diff --git a/doc/api/api.docbook b/doc/api/api.docbook
index 59b1c463..b5150670 100644
--- a/doc/api/api.docbook
+++ b/doc/api/api.docbook
@@ -77,6 +77,10 @@
transmises dans l'URL appelée. Si le type d'objet ou l'objet demandé est introuvable, une erreur HTTP
404 sera générée.
+ Sauf précision contraire, toutes les méthodes exposées sont accessibles uniquement
+ via les méthodes HTTP GET ou POST. L'accès via une autre méthode
+ retournera une erreur 404.
+
Liste des méthodes exposées
diff --git a/src/includes/class/class.LSurl.php b/src/includes/class/class.LSurl.php
index 7fd1b58e..75a4a939 100644
--- a/src/includes/class/class.LSurl.php
+++ b/src/includes/class/class.LSurl.php
@@ -62,15 +62,20 @@ class LSurl extends LSlog_staticLoggerClass {
* @param[in] $authenticated boolean Permit to define if this URL is accessible only for authenticated users (optional, default: true)
* @param[in] $override boolean Allow override if a command already exists with the same name (optional, default: false)
* @param[in] $api_mode boolean Enable API mode (optional, default: false)
+ * @param[in] $methods array|null HTTP method (optional, default: array('GET', 'POST'))
**/
- public static function add_handler($pattern, $handler=null, $authenticated=true, $override=true, $api_mode=false) {
+ public static function add_handler($pattern, $handler=null, $authenticated=true, $override=true, $api_mode=false, $methods=null) {
+ if (is_null($methods))
+ $methods = array('GET', 'POST');
+ else
+ $methods = ensureIsArray($methods);
if (is_array($pattern)) {
if (is_null($handler))
foreach($pattern as $p => $h)
- self :: add_handler($p, $h, $override, $api_mode);
+ self :: add_handler($p, $h, $override, $api_mode, $methods);
else
foreach($pattern as $p)
- self :: add_handler($p, $handler, $override, $api_mode);
+ self :: add_handler($p, $handler, $override, $api_mode, $methods);
}
else {
if (!isset(self :: $patterns[$pattern])) {
@@ -78,6 +83,7 @@ class LSurl extends LSlog_staticLoggerClass {
'handler' => $handler,
'authenticated' => $authenticated,
'api_mode' => $api_mode,
+ 'methods' => $methods,
);
}
elseif ($override) {
@@ -86,6 +92,7 @@ class LSurl extends LSlog_staticLoggerClass {
'handler' => $handler,
'authenticated' => $authenticated,
'api_mode' => $api_mode,
+ 'methods' => $methods,
);
}
else {
@@ -116,7 +123,7 @@ class LSurl extends LSlog_staticLoggerClass {
self :: log_debug("URL : current url = '$current_url'");
self :: log_debug("URL : check current url with the following URL patterns :\n - ".implode("\n - ", array_keys(self :: $patterns)));
foreach (self :: $patterns as $pattern => $handler_infos) {
- $m = self :: url_match($pattern, $current_url);
+ $m = self :: url_match($pattern, $current_url, $handler_infos['methods']);
if (is_array($m)) {
$request = new LSurlRequest($current_url, $handler_infos, $m);
// Reset last redirect
@@ -149,10 +156,13 @@ class LSurl extends LSlog_staticLoggerClass {
*
* @param[in] $pattern string The URL pattern
* @param[in] $current_url string|false The current URL (optional)
+ * @param[in] $methods array|null HTTP method (optional, default: no check)
*
* @retval array|false The URL info if pattern matched, false otherwise.
**/
- private static function url_match($pattern, $current_url=false) {
+ private static function url_match($pattern, $current_url=false, $methods=null) {
+ if ($methods && !in_array($_SERVER['REQUEST_METHOD'], $methods))
+ return false;
if ($current_url === false) {
$current_url = self :: get_current_url();
if (!$current_url) return False;
diff --git a/src/includes/class/class.LSurlRequest.php b/src/includes/class/class.LSurlRequest.php
index 1dfdf879..876da4e9 100644
--- a/src/includes/class/class.LSurlRequest.php
+++ b/src/includes/class/class.LSurlRequest.php
@@ -69,6 +69,8 @@ class LSurlRequest extends LSlog_staticLoggerClass {
return $this -> api_mode;
if ($key == 'referer')
return $this -> get_referer();
+ if ($key == 'http_method')
+ return $_SERVER['REQUEST_METHOD'];
if (array_key_exists($key, $this->url_params)) {
return urldecode($this->url_params[$key]);
}
diff --git a/src/includes/routes.php b/src/includes/routes.php
index 77dbb931..2086028e 100644
--- a/src/includes/routes.php
+++ b/src/includes/routes.php
@@ -280,7 +280,7 @@ function handle_static_file($request) {
}
LSurl :: error_404($request);
}
-LSurl :: add_handler('#^(?Pimage|css|js)/(?P[^/]+)$#', 'handle_static_file', false);
+LSurl :: add_handler('#^(?Pimage|css|js)/(?P[^/]+)$#', 'handle_static_file', false, true, false, 'GET');
/*
* Handle default browser favicon.ico request
@@ -292,7 +292,7 @@ LSurl :: add_handler('#^(?Pimage|css|js)/(?P[^/]+)$#', 'handle_stati
function handle_favicon_ico_view($request) {
LSurl :: redirect('image/favicon');
}
-LSurl :: add_handler('#^favicon\.ico#', 'handle_favicon_ico_view', false);
+LSurl :: add_handler('#^favicon\.ico#', 'handle_favicon_ico_view', false, true, false, 'GET');
/*
* Handle libs file request
@@ -318,7 +318,7 @@ function handle_libs_file($request) {
}
LSurl :: error_404($request);
}
-LSurl :: add_handler('#^libs/(?P.+)$#', 'handle_libs_file', false);
+LSurl :: add_handler('#^libs/(?P.+)$#', 'handle_libs_file', false, true, false, 'GET');
/*
* Handle tmp file request
@@ -334,7 +334,7 @@ function handle_tmp_file($request) {
}
LSurl :: error_404($request);
}
-LSurl :: add_handler('#^tmp/(?P[^/]+)$#', 'handle_tmp_file');
+LSurl :: add_handler('#^tmp/(?P[^/]+)$#', 'handle_tmp_file', false, true, false, 'GET');
/*
************************************************************