LSurl: add request HTTP method check that must match with one of supported by handler (default: GET or POST)

doc/api/api.docbook

@@ -77,6 +77,10 @@
     transmises dans l'URL appelée. Si le type d'objet ou l'objet demandé est introuvable, une erreur HTTP
     404 sera générée.</para>
 
+    <important><simpara>Sauf précision contraire, toutes les méthodes exposées sont accessibles uniquement
+    via les méthodes HTTP <literal>GET</literal> ou <literal>POST</literal>. L'accès via une autre méthode
+    retournera une erreur 404.</simpara></important>
+
     <!-- Début Liste des méthodes exposées -->
     <variablelist>
     <title>Liste des méthodes exposées</title>

src/includes/class/class.LSurl.php

@@ -62,15 +62,20 @@ class LSurl extends LSlog_staticLoggerClass {
    * @param[in] $authenticated  boolean       Permit to define if this URL is accessible only for authenticated users (optional, default: true)
    * @param[in] $override       boolean       Allow override if a command already exists with the same name (optional, default: false)
    * @param[in] $api_mode       boolean       Enable API mode (optional, default: false)
+   * @param[in] $methods        array|null    HTTP method (optional, default: array('GET', 'POST'))
    **/
-  public static function add_handler($pattern, $handler=null, $authenticated=true, $override=true, $api_mode=false) {
+  public static function add_handler($pattern, $handler=null, $authenticated=true, $override=true, $api_mode=false, $methods=null) {
+    if (is_null($methods))
+      $methods = array('GET', 'POST');
+    else
+      $methods = ensureIsArray($methods);
     if (is_array($pattern)) {
       if (is_null($handler))
         foreach($pattern as $p => $h)
-          self :: add_handler($p, $h, $override, $api_mode);
+          self :: add_handler($p, $h, $override, $api_mode, $methods);
       else
         foreach($pattern as $p)
-          self :: add_handler($p, $handler, $override, $api_mode);
+          self :: add_handler($p, $handler, $override, $api_mode, $methods);
     }
     else {
       if (!isset(self :: $patterns[$pattern])) {
@@ -78,6 +83,7 @@ class LSurl extends LSlog_staticLoggerClass {
           'handler' => $handler,
           'authenticated' => $authenticated,
           'api_mode' => $api_mode,
+          'methods' => $methods,
         );
       }
       elseif ($override) {
@@ -86,6 +92,7 @@ class LSurl extends LSlog_staticLoggerClass {
           'handler' => $handler,
           'authenticated' => $authenticated,
           'api_mode' => $api_mode,
+          'methods' => $methods,
         );
       }
       else {
@@ -116,7 +123,7 @@ class LSurl extends LSlog_staticLoggerClass {
     self :: log_debug("URL : current url = '$current_url'");
     self :: log_debug("URL : check current url with the following URL patterns :\n - ".implode("\n - ", array_keys(self :: $patterns)));
     foreach (self :: $patterns as $pattern => $handler_infos) {
-      $m = self :: url_match($pattern, $current_url);
+      $m = self :: url_match($pattern, $current_url, $handler_infos['methods']);
       if (is_array($m)) {
         $request = new LSurlRequest($current_url, $handler_infos, $m);
         // Reset last redirect
@@ -149,10 +156,13 @@ class LSurl extends LSlog_staticLoggerClass {
    *
    * @param[in] $pattern string The URL pattern
    * @param[in] $current_url string|false The current URL (optional)
+   * @param[in] $methods array|null HTTP method (optional, default: no check)
    *
    * @retval array|false The URL info if pattern matched, false otherwise.
    **/
-  private static function url_match($pattern, $current_url=false) {
+  private static function url_match($pattern, $current_url=false, $methods=null) {
+    if ($methods && !in_array($_SERVER['REQUEST_METHOD'], $methods))
+      return false;
     if ($current_url === false) {
       $current_url = self :: get_current_url();
       if (!$current_url) return False;

src/includes/class/class.LSurlRequest.php

@@ -69,6 +69,8 @@ class LSurlRequest extends LSlog_staticLoggerClass {
       return $this -> api_mode;
     if ($key == 'referer')
       return $this -> get_referer();
+    if ($key == 'http_method')
+      return $_SERVER['REQUEST_METHOD'];
     if (array_key_exists($key, $this->url_params)) {
       return urldecode($this->url_params[$key]);
     }

src/includes/routes.php

@@ -280,7 +280,7 @@ function handle_static_file($request) {
   }
   LSurl :: error_404($request);
 }
-LSurl :: add_handler('#^(?P<type>image|css|js)/(?P<file>[^/]+)$#', 'handle_static_file', false);
+LSurl :: add_handler('#^(?P<type>image|css|js)/(?P<file>[^/]+)$#', 'handle_static_file', false, true, false, 'GET');
 
 /*
  * Handle default browser favicon.ico request
@@ -292,7 +292,7 @@ LSurl :: add_handler('#^(?P<type>image|css|js)/(?P<file>[^/]+)$#', 'handle_stati
 function handle_favicon_ico_view($request) {
   LSurl :: redirect('image/favicon');
 }
-LSurl :: add_handler('#^favicon\.ico#', 'handle_favicon_ico_view', false);
+LSurl :: add_handler('#^favicon\.ico#', 'handle_favicon_ico_view', false, true, false, 'GET');
 
 /*
  * Handle libs file request
@@ -318,7 +318,7 @@ function handle_libs_file($request) {
   }
   LSurl :: error_404($request);
 }
-LSurl :: add_handler('#^libs/(?P<file>.+)$#', 'handle_libs_file', false);
+LSurl :: add_handler('#^libs/(?P<file>.+)$#', 'handle_libs_file', false, true, false, 'GET');
 
 /*
  * Handle tmp file request
@@ -334,7 +334,7 @@ function handle_tmp_file($request) {
   }
   LSurl :: error_404($request);
 }
-LSurl :: add_handler('#^tmp/(?P<filename>[^/]+)$#', 'handle_tmp_file');
+LSurl :: add_handler('#^tmp/(?P<filename>[^/]+)$#', 'handle_tmp_file', false, true, false, 'GET');
 
 /*
  ************************************************************