MDL-30495 HTML5 apps cannot call Webservices functions if a HTTP reso…

…urce is retrieved from the Moodle installation
moodle · Feb 15, 2012 · 95711cc · 95711cc
1 parent 52e6baa
commit 95711cc
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 21 deletions.
diff --git a/webservice/lib.php b/webservice/lib.php
@@ -1209,24 +1209,28 @@ protected function init_zend_server() {
     }
 
     /**
-     * This method parses the $_REQUEST superglobal and looks for
+     * This method parses the $_POST and $_GET superglobals and looks for
      * the following information:
      *  1/ user authentication - username+password or token (wsusername, wspassword and wstoken parameters)
      *
      * @return void
      */
     protected function parse_request() {
+
+        //Get GET and POST paramters
+        $methodvariables = array_merge($_GET,$_POST);
+
         if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) {
             //note: some clients have problems with entity encoding :-(
-            if (isset($_REQUEST['wsusername'])) {
+            if (isset($methodvariables['wsusername'])) {
-                $this->username = $_REQUEST['wsusername'];
+                $this->username = $methodvariables['wsusername'];
             }
-            if (isset($_REQUEST['wspassword'])) {
+            if (isset($methodvariables['wspassword'])) {
-                $this->password = $_REQUEST['wspassword'];
+                $this->password = $methodvariables['wspassword'];
             }
         } else {
-            if (isset($_REQUEST['wstoken'])) {
+            if (isset($methodvariables['wstoken'])) {
-                $this->token = $_REQUEST['wstoken'];
+                $this->token = $methodvariables['wstoken'];
             }
         }
     }

diff --git a/webservice/rest/locallib.php b/webservice/rest/locallib.php
@@ -39,7 +39,7 @@ public function __construct($authmethod) {
     }
 
     /**
-     * This method parses the $_REQUEST superglobal and looks for
+     * This method parses the $_POST and $_GET superglobals and looks for
      * the following information:
      *  1/ user authentication - username+password or token (wsusername, wspassword and wstoken parameters)
      *  2/ function name (wsfunction parameter)
@@ -48,26 +48,30 @@ public function __construct($authmethod) {
      * @return void
      */
     protected function parse_request() {
+
+        //Get GET and POST paramters
+        $methodvariables = array_merge($_GET,$_POST);
+
         if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) {
-            $this->username = isset($_REQUEST['wsusername']) ? $_REQUEST['wsusername'] : null;
+            $this->username = isset($methodvariables['wsusername']) ? $methodvariables['wsusername'] : null;
-            unset($_REQUEST['wsusername']);
+            unset($methodvariables['wsusername']);
 
-            $this->password = isset($_REQUEST['wspassword']) ? $_REQUEST['wspassword'] : null;
+            $this->password = isset($methodvariables['wspassword']) ? $methodvariables['wspassword'] : null;
-            unset($_REQUEST['wspassword']);
+            unset($methodvariables['wspassword']);
 
-            $this->functionname = isset($_REQUEST['wsfunction']) ? $_REQUEST['wsfunction'] : null;
+            $this->functionname = isset($methodvariables['wsfunction']) ? $methodvariables['wsfunction'] : null;
-            unset($_REQUEST['wsfunction']);
+            unset($methodvariables['wsfunction']);
 
-            $this->parameters = $_REQUEST;
+            $this->parameters = $methodvariables;
 
         } else {
-            $this->token = isset($_REQUEST['wstoken']) ? $_REQUEST['wstoken'] : null;
+            $this->token = isset($methodvariables['wstoken']) ? $methodvariables['wstoken'] : null;
-            unset($_REQUEST['wstoken']);
+            unset($methodvariables['wstoken']);
 
-            $this->functionname = isset($_REQUEST['wsfunction']) ? $_REQUEST['wsfunction'] : null;
+            $this->functionname = isset($methodvariables['wsfunction']) ? $methodvariables['wsfunction'] : null;
-            unset($_REQUEST['wsfunction']);
+            unset($methodvariables['wsfunction']);
 
-            $this->parameters = $_REQUEST;
+            $this->parameters = $methodvariables;
         }
     }
 

diff --git a/webservice/soap/locallib.php b/webservice/soap/locallib.php
@@ -83,7 +83,7 @@ protected function init_zend_server() {
     }
 
     /**
-     * This method parses the $_REQUEST superglobal and looks for
+     * This method parses the $_POST and $_GET superglobals and looks for
      * the following information:
      *  1/ user authentication - username+password or token (wsusername, wspassword and wstoken parameters)
      *