Rev 1264 | Rev 1321 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
107 | daniel-mar | 1 | <?php |
2 | |||
3 | /* |
||
4 | * OIDplus 2.0 |
||
773 | daniel-mar | 5 | * Copyright 2019 - 2022 Daniel Marschall, ViaThinkSoft |
107 | daniel-mar | 6 | * |
7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
8 | * you may not use this file except in compliance with the License. |
||
9 | * You may obtain a copy of the License at |
||
10 | * |
||
11 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
12 | * |
||
13 | * Unless required by applicable law or agreed to in writing, software |
||
14 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
16 | * See the License for the specific language governing permissions and |
||
17 | * limitations under the License. |
||
18 | */ |
||
19 | |||
1050 | daniel-mar | 20 | use ViaThinkSoft\OIDplus\OIDplus; |
21 | use ViaThinkSoft\OIDplus\OIDplusException; |
||
1264 | daniel-mar | 22 | use ViaThinkSoft\OIDplus\OIDplusAuthContentStoreJWT; |
1050 | daniel-mar | 23 | |
107 | daniel-mar | 24 | require_once __DIR__ . '/includes/oidplus.inc.php'; |
25 | |||
328 | daniel-mar | 26 | try { |
27 | OIDplus::init(false); |
||
107 | daniel-mar | 28 | |
1264 | daniel-mar | 29 | if (isset($_GET[OIDplusAuthContentStoreJWT::COOKIE_NAME]) || isset($_POST[OIDplusAuthContentStoreJWT::COOKIE_NAME])) { |
573 | daniel-mar | 30 | originHeaders(); // Allows queries from other domains |
31 | OIDplus::authUtils()->disableCSRF(); // allow access to ajax.php without valid CSRF token |
||
32 | } |
||
33 | |||
328 | daniel-mar | 34 | $json_out = null; |
427 | daniel-mar | 35 | |
320 | daniel-mar | 36 | if (isset($_REQUEST['plugin']) && ($_REQUEST['plugin'] != '')) { |
317 | daniel-mar | 37 | |
320 | daniel-mar | 38 | // Actions handled by plugins |
107 | daniel-mar | 39 | |
320 | daniel-mar | 40 | $plugin = OIDplus::getPluginByOid($_REQUEST['plugin']); |
41 | if (!$plugin) { |
||
360 | daniel-mar | 42 | throw new OIDplusException(_L('Plugin with OID "%1" not found',$_REQUEST['plugin'])); |
107 | daniel-mar | 43 | } |
44 | |||
328 | daniel-mar | 45 | $params = array(); |
46 | foreach (array_merge($_POST,$_GET) as $name => $val) { |
||
47 | if (($name != 'action') && ($name != 'plugin')) { |
||
48 | $params[$name] = $val; |
||
49 | } |
||
50 | } |
||
51 | |||
553 | daniel-mar | 52 | if (isset($_REQUEST['action']) && ($_REQUEST['action'] != '')) { |
607 | daniel-mar | 53 | if ($plugin->csrfUnlock($_REQUEST['action'])) { |
54 | originHeaders(); // Allows queries from other domains |
||
55 | OIDplus::authUtils()->disableCSRF(); // allow access to ajax.php without valid CSRF token |
||
56 | } |
||
57 | |||
58 | OIDplus::authUtils()->checkCSRF(); |
||
59 | |||
60 | if (!OIDplus::baseconfig()->getValue('DISABLE_AJAX_TRANSACTIONS',false) && OIDplus::db()->transaction_supported()) { |
||
61 | OIDplus::db()->transaction_begin(); |
||
62 | } |
||
1231 | daniel-mar | 63 | try { |
64 | $json_out = $plugin->action($_REQUEST['action'], $params); |
||
1276 | daniel-mar | 65 | if (!isset($json_out['status'])) $json_out['status'] = -1; // status -1 and -2 like in REST API |
1231 | daniel-mar | 66 | if (!OIDplus::baseconfig()->getValue('DISABLE_AJAX_TRANSACTIONS',false) && OIDplus::db()->transaction_supported()) { |
67 | OIDplus::db()->transaction_commit(); |
||
68 | } |
||
69 | } catch (\Exception $e) { |
||
70 | if (!OIDplus::baseconfig()->getValue('DISABLE_AJAX_TRANSACTIONS',false) && OIDplus::db()->transaction_supported()) { |
||
71 | if (OIDplus::db()->transaction_supported()) OIDplus::db()->transaction_rollback(); |
||
72 | } |
||
73 | throw $e; |
||
553 | daniel-mar | 74 | } |
75 | } else { |
||
76 | throw new OIDplusException(_L('Invalid action ID')); |
||
107 | daniel-mar | 77 | } |
108 | daniel-mar | 78 | |
320 | daniel-mar | 79 | } else { |
107 | daniel-mar | 80 | |
320 | daniel-mar | 81 | // Actions handled by the system (base functionality like the JS tree) |
107 | daniel-mar | 82 | |
607 | daniel-mar | 83 | OIDplus::authUtils()->checkCSRF(); |
84 | |||
320 | daniel-mar | 85 | if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'get_description')) { |
86 | // Action: get_description |
||
87 | // Method: GET / POST |
||
88 | // Parameters: id |
||
89 | // Outputs: JSON |
||
553 | daniel-mar | 90 | _CheckParamExists($_REQUEST, 'id'); |
775 | daniel-mar | 91 | $_REQUEST['id'] = OIDplus::prefilterQuery($_REQUEST['id'], false); |
320 | daniel-mar | 92 | try { |
558 | daniel-mar | 93 | $json_out = OIDplus::gui()->generateContentPage($_REQUEST['id']); |
1050 | daniel-mar | 94 | } catch (\Exception $e) { |
328 | daniel-mar | 95 | $json_out = array(); |
360 | daniel-mar | 96 | $json_out['title'] = _L('Error'); |
800 | daniel-mar | 97 | $json_out['icon'] = 'img/error.png'; |
1201 | daniel-mar | 98 | $htmlmsg = $e instanceof OIDplusException ? $e->getHtmlMessage() : htmlentities($e->getMessage()); |
1205 | daniel-mar | 99 | if (strtolower(substr($htmlmsg, 0, 3)) === '<p ') { |
100 | $json_out['text'] = $htmlmsg; |
||
101 | } else { |
||
102 | $json_out['text'] = '<p>'.$htmlmsg.'</p>'; |
||
103 | } |
||
320 | daniel-mar | 104 | } |
560 | daniel-mar | 105 | $json_out['status'] = 0; |
320 | daniel-mar | 106 | } else if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'tree_search')) { |
107 | // Action: tree_search |
||
108 | // Method: GET / POST |
||
109 | // Parameters: search |
||
110 | // Outputs: JSON |
||
553 | daniel-mar | 111 | _CheckParamExists($_REQUEST, 'search'); |
150 | daniel-mar | 112 | |
320 | daniel-mar | 113 | $found = false; |
114 | foreach (OIDplus::getPagePlugins() as $plugin) { |
||
328 | daniel-mar | 115 | $json_out = $plugin->tree_search($_REQUEST['search']); |
116 | if ($json_out) { |
||
320 | daniel-mar | 117 | $found = true; |
118 | break; |
||
119 | } |
||
120 | } |
||
317 | daniel-mar | 121 | |
320 | daniel-mar | 122 | if (!$found) { |
328 | daniel-mar | 123 | $json_out = array(); |
320 | daniel-mar | 124 | } |
125 | } else if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'tree_load')) { |
||
126 | // Action: tree_load |
||
127 | // Method: GET / POST |
||
128 | // Parameters: id; goto (optional) |
||
129 | // Outputs: JSON |
||
553 | daniel-mar | 130 | _CheckParamExists($_REQUEST, 'id'); |
775 | daniel-mar | 131 | $_REQUEST['id'] = OIDplus::prefilterQuery($_REQUEST['id'], false); |
1130 | daniel-mar | 132 | $json_out = OIDplus::menuUtils()->json_tree($_REQUEST['id'], $_REQUEST['goto'] ?? ''); |
320 | daniel-mar | 133 | } else { |
360 | daniel-mar | 134 | throw new OIDplusException(_L('Invalid action ID')); |
320 | daniel-mar | 135 | } |
296 | daniel-mar | 136 | } |
328 | daniel-mar | 137 | |
639 | daniel-mar | 138 | OIDplus::invoke_shutdown(); |
139 | |||
328 | daniel-mar | 140 | @header('Content-Type:application/json; charset=utf-8'); |
141 | echo json_encode($json_out); |
||
142 | |||
1050 | daniel-mar | 143 | } catch (\Exception $e) { |
328 | daniel-mar | 144 | |
239 | daniel-mar | 145 | try { |
320 | daniel-mar | 146 | if (!OIDplus::baseconfig()->getValue('DISABLE_AJAX_TRANSACTIONS',false) && OIDplus::db()->transaction_supported() && (OIDplus::db()->transaction_level() > 0)) { |
296 | daniel-mar | 147 | OIDplus::db()->transaction_rollback(); |
148 | } |
||
1050 | daniel-mar | 149 | } catch (\Exception $e1) { |
239 | daniel-mar | 150 | } |
256 | daniel-mar | 151 | |
575 | daniel-mar | 152 | $errmsg = $e->getMessage(); |
153 | |||
328 | daniel-mar | 154 | $json_out = array(); |
155 | $json_out['status'] = -2; |
||
575 | daniel-mar | 156 | $json_out['error'] = $errmsg; |
328 | daniel-mar | 157 | $out = json_encode($json_out); |
239 | daniel-mar | 158 | |
159 | if ($out === false) { |
||
160 | // Some modules (like ODBC) might output non-UTF8 data |
||
1046 | daniel-mar | 161 | $json_out['error'] = vts_utf8_encode($errmsg); |
328 | daniel-mar | 162 | $out = json_encode($json_out); |
239 | daniel-mar | 163 | } |
256 | daniel-mar | 164 | |
328 | daniel-mar | 165 | @header('Content-Type:application/json; charset=utf-8'); |
575 | daniel-mar | 166 | |
328 | daniel-mar | 167 | echo $out; |
424 | daniel-mar | 168 | } |