X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FAjaxDispatcher.php;h=5bc9f06742739c3d26fcf30179e4a8f86b50e6e7;hb=57310ab838072148455c805a0a5c8bb64b6b0aba;hp=bb4709bb40afb108885c8f5fc42868b1253fea5f;hpb=113bb1c772d2ddb70345e5027676338ad00f1c2a;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/AjaxDispatcher.php b/includes/AjaxDispatcher.php
index bb4709bb40..5bc9f06742 100644
--- a/includes/AjaxDispatcher.php
+++ b/includes/AjaxDispatcher.php
@@ -1,83 +1,131 @@
 <?php
-
-if( !defined( 'MEDIAWIKI' ) )
-        die( 1 );
-
-if ( ! $wgUseAjax ) {
-	die( 1 );
-}
-
-require_once( 'AjaxFunctions.php' );
+/**
+ * @defgroup Ajax Ajax
+ *
+ * @file
+ * @ingroup Ajax
+ * Handle ajax requests and send them to the proper handler.
+ */
 
 /**
- * @todo Document - e.g. Provide top-level description of this class.
+ * Object-Oriented Ajax functions.
+ * @ingroup Ajax
  */
 class AjaxDispatcher {
-	var $mode;
-	var $func_name;
-	var $args;
+	/** The way the request was made, either a 'get' or a 'post' */
+	private $mode;
+
+	/** Name of the requested handler */
+	private $func_name;
+
+	/** Arguments passed */
+	private $args;
 
+	/** Load up our object with user supplied data */
 	function __construct() {
 		wfProfileIn( __METHOD__ );
 
 		$this->mode = "";
 
-		if (! empty($_GET["rs"])) {
+		if ( ! empty( $_GET["rs"] ) ) {
 			$this->mode = "get";
 		}
 
-		if (!empty($_POST["rs"])) {
+		if ( !empty( $_POST["rs"] ) ) {
 			$this->mode = "post";
 		}
 
-		if ($this->mode == "get") {
-			$this->func_name = isset( $_GET["rs"] ) ? $_GET["rs"] : '';
-			if (! empty($_GET["rsargs"])) {
-				$this->args = $_GET["rsargs"];
-			} else {
-				$this->args = array();
-			}
-		} else {
-			$this->func_name = isset( $_POST["rs"] ) ? $_POST["rs"] : '';
-			if (! empty($_POST["rsargs"])) {
-				$this->args = $_POST["rsargs"];
-			} else {
-				$this->args = array();
-			}
+		switch( $this->mode ) {
+			case 'get':
+				$this->func_name = isset( $_GET["rs"] ) ? $_GET["rs"] : '';
+				if ( ! empty( $_GET["rsargs"] ) ) {
+					$this->args = $_GET["rsargs"];
+				} else {
+					$this->args = array();
+				}
+				break;
+			case 'post':
+				$this->func_name = isset( $_POST["rs"] ) ? $_POST["rs"] : '';
+				if ( ! empty( $_POST["rsargs"] ) ) {
+					$this->args = $_POST["rsargs"];
+				} else {
+					$this->args = array();
+				}
+				break;
+			default:
+				wfProfileOut( __METHOD__ );
+				return;
+				# Or we could throw an exception:
+				# throw new MWException( __METHOD__ . ' called without any data (mode empty).' );
 		}
+
 		wfProfileOut( __METHOD__ );
 	}
 
+	/** Pass the request to our internal function.
+	 * BEWARE! Data are passed as they have been supplied by the user,
+	 * they should be carefully handled in the function processing the
+	 * request.
+	 */
 	function performAction() {
-		global $wgAjaxExportList, $wgOut;
+		global $wgAjaxExportList, $wgOut, $wgUser;
 
 		if ( empty( $this->mode ) ) {
 			return;
 		}
+
 		wfProfileIn( __METHOD__ );
 
-		if (! in_array( $this->func_name, $wgAjaxExportList ) ) {
-			wfHttpError( 400, 'Bad Request',
-				"unknown function " . (string) $this->func_name );
+		if ( ! in_array( $this->func_name, $wgAjaxExportList ) ) {
+			wfDebug( __METHOD__ . ' Bad Request for unknown function ' . $this->func_name . "\n" );
+
+			wfHttpError(
+				400,
+				'Bad Request',
+				"unknown function " . (string) $this->func_name
+			);
+		} elseif ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) 
+			&& !$wgUser->isAllowed( 'read' ) )
+		{
+			wfHttpError(
+				403,
+				'Forbidden',
+				'You must log in to view pages.' );
 		} else {
+			wfDebug( __METHOD__ . ' dispatching ' . $this->func_name . "\n" );
+
+			if ( strpos( $this->func_name, '::' ) !== false ) {
+				$func = explode( '::', $this->func_name, 2 );
+			} else {
+				$func = $this->func_name;
+			}
+
 			try {
-				$result = call_user_func_array($this->func_name, $this->args);
+				$result = call_user_func_array( $func, $this->args );
+
+				if ( $result === false || $result === null ) {
+					wfDebug( __METHOD__ . ' ERROR while dispatching '
+							. $this->func_name . "(" . var_export( $this->args, true ) . "): "
+							. "no data returned\n" );
 
-				if ( $result === false || $result === NULL ) {
 					wfHttpError( 500, 'Internal Error',
 						"{$this->func_name} returned no data" );
-				}
-				else {
+				} else {
 					if ( is_string( $result ) ) {
-						$result= new AjaxResponse( $result );
+						$result = new AjaxResponse( $result );
 					}
 
 					$result->sendHeaders();
 					$result->printText();
+
+					wfDebug( __METHOD__ . ' dispatch complete for ' . $this->func_name . "\n" );
 				}
+			} catch ( Exception $e ) {
+				wfDebug( __METHOD__ . ' ERROR while dispatching '
+						. $this->func_name . "(" . var_export( $this->args, true ) . "): "
+						. get_class( $e ) . ": " . $e->getMessage() . "\n" );
 
-			} catch (Exception $e) {
-				if (!headers_sent()) {
+				if ( !headers_sent() ) {
 					wfHttpError( 500, 'Internal Error',
 						$e->getMessage() );
 				} else {
@@ -86,9 +134,7 @@ class AjaxDispatcher {
 			}
 		}
 
-		wfProfileOut( __METHOD__ );
 		$wgOut = null;
+		wfProfileOut( __METHOD__ );
 	}
 }
-
-?>