Rev 1277 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1277 | Rev 1296 | ||
---|---|---|---|
Line 36... | Line 36... | ||
36 | if (!isset($_SERVER['REQUEST_URI']) || !isset($_SERVER["REQUEST_METHOD"])) return false; |
36 | if (!isset($_SERVER['REQUEST_URI']) || !isset($_SERVER["REQUEST_METHOD"])) return false; |
37 | 37 | ||
38 | $rel_url = substr($_SERVER['REQUEST_URI'], strlen(OIDplus::webpath(null, OIDplus::PATH_RELATIVE_TO_ROOT))); |
38 | $rel_url = substr($_SERVER['REQUEST_URI'], strlen(OIDplus::webpath(null, OIDplus::PATH_RELATIVE_TO_ROOT))); |
39 | $expect = 'rest/v1/'; |
39 | $expect = 'rest/v1/'; |
40 | if (str_starts_with($rel_url, $expect)) { |
40 | if (str_starts_with($rel_url, $expect)) { |
- | 41 | originHeaders(); // Allows queries from other domains |
|
- | 42 | OIDplus::authUtils()->disableCSRF(); // allow access to ajax.php without valid CSRF token |
|
- | 43 | ||
41 | $rel_url = ltrim($rel_url, $expect); |
44 | $rel_url = ltrim($rel_url, $expect); |
42 | 45 | ||
43 | $requestMethod = $_SERVER["REQUEST_METHOD"]; |
46 | $requestMethod = $_SERVER["REQUEST_METHOD"]; |
44 | 47 | ||
- | 48 | if (!OIDplus::baseconfig()->getValue('DISABLE_REST_TRANSACTIONS',false) && OIDplus::db()->transaction_supported()) { |
|
- | 49 | OIDplus::db()->transaction_begin(); |
|
- | 50 | } |
|
45 | try { |
51 | try { |
46 | $cont = @file_get_contents('php://input'); |
52 | $cont = @file_get_contents('php://input'); |
47 | $json_in = empty($cont) ? [] : @json_decode($cont, true); |
53 | $json_in = empty($cont) ? [] : @json_decode($cont, true); |
48 | if (!is_array($json_in)) throw new OIDplusException(_L('Invalid JSON data received'), null, 400); |
54 | if (!is_array($json_in)) throw new OIDplusException(_L('Invalid JSON data received'), null, 400); |
49 | 55 | ||
Line 60... | Line 66... | ||
60 | if (!isset($json_out['status'])) { |
66 | if (!isset($json_out['status'])) { |
61 | $json_out['status'] = -1; // status -1 and -2 like in ajax.php |
67 | $json_out['status'] = -1; // status -1 and -2 like in ajax.php |
62 | if (!isset($json_out['error'])) $json_out['error'] = _L('The plugin did not return a status value'); |
68 | if (!isset($json_out['error'])) $json_out['error'] = _L('The plugin did not return a status value'); |
63 | } |
69 | } |
64 | if (!isset($json_out['status_bits'])) $json_out['status_bits'] = []; |
70 | if (!isset($json_out['status_bits'])) $json_out['status_bits'] = []; |
- | 71 | if (!OIDplus::baseconfig()->getValue('DISABLE_REST_TRANSACTIONS',false) && OIDplus::db()->transaction_supported()) { |
|
- | 72 | OIDplus::db()->transaction_commit(); |
|
- | 73 | } |
|
65 | } catch (\Exception $e) { |
74 | } catch (\Exception $e) { |
- | 75 | if (!OIDplus::baseconfig()->getValue('DISABLE_REST_TRANSACTIONS',false) && OIDplus::db()->transaction_supported()) { |
|
- | 76 | if (OIDplus::db()->transaction_supported()) OIDplus::db()->transaction_rollback(); |
|
- | 77 | } |
|
66 | http_response_code($e instanceof OIDplusException ? $e->getHttpStatus() : 500); |
78 | http_response_code($e instanceof OIDplusException ? $e->getHttpStatus() : 500); |
67 | $json_out = array("status" => -2, "status_bits" => [], "error" => $e->getMessage()); |
79 | $json_out = array("status" => -2, "status_bits" => [], "error" => $e->getMessage()); |
68 | } |
80 | } |
69 | 81 | ||
70 | OIDplus::invoke_shutdown(); |
82 | OIDplus::invoke_shutdown(); |