * Executes a method. * A method is a function which you have previously exposed using expose_function. * * @param string $method Method, e.g. "foo.bar" * * @return GenericResult The result of the execution. * @throws APIException|CallException * @access private */ function execute_method($method) { global $API_METHODS; // method must be exposed if (!isset($API_METHODS[$method])) { $msg = elgg_echo('APIException:MethodCallNotImplemented', array($method)); throw new APIException($msg); } // function must be callable $function = null; if (isset($API_METHODS[$method]["function"])) { $function = $API_METHODS[$method]["function"]; // allow array version of static callback if (is_array($function) && isset($function[0], $function[1]) && is_string($function[0]) && is_string($function[1])) { $function = "{$function[0]}::{$function[1]}"; } } if (!is_string($function) || !is_callable($function)) { $msg = elgg_echo('APIException:FunctionDoesNotExist', array($method)); throw new APIException($msg); } // check http call method if (strcmp(get_call_method(), $API_METHODS[$method]["call_method"]) != 0) { $msg = elgg_echo('CallException:InvalidCallMethod', array($method, $API_METHODS[$method]["call_method"])); throw new CallException($msg); } $parameters = get_parameters_for_method($method); // may throw exception, which is not caught here verify_parameters($method, $parameters); $serialised_parameters = serialise_parameters($method, $parameters); // Execute function: Construct function and calling parameters $serialised_parameters = trim($serialised_parameters, ", "); // @todo remove the need for eval() $result = eval("return {$function}({$serialised_parameters});"); $result = elgg_trigger_plugin_hook('rest:output', $method, $parameters, $result); // Sanity check result // If this function returns an api result itself, just return it if ($result instanceof GenericResult) { return $result; } if ($result === false) { $msg = elgg_echo('APIException:FunctionParseError', array($function, $serialised_parameters)); throw new APIException($msg); } if ($result === NULL) { // If no value $msg = elgg_echo('APIException:FunctionNoReturn', array($function, $serialised_parameters)); throw new APIException($msg); } // Otherwise assume that the call was successful and return it as a success object. return SuccessResult::getInstance($result); }
/** * Executes a method. * A method is a function which you have previously exposed using expose_function. * * @param string $method Method, e.g. "foo.bar" * @param array $parameters Array of parameters in the format "variable" => "value", thse will be sanitised before being fed to your handler. * @param string $token The authentication token to authorise this method call. * @return GenericResult The result of the execution. * @throws APIException, SecurityException */ function execute_method($method, array $parameters, $token = "") { global $METHODS, $CONFIG; // Sanity check $method = sanitise_string($method); $token = sanitise_string($token); // See if we can find the method handler if (isset($METHODS[$method]["function"]) && is_callable($METHODS[$method]["function"])) { // See if this is being made with the right call method if (strcmp(get_call_method(), $METHODS[$method]["call_method"]) == 0) { $serialised_parameters = ""; // If we have parameters then we need to sanitise the parameters. if (isset($METHODS[$method]["parameters"]) && is_array($METHODS[$method]["parameters"])) { foreach ($METHODS[$method]["parameters"] as $key => $value) { if (is_array($value) && isset($value['type'])) { // Check that the variable is present in the request if (!isset($parameters[$key]) && (!isset($value['required']) || $value['required'] != true)) { throw new APIException(sprintf(elgg_echo('APIException:MissingParameterInMethod'), $key, $method)); } else { // Avoid debug error if (isset($parameters[$key])) { // Set variables casting to type. switch (strtolower($value['type'])) { case 'int': case 'integer': $serialised_parameters .= "," . (int) trim($parameters[$key]); break; case 'bool': case 'boolean': if (strcasecmp(trim($parameters[$key]), "false") == 0) { $parameters[$key] = ''; } $serialised_parameters .= "," . (bool) trim($parameters[$key]); break; case 'string': $serialised_parameters .= ",'" . (string) mysql_real_escape_string(trim($parameters[$key])) . "'"; break; case 'float': $serialised_parameters .= "," . (double) trim($parameters[$key]); break; case 'array': $array = "array("; if (is_array($parameters[$key])) { foreach ($parameters[$key] as $k => $v) { $k = sanitise_string($k); $v = sanitise_string($v); $array .= "'{$k}'=>'{$v}',"; } $array = trim($array, ","); } else { throw APIException(sprintf(elgg_echo('APIException:ParameterNotArray'), $key)); } $array .= ")"; $serialised_parameters .= $array; break; default: throw new APIException(sprintf(elgg_echo('APIException:UnrecognisedTypeCast'), $value['type'], $key, $method)); } } } } else { throw new APIException(sprintf(elgg_echo('APIException:InvalidParameter'), $key, $method)); } } } // Execute function: Construct function and calling parameters $function = $METHODS[$method]["function"]; $serialised_parameters = trim($serialised_parameters, ", "); $result = eval("return {$function}({$serialised_parameters});"); // Sanity check result if ($result instanceof GenericResult) { // If this function returns an api result itself, just return it return $result; } if ($result === FALSE) { throw new APIException(sprintf(elgg_echo('APIException:FunctionParseError'), $function, $serialised_parameters)); } if ($result === NULL) { throw new APIException(sprintf(elgg_echo('APIException:FunctionNoReturn'), $function, $serialised_parameters)); } // If no value return SuccessResult::getInstance($result); // Otherwise assume that the call was successful and return it as a success object. } else { throw new CallException(sprintf(elgg_echo('CallException:InvalidCallMethod'), $method, $METHODS[$method]["call_method"])); } } // Return an error if not found throw new APIException(sprintf(elgg_echo('APIException:MethodCallNotImplemented'), $method)); }