Rev 575 | Rev 607 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 107 | daniel-mar | 1 | <?php |
| 2 | |||
| 3 | /* |
||
| 4 | * OIDplus 2.0 |
||
| 511 | daniel-mar | 5 | * Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft |
| 107 | daniel-mar | 6 | * |
| 7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
| 8 | * you may not use this file except in compliance with the License. |
||
| 9 | * You may obtain a copy of the License at |
||
| 10 | * |
||
| 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
| 12 | * |
||
| 13 | * Unless required by applicable law or agreed to in writing, software |
||
| 14 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
| 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
| 16 | * See the License for the specific language governing permissions and |
||
| 17 | * limitations under the License. |
||
| 18 | */ |
||
| 19 | |||
| 20 | require_once __DIR__ . '/includes/oidplus.inc.php'; |
||
| 21 | |||
| 328 | daniel-mar | 22 | try { |
| 23 | OIDplus::init(false); |
||
| 107 | daniel-mar | 24 | |
| 579 | daniel-mar | 25 | if (isset($_GET['OIDPLUS_AUTH_JWT']) || isset($_POST['OIDPLUS_AUTH_JWT'])) { |
| 573 | daniel-mar | 26 | originHeaders(); // Allows queries from other domains |
| 27 | OIDplus::authUtils()->disableCSRF(); // allow access to ajax.php without valid CSRF token |
||
| 28 | } |
||
| 29 | |||
| 328 | daniel-mar | 30 | $json_out = null; |
| 427 | daniel-mar | 31 | |
| 424 | daniel-mar | 32 | OIDplus::authUtils()->checkCSRF(); |
| 328 | daniel-mar | 33 | |
| 320 | daniel-mar | 34 | if (isset($_REQUEST['plugin']) && ($_REQUEST['plugin'] != '')) { |
| 317 | daniel-mar | 35 | |
| 320 | daniel-mar | 36 | // Actions handled by plugins |
| 107 | daniel-mar | 37 | |
| 320 | daniel-mar | 38 | $plugin = OIDplus::getPluginByOid($_REQUEST['plugin']); |
| 39 | if (!$plugin) { |
||
| 360 | daniel-mar | 40 | throw new OIDplusException(_L('Plugin with OID "%1" not found',$_REQUEST['plugin'])); |
| 107 | daniel-mar | 41 | } |
| 42 | |||
| 320 | daniel-mar | 43 | if (!OIDplus::baseconfig()->getValue('DISABLE_AJAX_TRANSACTIONS',false) && OIDplus::db()->transaction_supported()) { |
| 44 | OIDplus::db()->transaction_begin(); |
||
| 45 | } |
||
| 108 | daniel-mar | 46 | |
| 328 | daniel-mar | 47 | $params = array(); |
| 48 | foreach (array_merge($_POST,$_GET) as $name => $val) { |
||
| 49 | if (($name != 'action') && ($name != 'plugin')) { |
||
| 50 | $params[$name] = $val; |
||
| 51 | } |
||
| 52 | } |
||
| 53 | |||
| 553 | daniel-mar | 54 | if (isset($_REQUEST['action']) && ($_REQUEST['action'] != '')) { |
| 55 | $json_out = $plugin->action($_REQUEST['action'], $params); |
||
| 56 | if (!is_array($json_out)) { |
||
| 57 | throw new OIDplusException(_L('Plugin with OID %1 did not output array of result data',$_REQUEST['plugin'])); |
||
| 58 | } |
||
| 59 | if (!isset($json_out['status'])) $json_out['status'] = -1; |
||
| 328 | daniel-mar | 60 | |
| 553 | daniel-mar | 61 | if (!OIDplus::baseconfig()->getValue('DISABLE_AJAX_TRANSACTIONS',false) && OIDplus::db()->transaction_supported()) { |
| 62 | OIDplus::db()->transaction_commit(); |
||
| 63 | } |
||
| 64 | } else { |
||
| 65 | throw new OIDplusException(_L('Invalid action ID')); |
||
| 107 | daniel-mar | 66 | } |
| 108 | daniel-mar | 67 | |
| 320 | daniel-mar | 68 | } else { |
| 107 | daniel-mar | 69 | |
| 320 | daniel-mar | 70 | // Actions handled by the system (base functionality like the JS tree) |
| 107 | daniel-mar | 71 | |
| 320 | daniel-mar | 72 | if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'get_description')) { |
| 73 | // Action: get_description |
||
| 74 | // Method: GET / POST |
||
| 75 | // Parameters: id |
||
| 76 | // Outputs: JSON |
||
| 553 | daniel-mar | 77 | _CheckParamExists($_REQUEST, 'id'); |
| 320 | daniel-mar | 78 | try { |
| 558 | daniel-mar | 79 | $json_out = OIDplus::gui()->generateContentPage($_REQUEST['id']); |
| 328 | daniel-mar | 80 | } catch (Exception $e) { |
| 81 | $json_out = array(); |
||
| 360 | daniel-mar | 82 | $json_out['title'] = _L('Error'); |
| 328 | daniel-mar | 83 | $json_out['icon'] = 'img/error_big.png'; |
| 84 | $json_out['text'] = $e->getMessage(); |
||
| 320 | daniel-mar | 85 | } |
| 560 | daniel-mar | 86 | $json_out['status'] = 0; |
| 320 | daniel-mar | 87 | } else if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'tree_search')) { |
| 88 | // Action: tree_search |
||
| 89 | // Method: GET / POST |
||
| 90 | // Parameters: search |
||
| 91 | // Outputs: JSON |
||
| 553 | daniel-mar | 92 | _CheckParamExists($_REQUEST, 'search'); |
| 150 | daniel-mar | 93 | |
| 320 | daniel-mar | 94 | $found = false; |
| 95 | foreach (OIDplus::getPagePlugins() as $plugin) { |
||
| 328 | daniel-mar | 96 | $json_out = $plugin->tree_search($_REQUEST['search']); |
| 97 | if ($json_out) { |
||
| 320 | daniel-mar | 98 | $found = true; |
| 99 | break; |
||
| 100 | } |
||
| 101 | } |
||
| 317 | daniel-mar | 102 | |
| 320 | daniel-mar | 103 | if (!$found) { |
| 328 | daniel-mar | 104 | $json_out = array(); |
| 320 | daniel-mar | 105 | } |
| 106 | } else if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'tree_load')) { |
||
| 107 | // Action: tree_load |
||
| 108 | // Method: GET / POST |
||
| 109 | // Parameters: id; goto (optional) |
||
| 110 | // Outputs: JSON |
||
| 553 | daniel-mar | 111 | _CheckParamExists($_REQUEST, 'id'); |
| 328 | daniel-mar | 112 | $json_out = OIDplus::menuUtils()->json_tree($_REQUEST['id'], isset($_REQUEST['goto']) ? $_REQUEST['goto'] : ''); |
| 320 | daniel-mar | 113 | } else { |
| 360 | daniel-mar | 114 | throw new OIDplusException(_L('Invalid action ID')); |
| 320 | daniel-mar | 115 | } |
| 296 | daniel-mar | 116 | } |
| 328 | daniel-mar | 117 | |
| 118 | @header('Content-Type:application/json; charset=utf-8'); |
||
| 119 | echo json_encode($json_out); |
||
| 120 | |||
| 107 | daniel-mar | 121 | } catch (Exception $e) { |
| 328 | daniel-mar | 122 | |
| 239 | daniel-mar | 123 | try { |
| 320 | daniel-mar | 124 | if (!OIDplus::baseconfig()->getValue('DISABLE_AJAX_TRANSACTIONS',false) && OIDplus::db()->transaction_supported() && (OIDplus::db()->transaction_level() > 0)) { |
| 296 | daniel-mar | 125 | OIDplus::db()->transaction_rollback(); |
| 126 | } |
||
| 239 | daniel-mar | 127 | } catch (Exception $e1) { |
| 128 | } |
||
| 256 | daniel-mar | 129 | |
| 575 | daniel-mar | 130 | $errmsg = $e->getMessage(); |
| 131 | $errmsg = strip_tags($errmsg); |
||
| 132 | $errmsg = html_entity_decode($errmsg, ENT_QUOTES, 'UTF-8'); |
||
| 133 | |||
| 328 | daniel-mar | 134 | $json_out = array(); |
| 135 | $json_out['status'] = -2; |
||
| 575 | daniel-mar | 136 | $json_out['error'] = $errmsg; |
| 328 | daniel-mar | 137 | $out = json_encode($json_out); |
| 239 | daniel-mar | 138 | |
| 139 | if ($out === false) { |
||
| 140 | // Some modules (like ODBC) might output non-UTF8 data |
||
| 575 | daniel-mar | 141 | $json_out['error'] = utf8_encode($errmsg); |
| 328 | daniel-mar | 142 | $out = json_encode($json_out); |
| 239 | daniel-mar | 143 | } |
| 256 | daniel-mar | 144 | |
| 328 | daniel-mar | 145 | @header('Content-Type:application/json; charset=utf-8'); |
| 575 | daniel-mar | 146 | |
| 328 | daniel-mar | 147 | echo $out; |
| 424 | daniel-mar | 148 | } |