Source for file squirrelmail_rpc.php
Documentation is available at squirrelmail_rpc.php
* This file contains the entry point to the "SquirrelMail API" -- the * remote procedure call request receiver. * RPC requests are currently understood as simple HTTP GET or POST * requests. The SquirrelMail default_rpc template set responds in a * SOAP (currently v1.2) compliant manner, but this interface does not * (yet?) understand SOAP requests. The format of responses can be * changed by creating a different RPC template set and pointing to it * with $rpc_templateset in the main SquirrelMail configuration file. * @copyright 1999-2020 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id: squirrelmail_rpc.php 14845 2020-01-07 08:09:34Z pdontthink $ /** This is the squirrelmail_rpc page */ define('PAGE_NAME', 'squirrelmail_rpc'); //FIXME: If we decide to route ALL requests, even normal page // requests through this file, need to change page requests // to something like this //http://example.org/squirrelmail/src/squirrelmail_rpc.php?page=read_body&passed_id=47633... // This file would then add ".php" to the "page" variable // and pass the request on to that page by simply require()ing // that page and exiting. // Does this present problems, security or otherwise? What // problems are created by the fact that the page request // is always the same thing (some parts of the code and some // plugins switch functionality based on $PHP_SELF and other // $_SERVER variables that look for specific page names -- those // can be fixed by looking at the "page" GET argument, but what // other issues are created)? What about plugins? How would // they work in this scheme? Would they be a lot more difficult //NOTE: It is not entirely clear if doing the above is even desirable. // Initial conversations on the squirrelmail-devel list were // inconclusive. On one hand, doing so would give us one master // file that handles any and all incoming requests, no matter // where they came from or what format/type they are. On the // other, keeping page requests out of this file keeps this file // lean and specific to one technology: our RPC interface. * Include the SquirrelMail initialization file. //FIXME: init.php assumes it is being called by a browser, so some error // conditions are handled by immediately calling error_box() or // otherwise trying to push something to the browser, which should // be avoided at all costs. This is also pervasive in the whole // core and must be cleaned up entirely before this can be a very // functional RPC interface require
('../include/init.php');//FIXME: do we need to put this list somewhere else? //FIXME: do we want to use constants instead? probably not a bad idea, although plugins probably won't, so we still want to try to keep track of the plugin error codes too if possible (new plugin website should help) * Known core error codes: * 1 - No RPC action was given in request (please use "rpc_action") * 2 - RPC action was not understood (perhaps a needed plugin is * not installed and activated?) * Known plugin error codes: * 500 - Empty Folders plugin empty_folders_purge_trash action failed * 501 - Empty Folders plugin empty_folders_purge_all action failed * 502 - Empty Folders plugin empty_folders_delete_all action failed * 503 - Mark Read plugin mark_read_read_all action failed * 504 - Mark Read plugin mark_read_unread_all action failed * Get RPC Action (can be in either GET or POST) if (!sqGetGlobalVar('rpc_action', $rpc_action, SQ_FORM)) { * No matter what our response is, the headers $oTemplate->header('Content-Type: text/xml'); $oTemplate->header('Content-Type: application/xml'); // required by IE $oTemplate->header('Pragma: no-cache'); $oTemplate->header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0'); $oTemplate->header('Expires: Sat, 1 Jan 2000 00:00:00 GMT'); //TODO: is this needed? $oTemplate->header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT'); * Allow plugins to add their own RPC action * or modify behavior of SM core RPC actions... * A plugin that handles a custom RPC action must * return TRUE to the hook so that it knows that * the action was handled and was not an unknown * action. If the action was not handled, the plugin * should return FALSE to the hook. * Developer note: the $rpc_action parameter is passed * in an array in case we can think of more parameters * Known users of this hook: $temp =
array(&$rpc_action); * Go take care of each RPC action (unless plugin already did) if (!$handled_by_plugin) switch (strtolower($rpc_action)) { require_once(SM_PATH .
'functions/mailbox_display.php'); require_once(SM_PATH .
'functions/imap.php'); if (!sqGetGlobalVar('delete_ids', $delete_ids, SQ_FORM)) { $delete_ids =
explode(',', $delete_ids); if (!sqGetGlobalVar('mailbox', $mailbox, SQ_FORM)) { if (sqGetGlobalVar('startMessage', $startMessage, SQ_INORDER, 1)) { $startMessage = (int)
$startMessage; sqGetGlobalVar('what', $what, SQ_FORM, 0); if (sqGetGlobalVar('account', $iAccount, SQ_GET, 0)) { $iAccount = (int)
$iAccount; //FIXME: need to grab the bypass trash variable here too! probably other vars... /* FIXME: --- The following code was just experimental/proof-of-concept; the rest of the implementation of this functionality still needs to be done "for real" $oImapMessage = new IMAP_Message(0, $mailbox, $startMessage, $what, $iAccount); foreach ($delete_ids as $id) { $oImapMessage->setUid($id); //FIXME: establish constants for $hide values (the 3 below indicates not to show errors, but to return any error string) $result = $oImapMessage->deleteMessage(3); sm_rpc_return_error($rpc_action, 99, $result, 'server', 500, 'Server Error'); //FIXME: Just for testing the line above can be changed to something like this: //sm_rpc_return_success($rpc_action, 0, 'Hooray! Message(s) deleted. Refresh your message list and make sure.'); * Returns an error message to the RPC caller and exits * NOTE that this function exits and will never return * @param string $rpc_action The RPC action that is being handled * (OPTIONAL; default attempt to grab from GET/POST) * @param int $error_code The (application-level) error code for the current * @param string $error_text Any error message associated with the error * condition (OPTIONAL; default empty string) * @param string $guilty_party A string indicating the party who caused the * error: either "client" or "server" (OPTIONAL; * @param int $http_status_code When non-zero, this value will be sent to * the browser in the HTTP headers as the request * status code (OPTIONAL; default not used) * @param string $http_status_text A string naming the HTTP status, usually the * title of the corresponding status code as * http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html * (OPTIONAL; default not used; $http_status_code * must also be provided). $error_text=
'', $guilty_party=
'', $http_status_code=
0, $http_status_text=
'') { if (is_null($rpc_action)) sqGetGlobalVar('rpc_action', $rpc_action, SQ_FORM); $oTemplate->header('HTTP/1.1 ' .
$http_status_code .
' ' .
$http_status_text); $oTemplate->header('Status: ' .
$http_status_code .
' ' .
$http_status_text); $oTemplate->assign('rpc_action', $rpc_action); $oTemplate->assign('error_code', $error_code); $oTemplate->assign('error_text', $error_text); $oTemplate->assign('guilty_party', $guilty_party); $oTemplate->display('rpc_response_error.tpl'); * Returns a standard success result to the RPC caller and exits * NOTE that this function exits and will never return * @param string $rpc_action The RPC action that is being handled * (OPTIONAL; default attempt to grab from GET/POST) * @param int $result_code The result code (OPTIONAL; default 0) * @param string $result_text Any result message (OPTIONAL; default if (is_null($rpc_action)) sqGetGlobalVar('rpc_action', $rpc_action, SQ_FORM); $oTemplate->assign('rpc_action', $rpc_action); $oTemplate->assign('result_code', $result_code); $oTemplate->assign('result_text', $result_text); $oTemplate->display('rpc_response_success.tpl');
Documentation generated on Mon, 13 Jan 2020 04:23:36 +0100 by phpDocumentor 1.4.3