summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-05-14 13:25:55 (GMT)
committerAleksander Machniak <alec@alec.pl>2013-05-14 13:25:55 (GMT)
commit3a84dc361f190976924eee14fb5efbc02364121c (patch)
tree115f6eb43c766d55704a5018724f9e8457d316f7 /lib
parent6f1947f480f148824d3746f2672b2561956bf821 (diff)
downloadkolab-chwala-3a84dc361f190976924eee14fb5efbc02364121c.tar.gz
Use POST for modification requests (with JSON encoded body)
Diffstat (limited to 'lib')
-rw-r--r--lib/file_api.php75
1 files changed, 43 insertions, 32 deletions
diff --git a/lib/file_api.php b/lib/file_api.php
index fcc0fa6..4bed082 100644
--- a/lib/file_api.php
+++ b/lib/file_api.php
@@ -247,7 +247,7 @@ class file_api
return array();
case 'quit':
- $this->session->kill();
+ $this->session->destroy(session_id());
return array();
case 'configure':
@@ -272,27 +272,38 @@ class file_api
// init API driver
$this->api_init();
+ // GET arguments
+ $args = &$_GET;
+
+ // POST arguments (JSON)
+ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+ $post = file_get_contents('php://input');
+ $args += (array) json_decode($post, true);
+ unset($post);
+ }
+
+ // handle request
switch ($request) {
case 'file_list':
- $params = array('reverse' => !empty($_GET['reverse']) && rcube_utils::get_boolean($_GET['reverse']));
- if (!empty($_GET['sort'])) {
- $params['sort'] = strtolower($_GET['sort']);
+ $params = array('reverse' => !empty($args['reverse']) && rcube_utils::get_boolean($args['reverse']));
+ if (!empty($args['sort'])) {
+ $params['sort'] = strtolower($args['sort']);
}
- if (!empty($_GET['search'])) {
- $params['search'] = $_GET['search'];
+ if (!empty($args['search'])) {
+ $params['search'] = $args['search'];
if (!is_array($params['search'])) {
$params['search'] = array('name' => $params['search']);
}
}
- return $this->api->file_list($_GET['folder'], $params);
+ return $this->api->file_list($args['folder'], $params);
- case 'file_create':
+ case 'file_upload':
// for Opera upload frame response cannot be application/json
$this->output_type = self::OUTPUT_HTML;
- if (!isset($_GET['folder']) || $_GET['folder'] === '') {
+ if (!isset($args['folder']) || $args['folder'] === '') {
throw new Exception("Missing folder name", file_api::ERROR_CODE);
}
@@ -300,7 +311,7 @@ class file_api
$result = array();
foreach ($uploads as $file) {
- $this->api->file_create($_GET['folder'] . self::PATH_SEPARATOR . $file['name'], $file);
+ $this->api->file_create($args['folder'] . self::PATH_SEPARATOR . $file['name'], $file);
unset($file['path']);
$result[$file['name']] = array(
'type' => $file['type'],
@@ -311,7 +322,7 @@ class file_api
return $result;
case 'file_delete':
- $files = (array) $_GET['file'];
+ $files = (array) $args['file'];
if (empty($files)) {
throw new Exception("Missing file name", file_api::ERROR_CODE);
@@ -323,26 +334,26 @@ class file_api
return;
case 'file_info':
- if (!isset($_GET['file']) || $_GET['file'] === '') {
+ if (!isset($args['file']) || $args['file'] === '') {
throw new Exception("Missing file name", file_api::ERROR_CODE);
}
- return $this->api->file_info($_GET['file']);
+ return $this->api->file_info($args['file']);
case 'file_get':
$this->output_type = self::OUTPUT_HTML;
- if (!isset($_GET['file']) || $_GET['file'] === '') {
+ if (!isset($args['file']) || $args['file'] === '') {
header("HTTP/1.0 ".file_api::ERROR_CODE." Missing file name");
}
$params = array(
- 'force-download' => !empty($_GET['force-download']) && rcube_utils::get_boolean($_GET['force-download']),
- 'force-type' => $_GET['force-type'],
+ 'force-download' => !empty($args['force-download']) && rcube_utils::get_boolean($args['force-download']),
+ 'force-type' => $args['force-type'],
);
try {
- $this->api->file_get($_GET['file'], $params);
+ $this->api->file_get($args['file'], $params);
}
catch (Exception $e) {
header("HTTP/1.0 " . file_api::ERROR_CODE . " " . $e->getMessage());
@@ -351,24 +362,24 @@ class file_api
case 'file_move':
case 'file_copy':
- if (!isset($_GET['file']) || $_GET['file'] === '') {
+ if (!isset($args['file']) || $args['file'] === '') {
throw new Exception("Missing file name", file_api::ERROR_CODE);
}
- if (is_array($_GET['file'])) {
- if (empty($_GET['file'])) {
+ if (is_array($args['file'])) {
+ if (empty($args['file'])) {
throw new Exception("Missing file name", file_api::ERROR_CODE);
}
}
else {
- if (!isset($_GET['new']) || $_GET['new'] === '') {
+ if (!isset($args['new']) || $args['new'] === '') {
throw new Exception("Missing new file name", file_api::ERROR_CODE);
}
- $_GET['file'] = array($_GET['file'] => $_GET['new']);
+ $args['file'] = array($args['file'] => $args['new']);
}
- $overwrite = !empty($_GET['overwrite']) && rcube_utils::get_boolean($_GET['overwrite']);
- $files = (array) $_GET['file'];
+ $overwrite = !empty($args['overwrite']) && rcube_utils::get_boolean($args['overwrite']);
+ $files = (array) $args['file'];
$errors = array();
foreach ($files as $file => $new_file) {
@@ -411,28 +422,28 @@ class file_api
return;
case 'folder_create':
- if (!isset($_GET['folder']) || $_GET['folder'] === '') {
+ if (!isset($args['folder']) || $args['folder'] === '') {
throw new Exception("Missing folder name", file_api::ERROR_CODE);
}
- return $this->api->folder_create($_GET['folder']);
+ return $this->api->folder_create($args['folder']);
case 'folder_delete':
- if (!isset($_GET['folder']) || $_GET['folder'] === '') {
+ if (!isset($args['folder']) || $args['folder'] === '') {
throw new Exception("Missing folder name", file_api::ERROR_CODE);
}
- return $this->api->folder_delete($_GET['folder']);
+ return $this->api->folder_delete($args['folder']);
case 'folder_rename':
- if (!isset($_GET['folder']) || $_GET['folder'] === '') {
+ if (!isset($args['folder']) || $args['folder'] === '') {
throw new Exception("Missing source folder name", file_api::ERROR_CODE);
}
- if (!isset($_GET['new']) || $_GET['new'] === '') {
+ if (!isset($args['new']) || $args['new'] === '') {
throw new Exception("Missing destination folder name", file_api::ERROR_CODE);
}
- if ($_GET['new'] === $_GET['folder']) {
+ if ($args['new'] === $args['folder']) {
return;
}
- return $this->api->folder_rename($_GET['folder'], $_GET['new']);
+ return $this->api->folder_rename($args['folder'], $args['new']);
case 'folder_list':
return $this->api->folder_list();