2 // by Edd Dumbill (C) 1999-2002
4 // $Original: xmlrpcs.inc,v 1.66 2006/09/17 21:25:06 ggiunta Exp $
6 // $NucleusJP: xmlrpcs.inc.php,v 1.9.2.2 2007/09/07 07:04:24 kimitake Exp $
8 // Copyright (c) 1999,2000,2002 Edd Dumbill.
9 // All rights reserved.
11 // Redistribution and use in source and binary forms, with or without
12 // modification, are permitted provided that the following conditions
15 // * Redistributions of source code must retain the above copyright
16 // notice, this list of conditions and the following disclaimer.
18 // * Redistributions in binary form must reproduce the above
19 // copyright notice, this list of conditions and the following
20 // disclaimer in the documentation and/or other materials provided
21 // with the distribution.
23 // * Neither the name of the "XML-RPC for PHP" nor the names of its
24 // contributors may be used to endorse or promote products derived
25 // from this software without specific prior written permission.
27 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
29 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
30 // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
31 // REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
32 // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
33 // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
34 // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
36 // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
37 // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
38 // OF THE POSSIBILITY OF SUCH DAMAGE.
40 // XML RPC Server class
41 // requires: xmlrpc.inc
43 $GLOBALS['xmlrpcs_capabilities'] = array(
44 // xmlrpc spec: always supported
45 'xmlrpc' => new xmlrpcval(array(
46 'specUrl' => new xmlrpcval('http://www.xmlrpc.com/spec', 'string'),
47 'specVersion' => new xmlrpcval(1, 'int')
49 // if we support system.xxx functions, we always support multicall, too...
50 // Note that, as of 2006/09/17, the following URL does not respond anymore
51 'system.multicall' => new xmlrpcval(array(
52 'specUrl' => new xmlrpcval('http://www.xmlrpc.com/discuss/msgReader$1208', 'string'),
53 'specVersion' => new xmlrpcval(1, 'int')
55 // introspection: version 2! we support 'mixed', too
56 'introspection' => new xmlrpcval(array(
57 'specUrl' => new xmlrpcval('http://phpxmlrpc.sourceforge.net/doc-2/ch10.html', 'string'),
58 'specVersion' => new xmlrpcval(2, 'int')
62 /* Functions that implement system.XXX methods of xmlrpc servers */
63 $_xmlrpcs_getCapabilities_sig=array(array($GLOBALS['xmlrpcStruct']));
64 $_xmlrpcs_getCapabilities_doc='This method lists all the capabilites that the XML-RPC server has: the (more or less standard) extensions to the xmlrpc spec that it adheres to';
65 $_xmlrpcs_getCapabilities_sdoc=array(array('list of capabilities, described as structs with a version number and url for the spec'));
66 function _xmlrpcs_getCapabilities($server, $m=null)
68 $outAr = $GLOBALS['xmlrpcs_capabilities'];
70 if ($GLOBALS['xmlrpc_null_extension']) {
71 $outAr['nil'] = new xmlrpcval(array(
72 'specUrl' => new xmlrpcval('http://www.ontosys.com/xml-rpc/extensions.php', 'string'),
73 'specVersion' => new xmlrpcval(1, 'int')
76 return new xmlrpcresp(new xmlrpcval($outAr, 'struct'));
79 // listMethods: signature was either a string, or nothing.
80 // The useless string variant has been removed
81 $_xmlrpcs_listMethods_sig=array(array($GLOBALS['xmlrpcArray']));
82 $_xmlrpcs_listMethods_doc='This method lists all the methods that the XML-RPC server knows how to dispatch';
83 $_xmlrpcs_listMethods_sdoc=array(array('list of method names'));
84 function _xmlrpcs_listMethods($server, $m=null) // if called in plain php values mode, second param is missing
88 foreach($server->dmap as $key => $val)
90 $outAr[]=&new xmlrpcval($key, 'string');
92 if($server->allow_system_funcs)
94 foreach($GLOBALS['_xmlrpcs_dmap'] as $key => $val)
96 $outAr[]=&new xmlrpcval($key, 'string');
99 return new xmlrpcresp(new xmlrpcval($outAr, 'array'));
102 $_xmlrpcs_methodSignature_sig=array(array($GLOBALS['xmlrpcArray'], $GLOBALS['xmlrpcString']));
103 $_xmlrpcs_methodSignature_doc='Returns an array of known signatures (an array of arrays) for the method name passed. If no signatures are known, returns a none-array (test for type != array to detect missing signature)';
104 $_xmlrpcs_methodSignature_sdoc=array(array('list of known signatures, each sig being an array of xmlrpc type names', 'name of method to be described'));
105 function _xmlrpcs_methodSignature($server, $m)
107 // let accept as parameter both an xmlrpcval or string
110 $methName=$m->getParam(0);
111 $methName=$methName->scalarval();
117 if(strpos($methName, "system.") === 0)
119 $dmap=$GLOBALS['_xmlrpcs_dmap']; $sysCall=1;
123 $dmap=$server->dmap; $sysCall=0;
125 if(isset($dmap[$methName]))
127 if(isset($dmap[$methName]['signature']))
130 foreach($dmap[$methName]['signature'] as $inSig)
133 foreach($inSig as $sig)
135 $cursig[]=&new xmlrpcval($sig, 'string');
137 $sigs[]=&new xmlrpcval($cursig, 'array');
139 $r=&new xmlrpcresp(new xmlrpcval($sigs, 'array'));
143 // NB: according to the official docs, we should be returning a
144 // "none-array" here, which means not-an-array
145 $r=&new xmlrpcresp(new xmlrpcval('undef', 'string'));
150 $r=&new xmlrpcresp(0,$GLOBALS['xmlrpcerr']['introspect_unknown'], $GLOBALS['xmlrpcstr']['introspect_unknown']);
155 $_xmlrpcs_methodHelp_sig=array(array($GLOBALS['xmlrpcString'], $GLOBALS['xmlrpcString']));
156 $_xmlrpcs_methodHelp_doc='Returns help text if defined for the method passed, otherwise returns an empty string';
157 $_xmlrpcs_methodHelp_sdoc=array(array('method description', 'name of the method to be described'));
158 function _xmlrpcs_methodHelp($server, $m)
160 // let accept as parameter both an xmlrpcval or string
163 $methName=$m->getParam(0);
164 $methName=$methName->scalarval();
170 if(strpos($methName, "system.") === 0)
172 $dmap=$GLOBALS['_xmlrpcs_dmap']; $sysCall=1;
176 $dmap=$server->dmap; $sysCall=0;
178 if(isset($dmap[$methName]))
180 if(isset($dmap[$methName]['docstring']))
182 $r=&new xmlrpcresp(new xmlrpcval($dmap[$methName]['docstring']), 'string');
186 $r=&new xmlrpcresp(new xmlrpcval('', 'string'));
191 $r=&new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['introspect_unknown'], $GLOBALS['xmlrpcstr']['introspect_unknown']);
196 $_xmlrpcs_multicall_sig = array(array($GLOBALS['xmlrpcArray'], $GLOBALS['xmlrpcArray']));
197 $_xmlrpcs_multicall_doc = 'Boxcar multiple RPC calls in one request. See http://www.xmlrpc.com/discuss/msgReader$1208 for details';
198 $_xmlrpcs_multicall_sdoc = array(array('list of response structs, where each struct has the usual members', 'list of calls, with each call being represented as a struct, with members "methodname" and "params"'));
199 function _xmlrpcs_multicall_error($err)
203 $str = $GLOBALS['xmlrpcstr']["multicall_${err}"];
204 $code = $GLOBALS['xmlrpcerr']["multicall_${err}"];
208 $code = $err->faultCode();
209 $str = $err->faultString();
212 $struct['faultCode'] =& new xmlrpcval($code, 'int');
213 $struct['faultString'] =& new xmlrpcval($str, 'string');
214 return new xmlrpcval($struct, 'struct');
217 function _xmlrpcs_multicall_do_call($server, $call)
219 if($call->kindOf() != 'struct')
221 return _xmlrpcs_multicall_error('notstruct');
223 $methName = @$call->structmem('methodName');
226 return _xmlrpcs_multicall_error('nomethod');
228 if($methName->kindOf() != 'scalar' || $methName->scalartyp() != 'string')
230 return _xmlrpcs_multicall_error('notstring');
232 if($methName->scalarval() == 'system.multicall')
234 return _xmlrpcs_multicall_error('recursion');
237 $params = @$call->structmem('params');
240 return _xmlrpcs_multicall_error('noparams');
242 if($params->kindOf() != 'array')
244 return _xmlrpcs_multicall_error('notarray');
246 $numParams = $params->arraysize();
248 $msg =& new xmlrpcmsg($methName->scalarval());
249 for($i = 0; $i < $numParams; $i++)
251 if(!$msg->addParam($params->arraymem($i)))
254 return _xmlrpcs_multicall_error(new xmlrpcresp(0,
255 $GLOBALS['xmlrpcerr']['incorrect_params'],
256 $GLOBALS['xmlrpcstr']['incorrect_params'] . ": probable xml error in param " . $i));
260 $result = $server->execute($msg);
262 if($result->faultCode() != 0)
264 return _xmlrpcs_multicall_error($result); // Method returned fault.
267 return new xmlrpcval(array($result->value()), 'array');
270 function _xmlrpcs_multicall_do_call_phpvals($server, $call)
274 return _xmlrpcs_multicall_error('notstruct');
276 if(!array_key_exists('methodName', $call))
278 return _xmlrpcs_multicall_error('nomethod');
280 if (!is_string($call['methodName']))
282 return _xmlrpcs_multicall_error('notstring');
284 if($call['methodName'] == 'system.multicall')
286 return _xmlrpcs_multicall_error('recursion');
288 if(!array_key_exists('params', $call))
290 return _xmlrpcs_multicall_error('noparams');
292 if(!is_array($call['params']))
294 return _xmlrpcs_multicall_error('notarray');
297 // this is a real dirty and simplistic hack, since we might have received a
298 // base64 or datetime values, but they will be listed as strings here...
299 $numParams = count($call['params']);
301 foreach($call['params'] as $val)
302 $pt[] = php_2_xmlrpc_type(gettype($val));
304 $result = $server->execute($call['methodName'], $call['params'], $pt);
306 if($result->faultCode() != 0)
308 return _xmlrpcs_multicall_error($result); // Method returned fault.
311 return new xmlrpcval(array($result->value()), 'array');
314 function _xmlrpcs_multicall($server, $m)
317 // let accept a plain list of php parameters, beside a single xmlrpc msg object
320 $calls = $m->getParam(0);
321 $numCalls = $calls->arraysize();
322 for($i = 0; $i < $numCalls; $i++)
324 $call = $calls->arraymem($i);
325 $result[$i] = _xmlrpcs_multicall_do_call($server, $call);
331 for($i = 0; $i < $numCalls; $i++)
333 $result[$i] = _xmlrpcs_multicall_do_call_phpvals($server, $m[$i]);
337 return new xmlrpcresp(new xmlrpcval($result, 'array'));
340 $GLOBALS['_xmlrpcs_dmap']=array(
341 'system.listMethods' => array(
342 'function' => '_xmlrpcs_listMethods',
343 'signature' => $_xmlrpcs_listMethods_sig,
344 'docstring' => $_xmlrpcs_listMethods_doc,
345 'signature_docs' => $_xmlrpcs_listMethods_sdoc),
346 'system.methodHelp' => array(
347 'function' => '_xmlrpcs_methodHelp',
348 'signature' => $_xmlrpcs_methodHelp_sig,
349 'docstring' => $_xmlrpcs_methodHelp_doc,
350 'signature_docs' => $_xmlrpcs_methodHelp_sdoc),
351 'system.methodSignature' => array(
352 'function' => '_xmlrpcs_methodSignature',
353 'signature' => $_xmlrpcs_methodSignature_sig,
354 'docstring' => $_xmlrpcs_methodSignature_doc,
355 'signature_docs' => $_xmlrpcs_methodSignature_sdoc),
356 'system.multicall' => array(
357 'function' => '_xmlrpcs_multicall',
358 'signature' => $_xmlrpcs_multicall_sig,
359 'docstring' => $_xmlrpcs_multicall_doc,
360 'signature_docs' => $_xmlrpcs_multicall_sdoc),
361 'system.getCapabilities' => array(
362 'function' => '_xmlrpcs_getCapabilities',
363 'signature' => $_xmlrpcs_getCapabilities_sig,
364 'docstring' => $_xmlrpcs_getCapabilities_doc,
365 'signature_docs' => $_xmlrpcs_getCapabilities_sdoc)
368 $GLOBALS['_xmlrpcs_occurred_errors'] = '';
369 $GLOBALS['_xmlrpcs_prev_ehandler'] = '';
371 * Error handler used to track errors that occur during server-side execution of PHP code.
372 * This allows to report back to the client whether an internal error has occurred or not
373 * using an xmlrpc response object, instead of letting the client deal with the html junk
374 * that a PHP execution error on the server generally entails.
376 * NB: in fact a user defined error handler can only handle WARNING, NOTICE and USER_* errors.
379 function _xmlrpcs_errorHandler($errcode, $errstring, $filename=null, $lineno=null, $context=null)
381 // obey the @ protocol
382 if (error_reporting() == 0)
385 //if($errcode != E_NOTICE && $errcode != E_WARNING && $errcode != E_USER_NOTICE && $errcode != E_USER_WARNING)
386 if($errcode != 2048) // do not use E_STRICT by name, since on PHP 4 it will not be defined
388 $GLOBALS['_xmlrpcs_occurred_errors'] = $GLOBALS['_xmlrpcs_occurred_errors'] . $errstring . "\n";
390 // Try to avoid as much as possible disruption to the previous error handling
391 // mechanism in place
392 if($GLOBALS['_xmlrpcs_prev_ehandler'] == '')
394 // The previous error handler was the default: all we should do is log error
395 // to the default error log (if level high enough)
396 if(ini_get('log_errors') && (intval(ini_get('error_reporting')) & $errcode))
398 error_log($errstring);
403 // Pass control on to previous error handler, trying to avoid loops...
404 if($GLOBALS['_xmlrpcs_prev_ehandler'] != '_xmlrpcs_errorHandler')
406 // NB: this code will NOT work on php < 4.0.2: only 2 params were used for error handlers
407 if(is_array($GLOBALS['_xmlrpcs_prev_ehandler']))
409 $GLOBALS['_xmlrpcs_prev_ehandler'][0]->$GLOBALS['_xmlrpcs_prev_ehandler'][1]($errcode, $errstring, $filename, $lineno, $context);
413 $GLOBALS['_xmlrpcs_prev_ehandler']($errcode, $errstring, $filename, $lineno, $context);
419 $GLOBALS['_xmlrpc_debuginfo']='';
422 * Add a string to the debug info that can be later seralized by the server
423 * as part of the response message.
424 * Note that for best compatbility, the debug string should be encoded using
425 * the $GLOBALS['xmlrpc_internalencoding'] character set.
429 function xmlrpc_debugmsg($m)
431 $GLOBALS['_xmlrpc_debuginfo'] .= $m . "\n";
436 /// array defining php functions exposed as xmlrpc methods by this server
439 * Defines how functions in dmap will be invokde: either using an xmlrpc msg object
440 * or plain php values.
441 * valid strings are 'xmlrpcvals', 'phpvals' or 'epivals'
443 var $functions_parameters_type='xmlrpcvals';
444 /// controls wether the server is going to echo debugging messages back to the client as comments in response body. valid values: 0,1,2,3
447 * When set to true, it will enable HTTP compression of the response, in case
448 * the client has declared its support for compression in the request.
450 var $compress_response = false;
452 * List of http compression methods accepted by the server for requests.
453 * NB: PHP supports deflate, gzip compressions out of the box if compiled w. zlib
455 var $accepted_compression = array();
456 /// shall we serve calls to system.* methods?
457 var $allow_system_funcs = true;
458 /// list of charset encodings natively accepted for requests
459 var $accepted_charset_encodings = array();
461 * charset encoding to be used for response.
462 * NB: if we can, we will convert the generated response from internal_encoding to the intended one.
463 * can be: a supported xml encoding (only UTF-8 and ISO-8859-1 at present, unless mbstring is enabled),
464 * null (leave unspecified in response, convert output stream to US_ASCII),
465 * 'default' (use xmlrpc library default as specified in xmlrpc.inc, convert output stream if needed),
466 * or 'auto' (use client-specified charset encoding or same as request if request headers do not specify it (unless request is US-ASCII: then use library default anyway).
467 * NB: pretty dangerous if you accept every charset and do not have mbstring enabled)
469 var $response_charset_encoding = '';
470 /// storage for internal debug info
471 var $debug_info = '';
472 /// extra data passed at runtime to method handling functions. Used only by EPI layer
473 var $user_data = null;
476 * @param array $dispmap the dispatch map withd efinition of exposed services
477 * @param boolean $servicenow set to false to prevent the server from runnung upon construction
479 function xmlrpc_server($dispMap=null, $serviceNow=true)
481 // if ZLIB is enabled, let the server by default accept compressed requests,
482 // and compress responses sent to clients that support them
483 if(function_exists('gzinflate'))
485 $this->accepted_compression = array('gzip', 'deflate');
486 $this->compress_response = true;
489 // by default the xml parser can support these 3 charset encodings
490 $this->accepted_charset_encodings = array('UTF-8', 'ISO-8859-1', 'US-ASCII');
492 // dispMap is a dispatch array of methods
493 // mapped to function names and signatures
495 // doesn't appear in the map then an unknown
496 // method error is generated
497 /* milosch - changed to make passing dispMap optional.
498 * instead, you can use the class add_to_map() function
499 * to add functions manually (borrowed from SOAPX4)
503 $this->dmap = $dispMap;
512 * Set debug level of server.
513 * @param integer $in debug lvl: determines info added to xmlrpc responses (as xml comments)
515 * 1 = msgs set from user with debugmsg(),
516 * 2 = add complete xmlrpc request (headers and body),
517 * 3 = add also all processing warnings happened during method processing
518 * (NB: this involves setting a custom error handler, and might interfere
519 * with the standard processing of the php function exposed as method. In
520 * particular, triggering an USER_ERROR level error will not halt script
521 * execution anymore, but just end up logged in the xmlrpc response)
522 * Note that info added at elevel 2 and 3 will be base64 encoded
525 function setDebug($in)
531 * Return a string with the serialized representation of all debug info
532 * @param string $charset_encoding the target charset encoding for the serialization
533 * @return string an XML comment (or two)
535 function serializeDebug($charset_encoding='')
537 // Tough encoding problem: which internal charset should we assume for debug info?
538 // It might contain a copy of raw data received from client, ie with unknown encoding,
539 // intermixed with php generated data and user generated data...
540 // so we split it: system debug is base 64 encoded,
541 // user debug info should be encoded by the end user using the INTERNAL_ENCODING
543 if ($this->debug_info != '')
545 $out .= "<!-- SERVER DEBUG INFO (BASE64 ENCODED):\n".base64_encode($this->debug_info)."\n-->\n";
547 if($GLOBALS['_xmlrpc_debuginfo']!='')
550 $out .= "<!-- DEBUG INFO:\n" . xmlrpc_encode_entitites(str_replace('--', '_-', $GLOBALS['_xmlrpc_debuginfo']), $GLOBALS['xmlrpc_internalencoding'], $charset_encoding) . "\n-->\n";
551 // NB: a better solution MIGHT be to use CDATA, but we need to insert it
552 // into return payload AFTER the beginning tag
553 //$out .= "<![CDATA[ DEBUG INFO:\n\n" . str_replace(']]>', ']_]_>', $GLOBALS['_xmlrpc_debuginfo']) . "\n]]>\n";
559 * Execute the xmlrpc request, printing the response
560 * @param string $data the request body. If null, the http POST request will be examined
561 * @return xmlrpcresp the response object (usually not used by caller...)
564 function service($data=null, $return_payload=false)
568 $data = isset($GLOBALS['HTTP_RAW_POST_DATA']) ? $GLOBALS['HTTP_RAW_POST_DATA'] : '';
572 // reset internal debug info
573 $this->debug_info = '';
575 // Echo back what we received, before parsing it
578 $this->debugmsg("+++GOT+++\n" . $data . "\n+++END+++");
581 $r = $this->parseRequestHeaders($data, $req_charset, $resp_charset, $resp_encoding);
584 $r=$this->parseRequest($data, $req_charset);
587 // save full body of request into response, for more debugging usages
588 $r->raw_data = $raw_data;
590 if($this->debug > 2 && $GLOBALS['_xmlrpcs_occurred_errors'])
592 $this->debugmsg("+++PROCESSING ERRORS AND WARNINGS+++\n" .
593 $GLOBALS['_xmlrpcs_occurred_errors'] . "+++END+++");
596 $payload=$this->xml_header($resp_charset);
599 $payload = $payload . $this->serializeDebug($resp_charset);
602 // G. Giunta 2006-01-27: do not create response serialization if it has
603 // already happened. Helps building json magic
604 if (empty($r->payload))
606 $r->serialize($resp_charset);
608 $payload = $payload . $r->payload;
615 // if we get a warning/error that has output some text before here, then we cannot
616 // add a new header. We cannot say we are sending xml, either...
619 header('Content-Type: '.$r->content_type);
620 // we do not know if client actually told us an accepted charset, but if he did
621 // we have to tell him what we did
622 header("Vary: Accept-Charset");
624 // http compression of output: only
625 // if we can do it, and we want to do it, and client asked us to,
626 // and php ini settings do not force it already
627 $php_no_self_compress = ini_get('zlib.output_compression') == '' && (ini_get('output_handler') != 'ob_gzhandler');
628 if($this->compress_response && function_exists('gzencode') && $resp_encoding != ''
629 && $php_no_self_compress)
631 if(strpos($resp_encoding, 'gzip') !== false)
633 $payload = gzencode($payload);
634 header("Content-Encoding: gzip");
635 header("Vary: Accept-Encoding");
637 elseif (strpos($resp_encoding, 'deflate') !== false)
639 $payload = gzcompress($payload);
640 header("Content-Encoding: deflate");
641 header("Vary: Accept-Encoding");
645 // do not ouput content-length header if php is compressing output for us:
646 // it will mess up measurements
647 if($php_no_self_compress)
649 header('Content-Length: ' . (int)strlen($payload));
654 error_log('XML-RPC: xmlrpc_server::service: http headers already sent before response is fully generated. Check for php warning or error messages');
659 // return request, in case subclasses want it
664 * Add a method to the dispatch map
665 * @param string $methodname the name with which the method will be made available
666 * @param string $function the php function that will get invoked
667 * @param array $sig the array of valid method signatures
668 * @param string $doc method documentation
671 function add_to_map($methodname,$function,$sig=null,$doc='')
673 $this->dmap[$methodname] = array(
674 'function' => $function,
679 $this->dmap[$methodname]['signature'] = $sig;
684 * Verify type and number of parameters received against a list of known signatures
685 * @param array $in array of either xmlrpcval objects or xmlrpc type definitions
686 * @param array $sig array of known signatures to match against
689 function verifySignature($in, $sig)
691 // check each possible signature in turn
694 $numParams = $in->getNumParams();
698 $numParams = count($in);
700 foreach($sig as $cursig)
702 if(count($cursig)==$numParams+1)
705 for($n=0; $n<$numParams; $n++)
709 $p=$in->getParam($n);
710 if($p->kindOf() == 'scalar')
721 $pt= $in[$n] == 'i4' ? 'int' : $in[$n]; // dispatch maps never use i4...
724 // param index is $n+1, as first member of sig is return type
725 if($pt != $cursig[$n+1] && $cursig[$n+1] != $GLOBALS['xmlrpcValue'])
729 $wanted=$cursig[$n+1];
742 return array(0, "Wanted ${wanted}, got ${got} at param ${pno}");
746 return array(0, "No method signature matches number of parameters");
751 * Parse http headers received along with xmlrpc request. If needed, inflate request
752 * @return null on success or an xmlrpcresp
755 function parseRequestHeaders(&$data, &$req_encoding, &$resp_encoding, &$resp_compression)
757 // Play nice to PHP 4.0.x: superglobals were not yet invented...
760 $_SERVER = $GLOBALS['HTTP_SERVER_VARS'];
765 if(function_exists('getallheaders'))
767 $this->debugmsg(''); // empty line
768 foreach(getallheaders() as $name => $val)
770 $this->debugmsg("HEADER: $name: $val");
776 if(isset($_SERVER['HTTP_CONTENT_ENCODING']))
778 $content_encoding = str_replace('x-', '', $_SERVER['HTTP_CONTENT_ENCODING']);
782 $content_encoding = '';
785 // check if request body has been compressed and decompress it
786 if($content_encoding != '' && strlen($data))
788 if($content_encoding == 'deflate' || $content_encoding == 'gzip')
790 // if decoding works, use it. else assume data wasn't gzencoded
791 if(function_exists('gzinflate') && in_array($content_encoding, $this->accepted_compression))
793 if($content_encoding == 'deflate' && $degzdata = @gzuncompress($data))
798 $this->debugmsg("\n+++INFLATED REQUEST+++[".strlen($data)." chars]+++\n" . $data . "\n+++END+++");
801 elseif($content_encoding == 'gzip' && $degzdata = @gzinflate(substr($data, 10)))
805 $this->debugmsg("+++INFLATED REQUEST+++[".strlen($data)." chars]+++\n" . $data . "\n+++END+++");
809 $r =& new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['server_decompress_fail'], $GLOBALS['xmlrpcstr']['server_decompress_fail']);
815 //error_log('The server sent deflated data. Your php install must have the Zlib extension compiled in to support this.');
816 $r =& new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['server_cannot_decompress'], $GLOBALS['xmlrpcstr']['server_cannot_decompress']);
822 // check if client specified accepted charsets, and if we know how to fulfill
824 if ($this->response_charset_encoding == 'auto')
827 if (isset($_SERVER['HTTP_ACCEPT_CHARSET']))
829 // here we should check if we can match the client-requested encoding
830 // with the encodings we know we can generate.
831 /// @todo we should parse q=0.x preferences instead of getting first charset specified...
832 $client_accepted_charsets = explode(',', strtoupper($_SERVER['HTTP_ACCEPT_CHARSET']));
833 // Give preference to internal encoding
834 $known_charsets = array($this->internal_encoding, 'UTF-8', 'ISO-8859-1', 'US-ASCII');
835 foreach ($known_charsets as $charset)
837 foreach ($client_accepted_charsets as $accepted)
838 if (strpos($accepted, $charset) === 0)
840 $resp_encoding = $charset;
850 $resp_encoding = $this->response_charset_encoding;
853 if (isset($_SERVER['HTTP_ACCEPT_ENCODING']))
855 $resp_compression = $_SERVER['HTTP_ACCEPT_ENCODING'];
859 $resp_compression = '';
862 // 'guestimate' request encoding
863 /// @todo check if mbstring is enabled and automagic input conversion is on: it might mingle with this check???
864 $req_encoding = guess_encoding(isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : '',
871 * Parse an xml chunk containing an xmlrpc request and execute the corresponding
872 * php function registered with the server
873 * @param string $data the xml request
874 * @param string $req_encoding (optional) the charset encoding of the xml request
878 function parseRequest($data, $req_encoding='')
880 // 2005/05/07 commented and moved into caller function code
883 // $data=$GLOBALS['HTTP_RAW_POST_DATA'];
886 // G. Giunta 2005/02/13: we do NOT expect to receive html entities
887 // so we do not try to convert them into xml character entities
888 //$data = xmlrpc_html_entity_xlate($data);
890 $GLOBALS['_xh']=array();
891 $GLOBALS['_xh']['ac']='';
892 $GLOBALS['_xh']['stack']=array();
893 $GLOBALS['_xh']['valuestack'] = array();
894 $GLOBALS['_xh']['params']=array();
895 $GLOBALS['_xh']['pt']=array();
896 $GLOBALS['_xh']['isf']=0;
897 $GLOBALS['_xh']['isf_reason']='';
898 $GLOBALS['_xh']['method']=false; // so we can check later if we got a methodname or not
899 $GLOBALS['_xh']['rt']='';
901 // decompose incoming XML into request structure
902 if ($req_encoding != '')
904 if (!in_array($req_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
905 // the following code might be better for mb_string enabled installs, but
906 // makes the lib about 200% slower...
907 //if (!is_valid_charset($req_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
909 error_log('XML-RPC: xmlrpc_server::parseRequest: invalid charset encoding of received request: '.$req_encoding);
910 $req_encoding = $GLOBALS['xmlrpc_defencoding'];
912 /// @BUG this will fail on PHP 5 if charset is not specified in the xml prologue,
913 // the encoding is not UTF8 and there are non-ascii chars in the text...
914 $parser = xml_parser_create($req_encoding);
918 $parser = xml_parser_create();
921 xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true);
922 // G. Giunta 2005/02/13: PHP internally uses ISO-8859-1, so we have to tell
923 // the xml parser to give us back data in the expected charset
924 xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $GLOBALS['xmlrpc_internalencoding']);
926 if ($this->functions_parameters_type != 'xmlrpcvals')
927 xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_fast');
929 xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee');
930 xml_set_character_data_handler($parser, 'xmlrpc_cd');
931 xml_set_default_handler($parser, 'xmlrpc_dh');
932 if(!xml_parse($parser, $data, 1))
934 // return XML error as a faultCode
935 $r=&new xmlrpcresp(0,
936 $GLOBALS['xmlrpcerrxml']+xml_get_error_code($parser),
937 sprintf('XML error: %s at line %d, column %d',
938 xml_error_string(xml_get_error_code($parser)),
939 xml_get_current_line_number($parser), xml_get_current_column_number($parser)));
940 xml_parser_free($parser);
942 elseif ($GLOBALS['_xh']['isf'])
944 xml_parser_free($parser);
945 $r=&new xmlrpcresp(0,
946 $GLOBALS['xmlrpcerr']['invalid_request'],
947 $GLOBALS['xmlrpcstr']['invalid_request'] . ' ' . $GLOBALS['_xh']['isf_reason']);
951 xml_parser_free($parser);
952 if ($this->functions_parameters_type != 'xmlrpcvals')
956 $this->debugmsg("\n+++PARSED+++\n".var_export($GLOBALS['_xh']['params'], true)."\n+++END+++");
958 $r = $this->execute($GLOBALS['_xh']['method'], $GLOBALS['_xh']['params'], $GLOBALS['_xh']['pt']);
962 // build an xmlrpcmsg object with data parsed from xml
963 $m=&new xmlrpcmsg($GLOBALS['_xh']['method']);
964 // now add parameters in
965 for($i=0; $i<count($GLOBALS['_xh']['params']); $i++)
967 $m->addParam($GLOBALS['_xh']['params'][$i]);
972 $this->debugmsg("\n+++PARSED+++\n".var_export($m, true)."\n+++END+++");
975 $r = $this->execute($m);
982 * Execute a method invoked by the client, checking parameters used
983 * @param mixed $m either an xmlrpcmsg obj or a method name
984 * @param array $params array with method parameters as php types (if m is method name only)
985 * @param array $paramtypes array with xmlrpc types of method parameters (if m is method name only)
989 function execute($m, $params=null, $paramtypes=null)
993 $methName = $m->method();
999 $sysCall = $this->allow_system_funcs && (strpos($methName, "system.") === 0);
1000 $dmap = $sysCall ? $GLOBALS['_xmlrpcs_dmap'] : $this->dmap;
1002 if(!isset($dmap[$methName]['function']))
1005 return new xmlrpcresp(0,
1006 $GLOBALS['xmlrpcerr']['unknown_method'],
1007 $GLOBALS['xmlrpcstr']['unknown_method']);
1011 if(isset($dmap[$methName]['signature']))
1013 $sig = $dmap[$methName]['signature'];
1016 list($ok, $errstr) = $this->verifySignature($m, $sig);
1020 list($ok, $errstr) = $this->verifySignature($paramtypes, $sig);
1025 return new xmlrpcresp(
1027 $GLOBALS['xmlrpcerr']['incorrect_params'],
1028 $GLOBALS['xmlrpcstr']['incorrect_params'] . ": ${errstr}"
1033 $func = $dmap[$methName]['function'];
1034 // let the 'class::function' syntax be accepted in dispatch maps
1035 if(is_string($func) && strpos($func, '::'))
1037 $func = explode('::', $func);
1039 // verify that function to be invoked is in fact callable
1040 if(!is_callable($func))
1042 error_log("XML-RPC: xmlrpc_server::execute: function $func registered as method handler is not callable");
1043 return new xmlrpcresp(
1045 $GLOBALS['xmlrpcerr']['server_error'],
1046 $GLOBALS['xmlrpcstr']['server_error'] . ": no function matches method"
1050 // If debug level is 3, we should catch all errors generated during
1051 // processing of user function, and log them as part of response
1052 if($this->debug > 2)
1054 $GLOBALS['_xmlrpcs_prev_ehandler'] = set_error_handler('_xmlrpcs_errorHandler');
1060 $r = call_user_func($func, $this, $m);
1064 $r = call_user_func($func, $m);
1066 if (!is_a($r, 'xmlrpcresp'))
1068 error_log("XML-RPC: xmlrpc_server::execute: function $func registered as method handler does not return an xmlrpcresp object");
1069 if (is_a($r, 'xmlrpcval'))
1071 $r =& new xmlrpcresp($r);
1075 $r =& new xmlrpcresp(
1077 $GLOBALS['xmlrpcerr']['server_error'],
1078 $GLOBALS['xmlrpcstr']['server_error'] . ": function does not return xmlrpcresp object"
1085 // call a 'plain php' function
1088 array_unshift($params, $this);
1089 $r = call_user_func_array($func, $params);
1093 // 3rd API convention for method-handling functions: EPI-style
1094 if ($this->functions_parameters_type == 'epivals')
1096 $r = call_user_func_array($func, array($methName, $params, $this->user_data));
1097 // mimic EPI behaviour: if we get an array that looks like an error, make it
1099 if (is_array($r) && array_key_exists('faultCode', $r) && array_key_exists('faultString', $r))
1101 $r =& new xmlrpcresp(0, (integer)$r['faultCode'], (string)$r['faultString']);
1105 // functions using EPI api should NOT return resp objects,
1106 // so make sure we encode the return type correctly
1107 $r =& new xmlrpcresp(php_xmlrpc_encode($r, array('extension_api')));
1112 $r = call_user_func_array($func, $params);
1115 // the return type can be either an xmlrpcresp object or a plain php value...
1116 if (!is_a($r, 'xmlrpcresp'))
1118 // what should we assume here about automatic encoding of datetimes
1119 // and php classes instances???
1120 $r =& new xmlrpcresp(php_xmlrpc_encode($r, array('auto_dates')));
1123 if($this->debug > 2)
1125 // note: restore the error handler we found before calling the
1126 // user func, even if it has been changed inside the func itself
1127 if($GLOBALS['_xmlrpcs_prev_ehandler'])
1129 set_error_handler($GLOBALS['_xmlrpcs_prev_ehandler']);
1133 restore_error_handler();
1140 * add a string to the 'internal debug message' (separate from 'user debug message')
1141 * @param string $strings
1144 function debugmsg($string)
1146 $this->debug_info .= $string."\n";
1152 function xml_header($charset_encoding='')
1154 if ($charset_encoding != '')
1156 return "<?xml version=\"1.0\" encoding=\"$charset_encoding\"?" . ">\n";
1160 return "<?xml version=\"1.0\"?" . ">\n";
1165 * A debugging routine: just echoes back the input packet as a string value
1168 function echoInput()
1170 $r=&new xmlrpcresp(new xmlrpcval( "'Aha said I: '" . $GLOBALS['HTTP_RAW_POST_DATA'], 'string'));
1171 print $r->serialize();