Talenttic_survey/CATI_Tool
2
0
Fork 0
mirror of https://github.com/ACSPRI/queXS synced 2024-04-02 12:12:16 +00:00
Code Issues Releases Activity

Added a backport of Limesurvey CI Remote Control 2 functionality for adding a response.

Browse Source 
Can be used to insert a new response into a questionnaire via XML-RPC
Added xmlrpc package from: http://phpxmlrpc.sourceforge.net (new BSD licence compatible with GPL)
This commit is contained in:
azammitdcarf
2011-11-11 05:26:58 +00:00
parent a4935b7f08
commit bfe3f2470f
100 changed files with 20723 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

527
include/limesurvey/admin/classes/xmlrpc/debugger/action.php Normal file
View File

@@ -0,0 +1,527 @@
<?php
/**
* @version $Id: action.php 2 2009-03-16 20:22:51Z ggiunta $
* @author Gaetano Giunta
* @copyright (C) 2005-2008 G. Giunta
* @license code licensed under the BSD License: http://phpxmlrpc.sourceforge.net/license.txt
*
* @todo switch params for http compression from 0,1,2 to values to be used directly
* @todo use ob_start to catch debug info and echo it AFTER method call results?
* @todo be smarter in creating client stub for proxy/auth cases: only set appropriate property of client obj
**/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>XMLRPC Debugger</title>
<meta name="robots" content="index,nofollow" />
<style type="text/css">
<!--
body {border-top: 1px solid gray; padding: 1em; font-family: Verdana, Arial, Helvetica; font-size: 8pt;}
h3 {font-size: 9.5pt;}
h2 {font-size: 12pt;}
.dbginfo {padding: 1em; background-color: #EEEEEE; border: 1px dashed silver; font-family: monospace;}
#response {padding: 1em; margin-top: 1em; background-color: #DDDDDD; border: 1px solid gray; white-space: pre; font-family: monospace;}
table {padding: 2px; margin-top: 1em;}
th {background-color: navy; color: white; padding: 0.5em;}
td {padding: 0.5em; font-family: monospace;}
td form {margin: 0;}
.oddrow {background-color: #EEEEEE;}
.evidence {color: blue;}
#phpcode { background-color: #EEEEEE; padding: 1em; margin-top: 1em;}
-->
</style>
</head>
<body>
<?php
include(getcwd().'/common.php');
if ($action)
{
// make sure the script waits long enough for the call to complete...
if ($timeout)
set_time_limit($timeout+10);
include('xmlrpc.inc');
if ($wstype == 1)
{
@include('jsonrpc.inc');
if (!class_exists('jsonrpc_client'))
{
die('Error: to debug the jsonrpc protocol the jsonrpc.inc file is needed');
}
$clientclass = 'jsonrpc_client';
$msgclass = 'jsonrpcmsg';
$protoname = 'JSONRPC';
}
else
{
$clientclass = 'xmlrpc_client';
$msgclass = 'xmlrpcmsg';
$protoname = 'XMLRPC';
}
if ($port != "")
{
$client =& new $clientclass($path, $host, $port);
$server = "$host:$port$path";
} else {
$client =& new $clientclass($path, $host);
$server = "$host$path";
}
if ($protocol == 2)
{
$server = 'https://'.$server;
}
else
{
$server = 'http://'.$server;
}
if ($proxy != '') {
$pproxy = split(':', $proxy);
if (count($pproxy) > 1)
$pport = $pproxy[1];
else
$pport = 8080;
$client->setProxy($pproxy[0], $pport, $proxyuser, $proxypwd);
}
if ($protocol == 2)
{
$client->setSSLVerifyPeer($verifypeer);
$client->setSSLVerifyHost($verifyhost);
if ($cainfo)
{
$client->setCaCertificate($cainfo);
}
$httpprotocol = 'https';
}
else if ($protocol == 1)
$httpprotocol = 'http11';
else
$httpprotocol = 'http';
if ($username)
$client->setCredentials($username, $password, $authtype);
$client->setDebug($debug);
switch ($requestcompression) {
case 0:
$client->request_compression = '';
break;
case 1:
$client->request_compression = 'gzip';
break;
case 2:
$client->request_compression = 'deflate';
break;
}
switch ($responsecompression) {
case 0:
$client->accepted_compression = '';
break;
case 1:
$client->accepted_compression = array('gzip');
break;
case 2:
$client->accepted_compression = array('deflate');
break;
case 3:
$client->accepted_compression = array('gzip', 'deflate');
break;
}
$cookies = explode(',', $clientcookies);
foreach ($cookies as $cookie)
{
if (strpos($cookie, '='))
{
$cookie = explode('=', $cookie);
$client->setCookie(trim($cookie[0]), trim(@$cookie[1]));
}
}
$msg = array();
switch ($action) {
case 'wrap':
@include('xmlrpc_wrappers.inc');
if (!function_exists('build_remote_method_wrapper_code'))
{
die('Error: to enable creation of method stubs the xmlrpc_wrappers.inc file is needed');
}
// fall thru intentionally
case 'describe':
case 'wrap':
$msg[0] =& new $msgclass('system.methodHelp', null, $id);
$msg[0]->addparam(new xmlrpcval($method));
$msg[1] =& new $msgclass('system.methodSignature', null, $id+1);
$msg[1]->addparam(new xmlrpcval($method));
$actionname = 'Description of method "'.$method.'"';
break;
case 'list':
$msg[0] =& new $msgclass('system.listMethods', null, $id);
$actionname = 'List of available methods';
break;
case 'execute':
if (!payload_is_safe($payload))
die("Tsk tsk tsk, please stop it or I will have to call in the cops!");
$msg[0] =& new $msgclass($method, null, $id);
// hack! build xml payload by hand
if ($wstype == 1)
{
$msg[0]->payload = "{\n".
'"method": "' . $method . "\",\n\"params\": [" .
$payload .
"\n],\n\"id\": ";
// fix: if user gave an empty string, use NULL, or we'll break json syntax
if ($id == "")
{
$msg[0]->payload .= "null\n}";
}
else
{
if (is_numeric($id) || $id == 'false' || $id == 'true' || $id == 'null')
{
$msg[0]->payload .= "$id\n}";
}
else
{
$msg[0]->payload .= "\"$id\"\n}";
}
}
}
else
$msg[0]->payload = $msg[0]->xml_header() .
'<methodName>' . $method . "</methodName>\n<params>" .
$payload .
"</params>\n" . $msg[0]->xml_footer();
$actionname = 'Execution of method '.$method;
break;
default: // give a warning
$actionname = '[ERROR: unknown action] "'.$action.'"';
}
// Before calling execute, echo out brief description of action taken + date and time ???
// this gives good user feedback for long-running methods...
echo '<h2>'.htmlspecialchars($actionname).' on server '.htmlspecialchars($server)." ...</h2>\n";
flush();
$response = null;
// execute method(s)
if ($debug)
echo '<div class="dbginfo"><h2>Debug info:</h2>'; /// @todo use ob_start instead
$resp = array();
$mtime = explode(' ',microtime());
$time = (float)$mtime[0] + (float)$mtime[1];
foreach ($msg as $message)
{
// catch errors: for older xmlrpc libs, send does not return by ref
@$response =& $client->send($message, $timeout, $httpprotocol);
$resp[] = $response;
if (!$response || $response->faultCode())
break;
}
$mtime = explode(' ',microtime());
$time = (float)$mtime[0] + (float)$mtime[1] - $time;
if ($debug)
echo "</div>\n";
if ($response)
{
if ($response->faultCode())
{
// call failed! echo out error msg!
//echo '<h2>'.htmlspecialchars($actionname).' on server '.htmlspecialchars($server).'</h2>';
echo "<h3>$protoname call FAILED!</h3>\n";
echo "<p>Fault code: [" . htmlspecialchars($response->faultCode()) .
"] Reason: '" . htmlspecialchars($response->faultString()) . "'</p>\n";
echo (strftime("%d/%b/%Y:%H:%M:%S\n"));
}
else
{
// call succeeded: parse results
//echo '<h2>'.htmlspecialchars($actionname).' on server '.htmlspecialchars($server).'</h2>';
printf ("<h3>%s call(s) OK (%.2f secs.)</h3>\n", $protoname, $time);
echo (strftime("%d/%b/%Y:%H:%M:%S\n"));
switch ($action)
{
case 'list':
$v = $response->value();
if ($v->kindOf()=="array")
{
$max = $v->arraysize();
echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
echo "<thead>\n<tr><th>Method</th><th>Description</th></tr>\n</thead>\n<tbody>\n";
for($i=0; $i < $max; $i++)
{
$rec = $v->arraymem($i);
if ($i%2) $class=' class="oddrow"'; else $class = ' class="evenrow"';
echo ("<tr><td$class>".htmlspecialchars($rec->scalarval())."</td><td$class><form action=\"controller.php\" method=\"get\" target=\"frmcontroller\">".
"<input type=\"hidden\" name=\"host\" value=\"".htmlspecialchars($host)."\" />".
"<input type=\"hidden\" name=\"port\" value=\"".htmlspecialchars($port)."\" />".
"<input type=\"hidden\" name=\"path\" value=\"".htmlspecialchars($path)."\" />".
"<input type=\"hidden\" name=\"id\" value=\"".htmlspecialchars($id)."\" />".
"<input type=\"hidden\" name=\"debug\" value=\"$debug\" />".
"<input type=\"hidden\" name=\"username\" value=\"".htmlspecialchars($username)."\" />".
"<input type=\"hidden\" name=\"password\" value=\"".htmlspecialchars($password)."\" />".
"<input type=\"hidden\" name=\"authtype\" value=\"$authtype\" />".
"<input type=\"hidden\" name=\"verifyhost\" value=\"$verifyhost\" />".
"<input type=\"hidden\" name=\"verifypeer\" value=\"$verifypeer\" />".
"<input type=\"hidden\" name=\"cainfo\" value=\"".htmlspecialchars($cainfo)."\" />".
"<input type=\"hidden\" name=\"proxy\" value=\"".htmlspecialchars($proxy)."\" />".
"<input type=\"hidden\" name=\"proxyuser\" value=\"".htmlspecialchars($proxyuser)."\" />".
"<input type=\"hidden\" name=\"proxypwd\" value=\"".htmlspecialchars($proxypwd)."\" />".
"<input type=\"hidden\" name=\"responsecompression\" value=\"$responsecompression\" />".
"<input type=\"hidden\" name=\"requestcompression\" value=\"$requestcompression\" />".
"<input type=\"hidden\" name=\"clientcookies\" value=\"".htmlspecialchars($clientcookies)."\" />".
"<input type=\"hidden\" name=\"protocol\" value=\"$protocol\" />".
"<input type=\"hidden\" name=\"timeout\" value=\"".htmlspecialchars($timeout)."\" />".
"<input type=\"hidden\" name=\"method\" value=\"".$rec->scalarval()."\" />".
"<input type=\"hidden\" name=\"wstype\" value=\"$wstype\" />".
"<input type=\"hidden\" name=\"action\" value=\"describe\" />".
"<input type=\"hidden\" name=\"run\" value=\"now\" />".
"<input type=\"submit\" value=\"Describe\" /></form></td>");
//echo("</tr>\n");
// generate lo scheletro per il method payload per eventuali test
//$methodpayload="<methodCall>\n<methodName>".$rec->scalarval()."</methodName>\n<params>\n<param><value></value></param>\n</params>\n</methodCall>";
/*echo ("<form action=\"{$_SERVER['PHP_SELF']}\" method=\"get\"><td>".
"<input type=\"hidden\" name=\"host\" value=\"$host\" />".
"<input type=\"hidden\" name=\"port\" value=\"$port\" />".
"<input type=\"hidden\" name=\"path\" value=\"$path\" />".
"<input type=\"hidden\" name=\"method\" value=\"".$rec->scalarval()."\" />".
"<input type=\"hidden\" name=\"methodpayload\" value=\"$payload\" />".
"<input type=\"hidden\" name=\"action\" value=\"execute\" />".
"<input type=\"submit\" value=\"Test\" /></td></form>");*/
echo("</tr>\n");
}
echo "</tbody>\n</table>";
}
break;
case 'describe':
$r1 = $resp[0]->value();
$r2 = $resp[1]->value();
echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
echo "<thead>\n<tr><th>Method</th><th>".htmlspecialchars($method)."</th><th>&nbsp;</th><th>&nbsp;</th></tr>\n</thead>\n<tbody>\n";
$desc = htmlspecialchars($r1->scalarval());
if ($desc == "")
$desc = "-";
echo "<tr><td class=\"evenrow\">Description</td><td colspan=\"3\" class=\"evenrow\">$desc</td></tr>\n";
$payload="";
$alt_payload="";
if ($r2->kindOf()!="array")
echo "<tr><td class=\"oddrow\">Signature</td><td class=\"oddrow\">Unknown</td><td class=\"oddrow\">&nbsp;</td></tr>\n";
else
{
for($i=0; $i < $r2->arraysize(); $i++)
{
if ($i+1%2) $class=' class="oddrow"'; else $class = ' class="evenrow"';
echo "<tr><td$class>Signature&nbsp;".($i+1)."</td><td$class>";
$x = $r2->arraymem($i);
if ($x->kindOf()=="array")
{
$ret = $x->arraymem(0);
echo "<code>OUT:&nbsp;" . htmlspecialchars($ret->scalarval()) . "<br />IN: (";
if ($x->arraysize() > 1)
{
for($k = 1; $k < $x->arraysize(); $k++)
{
$y = $x->arraymem($k);
echo $y->scalarval();
if ($wstype != 1)
{
$payload = $payload . '<param><value><'.htmlspecialchars($y->scalarval()).'></'.htmlspecialchars($y->scalarval())."></value></param>\n";
}
$alt_payload .= $y->scalarval();
if ($k < $x->arraysize()-1)
{
$alt_payload .= ';';
echo ", ";
}
}
}
echo ")</code>";
}
else
{
echo 'Unknown';
}
echo '</td>';
//bottone per testare questo metodo
//$payload="<methodCall>\n<methodName>$method</methodName>\n<params>\n$payload</params>\n</methodCall>";
echo "<td$class><form action=\"controller.php\" target=\"frmcontroller\" method=\"get\">".
"<input type=\"hidden\" name=\"host\" value=\"".htmlspecialchars($host)."\" />".
"<input type=\"hidden\" name=\"port\" value=\"".htmlspecialchars($port)."\" />".
"<input type=\"hidden\" name=\"path\" value=\"".htmlspecialchars($path)."\" />".
"<input type=\"hidden\" name=\"id\" value=\"".htmlspecialchars($id)."\" />".
"<input type=\"hidden\" name=\"debug\" value=\"$debug\" />".
"<input type=\"hidden\" name=\"username\" value=\"".htmlspecialchars($username)."\" />".
"<input type=\"hidden\" name=\"password\" value=\"".htmlspecialchars($password)."\" />".
"<input type=\"hidden\" name=\"authtype\" value=\"$authtype\" />".
"<input type=\"hidden\" name=\"verifyhost\" value=\"$verifyhost\" />".
"<input type=\"hidden\" name=\"verifypeer\" value=\"$verifypeer\" />".
"<input type=\"hidden\" name=\"cainfo\" value=\"".htmlspecialchars($cainfo)."\" />".
"<input type=\"hidden\" name=\"proxy\" value=\"".htmlspecialchars($proxy)."\" />".
"<input type=\"hidden\" name=\"proxyuser\" value=\"".htmlspecialchars($proxyuser)."\" />".
"<input type=\"hidden\" name=\"proxypwd\" value=\"".htmlspecialchars($proxypwd)."\" />".
"<input type=\"hidden\" name=\"responsecompression\" value=\"$responsecompression\" />".
"<input type=\"hidden\" name=\"requestcompression\" value=\"$requestcompression\" />".
"<input type=\"hidden\" name=\"clientcookies\" value=\"".htmlspecialchars($clientcookies)."\" />".
"<input type=\"hidden\" name=\"protocol\" value=\"$protocol\" />".
"<input type=\"hidden\" name=\"timeout\" value=\"".htmlspecialchars($timeout)."\" />".
"<input type=\"hidden\" name=\"method\" value=\"".htmlspecialchars($method)."\" />".
"<input type=\"hidden\" name=\"methodpayload\" value=\"".htmlspecialchars($payload)."\" />".
"<input type=\"hidden\" name=\"altmethodpayload\" value=\"".htmlspecialchars($alt_payload)."\" />".
"<input type=\"hidden\" name=\"wstype\" value=\"$wstype\" />".
"<input type=\"hidden\" name=\"action\" value=\"execute\" />";
if ($wstype != 1)
echo "<input type=\"submit\" value=\"Load method synopsis\" />";
echo "</form></td>\n";
echo "<td$class><form action=\"controller.php\" target=\"frmcontroller\" method=\"get\">".
"<input type=\"hidden\" name=\"host\" value=\"".htmlspecialchars($host)."\" />".
"<input type=\"hidden\" name=\"port\" value=\"".htmlspecialchars($port)."\" />".
"<input type=\"hidden\" name=\"path\" value=\"".htmlspecialchars($path)."\" />".
"<input type=\"hidden\" name=\"id\" value=\"".htmlspecialchars($id)."\" />".
"<input type=\"hidden\" name=\"debug\" value=\"$debug\" />".
"<input type=\"hidden\" name=\"username\" value=\"".htmlspecialchars($username)."\" />".
"<input type=\"hidden\" name=\"password\" value=\"".htmlspecialchars($password)."\" />".
"<input type=\"hidden\" name=\"authtype\" value=\"$authtype\" />".
"<input type=\"hidden\" name=\"verifyhost\" value=\"$verifyhost\" />".
"<input type=\"hidden\" name=\"verifypeer\" value=\"$verifypeer\" />".
"<input type=\"hidden\" name=\"cainfo\" value=\"".htmlspecialchars($cainfo)."\" />".
"<input type=\"hidden\" name=\"proxy\" value=\"".htmlspecialchars($proxy)."\" />".
"<input type=\"hidden\" name=\"proxyuser\" value=\"".htmlspecialchars($proxyuser)."\" />".
"<input type=\"hidden\" name=\"proxypwd\" value=\"".htmlspecialchars($proxypwd)."\" />".
"<input type=\"hidden\" name=\"responsecompression\" value=\"$responsecompression\" />".
"<input type=\"hidden\" name=\"requestcompression\" value=\"$requestcompression\" />".
"<input type=\"hidden\" name=\"clientcookies\" value=\"".htmlspecialchars($clientcookies)."\" />".
"<input type=\"hidden\" name=\"protocol\" value=\"$protocol\" />".
"<input type=\"hidden\" name=\"timeout\" value=\"".htmlspecialchars($timeout)."\" />".
"<input type=\"hidden\" name=\"method\" value=\"".htmlspecialchars($method)."\" />".
"<input type=\"hidden\" name=\"methodsig\" value=\"".$i."\" />".
"<input type=\"hidden\" name=\"methodpayload\" value=\"".htmlspecialchars($payload)."\" />".
"<input type=\"hidden\" name=\"altmethodpayload\" value=\"".htmlspecialchars($alt_payload)."\" />".
"<input type=\"hidden\" name=\"wstype\" value=\"$wstype\" />".
"<input type=\"hidden\" name=\"run\" value=\"now\" />".
"<input type=\"hidden\" name=\"action\" value=\"wrap\" />".
"<input type=\"submit\" value=\"Generate method call stub code\" />";
echo "</form></td></tr>\n";
}
}
echo "</tbody>\n</table>";
break;
case 'wrap':
$r1 = $resp[0]->value();
$r2 = $resp[1]->value();
if ($r2->kindOf()!="array" || $r2->arraysize() <= $methodsig)
echo "Error: signature unknown\n";
else
{
$mdesc = $r1->scalarval();
$msig = php_xmlrpc_decode($r2);
$msig = $msig[$methodsig];
$proto = $protocol == 2 ? 'https' : $protocol == 1 ? 'http11' : '';
if ($proxy == '' && $username == '' && !$requestcompression && !$responsecompression &&
$clientcookies == '')
{
$opts = 0; // simple client copy in stub code
}
else
{
$opts = 1; // complete client copy in stub code
}
if ($wstype == 1)
{
$prefix = 'jsonrpc';
}
else
{
$prefix = 'xmlrpc';
}
//$code = wrap_xmlrpc_method($client, $method, $methodsig, 0, $proto, '', $opts);
$code = build_remote_method_wrapper_code($client, $method, str_replace('.', '_', $prefix.'_'.$method), $msig, $mdesc, $timeout, $proto, $opts, $prefix);
//if ($code)
//{
echo "<div id=\"phpcode\">\n";
highlight_string("<?php\n".$code['docstring'].$code['source'].'?>');
echo "\n</div>";
//}
//else
//{
// echo 'Error while building php code stub...';
}
break;
case 'execute':
echo '<div id="response"><h2>Response:</h2>'.htmlspecialchars($response->serialize()).'</div>';
break;
default: // give a warning
}
} // if !$response->faultCode()
} // if $response
}
else
{
// no action taken yet: give some instructions on debugger usage
?>
<h3>Instructions on usage of the debugger:</h3>
<ol>
<li>Run a 'list available methods' action against desired server</li>
<li>If list of methods appears, click on 'describe method' for desired method</li>
<li>To run method: click on 'load method synopsis' for desired method. This will load a skeleton for method call parameters in the form above. Complete all xmlrpc values with appropriate data and click 'Execute'</li>
</ol>
<?php
if (!extension_loaded('curl'))
{
echo "<p class=\"evidence\">You will need to enable the CURL extension to use the HTTPS and HTTP 1.1 transports</p>\n";
}
?>
<h3>Example:</h3>
<p>
Server Address: phpxmlrpc.sourceforge.net<br/>
Path: /server.php
</p>
<h3>Notice:</h3>
<p>all usernames and passwords entered on the above form will be written to the web server logs of this server. Use with care.</p>
<h3>Changelog</h3>
<ul>
<li>2007-02-20: add visual editor for method payload; allow strings, bools as jsonrpc msg id</li>
<li>2006-06-26: support building php code stub for calling remote methods</li>
<li>2006-05-25: better support for long running queries; check for no-curl installs</li>
<li>2006-05-02: added support for JSON-RPC. Note that many interesting json-rpc features are not implemented yet, such as notifications or multicall.</li>
<li>2006-04-22: added option for setting custom CA certs to verify peer with in SSLmode</li>
<li>2006-03-05: added option for setting Basic/Digest/NTLM auth type</li>
<li>2006-01-18: added option echoing to screen xmlrpc request before sending it ('More' debug)</li>
<li>2005-10-01: added option for setting cookies to be sent to server</li>
<li>2005-08-07: added switches for compression of requests and responses and http 1.1</li>
<li>2005-06-27: fixed possible security breach in parsing malformed xml</li>
<li>2005-06-24: fixed error with calling methods having parameters...</li>
</ul>
<?php
}
?>
</body>
</html>

135
include/limesurvey/admin/classes/xmlrpc/debugger/common.php Normal file
View File

@@ -0,0 +1,135 @@
<?php
/**
* @version $Id: common.php 2 2009-03-16 20:22:51Z ggiunta $
* @author Gaetano Giunta
* @copyright (C) 2005-2008 G. Giunta
* @license code licensed under the BSD License: http://phpxmlrpc.sourceforge.net/license.txt
*
* @todo switch params for http compression from 0,1,2 to values to be used directly
* @todo do some more sanitization of received parameters
*/
// work around magic quotes
if (get_magic_quotes_gpc())
{
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_GET = array_map('stripslashes_deep', $_GET);
}
if ( isset( $_GET['usepost'] ) && $_GET['usepost'] === 'true' )
{
$_GET = $_POST;
}
// recover input parameters
$debug = false;
$protocol = 0;
$run = false;
$wstype = 0;
$id = '';
if (isset($_GET['action']))
{
if (isset($_GET['wstype']) && $_GET['wstype'] == '1')
{
$wstype = 1;
if (isset($_GET['id']))
$id = $_GET['id'];
}
$host = isset($_GET['host']) ? $_GET['host'] : 'localhost'; // using '' will trigger an xmlrpc error...
if (isset($_GET['protocol']) && ($_GET['protocol'] == '1' || $_GET['protocol'] == '2'))
$protocol = $_GET['protocol'];
if (strpos($host, 'http://') === 0)
$host = substr($host, 7);
else if (strpos($host, 'https://') === 0)
{
$host = substr($host, 8);
$protocol = 2;
}
$port = isset($_GET['port']) ? $_GET['port'] : '';
$path = isset($_GET['path']) ? $_GET['path'] : '';
// in case user forgot initial '/' in xmlrpc server path, add it back
if ($path && ($path[0]) != '/')
$path = '/'.$path;
if (isset($_GET['debug']) && ($_GET['debug'] == '1' || $_GET['debug'] == '2'))
$debug = $_GET['debug'];
$verifyhost = (isset($_GET['verifyhost']) && ($_GET['verifyhost'] == '1' || $_GET['verifyhost'] == '2')) ? $_GET['verifyhost'] : 0;
if (isset($_GET['verifypeer']) && $_GET['verifypeer'] == '1')
$verifypeer = true;
else
$verifypeer = false;
$cainfo= isset($_GET['cainfo']) ? $_GET['cainfo'] : '';
$proxy = isset($_GET['proxy']) ? $_GET['proxy'] : 0;
if (strpos($proxy, 'http://') === 0)
$proxy = substr($proxy, 7);
$proxyuser= isset($_GET['proxyuser']) ? $_GET['proxyuser'] : '';
$proxypwd = isset($_GET['proxypwd']) ? $_GET['proxypwd'] : '';
$timeout = isset($_GET['timeout']) ? $_GET['timeout'] : 0;
if (!is_numeric($timeout))
$timeout = 0;
$action = $_GET['action'];
$method = isset($_GET['method']) ? $_GET['method'] : '';
$methodsig = isset($_GET['methodsig']) ? $_GET['methodsig'] : 0;
$payload = isset($_GET['methodpayload']) ? $_GET['methodpayload'] : '';
$alt_payload = isset($_GET['altmethodpayload']) ? $_GET['altmethodpayload'] : '';
if (isset($_GET['run']) && $_GET['run'] == 'now')
$run = true;
$username = isset($_GET['username']) ? $_GET['username'] : '';
$password = isset($_GET['password']) ? $_GET['password'] : '';
$authtype = (isset($_GET['authtype']) && ($_GET['authtype'] == '2' || $_GET['authtype'] == '8')) ? $_GET['authtype'] : 1;
if (isset($_GET['requestcompression']) && ($_GET['requestcompression'] == '1' || $_GET['requestcompression'] == '2'))
$requestcompression = $_GET['requestcompression'];
else
$requestcompression = 0;
if (isset($_GET['responsecompression']) && ($_GET['responsecompression'] == '1' || $_GET['responsecompression'] == '2' || $_GET['responsecompression'] == '3'))
$responsecompression = $_GET['responsecompression'];
else
$responsecompression = 0;
$clientcookies = isset($_GET['clientcookies']) ? $_GET['clientcookies'] : '';
}
else
{
$host = '';
$port = '';
$path = '';
$action = '';
$method = '';
$methodsig = 0;
$payload = '';
$alt_payload = '';
$username = '';
$password = '';
$authtype = 1;
$verifyhost = 0;
$verifypeer = false;
$cainfo = '';
$proxy = '';
$proxyuser = '';
$proxypwd = '';
$timeout = 0;
$requestcompression = 0;
$responsecompression = 0;
$clientcookies = '';
}
// check input for known XMLRPC attacks against this or other libs
function payload_is_safe($input)
{
return true;
}
?>

321
include/limesurvey/admin/classes/xmlrpc/debugger/controller.php Normal file
View File

@@ -0,0 +1,321 @@
<?php
/**
* @version $Id: controller.php 2 2009-03-16 20:22:51Z ggiunta $
* @author Gaetano Giunta
* @copyright (C) 2005-2008 G. Giunta
* @license code licensed under the BSD License: http://phpxmlrpc.sourceforge.net/license.txt
*
* @todo add links to documentation from every option caption
* @todo switch params for http compression from 0,1,2 to values to be used directly
* @todo add a little bit more CSS formatting: we broke IE box model getting a width > 100%...
* @todo add support for more options, such as ntlm auth to proxy, or request charset encoding
*
* @todo parse content of payload textarea to be fed to visual editor
* @todo add http no-cache headers
**/
include(getcwd().'/common.php');
if ($action == '')
$action = 'list';
// relative path to the visual xmlrpc editing dialog
$editorpath = '../../javascript/';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>XMLRPC Debugger</title>
<meta name="robots" content="index,nofollow" />
<script type="text/javascript" language="Javascript">
if (window.name!='frmcontroller')
top.location.replace('index.php?run='+escape(self.location));
</script>
<!-- xmlrpc/jsonrpc base library -->
<script type="text/javascript" src="<?php echo $editorpath; ?>xmlrpc_lib.js"></script>
<script type="text/javascript" src="<?php echo $editorpath; ?>jsonrpc_lib.js"></script>
<style type="text/css">
<!--
html {overflow: -moz-scrollbars-vertical;}
body {padding: 0.5em; background-color: #EEEEEE; font-family: Verdana, Arial, Helvetica; font-size: 8pt;}
h1 {font-size: 12pt; margin: 0.5em;}
h2 {font-size: 10pt; display: inline; vertical-align: top;}
table {border: 1px solid gray; margin-bottom: 0.5em; padding: 0.25em; width: 100%;}
#methodpayload {display: inline;}
td {vertical-align: top; font-family: Verdana, Arial, Helvetica; font-size: 8pt;}
.labelcell {text-align: right;}
-->
</style>
<script language="JavaScript" type="text/javascript">
<!--
function verifyserver()
{
if (document.frmaction.host.value == '')
{
alert('Please insert a server name or address');
return false;
}
if (document.frmaction.path.value == '')
document.frmaction.path.value = '/';
var action = '';
for (counter = 0; counter < document.frmaction.action.length; counter++)
if (document.frmaction.action[counter].checked)
{
action = document.frmaction.action[counter].value;
}
if (document.frmaction.method.value == '' && (action == 'execute' || action == 'wrap' || action == 'describe'))
{
alert('Please insert a method name');
return false;
}
if (document.frmaction.authtype.value != '1' && document.frmaction.username.value == '')
{
alert('No username for authenticating to server: authentication disabled');
}
return true;
}
function switchaction()
{
// reset html layout depending on action to be taken
var action = '';
for (counter = 0; counter < document.frmaction.action.length; counter++)
if (document.frmaction.action[counter].checked)
{
action = document.frmaction.action[counter].value;
}
if (action == 'execute')
{
document.frmaction.methodpayload.disabled = false;
displaydialogeditorbtn(true);//if (document.getElementById('methodpayloadbtn') != undefined) document.getElementById('methodpayloadbtn').disabled = false;
document.frmaction.method.disabled = false;
document.frmaction.methodpayload.rows = 10;
}
else
{
document.frmaction.methodpayload.rows = 1;
if (action == 'describe' || action == 'wrap')
{
document.frmaction.methodpayload.disabled = true;
displaydialogeditorbtn(false); //if (document.getElementById('methodpayloadbtn') != undefined) document.getElementById('methodpayloadbtn').disabled = true;
document.frmaction.method.disabled = false;
}
else // list
{
document.frmaction.methodpayload.disabled = true;
displaydialogeditorbtn(false); //if (document.getElementById('methodpayloadbtn') != undefined) document.getElementById('methodpayloadbtn').disabled = false;
document.frmaction.method.disabled = true;
}
}
}
function switchssl()
{
if (document.frmaction.protocol.value != '2')
{
document.frmaction.verifypeer.disabled = true;
document.frmaction.verifyhost.disabled = true;
document.frmaction.cainfo.disabled = true;
}
else
{
document.frmaction.verifypeer.disabled = false;
document.frmaction.verifyhost.disabled = false;
document.frmaction.cainfo.disabled = false;
}
}
function switchauth()
{
if (document.frmaction.protocol.value != '0')
{
document.frmaction.authtype.disabled = false;
}
else
{
document.frmaction.authtype.disabled = true;
document.frmaction.authtype.value = 1;
}
}
function swicthcainfo()
{
if (document.frmaction.verifypeer.checked == true)
{
document.frmaction.cainfo.disabled = false;
}
else
{
document.frmaction.cainfo.disabled = true;
}
}
function switchtransport(is_json)
{
if (is_json == 0)
{
document.getElementById("idcell").style.visibility = 'hidden';
document.frmjsonrpc.yes.checked = false;
document.frmxmlrpc.yes.checked = true;
document.frmaction.wstype.value="0";
}
else
{
document.getElementById("idcell").style.visibility = 'visible';
document.frmjsonrpc.yes.checked = true;
document.frmxmlrpc.yes.checked = false;
document.frmaction.wstype.value="1";
}
}
function displaydialogeditorbtn(show)
{
if (show && ((typeof base64_decode) == 'function'))
{
document.getElementById('methodpayloadbtn').innerHTML = '[<a href="#" onclick="activateeditor(); return false;">Edit</a>]';
}
else
{
document.getElementById('methodpayloadbtn').innerHTML = '';
}
}
function activateeditor()
{
var url = '<?php echo $editorpath; ?>visualeditor.php?params=<?php echo $alt_payload; ?>';
if (document.frmaction.wstype.value == "1")
url += '&type=jsonrpc';
var wnd = window.open(url, '_blank', 'width=750, height=400, location=0, resizable=1, menubar=0, scrollbars=1');
}
// if javascript version of the lib is found, allow it to send us params
function buildparams(base64data)
{
if (typeof base64_decode == 'function')
{
if (base64data == '0') // workaround for bug in base64_encode...
document.getElementById('methodpayload').value = '';
else
document.getElementById('methodpayload').value = base64_decode(base64data);
}
}
// use GET for ease of refresh, switch to POST when payload is too big to fit in url (in IE: 2048 bytes! see http://support.microsoft.com/kb/q208427/)
function switchFormMethod()
{
/// @todo use a more precise calculation, adding the rest of the fields to the actual generated url lenght
if (document.frmaction.methodpayload.value.length > 1536 )
{
document.frmaction.action = 'action.php?usepost=true';
document.frmaction.method = 'post';
}
}
//-->
</script>
</head>
<body onload="switchtransport(<?php echo $wstype;?>); switchaction(); switchssl(); switchauth(); swicthcainfo();<?php if ($run) echo ' document.forms[2].submit();'; ?>">
<h1>XMLRPC <form name="frmxmlrpc" style="display: inline;" action="."><input name="yes" type="radio" onclick="switchtransport(0);"/></form>
/<form name="frmjsonrpc" style="display: inline;" action="."><input name="yes" type="radio" onclick="switchtransport(1);"/></form>JSONRPC Debugger (based on the <a href="http://phpxmlrpc.sourceforge.net">PHP-XMLRPC</a> library)</h1>
<form name="frmaction" method="get" action="action.php" target="frmaction" onSubmit="switchFormMethod();"
>
<table id="serverblock">
<tr>
<td><h2>Target server</h2></td>
<td class="labelcell">Address:</td><td><input type="text" name="host" value="<?php echo htmlspecialchars($host); ?>" /></td>
<td class="labelcell">Port:</td><td><input type="text" name="port" value="<?php echo htmlspecialchars($port); ?>" size="5" maxlength="5" /></td>
<td class="labelcell">Path:</td><td><input type="text" name="path" value="<?php echo htmlspecialchars($path); ?>" /></td>
</tr>
</table>
<table id="actionblock">
<tr>
<td><h2>Action</h2></td>
<td>List available methods<input type="radio" name="action" value="list"<?php if ($action=='list') echo ' checked="checked"'; ?> onclick="switchaction();" /></td>
<td>Describe method<input type="radio" name="action" value="describe"<?php if ($action=='describe') echo ' checked="checked"'; ?> onclick="switchaction();" /></td>
<td>Execute method<input type="radio" name="action" value="execute"<?php if ($action=='execute') echo ' checked="checked"'; ?> onclick="switchaction();" /></td>
<td>Generate stub for method call<input type="radio" name="action" value="wrap"<?php if ($action=='wrap') echo ' checked="checked"'; ?> onclick="switchaction();" /></td>
</tr>
</table>
<input type="hidden" name="methodsig" value="<?php echo htmlspecialchars($methodsig); ?>" />
<table id="methodblock">
<tr>
<td><h2>Method</h2></td>
<td class="labelcell">Name:</td><td><input type="text" name="method" value="<?php echo htmlspecialchars($method); ?>" /></td>
<td class="labelcell">Payload:<br/><div id="methodpayloadbtn"></div></td><td><textarea id="methodpayload" name="methodpayload" rows="1" cols="40"><?php echo htmlspecialchars($payload); ?></textarea></td>
<td class="labelcell" id="idcell">Msg id: <input type="text" name="id" size="3" value="<?php echo htmlspecialchars($id); ?>"/></td>
<td><input type="hidden" name="wstype" value="<?php echo $wstype;?>" />
<input type="submit" value="Execute" onclick="return verifyserver();"/></td>
</tr>
</table>
<table id="optionsblock">
<tr>
<td><h2>Client options</h2></td>
<td class="labelcell">Show debug info:</td><td><select name="debug">
<option value="0"<?php if ($debug == 0) echo ' selected="selected"'; ?>>No</option>
<option value="1"<?php if ($debug == 1) echo ' selected="selected"'; ?>>Yes</option>
<option value="2"<?php if ($debug == 2) echo ' selected="selected"'; ?>>More</option>
</select>
</td>
<td class="labelcell">Timeout:</td><td><input type="text" name="timeout" size="3" value="<?php if ($timeout > 0) echo $timeout; ?>" /></td>
<td class="labelcell">Protocol:</td><td><select name="protocol" onchange="switchssl(); switchauth(); swicthcainfo();">
<option value="0"<?php if ($protocol == 0) echo ' selected="selected"'; ?>>HTTP 1.0</option>
<option value="1"<?php if ($protocol == 1) echo ' selected="selected"'; ?>>HTTP 1.1</option>
<option value="2"<?php if ($protocol == 2) echo ' selected="selected"'; ?>>HTTPS</option>
</select></td>
</tr>
<tr>
<td class="labelcell">AUTH:</td>
<td class="labelcell">Username:</td><td><input type="text" name="username" value="<?php echo htmlspecialchars($username); ?>" /></td>
<td class="labelcell">Pwd:</td><td><input type="password" name="password" value="<?php echo htmlspecialchars($password); ?>" /></td>
<td class="labelcell">Type</td><td><select name="authtype">
<option value="1"<?php if ($authtype == 1) echo ' selected="selected"'; ?>>Basic</option>
<option value="2"<?php if ($authtype == 2) echo ' selected="selected"'; ?>>Digest</option>
<option value="8"<?php if ($authtype == 8) echo ' selected="selected"'; ?>>NTLM</option>
</select></td>
<td></td>
</tr>
<tr>
<td class="labelcell">SSL:</td>
<td class="labelcell">Verify Host's CN:</td><td><select name="verifyhost">
<option value="0"<?php if ($verifyhost == 0) echo ' selected="selected"'; ?>>No</option>
<option value="1"<?php if ($verifyhost == 1) echo ' selected="selected"'; ?>>Check CN existance</option>
<option value="2"<?php if ($verifyhost == 2) echo ' selected="selected"'; ?>>Check CN match</option>
</select></td>
<td class="labelcell">Verify Cert:</td><td><input type="checkbox" value="1" name="verifypeer" onclick="swicthcainfo();"<?php if ($verifypeer) echo ' checked="checked"'; ?> /></td>
<td class="labelcell">CA Cert file:</td><td><input type="text" name="cainfo" value="<?php echo htmlspecialchars($cainfo); ?>" /></td>
</tr>
<tr>
<td class="labelcell">PROXY:</td>
<td class="labelcell">Server:</td><td><input type="text" name="proxy" value="<?php echo htmlspecialchars($proxy); ?>" /></td>
<td class="labelcell">Proxy user:</td><td><input type="text" name="proxyuser" value="<?php echo htmlspecialchars($proxyuser); ?>" /></td>
<td class="labelcell">Proxy pwd:</td><td><input type="password" name="proxypwd" value="<?php echo htmlspecialchars($proxypwd); ?>" /></td>
</tr>
<tr>
<td class="labelcell">COMPRESSION:</td>
<td class="labelcell">Request:</td><td><select name="requestcompression">
<option value="0"<?php if ($requestcompression == 0) echo ' selected="selected"'; ?>>None</option>
<option value="1"<?php if ($requestcompression == 1) echo ' selected="selected"'; ?>>Gzip</option>
<option value="2"<?php if ($requestcompression == 2) echo ' selected="selected"'; ?>>Deflate</option>
</select></td>
<td class="labelcell">Response:</td><td><select name="responsecompression">
<option value="0"<?php if ($responsecompression == 0) echo ' selected="selected"'; ?>>None</option>
<option value="1"<?php if ($responsecompression == 1) echo ' selected="selected"'; ?>>Gzip</option>
<option value="2"<?php if ($responsecompression == 2) echo ' selected="selected"'; ?>>Deflate</option>
<option value="3"<?php if ($responsecompression == 3) echo ' selected="selected"'; ?>>Any</option>
</select></td>
<td></td>
</tr>
<tr>
<td class="labelcell">COOKIES:</td>
<td colspan="4" class="labelcell"><input type="text" name="clientcookies" size="80" value="<?php echo htmlspecialchars($clientcookies); ?>" /></td>
<td colspan="2">Format: 'cookie1=value1, cookie2=value2'</td>
</tr>
</table>
</form>
</body>
</html>

21
include/limesurvey/admin/classes/xmlrpc/debugger/index.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
// $Id: index.php 2 2009-03-16 20:22:51Z ggiunta $
$query = '';
if (isset($_GET['run']))
{
$path = parse_url($_GET['run']);
if (isset($path['query']))
$query = '?'.$path['query'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html>
<head>
<title>XMLRPC Debugger</title>
</head>
<frameset rows="360,*">
<frame name="frmcontroller" src="controller.php<?php echo htmlspecialchars($query); ?>" marginwidth="0" marginheight="0" frameborder="0" />
<frame name="frmaction" src="action.php" marginwidth="0" marginheight="0" frameborder="0" />
</frameset>
</html>