if (!defined('SHOP_TO_DATE')) die('Forbidden'); // Gateway Layer laden require(WEBSERVICE_PATH.'x2dgw.'. CC_SITE_SCRIPTEXTENSION); function xml_encode($content) { return str_replace("'", "'", htmlspecialchars($content)); } function xml_decode($content) { return strtr($content, array_flip(array_merge(get_html_translation_table(HTML_SPECIALCHARS), array("'" => "'")))); } // Debugging function debug_log($file, $text) { if (!DEBUG) return; if (!$file_handle = fopen(ROOT_PATH.$file.'.log', 'a')) die('Can not open file'); if (!fwrite($file_handle, $text)) die('Can not write to file'); if (!fclose($file_handle)) die('Can not close file'); } class x2dws extends x2dgw { var $response = array(); var $error = false; var $sqlerror = false; var $nodes = array(); function handle($actions) { parent::handle(); // Preambel löschen und collapsed xmls expandieren $this->data = preg_replace("/<\?[^>]+>/", '', $this->data); // Whitespaces löschen $this->data = preg_replace("/>\s+<', $this->data); $this->data = preg_replace("/^\s+/", '', $this->data); $this->data = preg_replace("/\s+$/", '', $this->data); $this->data = str_replace('\"', '"', $this->data); // Nach request Knoten suchen if (!in_array($this->action, array_merge($actions, array('null', 'ping', 'echo', 'servertime', 'diag')))) { if (!preg_match("/[\s\S]*<\/request>$/", $this->data)) $this->error_response("No request found"); else $this->data = preg_replace("/^.*\s*([\s\S]+)<\/request>$/", "\\1", $this->data); } // Aktionen des Webservice Layers switch ($this->action) { case 'null': $this->send_response(""); break; case 'ping': $this->build_response('Pong'); $this->send_response(); break; case 'echo': $this->send_response($this->data); break; case 'upload': if (!preg_match('/(.+)<\/path>/', $this->data, $found)) $this->error_response("No path given"); $path = xml_decode($found[1]).'/'; if (!in_array($path, array('images/', 'assets/'))) $this->error_response("Path not permitted"); if (!$_FILES['upload']['error'] == UPLOAD_ERR_OK || !is_uploaded_file($_FILES['upload']['tmp_name'])) $this->error_response("Upload failed"); $size = getimagesize($_FILES['upload']['tmp_name']); if (!in_array($size[2], array(1, 2, 3))) $this->error_response("Not an image"); if (!move_uploaded_file($_FILES['upload']['tmp_name'], ROOT_PATH.$path.$_FILES['upload']['name'])) $this->error_response("Storing image failed"); $this->build_response(""); $this->build_response("$path"); $this->build_response("".xml_encode($_FILES['upload']['name']).""); $this->build_response("".xml_encode($_FILES['upload']['type']).""); $this->build_response("".xml_encode($_FILES['upload']['size']).""); $this->build_response(""); $this->send_response(); break; case 'download': if (!preg_match('/(.+)<\/path>/', $this->data, $found)) { header(HTTP_NOTFOUND); $this->error_response("No path given"); } $path = xml_decode($found[1]).'/'; if (!in_array($path, array('images/', 'assets/'))) { header(HTTP_NOTFOUND); $this->error_response("Path not permitted"); } if (!preg_match('/(.+)<\/file>/', $this->data, $found)) { header(HTTP_NOTFOUND); $this->error_response("No filename given"); } $file = xml_decode($found[1]); $filename = ROOT_PATH.$path.$file; if (!file_exists($filename)) { header(HTTP_NOTFOUND); $this->error_response("No such file"); } if (!$size = getimagesize($filename)) { header(HTTP_NOTFOUND); $this->error_response("Not an image"); } $ct = array(null, 'image/gif', 'image/jpeg', 'image/png'); header("Content-Type: ".$ct[$size[2]]); header("Content-Length: ".filesize($filename)); readfile($filename); exit; break; case 'dir': if (!preg_match('/(.+)<\/path>/', $this->data, $found)) $this->error_response("No path given"); $path = xml_decode($found[1]).'/'; if (!in_array($path, array('images/', 'assets/'))) $this->error_response("Path not permitted"); $this->build_response(""); // Alle Dateien einlesen $files = array(); foreach (glob(ROOT_PATH."$path*") as $file) { if (preg_match("/".str_replace('/', '\/', $path)."(.+\.jpg)$/", $file, $name)) array_push($files, $name[1]); } sort($files); foreach ($files as $file) $this->build_response("".xml_encode($file).""); $this->build_response(""); $this->build_response("".xml_encode(count($files)).""); $this->send_response(); break; case 'rm': if (!preg_match('/(.+)<\/path>/', $this->data, $found)) $this->error_response("No path given"); $path = xml_decode($found[1]).'/'; if (!in_array($path, array('images/', 'assets/'))) $this->error_response("Path not permitted"); if (!preg_match('/(.+)<\/file>/', $this->data, $found)) $this->error_response("No filename given"); $file = xml_decode($found[1]); if (file_exists(ROOT_PATH.$path.$file)) { @unlink(ROOT_PATH.$path.$file); if (file_exists(ROOT_PATH.$path.$file)) $this->error_response("No success"); } else $this->error_response("No such file"); $this->send_response(); break; case 'rm_all': if (!preg_match('/(.+)<\/path>/', $this->data, $found)) $this->error_response("No path given"); $path = xml_decode($found[1]).'/'; if (!in_array($path, array('images/', 'assets/'))) $this->error_response("Path not permitted"); $error = false; foreach (glob(ROOT_PATH."$path*") as $file) { if (preg_match("/".str_replace('/', '\/', $path)."(.+\.jpg)$/", $file, $name)) { @unlink($file); if (file_exists($file)) $error = true; } } if ($error) $this->error_response("Files remaining"); $this->send_response(); break; case 'diag': $this->build_response("".date('r').""); $this->build_response("".xml_encode($this->gateway_version).""); $this->build_response("".xml_encode($this->service_version).""); $this->build_response("".xml_encode($this->action).""); $this->build_response("".xml_encode($this->enctype).""); $this->build_response("".xml_encode($this->data).""); $this->build_response("".xml_encode($this->hash_computed).""); $this->build_response("".xml_encode($this->hash_received).""); $this->build_response("".xml_encode(VERSION).""); $this->build_response("".xml_encode(@phpversion()).""); $this->build_response("".xml_encode(@zend_version()).""); $this->build_response("".xml_encode(@mysql_get_client_info()).""); $this->build_response("".xml_encode(@ini_get('register_globals') ? 1 : 0).""); $this->build_response("".xml_encode(@ini_get('default_socket_timeout')).""); $this->build_response("".xml_encode(@ini_get('doc_root')).""); $this->build_response("".xml_encode(@ini_get('file_uploads')).""); $this->build_response("".xml_encode(@ini_get('include_path')).""); $this->build_response("".xml_encode(@ini_get('max_execution_time')).""); $this->build_response("".xml_encode(@ini_get('memory_limit')).""); $this->build_response("".xml_encode(@ini_get('output_buffering')).""); $this->build_response("".xml_encode(@ini_get('post_max_size')).""); $this->build_response("".xml_encode(@ini_get('safe_mode')).""); $this->build_response("".xml_encode(@ini_get('upload_max_filesize')).""); $this->build_response("".xml_encode(isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : '').""); $this->build_response("".xml_encode(isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : '').""); $this->build_response("".xml_encode(isset($_SERVER['PHP_SELF']) ? dirname($_SERVER['PHP_SELF']) : '').""); $this->build_response("".xml_encode(HTTP_URL).""); $this->build_response("".xml_encode(isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '').""); $this->send_response(); break; } // collapsed xmls expandieren $this->data = preg_replace("/<([^<>\/]*) \/>/", '<\\1>', $this->data); } // Antwort zusammenbauen function build_response($line) { if ($line) array_push($this->response, $line); } function add_line($line) { if ($line) array_push($this->response, xml_encode($line)); } // XML Knoten zufügen function add_node($node_name, $node_content) { array_push($this->response, '<'.$node_name.'>'.xml_encode($node_content).''); } function open_node($node) { array_push($this->nodes, $node); $this->build_response("<$node>"); } function close_node() { $this->build_response("nodes).">"); } // Fehler senden function error_response($error) { $this->error = true; $this->repsonse = array(); array_push($this->response, "".xml_encode($error).""); $this->send_response(); } // XML Antwort generieren und nächst tiefere Ebene aufrufen function send_response($response = null) { header('Content-Type: text/xml'); if (isset($response)) parent::send_response($response); else { $response = ''."\nerror ? "error" : ($this->sqlerror ? "sqlerror" : "ok"))."\">\n".implode("\n", preg_replace("/<([^<>\/]*)><\/\\1>/", '<\\1 />', $this->response))."\n"; parent::send_response($response); } } } ?>