Skip to content
This repository was archived by the owner on Sep 10, 2021. It is now read-only.

Commit 5c9158f

Browse files
author
Jamie Snape
committed
Remove XML api for security reasons
1 parent 8bce186 commit 5c9158f

File tree

9 files changed

+137
-1044
lines changed

9 files changed

+137
-1044
lines changed

composer.json

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,6 @@
2222
"maennchen/zipstream-php": "~0.2.2",
2323
"michelf/php-markdown": "~1.4.1",
2424
"moontoast/math": "~1.1.0",
25-
"pear-pear.php.net/XML_Serializer": "~0.20.2",
2625
"reprovinci/solr-php-client": "~1.0.3",
2726
"rhumsaa/uuid": "~2.8.0",
2827
"sendgrid/sendgrid": "~2.1.1",
@@ -58,12 +57,6 @@
5857
"core/dao",
5958
"library"
6059
],
61-
"repositories": [
62-
{
63-
"type": "pear",
64-
"url": "http://pear.php.net"
65-
}
66-
],
6760
"archive": {
6861
"exclude": [
6962
"/core/configs/*.local.*",

core/public/js/upload/upload.revision.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ midas.upload.revision.initHtml5FileUpload = function () {
111111
var _streamFileContents = function (uploadToken) {
112112
var file = files[currentIndex];
113113
var blob = file.slice(startByte);
114-
var url = json.global.webroot + '/api/rest?method=midas.upload.perform&uploadtoken=' +
114+
var url = json.global.webroot + '/api/json?method=midas.upload.perform&uploadtoken=' +
115115
uploadToken + '&length=' + file.size + '&filename=' + encodeURIComponent(file.name);
116116
var changes = $('#revisionChanges').val();
117117
if(changes) {

core/public/js/upload/upload.simpleupload.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,7 @@ midas.upload.simpleupload.initHtml5FileUpload = function () {
113113
var _streamFileContents = function (uploadToken) {
114114
var file = files[currentIndex];
115115
var blob = file.slice(startByte);
116-
var url = json.global.webroot + '/api/rest?method=midas.upload.perform&uploadtoken=' +
116+
var url = json.global.webroot + '/api/json?method=midas.upload.perform&uploadtoken=' +
117117
uploadToken + '&length=' + file.size + '&filename=' + encodeURIComponent(file.name || file.fileName);
118118

119119
resumeUploadId = uploadToken;

modules/api/controllers/IndexController.php

Lines changed: 15 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -46,16 +46,14 @@ public function preDispatch()
4646
$this->apiSetup['apiMethodPrefix'] = $this->Setting->getValueByName(API_METHOD_PREFIX_KEY, $this->moduleName);
4747

4848
$this->action = $actionName = Zend_Controller_Front::getInstance()->getRequest()->getActionName();
49-
switch ($this->action) {
50-
case "rest":
51-
case "json":
52-
case "php_serial":
53-
case "xmlrpc":
54-
case "soap":
55-
$this->_initApiCommons();
56-
break;
57-
default:
58-
break;
49+
50+
if ($this->action === 'json') {
51+
$this->disableLayout();
52+
$this->_helper->viewRenderer->setNoRender();
53+
54+
$this->ModuleComponent->Api->controller = &$this;
55+
$this->ModuleComponent->Api->apiSetup = &$this->apiSetup;
56+
$this->ModuleComponent->Api->userSession = &$this->userSession;
5957
}
6058
}
6159

@@ -123,57 +121,22 @@ private function _computeApiHelp($apiMethodPrefix)
123121
}
124122
}
125123

126-
/** Initialize property allowing to generate XML */
127-
private function _initApiCommons()
128-
{
129-
// Disable debug information - Required to generate valid XML output
130-
// Configure::write('debug', 0);
131-
132-
$this->disableLayout();
133-
$this->_helper->viewRenderer->setNoRender();
134-
135-
$this->ModuleComponent->Api->controller = &$this;
136-
$this->ModuleComponent->Api->apiSetup = &$this->apiSetup;
137-
$this->ModuleComponent->Api->userSession = &$this->userSession;
138-
}
139-
140-
/** Controller action handling REST request */
141-
public function restAction()
142-
{
143-
$this->disableLayout();
144-
$this->_helper->viewRenderer->setNoRender();
145-
146-
$method_name = $this->getParam('method');
147-
if (!isset($method_name)) {
148-
echo 'Inconsistent request: please set a method parameter';
149-
exit;
150-
}
151-
152-
$request_data = $this->getAllParams();
153-
$this->_computeApiCallback($method_name, $this->apiSetup['apiMethodPrefix']);
154-
// Handle XML-RPC request
155-
$this->kwWebApiCore = new KwWebApiRestCore($this->apiSetup, $this->apicallbacks, $request_data);
156-
}
157-
158124
/** Controller action handling JSON request */
159125
public function jsonAction()
160126
{
161127
$this->disableLayout();
162128
$this->_helper->viewRenderer->setNoRender();
163129

164-
$method_name = $this->getParam('method');
165-
if (!isset($method_name)) {
130+
$methodName = $this->getParam('method');
131+
132+
if (!isset($methodName)) {
166133
echo 'Inconsistent request: please set a method parameter';
167134
exit;
168135
}
169136

170-
$request_data = $this->getAllParams();
171-
$this->_computeApiCallback($method_name, $this->apiSetup['apiMethodPrefix']);
172-
// Handle XML-RPC request
173-
$this->kwWebApiCore = new KwWebApiRestCore(
174-
$this->apiSetup,
175-
$this->apicallbacks,
176-
array_merge($request_data, array('format' => 'json'))
177-
);
137+
$requestData = $this->getAllParams();
138+
$apiMethodPrefix = $this->apiSetup['apiMethodPrefix'];
139+
$this->_computeApiCallback($methodName, $apiMethodPrefix);
140+
$this->kwWebApiCore = new KwWebApiCore($apiMethodPrefix, $this->apicallbacks, $requestData);
178141
}
179142
}

modules/api/controllers/RestController.php

Lines changed: 0 additions & 30 deletions
This file was deleted.

modules/api/library/KwUploadAPI.php

Lines changed: 0 additions & 226 deletions
This file was deleted.

0 commit comments

Comments
 (0)