LSurl: add request HTTP method check that must match with one of supported by handler (default: GET or POST)

This commit is contained in:
Benjamin Renard 2021-06-24 10:21:50 +02:00
parent b37a2b321f
commit afb67b02e9
4 changed files with 25 additions and 9 deletions

View file

@ -77,6 +77,10 @@
transmises dans l'URL appelée. Si le type d'objet ou l'objet demandé est introuvable, une erreur HTTP
404 sera générée.</para>
<important><simpara>Sauf précision contraire, toutes les méthodes exposées sont accessibles uniquement
via les méthodes HTTP <literal>GET</literal> ou <literal>POST</literal>. L'accès via une autre méthode
retournera une erreur 404.</simpara></important>
<!-- Début Liste des méthodes exposées -->
<variablelist>
<title>Liste des méthodes exposées</title>

View file

@ -62,15 +62,20 @@ class LSurl extends LSlog_staticLoggerClass {
* @param[in] $authenticated boolean Permit to define if this URL is accessible only for authenticated users (optional, default: true)
* @param[in] $override boolean Allow override if a command already exists with the same name (optional, default: false)
* @param[in] $api_mode boolean Enable API mode (optional, default: false)
* @param[in] $methods array|null HTTP method (optional, default: array('GET', 'POST'))
**/
public static function add_handler($pattern, $handler=null, $authenticated=true, $override=true, $api_mode=false) {
public static function add_handler($pattern, $handler=null, $authenticated=true, $override=true, $api_mode=false, $methods=null) {
if (is_null($methods))
$methods = array('GET', 'POST');
else
$methods = ensureIsArray($methods);
if (is_array($pattern)) {
if (is_null($handler))
foreach($pattern as $p => $h)
self :: add_handler($p, $h, $override, $api_mode);
self :: add_handler($p, $h, $override, $api_mode, $methods);
else
foreach($pattern as $p)
self :: add_handler($p, $handler, $override, $api_mode);
self :: add_handler($p, $handler, $override, $api_mode, $methods);
}
else {
if (!isset(self :: $patterns[$pattern])) {
@ -78,6 +83,7 @@ class LSurl extends LSlog_staticLoggerClass {
'handler' => $handler,
'authenticated' => $authenticated,
'api_mode' => $api_mode,
'methods' => $methods,
);
}
elseif ($override) {
@ -86,6 +92,7 @@ class LSurl extends LSlog_staticLoggerClass {
'handler' => $handler,
'authenticated' => $authenticated,
'api_mode' => $api_mode,
'methods' => $methods,
);
}
else {
@ -116,7 +123,7 @@ class LSurl extends LSlog_staticLoggerClass {
self :: log_debug("URL : current url = '$current_url'");
self :: log_debug("URL : check current url with the following URL patterns :\n - ".implode("\n - ", array_keys(self :: $patterns)));
foreach (self :: $patterns as $pattern => $handler_infos) {
$m = self :: url_match($pattern, $current_url);
$m = self :: url_match($pattern, $current_url, $handler_infos['methods']);
if (is_array($m)) {
$request = new LSurlRequest($current_url, $handler_infos, $m);
// Reset last redirect
@ -149,10 +156,13 @@ class LSurl extends LSlog_staticLoggerClass {
*
* @param[in] $pattern string The URL pattern
* @param[in] $current_url string|false The current URL (optional)
* @param[in] $methods array|null HTTP method (optional, default: no check)
*
* @retval array|false The URL info if pattern matched, false otherwise.
**/
private static function url_match($pattern, $current_url=false) {
private static function url_match($pattern, $current_url=false, $methods=null) {
if ($methods && !in_array($_SERVER['REQUEST_METHOD'], $methods))
return false;
if ($current_url === false) {
$current_url = self :: get_current_url();
if (!$current_url) return False;

View file

@ -69,6 +69,8 @@ class LSurlRequest extends LSlog_staticLoggerClass {
return $this -> api_mode;
if ($key == 'referer')
return $this -> get_referer();
if ($key == 'http_method')
return $_SERVER['REQUEST_METHOD'];
if (array_key_exists($key, $this->url_params)) {
return urldecode($this->url_params[$key]);
}

View file

@ -280,7 +280,7 @@ function handle_static_file($request) {
}
LSurl :: error_404($request);
}
LSurl :: add_handler('#^(?P<type>image|css|js)/(?P<file>[^/]+)$#', 'handle_static_file', false);
LSurl :: add_handler('#^(?P<type>image|css|js)/(?P<file>[^/]+)$#', 'handle_static_file', false, true, false, 'GET');
/*
* Handle default browser favicon.ico request
@ -292,7 +292,7 @@ LSurl :: add_handler('#^(?P<type>image|css|js)/(?P<file>[^/]+)$#', 'handle_stati
function handle_favicon_ico_view($request) {
LSurl :: redirect('image/favicon');
}
LSurl :: add_handler('#^favicon\.ico#', 'handle_favicon_ico_view', false);
LSurl :: add_handler('#^favicon\.ico#', 'handle_favicon_ico_view', false, true, false, 'GET');
/*
* Handle libs file request
@ -318,7 +318,7 @@ function handle_libs_file($request) {
}
LSurl :: error_404($request);
}
LSurl :: add_handler('#^libs/(?P<file>.+)$#', 'handle_libs_file', false);
LSurl :: add_handler('#^libs/(?P<file>.+)$#', 'handle_libs_file', false, true, false, 'GET');
/*
* Handle tmp file request
@ -334,7 +334,7 @@ function handle_tmp_file($request) {
}
LSurl :: error_404($request);
}
LSurl :: add_handler('#^tmp/(?P<filename>[^/]+)$#', 'handle_tmp_file');
LSurl :: add_handler('#^tmp/(?P<filename>[^/]+)$#', 'handle_tmp_file', false, true, false, 'GET');
/*
************************************************************