diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-18 01:35:40 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-18 01:35:40 +0000 |
| commit | 74201cb6158db6448ebf5d8330ace6ad4a139693 (patch) | |
| tree | c80e8011494c48a17f7edf0609467dc9a84d7f78 | |
| parent | b6a7f890d97b88a6dfbcc48d883132e9be44cfda (diff) | |
| download | ampache-74201cb6158db6448ebf5d8330ace6ad4a139693.tar.gz ampache-74201cb6158db6448ebf5d8330ace6ad4a139693.tar.bz2 ampache-74201cb6158db6448ebf5d8330ace6ad4a139693.zip | |
cleaned up XML API errors so that they are always xml docs regardless
| -rwxr-xr-x | docs/CHANGELOG | 2 | ||||
| -rw-r--r-- | lib/class/access.class.php | 2 | ||||
| -rw-r--r-- | lib/init.php | 2 | ||||
| -rw-r--r-- | server/xml.server.php | 54 |
4 files changed, 39 insertions, 21 deletions
diff --git a/docs/CHANGELOG b/docs/CHANGELOG index 01516521..ba3f4b8a 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,6 +4,8 @@ -------------------------------------------------------------------------- v.3.4-Alpha4 + - Fixed it so that all errors should return an XML document when + using the XML API. - Added Basic ShoutBox functionality, needs formating fixes and needs to be moved to a better spot in classic theme it must be turned on in the /config/ampache.cfg.php diff --git a/lib/class/access.class.php b/lib/class/access.class.php index b46b248b..2d1ac3e5 100644 --- a/lib/class/access.class.php +++ b/lib/class/access.class.php @@ -179,6 +179,7 @@ class Access { /* This is here because we want to at least check IP before even creating the xml-rpc server * however we don't have the key that was passed yet so we've got to do just ip */ + case 'init-rpc': case 'init-xml-rpc': $sql = "SELECT `id` FROM `access_list`" . " WHERE `start` <= '$ip' AND `end` >= '$ip' AND `type`='rpc' AND `level` >= '$level'"; @@ -189,6 +190,7 @@ class Access { " WHERE `start` <= '$ip' AND `end` >= '$ip'" . " AND `key` = '$key' AND `level` >= '$level' AND `type`='rpc'"; break; + case 'init-api': case 'network': case 'interface': case 'stream': diff --git a/lib/init.php b/lib/init.php index 28ac53d1..4796a615 100644 --- a/lib/init.php +++ b/lib/init.php @@ -81,7 +81,7 @@ if (!count($results)) { } /** This is the version.... fluf nothing more... **/ -$results['version'] = '3.4-Alpha4 Build (004)'; +$results['version'] = '3.4-Alpha4 Build (005)'; $results['int_config_version'] = '6'; $results['raw_web_path'] = $results['web_path']; diff --git a/server/xml.server.php b/server/xml.server.php index beced1f4..83d10027 100644 --- a/server/xml.server.php +++ b/server/xml.server.php @@ -27,17 +27,7 @@ define('NO_SESSION','1'); require_once '../lib/init.php'; -// If we don't even have access control on then we can't use this! -if (!Config::get('access_control')) { access_denied(); exit; } -/** - * Verify the existance of the Session they passed in we do allow them to - * login via this interface so we do have an exception for action=login - */ -if (!Access::session_exists(array(),$_REQUEST['auth'],'api') AND $_REQUEST['action'] != 'handshake') { - debug_event('Access Denied','Invalid Session or unthorized access attempt to API','5'); - exit(); -} // If it's not a handshake then we can allow it to take up lots of time if (!$_REQUEST['action'] != 'handshake') { @@ -48,15 +38,36 @@ if (!$_REQUEST['action'] != 'handshake') { header("Content-type: text/xml; charset=" . Config::get('site_charset')); header("Content-Disposition: attachment; filename=information.xml"); +// If we don't even have access control on then we can't use this! +if (!Config::get('access_control')) { + ob_end_clean(); + echo xmlData::error('Access Control not Enabled'); + exit; +} + +/** + * Verify the existance of the Session they passed in we do allow them to + * login via this interface so we do have an exception for action=login + */ +if ((!Access::session_exists(array(),$_REQUEST['auth'],'api') AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'])) { + debug_event('Access Denied','Invalid Session or unathorized access attempt to API','5'); + ob_end_clean(); + echo xmlData::error('Access Denied due to ACL or unauthorized access attempt to API, attempt logged'); + exit(); +} + + switch ($_REQUEST['action']) { case 'handshake': // Send the data we were sent to the API class so it can be chewed on $token = Api::handshake($_REQUEST['timestamp'],$_REQUEST['auth'],$_SERVER['REMOTE_ADDR'],$_REQUEST['user']); if (!$token) { + ob_end_clean(); echo xmlData::error('Error Invalid Handshake, attempt logged'); } else { + ob_end_clean(); echo xmlData::keyed_array($token); } @@ -75,6 +86,7 @@ switch ($_REQUEST['action']) { $artists = Browse::get_objects(); // echo out the resulting xml document + ob_end_clean(); echo xmlData::artists($artists); break; case 'artist_albums': @@ -84,7 +96,7 @@ switch ($_REQUEST['action']) { // Set the offset xmlData::set_offset($_REQUEST['offset']); - + ob_end_clean(); echo xmlData::albums($albums); break; case 'artist_songs': @@ -93,7 +105,8 @@ switch ($_REQUEST['action']) { // Set the offset xmlData::set_offset($_REQUEST['offset']); - xmlData::songs($songs); + ob_end_clean(); + echo xmlData::songs($songs); break; case 'albums': Browse::reset_filters(); @@ -107,7 +120,7 @@ switch ($_REQUEST['action']) { // Set the offset xmlData::set_offset($_REQUEST['offset']); - + ob_end_clean(); echo xmlData::albums($albums); break; case 'album_songs': @@ -116,7 +129,7 @@ switch ($_REQUEST['action']) { // Set the offset xmlData::set_offset($_REQUEST['offset']); - + ob_end_clean(); echo xmlData::songs($songs); break; case 'genres': @@ -131,25 +144,25 @@ switch ($_REQUEST['action']) { // Set the offset xmlData::set_offset($_REQUEST['offset']); - + ob_end_clean(); echo xmlData::genres($genres); break; case 'genre_artists': $genre = new Genre($_REQUEST['filter']); $artists = $genre->get_artists(); - + ob_end_clean(); echo xmlData::artists($artists); break; case 'genre_albums': $genre = new Genre($_REQUEST['filter']); $albums = $genre->get_albums(); - + ob_end_clean(); echo xmlData::albums($albums); break; case 'genre_songs': $genre = new Genre($_REQUEST['filter']); $songs = $genre->get_songs(); - + ob_end_clean(); echo xmlData::songs($songs); break; case 'songs': @@ -164,11 +177,12 @@ switch ($_REQUEST['action']) { // Set the offset xmlData::set_offset($_REQUEST['offset']); - + ob_end_clean(); echo xmlData::songs($songs); break; default: - // Rien a faire + ob_end_clean(); + echo xmlData::error('Invalid Request'); break; } // end switch action ?> |