Back to index

d-push  2.0
Static Public Member Functions | Public Attributes | Static Private Member Functions | Static Private Attributes
Request Class Reference

List of all members.

Static Public Member Functions

static Initialize ()
 Initializes request data.
static ProcessHeaders ()
 Reads and processes the request headers.
static AuthenticationInfo ()
 Reads and parses the HTTP-Basic-Auth data.
static GetInputStream ()
 
Getter & Checker
static GetOutputStream ()
 Returns the output stream.
static GetMethod ()
 Returns the request method.
static GetGETUser ()
 Returns the value of the user parameter of the querystring.
static GetGETItemId ()
 Returns the value of the ItemId parameter of the querystring.
static GetGETCollectionId ()
 Returns the value of the CollectionId parameter of the querystring.
static GetGETSaveInSent ()
 Returns if the SaveInSent parameter of the querystring is set.
static GetGETAttachmentName ()
 Returns the value of the AttachmentName parameter of the querystring.
static GetAuthUser ()
 Returns the authenticated user.
static GetAuthDomain ()
 Returns the authenticated domain for the user.
static GetAuthPassword ()
 Returns the transmitted password.
static GetRemoteAddr ()
 Returns the RemoteAddress.
static GetCommand ()
 Returns the command to be executed.
static GetCommandCode ()
 Returns the command code which is being executed.
static GetDeviceID ()
 Returns the device id transmitted.
static GetDeviceType ()
 Returns the device type if transmitted.
static GetProtocolVersion ()
 Returns the value of supported AS protocol from the headers.
static GetUserAgent ()
 Returns the user agent sent in the headers.
static GetPolicyKey ()
 Returns policy key sent by the device.
static WasPolicyKeySent ()
 Indicates if a policy key was sent by the device.
static IsMethodPOST ()
 Indicates if Z-Push was called with a POST request.
static IsMethodGET ()
 Indicates if Z-Push was called with a GET request.
static IsMethodOPTIONS ()
 Indicates if Z-Push was called with a OPTIONS request.
static IsValidDeviceID ()
 Sometimes strange device ids are sumbitted No device information should be saved when this happens.
static GetContentLength ()
 Returns the amount of data sent in this request (from the headers)

Public Attributes

const UNKNOWN = "unknown"
const LETTERS_ONLY = 1
 self::filterEvilInput() options
const HEX_ONLY = 2
const WORDCHAR_ONLY = 3
const NUMBERS_ONLY = 4
const NUMBERSDOT_ONLY = 5
const HEX_EXTENDED = 6
const COMMANDPARAM_ATTACHMENTNAME = 0
 Command parameters for base64 encoded requests (AS >= 12.1)
const COMMANDPARAM_COLLECTIONID = 1
const COMMANDPARAM_COLLECTIONNAME = 2
const COMMANDPARAM_ITEMID = 3
const COMMANDPARAM_LONGID = 4
const COMMANDPARAM_PARENTID = 5
const COMMANDPARAM_OCCURRENCE = 6
const COMMANDPARAM_OPTIONS = 7
const COMMANDPARAM_USER = 8
const COMMANDPARAM_OPTIONS_SAVEINSENT = 0x01
const COMMANDPARAM_OPTIONS_ACCEPTMULTIPART = 0x02

Static Private Member Functions

static filterEvilInput ($input, $filter, $replacevalue= '')
 
Private stuff

Static Private Attributes

static $input
static $output
static $headers
static $getparameters
static $command
static $device
static $method
static $remoteAddr
static $getUser
static $devid
static $devtype
static $authUser
static $authDomain
static $authPassword
static $asProtocolVersion
static $policykey
static $useragent
static $attachmentName
static $collectionId
static $itemId
static $longId
static $occurence
static $saveInSent

Detailed Description

Definition at line 45 of file request.php.


Member Function Documentation

static Request::AuthenticationInfo ( ) [static]

Reads and parses the HTTP-Basic-Auth data.

public

Returns:
boolean data sent or not

Definition at line 213 of file request.php.

                                                {
        // split username & domain if received as one
        if (isset($_SERVER['PHP_AUTH_USER'])) {
            list(self::$authUser, self::$authDomain) = Utils::SplitDomainUser($_SERVER['PHP_AUTH_USER']);
            self::$authPassword = (isset($_SERVER['PHP_AUTH_PW']))?$_SERVER['PHP_AUTH_PW'] : "";
        }
        // authUser & authPassword are unfiltered!
        return (self::$authUser != "" && self::$authPassword != "");
    }

Here is the call graph for this function:

static Request::filterEvilInput ( input,
filter,
replacevalue = '' 
) [static, private]


Private stuff

Replaces all not allowed characters in a string

Parameters:
string$inputthe input string
int$filterone of the predefined filters: LETTERS_ONLY, HEX_ONLY, WORDCHAR_ONLY, NUMBERS_ONLY, NUMBERSDOT_ONLY
char$replacevalue(opt) a character the filtered characters should be replaced with

public

Returns:
string

Definition at line 554 of file request.php.

                                                                                 {
        $re = false;
        if ($filter == self::LETTERS_ONLY)            $re = "/[^A-Za-z]/";
        else if ($filter == self::HEX_ONLY)           $re = "/[^A-Fa-f0-9]/";
        else if ($filter == self::WORDCHAR_ONLY)      $re = "/[^A-Za-z0-9]/";
        else if ($filter == self::NUMBERS_ONLY)       $re = "/[^0-9]/";
        else if ($filter == self::NUMBERSDOT_ONLY)    $re = "/[^0-9\.]/";
        else if ($filter == self::HEX_EXTENDED)       $re = "/[^A-Fa-f0-9\:]/";

        return ($re) ? preg_replace($re, $replacevalue, $input) : '';
    }

Here is the caller graph for this function:

static Request::GetAuthDomain ( ) [static]

Returns the authenticated domain for the user.

public

Returns:
string/boolean false if not available

Definition at line 351 of file request.php.

                                           {
        if (isset(self::$authDomain))
            return self::$authDomain;
        else
            return false;
    }

Here is the caller graph for this function:

static Request::GetAuthPassword ( ) [static]

Returns the transmitted password.

public

Returns:
string/boolean false if not available

Definition at line 364 of file request.php.

                                             {
        if (isset(self::$authPassword))
            return self::$authPassword;
        else
            return false;
    }

Here is the caller graph for this function:

static Request::GetAuthUser ( ) [static]

Returns the authenticated user.

public

Returns:
string/boolean false if not available

Definition at line 338 of file request.php.

                                         {
        if (isset(self::$authUser))
            return self::$authUser;
        else
            return false;
    }

Here is the caller graph for this function:

static Request::GetCommand ( ) [static]

Returns the command to be executed.

public

Returns:
string/boolean false if not available

Definition at line 390 of file request.php.

                                        {
        if (isset(self::$command))
            return self::$command;
        else
            return false;
    }
static Request::GetCommandCode ( ) [static]

Returns the command code which is being executed.

public

Returns:
string/boolean false if not available

Definition at line 403 of file request.php.

                                            {
        if (isset(self::$command))
            return Utils::GetCodeFromCommand(self::$command);
        else
            return false;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

static Request::GetContentLength ( ) [static]

Returns the amount of data sent in this request (from the headers)

public

Returns:
int

Definition at line 535 of file request.php.

                                              {
        return (isset(self::$headers["content-length"]))? (int) self::$headers["content-length"] : 0;
    }

Here is the caller graph for this function:

static Request::GetDeviceID ( ) [static]

Returns the device id transmitted.

public

Returns:
string/boolean false if not available

Definition at line 416 of file request.php.

                                         {
        if (isset(self::$devid))
            return self::$devid;
        else
            return false;
    }

Here is the caller graph for this function:

static Request::GetDeviceType ( ) [static]

Returns the device type if transmitted.

public

Returns:
string/boolean false if not available

Definition at line 429 of file request.php.

                                           {
        if (isset(self::$devtype))
            return self::$devtype;
        else
            return false;
    }

Here is the caller graph for this function:

static Request::GetGETAttachmentName ( ) [static]

Returns the value of the AttachmentName parameter of the querystring.

public

Returns:
string/boolean false if not available

Definition at line 325 of file request.php.

                                                  {
        if (isset(self::$attachmentName))
            return self::$attachmentName;
        else
            return false;
    }

Here is the caller graph for this function:

static Request::GetGETCollectionId ( ) [static]

Returns the value of the CollectionId parameter of the querystring.

public

Returns:
string/boolean false if not available

Definition at line 299 of file request.php.

                                                {
        if (isset(self::$collectionId))
            return self::$collectionId;
        else
            return false;
    }

Here is the caller graph for this function:

static Request::GetGETItemId ( ) [static]

Returns the value of the ItemId parameter of the querystring.

public

Returns:
string/boolean false if not available

Definition at line 286 of file request.php.

                                          {
        if (isset(self::$itemId))
            return self::$itemId;
        else
            return false;
        }

Here is the caller graph for this function:

static Request::GetGETSaveInSent ( ) [static]

Returns if the SaveInSent parameter of the querystring is set.

public

Returns:
boolean

Definition at line 312 of file request.php.

                                              {
        if (isset(self::$saveInSent))
            return self::$saveInSent;
        else
            return true;
    }

Here is the caller graph for this function:

static Request::GetGETUser ( ) [static]

Returns the value of the user parameter of the querystring.

public

Returns:
string/boolean false if not available

Definition at line 273 of file request.php.

                                        {
        if (isset(self::$getUser))
            return self::$getUser;
        else
            return self::UNKNOWN;
    }

Here is the caller graph for this function:

static Request::GetInputStream ( ) [static]


Getter & Checker

Returns the input stream

public

Returns:
handle/boolean false if not available

Definition at line 234 of file request.php.

                                            {
        if (isset(self::$input))
            return self::$input;
        else
            return false;
    }

Here is the caller graph for this function:

static Request::GetMethod ( ) [static]

Returns the request method.

public

Returns:
string

Definition at line 260 of file request.php.

                                       {
        if (isset(self::$method))
            return self::$method;
        else
            return self::UNKNOWN;
    }
static Request::GetOutputStream ( ) [static]

Returns the output stream.

public

Returns:
handle/boolean false if not available

Definition at line 247 of file request.php.

                                             {
        if (isset(self::$output))
            return self::$output;
        else
            return false;
    }

Here is the caller graph for this function:

static Request::GetPolicyKey ( ) [static]

Returns policy key sent by the device.

public

Returns:
int/boolean false if not available

Definition at line 468 of file request.php.

                                          {
        if (isset(self::$policykey))
            return self::$policykey;
        else
            return false;
    }
static Request::GetProtocolVersion ( ) [static]

Returns the value of supported AS protocol from the headers.

public

Returns:
string/boolean false if not available

Definition at line 442 of file request.php.

                                                {
        if (isset(self::$asProtocolVersion))
            return self::$asProtocolVersion;
        else
            return false;
    }

Here is the caller graph for this function:

static Request::GetRemoteAddr ( ) [static]

Returns the RemoteAddress.

public

Returns:
string

Definition at line 377 of file request.php.

                                           {
        if (isset(self::$remoteAddr))
            return self::$remoteAddr;
        else
            return "UNKNOWN";
    }

Here is the caller graph for this function:

static Request::GetUserAgent ( ) [static]

Returns the user agent sent in the headers.

public

Returns:
string/boolean false if not available

Definition at line 455 of file request.php.

                                          {
        if (isset(self::$useragent))
            return self::$useragent;
        else
            return self::UNKNOWN;
    }

Here is the caller graph for this function:

static Request::Initialize ( ) [static]

Initializes request data.

public

Returns:

Definition at line 105 of file request.php.

                                        {
        // try to open stdin & stdout
        self::$input = fopen("php://input", "r");
        self::$output = fopen("php://output", "w+");

        // Parse the standard GET parameters
        if(isset($_GET["Cmd"]))
            self::$command = self::filterEvilInput($_GET["Cmd"], self::LETTERS_ONLY);

        // getUser is unfiltered, as everything is allowed.. even "/", "\" or ".."
        if(isset($_GET["User"]))
            self::$getUser = $_GET["User"];
        if(isset($_GET["DeviceId"]))
            self::$devid = self::filterEvilInput($_GET["DeviceId"], self::WORDCHAR_ONLY);
        if(isset($_GET["DeviceType"]))
            self::$devtype = self::filterEvilInput($_GET["DeviceType"], self::LETTERS_ONLY);
        if (isset($_GET["AttachmentName"]))
            self::$attachmentName = self::filterEvilInput($_GET["AttachmentName"], self::HEX_EXTENDED);
        if (isset($_GET["CollectionId"]))
            self::$collectionId = self::filterEvilInput($_GET["CollectionId"], self::HEX_ONLY);
        if (isset($_GET["ItemId"]))
            self::$itemId = self::filterEvilInput($_GET["ItemId"], self::HEX_ONLY);
        if (isset($_GET["SaveInSent"]) && $_GET["SaveInSent"] == "T")
            self::$saveInSent = true;

        if(isset($_SERVER["REQUEST_METHOD"]))
            self::$method = self::filterEvilInput($_SERVER["REQUEST_METHOD"], self::LETTERS_ONLY);
        // TODO check IPv6 addresses
        if(isset($_SERVER["REMOTE_ADDR"]))
            self::$remoteAddr = self::filterEvilInput($_SERVER["REMOTE_ADDR"], self::NUMBERSDOT_ONLY);

        // in protocol version > 14 mobile send these inputs as encoded query string
        if (!isset(self::$command) && !empty($_SERVER['QUERY_STRING']) && Utils::IsBase64String($_SERVER['QUERY_STRING'])) {
            $query = Utils::DecodeBase64URI($_SERVER['QUERY_STRING']);
            if (!isset(self::$command) && isset($query['Command']))
                self::$command = Utils::GetCommandFromCode($query['Command']);

            if (!isset(self::$getUser) && isset($query[self::COMMANDPARAM_USER]))
                self::$getUser = $query[self::COMMANDPARAM_USER];

            if (!isset(self::$devid) && isset($query['DevID']))
                self::$devid = self::filterEvilInput($query['DevID'], self::WORDCHAR_ONLY);

            if (!isset(self::$devtype) && isset($query['DevType']))
                self::$devtype = self::filterEvilInput($query['DevType'], self::LETTERS_ONLY);

            if (isset($query['PolKey']))
                self::$policykey = (int) self::filterEvilInput($query['PolKey'], self::NUMBERS_ONLY);

            if (isset($query['ProtVer']))
                self::$asProtocolVersion = self::filterEvilInput($query['ProtVer'], self::NUMBERS_ONLY) / 10;

            if (isset($query[self::COMMANDPARAM_ATTACHMENTNAME]))
                self::$attachmentName = self::filterEvilInput($query[self::COMMANDPARAM_ATTACHMENTNAME], self::HEX_EXTENDED);

            if (isset($query[self::COMMANDPARAM_COLLECTIONID]))
                self::$collectionId = self::filterEvilInput($query[self::COMMANDPARAM_COLLECTIONID], self::HEX_ONLY);

            if (isset($query[self::COMMANDPARAM_ITEMID]))
                self::$itemId = self::filterEvilInput($query[self::COMMANDPARAM_ITEMID], self::HEX_ONLY);

            if (isset($query[self::COMMANDPARAM_OPTIONS]) && ($query[self::COMMANDPARAM_OPTIONS] & 1))
                self::$saveInSent = true;
        }

        // in base64 encoded query string user is not necessarily set
        if (!isset(self::$getUser) && isset($_SERVER['PHP_AUTH_USER']))
            list(self::$getUser,) = Utils::SplitDomainUser($_SERVER['PHP_AUTH_USER']);
    }

Here is the call graph for this function:

static Request::IsMethodGET ( ) [static]

Indicates if Z-Push was called with a GET request.

public

Returns:
boolean

Definition at line 501 of file request.php.

                                         {
        return (self::$method == "GET");
    }
static Request::IsMethodOPTIONS ( ) [static]

Indicates if Z-Push was called with a OPTIONS request.

public

Returns:
boolean

Definition at line 511 of file request.php.

                                             {
        return (self::$method == "OPTIONS");
    }
static Request::IsMethodPOST ( ) [static]

Indicates if Z-Push was called with a POST request.

public

Returns:
boolean

Definition at line 491 of file request.php.

                                          {
        return (self::$method == "POST");
    }
static Request::IsValidDeviceID ( ) [static]

Sometimes strange device ids are sumbitted No device information should be saved when this happens.

public

Returns:
boolean false if invalid

Definition at line 522 of file request.php.

                                             {
        if (self::GetDeviceID() === "validate" || self::GetDeviceID() === "webservice")
            return false;
        else
            return true;
    }

Here is the caller graph for this function:

static Request::ProcessHeaders ( ) [static]

Reads and processes the request headers.

public

Returns:

Definition at line 181 of file request.php.

                                            {
        self::$headers = array_change_key_case(apache_request_headers(), CASE_LOWER);
        self::$useragent = (isset(self::$headers["user-agent"]))? self::$headers["user-agent"] : self::UNKNOWN;
        if (!isset(self::$asProtocolVersion))
            self::$asProtocolVersion = (isset(self::$headers["ms-asprotocolversion"]))? self::filterEvilInput(self::$headers["ms-asprotocolversion"], self::NUMBERSDOT_ONLY) : ZPush::GetLatestSupportedASVersion();

        //if policykey is not yet set, try to set it from the header
        //the policy key might be set in Request::Initialize from the base64 encoded query
        if (!isset(self::$policykey)) {
            if (isset(self::$headers["x-ms-policykey"]))
                self::$policykey = (int) self::filterEvilInput(self::$headers["x-ms-policykey"], self::NUMBERS_ONLY);
            else
                self::$policykey = 0;
        }

        if (!empty($_SERVER['QUERY_STRING']) && Utils::IsBase64String($_SERVER['QUERY_STRING'])) {
            ZLog::Write(LOGLEVEL_DEBUG, "Using data from base64 encoded query string");
            if (isset(self::$policykey))
                self::$headers["x-ms-policykey"] = self::$policykey;

            if (isset(self::$asProtocolVersion))
                self::$headers["ms-asprotocolversion"] = self::$asProtocolVersion;
        }
        ZLog::Write(LOGLEVEL_DEBUG, sprintf("Request::ProcessHeaders() ASVersion: %s", self::$asProtocolVersion));
    }

Here is the call graph for this function:

static Request::WasPolicyKeySent ( ) [static]

Indicates if a policy key was sent by the device.

public

Returns:
boolean

Definition at line 481 of file request.php.

                                              {
        return isset(self::$headers["x-ms-policykey"]);
    }

Here is the caller graph for this function:


Member Data Documentation

Request::$asProtocolVersion [static, private]

Definition at line 88 of file request.php.

Request::$attachmentName [static, private]

Definition at line 91 of file request.php.

Request::$authDomain [static, private]

Definition at line 86 of file request.php.

Request::$authPassword [static, private]

Definition at line 87 of file request.php.

Request::$authUser [static, private]

Definition at line 85 of file request.php.

Request::$collectionId [static, private]

Definition at line 92 of file request.php.

Request::$command [static, private]

Definition at line 78 of file request.php.

Request::$device [static, private]

Definition at line 79 of file request.php.

Request::$devid [static, private]

Definition at line 83 of file request.php.

Request::$devtype [static, private]

Definition at line 84 of file request.php.

Request::$getparameters [static, private]

Definition at line 77 of file request.php.

Request::$getUser [static, private]

Definition at line 82 of file request.php.

Request::$headers [static, private]

Definition at line 76 of file request.php.

Request::$input [static, private]

Definition at line 74 of file request.php.

Request::$itemId [static, private]

Definition at line 93 of file request.php.

Request::$longId [static, private]

Definition at line 94 of file request.php.

Request::$method [static, private]

Definition at line 80 of file request.php.

Request::$occurence [static, private]

Definition at line 95 of file request.php.

Request::$output [static, private]

Definition at line 75 of file request.php.

Request::$policykey [static, private]

Definition at line 89 of file request.php.

Request::$remoteAddr [static, private]

Definition at line 81 of file request.php.

Request::$saveInSent [static, private]

Definition at line 96 of file request.php.

Request::$useragent [static, private]

Definition at line 90 of file request.php.

Command parameters for base64 encoded requests (AS >= 12.1)

Definition at line 61 of file request.php.

Definition at line 62 of file request.php.

Definition at line 63 of file request.php.

Definition at line 64 of file request.php.

Definition at line 65 of file request.php.

Definition at line 67 of file request.php.

Definition at line 68 of file request.php.

Definition at line 72 of file request.php.

Definition at line 71 of file request.php.

Definition at line 66 of file request.php.

Definition at line 69 of file request.php.

Definition at line 56 of file request.php.

const Request::HEX_ONLY = 2

Definition at line 52 of file request.php.

self::filterEvilInput() options

Definition at line 51 of file request.php.

Definition at line 54 of file request.php.

Definition at line 55 of file request.php.

const Request::UNKNOWN = "unknown"

Definition at line 46 of file request.php.

Definition at line 53 of file request.php.


The documentation for this class was generated from the following file: