mirror of
https://gitlab.easter-eggs.com/ee/ldapsaisie.git
synced 2024-12-23 00:43:48 +01:00
LSurl: add request HTTP method check that must match with one of supported by handler (default: GET or POST)
This commit is contained in:
parent
b37a2b321f
commit
afb67b02e9
4 changed files with 25 additions and 9 deletions
|
@ -77,6 +77,10 @@
|
|||
transmises dans l'URL appelée. Si le type d'objet ou l'objet demandé est introuvable, une erreur HTTP
|
||||
404 sera générée.</para>
|
||||
|
||||
<important><simpara>Sauf précision contraire, toutes les méthodes exposées sont accessibles uniquement
|
||||
via les méthodes HTTP <literal>GET</literal> ou <literal>POST</literal>. L'accès via une autre méthode
|
||||
retournera une erreur 404.</simpara></important>
|
||||
|
||||
<!-- Début Liste des méthodes exposées -->
|
||||
<variablelist>
|
||||
<title>Liste des méthodes exposées</title>
|
||||
|
|
|
@ -62,15 +62,20 @@ class LSurl extends LSlog_staticLoggerClass {
|
|||
* @param[in] $authenticated boolean Permit to define if this URL is accessible only for authenticated users (optional, default: true)
|
||||
* @param[in] $override boolean Allow override if a command already exists with the same name (optional, default: false)
|
||||
* @param[in] $api_mode boolean Enable API mode (optional, default: false)
|
||||
* @param[in] $methods array|null HTTP method (optional, default: array('GET', 'POST'))
|
||||
**/
|
||||
public static function add_handler($pattern, $handler=null, $authenticated=true, $override=true, $api_mode=false) {
|
||||
public static function add_handler($pattern, $handler=null, $authenticated=true, $override=true, $api_mode=false, $methods=null) {
|
||||
if (is_null($methods))
|
||||
$methods = array('GET', 'POST');
|
||||
else
|
||||
$methods = ensureIsArray($methods);
|
||||
if (is_array($pattern)) {
|
||||
if (is_null($handler))
|
||||
foreach($pattern as $p => $h)
|
||||
self :: add_handler($p, $h, $override, $api_mode);
|
||||
self :: add_handler($p, $h, $override, $api_mode, $methods);
|
||||
else
|
||||
foreach($pattern as $p)
|
||||
self :: add_handler($p, $handler, $override, $api_mode);
|
||||
self :: add_handler($p, $handler, $override, $api_mode, $methods);
|
||||
}
|
||||
else {
|
||||
if (!isset(self :: $patterns[$pattern])) {
|
||||
|
@ -78,6 +83,7 @@ class LSurl extends LSlog_staticLoggerClass {
|
|||
'handler' => $handler,
|
||||
'authenticated' => $authenticated,
|
||||
'api_mode' => $api_mode,
|
||||
'methods' => $methods,
|
||||
);
|
||||
}
|
||||
elseif ($override) {
|
||||
|
@ -86,6 +92,7 @@ class LSurl extends LSlog_staticLoggerClass {
|
|||
'handler' => $handler,
|
||||
'authenticated' => $authenticated,
|
||||
'api_mode' => $api_mode,
|
||||
'methods' => $methods,
|
||||
);
|
||||
}
|
||||
else {
|
||||
|
@ -116,7 +123,7 @@ class LSurl extends LSlog_staticLoggerClass {
|
|||
self :: log_debug("URL : current url = '$current_url'");
|
||||
self :: log_debug("URL : check current url with the following URL patterns :\n - ".implode("\n - ", array_keys(self :: $patterns)));
|
||||
foreach (self :: $patterns as $pattern => $handler_infos) {
|
||||
$m = self :: url_match($pattern, $current_url);
|
||||
$m = self :: url_match($pattern, $current_url, $handler_infos['methods']);
|
||||
if (is_array($m)) {
|
||||
$request = new LSurlRequest($current_url, $handler_infos, $m);
|
||||
// Reset last redirect
|
||||
|
@ -149,10 +156,13 @@ class LSurl extends LSlog_staticLoggerClass {
|
|||
*
|
||||
* @param[in] $pattern string The URL pattern
|
||||
* @param[in] $current_url string|false The current URL (optional)
|
||||
* @param[in] $methods array|null HTTP method (optional, default: no check)
|
||||
*
|
||||
* @retval array|false The URL info if pattern matched, false otherwise.
|
||||
**/
|
||||
private static function url_match($pattern, $current_url=false) {
|
||||
private static function url_match($pattern, $current_url=false, $methods=null) {
|
||||
if ($methods && !in_array($_SERVER['REQUEST_METHOD'], $methods))
|
||||
return false;
|
||||
if ($current_url === false) {
|
||||
$current_url = self :: get_current_url();
|
||||
if (!$current_url) return False;
|
||||
|
|
|
@ -69,6 +69,8 @@ class LSurlRequest extends LSlog_staticLoggerClass {
|
|||
return $this -> api_mode;
|
||||
if ($key == 'referer')
|
||||
return $this -> get_referer();
|
||||
if ($key == 'http_method')
|
||||
return $_SERVER['REQUEST_METHOD'];
|
||||
if (array_key_exists($key, $this->url_params)) {
|
||||
return urldecode($this->url_params[$key]);
|
||||
}
|
||||
|
|
|
@ -280,7 +280,7 @@ function handle_static_file($request) {
|
|||
}
|
||||
LSurl :: error_404($request);
|
||||
}
|
||||
LSurl :: add_handler('#^(?P<type>image|css|js)/(?P<file>[^/]+)$#', 'handle_static_file', false);
|
||||
LSurl :: add_handler('#^(?P<type>image|css|js)/(?P<file>[^/]+)$#', 'handle_static_file', false, true, false, 'GET');
|
||||
|
||||
/*
|
||||
* Handle default browser favicon.ico request
|
||||
|
@ -292,7 +292,7 @@ LSurl :: add_handler('#^(?P<type>image|css|js)/(?P<file>[^/]+)$#', 'handle_stati
|
|||
function handle_favicon_ico_view($request) {
|
||||
LSurl :: redirect('image/favicon');
|
||||
}
|
||||
LSurl :: add_handler('#^favicon\.ico#', 'handle_favicon_ico_view', false);
|
||||
LSurl :: add_handler('#^favicon\.ico#', 'handle_favicon_ico_view', false, true, false, 'GET');
|
||||
|
||||
/*
|
||||
* Handle libs file request
|
||||
|
@ -318,7 +318,7 @@ function handle_libs_file($request) {
|
|||
}
|
||||
LSurl :: error_404($request);
|
||||
}
|
||||
LSurl :: add_handler('#^libs/(?P<file>.+)$#', 'handle_libs_file', false);
|
||||
LSurl :: add_handler('#^libs/(?P<file>.+)$#', 'handle_libs_file', false, true, false, 'GET');
|
||||
|
||||
/*
|
||||
* Handle tmp file request
|
||||
|
@ -334,7 +334,7 @@ function handle_tmp_file($request) {
|
|||
}
|
||||
LSurl :: error_404($request);
|
||||
}
|
||||
LSurl :: add_handler('#^tmp/(?P<filename>[^/]+)$#', 'handle_tmp_file');
|
||||
LSurl :: add_handler('#^tmp/(?P<filename>[^/]+)$#', 'handle_tmp_file', false, true, false, 'GET');
|
||||
|
||||
/*
|
||||
************************************************************
|
||||
|
|
Loading…
Reference in a new issue