From dcd902a0f61b7da6400186f88d9b886aa3fb2d09 Mon Sep 17 00:00:00 2001 From: Jerome Mouneyrac Date: Wed, 15 Feb 2012 11:33:11 +0800 Subject: [PATCH] MDL-30495 HTML5 apps cannot call Webservices functions if a HTTP resource is retrieved from the Moodle installation --- webservice/lib.php | 18 +++++++++++------- webservice/rest/locallib.php | 30 +++++++++++++++++------------- webservice/rest/server.php | 3 --- webservice/soap/locallib.php | 2 +- 4 files changed, 29 insertions(+), 24 deletions(-) diff --git a/webservice/lib.php b/webservice/lib.php index ecb6a9b1db9..bc8ece95dd5 100644 --- a/webservice/lib.php +++ b/webservice/lib.php @@ -1209,24 +1209,28 @@ class '.$classname.' { } /** - * This method parses the $_REQUEST superglobal and looks for + * This method parses the $_POST and $_GET superglobals and looks for * the following information: * 1/ user authentication - username+password or token (wsusername, wspassword and wstoken parameters) * * @return void */ protected function parse_request() { + + //Get GET and POST paramters + $methodvariables = array_merge($_GET,$_POST); + if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) { //note: some clients have problems with entity encoding :-( - if (isset($_REQUEST['wsusername'])) { - $this->username = $_REQUEST['wsusername']; + if (isset($methodvariables['wsusername'])) { + $this->username = $methodvariables['wsusername']; } - if (isset($_REQUEST['wspassword'])) { - $this->password = $_REQUEST['wspassword']; + if (isset($methodvariables['wspassword'])) { + $this->password = $methodvariables['wspassword']; } } else { - if (isset($_REQUEST['wstoken'])) { - $this->token = $_REQUEST['wstoken']; + if (isset($methodvariables['wstoken'])) { + $this->token = $methodvariables['wstoken']; } } } diff --git a/webservice/rest/locallib.php b/webservice/rest/locallib.php index 2c75799ab3c..075f6b6dd54 100644 --- a/webservice/rest/locallib.php +++ b/webservice/rest/locallib.php @@ -44,7 +44,7 @@ class webservice_rest_server extends webservice_base_server { } /** - * This method parses the $_REQUEST superglobal and looks for + * This method parses the $_POST and $_GET superglobals and looks for * the following information: * 1/ user authentication - username+password or token (wsusername, wspassword and wstoken parameters) * 2/ function name (wsfunction parameter) @@ -53,26 +53,30 @@ class webservice_rest_server extends webservice_base_server { * @return void */ protected function parse_request() { + + //Get GET and POST paramters + $methodvariables = array_merge($_GET,$_POST); + if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) { - $this->username = isset($_REQUEST['wsusername']) ? $_REQUEST['wsusername'] : null; - unset($_REQUEST['wsusername']); + $this->username = isset($methodvariables['wsusername']) ? $methodvariables['wsusername'] : null; + unset($methodvariables['wsusername']); - $this->password = isset($_REQUEST['wspassword']) ? $_REQUEST['wspassword'] : null; - unset($_REQUEST['wspassword']); + $this->password = isset($methodvariables['wspassword']) ? $methodvariables['wspassword'] : null; + unset($methodvariables['wspassword']); - $this->functionname = isset($_REQUEST['wsfunction']) ? $_REQUEST['wsfunction'] : null; - unset($_REQUEST['wsfunction']); + $this->functionname = isset($methodvariables['wsfunction']) ? $methodvariables['wsfunction'] : null; + unset($methodvariables['wsfunction']); - $this->parameters = $_REQUEST; + $this->parameters = $methodvariables; } else { - $this->token = isset($_REQUEST['wstoken']) ? $_REQUEST['wstoken'] : null; - unset($_REQUEST['wstoken']); + $this->token = isset($methodvariables['wstoken']) ? $methodvariables['wstoken'] : null; + unset($methodvariables['wstoken']); - $this->functionname = isset($_REQUEST['wsfunction']) ? $_REQUEST['wsfunction'] : null; - unset($_REQUEST['wsfunction']); + $this->functionname = isset($methodvariables['wsfunction']) ? $methodvariables['wsfunction'] : null; + unset($methodvariables['wsfunction']); - $this->parameters = $_REQUEST; + $this->parameters = $methodvariables; } } diff --git a/webservice/rest/server.php b/webservice/rest/server.php index d89e0c1b44a..ec97e0563c7 100644 --- a/webservice/rest/server.php +++ b/webservice/rest/server.php @@ -36,9 +36,6 @@ if (!webservice_protocol_is_enabled('rest')) { $restformat = optional_param('moodlewsrestformat', 'xml', PARAM_ALPHA); //remove the alt from the request -if(isset($_REQUEST['moodlewsrestformat'])) { - unset($_REQUEST['moodlewsrestformat']); -} if(isset($_GET['moodlewsrestformat'])) { unset($_GET['moodlewsrestformat']); } diff --git a/webservice/soap/locallib.php b/webservice/soap/locallib.php index fd4908761a8..bcc8ecb255a 100644 --- a/webservice/soap/locallib.php +++ b/webservice/soap/locallib.php @@ -125,7 +125,7 @@ class webservice_soap_server extends webservice_zend_server { } /** - * This method parses the $_REQUEST superglobal and looks for + * This method parses the $_POST and $_GET superglobals and looks for * the following information: * 1/ user authentication - username+password or token (wsusername, wspassword and wstoken parameters) *