smshine/programming
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
smshine
2026-02-07 09:46:32 +08:00
commit 5fcd5dc646
443 changed files with 89466 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

565
lib/phpxmlrpc/debugger/action.php Normal file
View File

@@ -0,0 +1,565 @@
<?php
/**
* @author Gaetano Giunta
* @copyright (C) 2005-2015 G. Giunta
* @license code licensed under the BSD License: see file license.txt
*
* @todo switch params for http compression from 0,1,2 to values to be used directly
* @todo use ob_start to catch debug info and echo it AFTER method call results?
* @todo be smarter in creating client stub for proxy/auth cases: only set appropriate property of client obj
**/
header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>XMLRPC Debugger</title>
<meta name="robots" content="index,nofollow"/>
<style type="text/css">
<!--
body {
border-top: 1px solid gray;
padding: 1em;
font-family: Verdana, Arial, Helvetica;
font-size: 8pt;
}
h3 {
font-size: 9.5pt;
}
h2 {
font-size: 12pt;
}
.dbginfo {
padding: 1em;
background-color: #EEEEEE;
border: 1px dashed silver;
font-family: monospace;
}
#response {
padding: 1em;
margin-top: 1em;
background-color: #DDDDDD;
border: 1px solid gray;
white-space: pre;
font-family: monospace;
}
table {
padding: 2px;
margin-top: 1em;
}
th {
background-color: navy;
color: white;
padding: 0.5em;
}
td {
padding: 0.5em;
font-family: monospace;
}
td form {
margin: 0;
}
.oddrow {
background-color: #EEEEEE;
}
.evidence {
color: blue;
}
#phpcode {
background-color: #EEEEEE;
padding: 1em;
margin-top: 1em;
}
-->
</style>
</head>
<body>
<?php
include __DIR__ . '/common.php';
if ($action) {
include_once __DIR__ . "/../src/Autoloader.php";
PhpXmlRpc\Autoloader::register();
// make sure the script waits long enough for the call to complete...
if ($timeout) {
set_time_limit($timeout + 10);
}
if ($wstype == 1) {
@include 'jsonrpc.inc';
if (!class_exists('jsonrpc_client')) {
die('Error: to debug the jsonrpc protocol the jsonrpc.inc file is needed');
}
$clientClass = 'PhpJsRpc\Client';
$requestClass = 'PhpJsRpc\Request';
$protoName = 'JSONRPC';
} else {
$clientClass = 'PhpXmlRpc\Client';
$requestClass = 'PhpXmlRpc\Request';
$protoName = 'XMLRPC';
}
if ($port != "") {
$client = new $clientClass($path, $host, $port);
$server = "$host:$port$path";
} else {
$client = new $clientClass($path, $host);
$server = "$host$path";
}
if ($protocol == 2) {
$server = 'https://' . $server;
} else {
$server = 'http://' . $server;
}
if ($proxy != '') {
$pproxy = explode(':', $proxy);
if (count($pproxy) > 1) {
$pport = $pproxy[1];
} else {
$pport = 8080;
}
$client->setProxy($pproxy[0], $pport, $proxyuser, $proxypwd);
}
if ($protocol == 2) {
$client->setSSLVerifyPeer($verifypeer);
$client->setSSLVerifyHost($verifyhost);
if ($cainfo) {
$client->setCaCertificate($cainfo);
}
$httpprotocol = 'https';
} elseif ($protocol == 1) {
$httpprotocol = 'http11';
} else {
$httpprotocol = 'http';
}
if ($username) {
$client->setCredentials($username, $password, $authtype);
}
$client->setDebug($debug);
switch ($requestcompression) {
case 0:
$client->request_compression = '';
break;
case 1:
$client->request_compression = 'gzip';
break;
case 2:
$client->request_compression = 'deflate';
break;
}
switch ($responsecompression) {
case 0:
$client->accepted_compression = '';
break;
case 1:
$client->accepted_compression = array('gzip');
break;
case 2:
$client->accepted_compression = array('deflate');
break;
case 3:
$client->accepted_compression = array('gzip', 'deflate');
break;
}
$cookies = explode(',', $clientcookies);
foreach ($cookies as $cookie) {
if (strpos($cookie, '=')) {
$cookie = explode('=', $cookie);
$client->setCookie(trim($cookie[0]), trim(@$cookie[1]));
}
}
$msg = array();
switch ($action) {
// fall thru intentionally
case 'describe':
case 'wrap':
$msg[0] = new $requestClass('system.methodHelp', array(), $id);
$msg[0]->addparam(new PhpXmlRpc\Value($method));
$msg[1] = new $requestClass('system.methodSignature', array(), $id + 1);
$msg[1]->addparam(new PhpXmlRpc\Value($method));
$actionname = 'Description of method "' . $method . '"';
break;
case 'list':
$msg[0] = new $requestClass('system.listMethods', array(), $id);
$actionname = 'List of available methods';
break;
case 'execute':
if (!payload_is_safe($payload)) {
die("Tsk tsk tsk, please stop it or I will have to call in the cops!");
}
$msg[0] = new $requestClass($method, array(), $id);
// hack! build xml payload by hand
if ($wstype == 1) {
$msg[0]->payload = "{\n" .
'"method": "' . $method . "\",\n\"params\": [" .
$payload .
"\n],\n\"id\": ";
// fix: if user gave an empty string, use NULL, or we'll break json syntax
if ($id == "") {
$msg[0]->payload .= "null\n}";
} else {
if (is_numeric($id) || $id == 'false' || $id == 'true' || $id == 'null') {
$msg[0]->payload .= "$id\n}";
} else {
$msg[0]->payload .= "\"$id\"\n}";
}
}
} else {
$msg[0]->payload = $msg[0]->xml_header($inputcharset) .
'<methodName>' . $method . "</methodName>\n<params>" .
$payload .
"</params>\n" . $msg[0]->xml_footer();
}
$actionname = 'Execution of method ' . $method;
break;
default: // give a warning
$actionname = '[ERROR: unknown action] "' . $action . '"';
}
// Before calling execute, echo out brief description of action taken + date and time ???
// this gives good user feedback for long-running methods...
echo '<h2>' . htmlspecialchars($actionname, ENT_COMPAT, $inputcharset) . ' on server ' . htmlspecialchars($server, ENT_COMPAT, $inputcharset) . " ...</h2>\n";
flush();
$response = null;
// execute method(s)
if ($debug) {
echo '<div class="dbginfo"><h2>Debug info:</h2>';
} /// @todo use ob_start instead
$resp = array();
$time = microtime(true);
foreach ($msg as $message) {
// catch errors: for older xmlrpc libs, send does not return by ref
@$response = $client->send($message, $timeout, $httpprotocol);
$resp[] = $response;
if (!$response || $response->faultCode()) {
break;
}
}
$time = microtime(true) - $time;
if ($debug) {
echo "</div>\n";
}
if ($response) {
if ($response->faultCode()) {
// call failed! echo out error msg!
//echo '<h2>'.htmlspecialchars($actionname, ENT_COMPAT, $inputcharset).' on server '.htmlspecialchars($server, ENT_COMPAT, $inputcharset).'</h2>';
echo "<h3>$protoName call FAILED!</h3>\n";
echo "<p>Fault code: [" . htmlspecialchars($response->faultCode(), ENT_COMPAT, \PhpXmlRpc\PhpXmlRpc::$xmlrpc_internalencoding) .
"] Reason: '" . htmlspecialchars($response->faultString(), ENT_COMPAT, \PhpXmlRpc\PhpXmlRpc::$xmlrpc_internalencoding) . "'</p>\n";
echo(strftime("%d/%b/%Y:%H:%M:%S\n"));
} else {
// call succeeded: parse results
//echo '<h2>'.htmlspecialchars($actionname, ENT_COMPAT, $inputcharset).' on server '.htmlspecialchars($server, ENT_COMPAT, $inputcharset).'</h2>';
printf("<h3>%s call(s) OK (%.2f secs.)</h3>\n", $protoName, $time);
echo(strftime("%d/%b/%Y:%H:%M:%S\n"));
switch ($action) {
case 'list':
$v = $response->value();
if ($v->kindOf() == "array") {
$max = $v->count();
echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
echo "<thead>\n<tr><th>Method ($max)</th><th>Description</th></tr>\n</thead>\n<tbody>\n";
foreach($v as $i => $rec) {
if ($i % 2) {
$class = ' class="oddrow"';
} else {
$class = ' class="evenrow"';
}
echo("<tr><td$class>" . htmlspecialchars($rec->scalarval(), ENT_COMPAT, \PhpXmlRpc\PhpXmlRpc::$xmlrpc_internalencoding) . "</td><td$class><form action=\"controller.php\" method=\"get\" target=\"frmcontroller\">" .
"<input type=\"hidden\" name=\"host\" value=\"" . htmlspecialchars($host, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"port\" value=\"" . htmlspecialchars($port, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"path\" value=\"" . htmlspecialchars($path, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"id\" value=\"" . htmlspecialchars($id, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"debug\" value=\"$debug\" />" .
"<input type=\"hidden\" name=\"username\" value=\"" . htmlspecialchars($username, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"password\" value=\"" . htmlspecialchars($password, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"authtype\" value=\"$authtype\" />" .
"<input type=\"hidden\" name=\"verifyhost\" value=\"$verifyhost\" />" .
"<input type=\"hidden\" name=\"verifypeer\" value=\"$verifypeer\" />" .
"<input type=\"hidden\" name=\"cainfo\" value=\"" . htmlspecialchars($cainfo, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"proxy\" value=\"" . htmlspecialchars($proxy, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"proxyuser\" value=\"" . htmlspecialchars($proxyuser, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"proxypwd\" value=\"" . htmlspecialchars($proxypwd, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"responsecompression\" value=\"$responsecompression\" />" .
"<input type=\"hidden\" name=\"requestcompression\" value=\"$requestcompression\" />" .
"<input type=\"hidden\" name=\"clientcookies\" value=\"" . htmlspecialchars($clientcookies, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"protocol\" value=\"$protocol\" />" .
"<input type=\"hidden\" name=\"timeout\" value=\"" . htmlspecialchars($timeout, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"method\" value=\"" . htmlspecialchars($rec->scalarval(), ENT_COMPAT, \PhpXmlRpc\PhpXmlRpc::$xmlrpc_internalencoding) . "\" />" .
"<input type=\"hidden\" name=\"wstype\" value=\"$wstype\" />" .
"<input type=\"hidden\" name=\"action\" value=\"describe\" />" .
"<input type=\"hidden\" name=\"run\" value=\"now\" />" .
"<input type=\"submit\" value=\"Describe\" /></form></td>");
//echo("</tr>\n");
// generate the skeleton for method payload per possible tests
//$methodpayload="<methodCall>\n<methodName>".$rec->scalarval()."</methodName>\n<params>\n<param><value></value></param>\n</params>\n</methodCall>";
/*echo ("<form action=\"{$_SERVER['PHP_SELF']}\" method=\"get\"><td>".
"<input type=\"hidden\" name=\"host\" value=\"$host\" />".
"<input type=\"hidden\" name=\"port\" value=\"$port\" />".
"<input type=\"hidden\" name=\"path\" value=\"$path\" />".
"<input type=\"hidden\" name=\"method\" value=\"".$rec->scalarval()."\" />".
"<input type=\"hidden\" name=\"methodpayload\" value=\"$payload\" />".
"<input type=\"hidden\" name=\"action\" value=\"execute\" />".
"<input type=\"submit\" value=\"Test\" /></td></form>");*/
echo("</tr>\n");
}
echo "</tbody>\n</table>";
}
break;
case 'describe':
$r1 = $resp[0]->value();
$r2 = $resp[1]->value();
echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
echo "<thead>\n<tr><th>Method</th><th>" . htmlspecialchars($method, ENT_COMPAT, $inputcharset) . "</th><th>&nbsp;</th><th>&nbsp;</th></tr>\n</thead>\n<tbody>\n";
$desc = htmlspecialchars($r1->scalarval(), ENT_COMPAT, \PhpXmlRpc\PhpXmlRpc::$xmlrpc_internalencoding);
if ($desc == "") {
$desc = "-";
}
echo "<tr><td class=\"evenrow\">Description</td><td colspan=\"3\" class=\"evenrow\">$desc</td></tr>\n";
if ($r2->kindOf() != "array") {
echo "<tr><td class=\"oddrow\">Signature</td><td class=\"oddrow\">Unknown</td><td class=\"oddrow\">&nbsp;</td></tr>\n";
} else {
foreach($r2 as $i => $x) {
$payload = "";
$alt_payload = "";
if ($i + 1 % 2) {
$class = ' class="oddrow"';
} else {
$class = ' class="evenrow"';
}
echo "<tr><td$class>Signature&nbsp;" . ($i + 1) . "</td><td$class>";
if ($x->kindOf() == "array") {
$ret = $x[0];
echo "<code>OUT:&nbsp;" . htmlspecialchars($ret->scalarval(), ENT_COMPAT, \PhpXmlRpc\PhpXmlRpc::$xmlrpc_internalencoding) . "<br />IN: (";
if ($x->count() > 1) {
foreach($x as $k => $y) {
if ($k == 0) continue;
echo htmlspecialchars($y->scalarval(), ENT_COMPAT, \PhpXmlRpc\PhpXmlRpc::$xmlrpc_internalencoding);
if ($wstype != 1) {
$type = $y->scalarval();
$payload .= '<param><value>';
switch($type) {
case 'undefined':
break;
case 'null';
$type = 'nil';
// fall thru intentionally
default:
$payload .= '<' .
htmlspecialchars($type, ENT_COMPAT, \PhpXmlRpc\PhpXmlRpc::$xmlrpc_internalencoding) .
'></' . htmlspecialchars($type, ENT_COMPAT, \PhpXmlRpc\PhpXmlRpc::$xmlrpc_internalencoding) .
'>';
}
$payload .= "</value></param>\n";
}
$alt_payload .= $y->scalarval();
if ($k < $x->count() - 1) {
$alt_payload .= ';';
echo ", ";
}
}
}
echo ")</code>";
} else {
echo 'Unknown';
}
echo '</td>';
// button to test this method
//$payload="<methodCall>\n<methodName>$method</methodName>\n<params>\n$payload</params>\n</methodCall>";
echo "<td$class><form action=\"controller.php\" target=\"frmcontroller\" method=\"get\">" .
"<input type=\"hidden\" name=\"host\" value=\"" . htmlspecialchars($host, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"port\" value=\"" . htmlspecialchars($port, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"path\" value=\"" . htmlspecialchars($path, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"id\" value=\"" . htmlspecialchars($id, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"debug\" value=\"$debug\" />" .
"<input type=\"hidden\" name=\"username\" value=\"" . htmlspecialchars($username, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"password\" value=\"" . htmlspecialchars($password, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"authtype\" value=\"$authtype\" />" .
"<input type=\"hidden\" name=\"verifyhost\" value=\"$verifyhost\" />" .
"<input type=\"hidden\" name=\"verifypeer\" value=\"$verifypeer\" />" .
"<input type=\"hidden\" name=\"cainfo\" value=\"" . htmlspecialchars($cainfo, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"proxy\" value=\"" . htmlspecialchars($proxy, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"proxyuser\" value=\"" . htmlspecialchars($proxyuser, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"proxypwd\" value=\"" . htmlspecialchars($proxypwd, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"responsecompression\" value=\"$responsecompression\" />" .
"<input type=\"hidden\" name=\"requestcompression\" value=\"$requestcompression\" />" .
"<input type=\"hidden\" name=\"clientcookies\" value=\"" . htmlspecialchars($clientcookies, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"protocol\" value=\"$protocol\" />" .
"<input type=\"hidden\" name=\"timeout\" value=\"" . htmlspecialchars($timeout, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"method\" value=\"" . htmlspecialchars($method, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"methodpayload\" value=\"" . htmlspecialchars($payload, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"altmethodpayload\" value=\"" . htmlspecialchars($alt_payload, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"wstype\" value=\"$wstype\" />" .
"<input type=\"hidden\" name=\"action\" value=\"execute\" />";
if ($wstype != 1) {
echo "<input type=\"submit\" value=\"Load method synopsis\" />";
}
echo "</form></td>\n";
echo "<td$class><form action=\"controller.php\" target=\"frmcontroller\" method=\"get\">" .
"<input type=\"hidden\" name=\"host\" value=\"" . htmlspecialchars($host, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"port\" value=\"" . htmlspecialchars($port, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"path\" value=\"" . htmlspecialchars($path, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"id\" value=\"" . htmlspecialchars($id, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"debug\" value=\"$debug\" />" .
"<input type=\"hidden\" name=\"username\" value=\"" . htmlspecialchars($username, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"password\" value=\"" . htmlspecialchars($password, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"authtype\" value=\"$authtype\" />" .
"<input type=\"hidden\" name=\"verifyhost\" value=\"$verifyhost\" />" .
"<input type=\"hidden\" name=\"verifypeer\" value=\"$verifypeer\" />" .
"<input type=\"hidden\" name=\"cainfo\" value=\"" . htmlspecialchars($cainfo, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"proxy\" value=\"" . htmlspecialchars($proxy, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"proxyuser\" value=\"" . htmlspecialchars($proxyuser, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"proxypwd\" value=\"" . htmlspecialchars($proxypwd, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"responsecompression\" value=\"$responsecompression\" />" .
"<input type=\"hidden\" name=\"requestcompression\" value=\"$requestcompression\" />" .
"<input type=\"hidden\" name=\"clientcookies\" value=\"" . htmlspecialchars($clientcookies, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"protocol\" value=\"$protocol\" />" .
"<input type=\"hidden\" name=\"timeout\" value=\"" . htmlspecialchars($timeout, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"method\" value=\"" . htmlspecialchars($method, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"methodsig\" value=\"" . $i . "\" />" .
"<input type=\"hidden\" name=\"methodpayload\" value=\"" . htmlspecialchars($payload, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"altmethodpayload\" value=\"" . htmlspecialchars($alt_payload, ENT_COMPAT, $inputcharset) . "\" />" .
"<input type=\"hidden\" name=\"wstype\" value=\"$wstype\" />" .
"<input type=\"hidden\" name=\"run\" value=\"now\" />" .
"<input type=\"hidden\" name=\"action\" value=\"wrap\" />" .
"<input type=\"submit\" value=\"Generate method call stub code\" />";
echo "</form></td></tr>\n";
}
}
echo "</tbody>\n</table>";
break;
case 'wrap':
$r1 = $resp[0]->value();
$r2 = $resp[1]->value();
if ($r2->kindOf() != "array" || $r2->count() <= $methodsig) {
echo "Error: signature unknown\n";
} else {
$mdesc = $r1->scalarval();
$encoder = new PhpXmlRpc\Encoder();
$msig = $encoder->decode($r2);
$msig = $msig[$methodsig];
$proto = $protocol == 2 ? 'https' : $protocol == 1 ? 'http11' : '';
if ($proxy == '' && $username == '' && !$requestcompression && !$responsecompression &&
$clientcookies == ''
) {
$opts = 1; // simple client copy in stub code
} else {
$opts = 0; // complete client copy in stub code
}
if ($wstype == 1) {
$prefix = 'jsonrpc';
} else {
$prefix = 'xmlrpc';
}
$wrapper = new PhpXmlRpc\Wrapper();
$code = $wrapper->buildWrapMethodSource($client, $method, array('timeout' => $timeout, 'protocol' => $proto, 'simple_client_copy' => $opts, 'prefix' => $prefix), str_replace('.', '_', $prefix . '_' . $method), $msig, $mdesc);
//if ($code)
//{
echo "<div id=\"phpcode\">\n";
highlight_string("<?php\n" . $code['docstring'] . $code['source'] . '?>');
echo "\n</div>";
//}
//else
//{
// echo 'Error while building php code stub...';
}
break;
case 'execute':
echo '<div id="response"><h2>Response:</h2>' . htmlspecialchars($response->serialize()) . '</div>';
break;
default: // give a warning
}
} // if !$response->faultCode()
} // if $response
} else {
// no action taken yet: give some instructions on debugger usage
?>
<h3>Instructions on usage of the debugger</h3>
<ol>
<li>Run a 'list available methods' action against desired server</li>
<li>If list of methods appears, click on 'describe method' for desired method</li>
<li>To run method: click on 'load method synopsis' for desired method. This will load a skeleton for method call
parameters in the form above. Complete all xmlrpc values with appropriate data and click 'Execute'
</li>
</ol>
<?php
if (!extension_loaded('curl')) {
echo "<p class=\"evidence\">You will need to enable the CURL extension to use the HTTPS and HTTP 1.1 transports</p>\n";
}
?>
<h3>Example</h3>
<p>
Server Address: phpxmlrpc.sourceforge.net<br/>
Path: /server.php
</p>
<h3>Notice</h3>
<p>all usernames and passwords entered on the above form will be written to the web server logs of this server. Use
with care.</p>
<h3>Changelog</h3>
<ul>
<li>2015-05-30: fix problems with generating method payloads for NIL and Undefined parameters</li>
<li>2015-04-19: fix problems with LATIN-1 characters in payload</li>
<li>2007-02-20: add visual editor for method payload; allow strings, bools as jsonrpc msg id</li>
<li>2006-06-26: support building php code stub for calling remote methods</li>
<li>2006-05-25: better support for long running queries; check for no-curl installs</li>
<li>2006-05-02: added support for JSON-RPC. Note that many interesting json-rpc features are not implemented
yet, such as notifications or multicall.
</li>
<li>2006-04-22: added option for setting custom CA certs to verify peer with in SSLmode</li>
<li>2006-03-05: added option for setting Basic/Digest/NTLM auth type</li>
<li>2006-01-18: added option echoing to screen xmlrpc request before sending it ('More' debug)</li>
<li>2005-10-01: added option for setting cookies to be sent to server</li>
<li>2005-08-07: added switches for compression of requests and responses and http 1.1</li>
<li>2005-06-27: fixed possible security breach in parsing malformed xml</li>
<li>2005-06-24: fixed error with calling methods having parameters...</li>
</ul>
<?php
}
?>
</body>
</html>

143
lib/phpxmlrpc/debugger/common.php Normal file
View File

@@ -0,0 +1,143 @@
<?php
/**
* @author Gaetano Giunta
* @copyright (C) 2005-2015 G. Giunta
* @license code licensed under the BSD License: see file license.txt
*
* Parses GET/POST variables
*
* @todo switch params for http compression from 0,1,2 to values to be used directly
* @todo do some more sanitization of received parameters
*/
// work around magic quotes
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_GET = array_map('stripslashes_deep', $_GET);
}
$preferredEncodings = 'UTF-8, ASCII, ISO-8859-1, UTF-7, EUC-JP, SJIS, eucJP-win, SJIS-win, JIS, ISO-2022-JP';
$inputcharset = mb_detect_encoding(urldecode($_SERVER['REQUEST_URI']), $preferredEncodings);
if (isset($_GET['usepost']) && $_GET['usepost'] === 'true') {
$_GET = $_POST;
$inputcharset = mb_detect_encoding(implode('', $_GET), $preferredEncodings);
}
/// @todo if $inputcharset is not UTF8, we should probably re-encode $_GET to make it UTF-8
// recover input parameters
$debug = false;
$protocol = 0;
$run = false;
$wstype = 0;
$id = '';
if (isset($_GET['action'])) {
if (isset($_GET['wstype']) && $_GET['wstype'] == '1') {
$wstype = 1;
if (isset($_GET['id'])) {
$id = $_GET['id'];
}
}
$host = isset($_GET['host']) ? $_GET['host'] : 'localhost'; // using '' will trigger an xmlrpc error...
if (isset($_GET['protocol']) && ($_GET['protocol'] == '1' || $_GET['protocol'] == '2')) {
$protocol = $_GET['protocol'];
}
if (strpos($host, 'http://') === 0) {
$host = substr($host, 7);
} elseif (strpos($host, 'https://') === 0) {
$host = substr($host, 8);
$protocol = 2;
}
$port = isset($_GET['port']) ? $_GET['port'] : '';
$path = isset($_GET['path']) ? $_GET['path'] : '';
// in case user forgot initial '/' in xmlrpc server path, add it back
if ($path && ($path[0]) != '/') {
$path = '/' . $path;
}
if (isset($_GET['debug']) && ($_GET['debug'] == '1' || $_GET['debug'] == '2')) {
$debug = $_GET['debug'];
}
$verifyhost = (isset($_GET['verifyhost']) && ($_GET['verifyhost'] == '1' || $_GET['verifyhost'] == '2')) ? $_GET['verifyhost'] : 0;
if (isset($_GET['verifypeer']) && $_GET['verifypeer'] == '1') {
$verifypeer = true;
} else {
$verifypeer = false;
}
$cainfo = isset($_GET['cainfo']) ? $_GET['cainfo'] : '';
$proxy = isset($_GET['proxy']) ? $_GET['proxy'] : 0;
if (strpos($proxy, 'http://') === 0) {
$proxy = substr($proxy, 7);
}
$proxyuser = isset($_GET['proxyuser']) ? $_GET['proxyuser'] : '';
$proxypwd = isset($_GET['proxypwd']) ? $_GET['proxypwd'] : '';
$timeout = isset($_GET['timeout']) ? $_GET['timeout'] : 0;
if (!is_numeric($timeout)) {
$timeout = 0;
}
$action = $_GET['action'];
$method = isset($_GET['method']) ? $_GET['method'] : '';
$methodsig = isset($_GET['methodsig']) ? $_GET['methodsig'] : 0;
$payload = isset($_GET['methodpayload']) ? $_GET['methodpayload'] : '';
$alt_payload = isset($_GET['altmethodpayload']) ? $_GET['altmethodpayload'] : '';
if (isset($_GET['run']) && $_GET['run'] == 'now') {
$run = true;
}
$username = isset($_GET['username']) ? $_GET['username'] : '';
$password = isset($_GET['password']) ? $_GET['password'] : '';
$authtype = (isset($_GET['authtype']) && ($_GET['authtype'] == '2' || $_GET['authtype'] == '8')) ? $_GET['authtype'] : 1;
if (isset($_GET['requestcompression']) && ($_GET['requestcompression'] == '1' || $_GET['requestcompression'] == '2')) {
$requestcompression = $_GET['requestcompression'];
} else {
$requestcompression = 0;
}
if (isset($_GET['responsecompression']) && ($_GET['responsecompression'] == '1' || $_GET['responsecompression'] == '2' || $_GET['responsecompression'] == '3')) {
$responsecompression = $_GET['responsecompression'];
} else {
$responsecompression = 0;
}
$clientcookies = isset($_GET['clientcookies']) ? $_GET['clientcookies'] : '';
} else {
$host = '';
$port = '';
$path = '';
$action = '';
$method = '';
$methodsig = 0;
$payload = '';
$alt_payload = '';
$username = '';
$password = '';
$authtype = 1;
$verifyhost = 0;
$verifypeer = false;
$cainfo = '';
$proxy = '';
$proxyuser = '';
$proxypwd = '';
$timeout = 0;
$requestcompression = 0;
$responsecompression = 0;
$clientcookies = '';
}
// check input for known XMLRPC attacks against this or other libs
function payload_is_safe($input)
{
return true;
}

357
lib/phpxmlrpc/debugger/controller.php Normal file
View File

@@ -0,0 +1,357 @@
<?php
/**
* @author Gaetano Giunta
* @copyright (C) 2005-2015 G. Giunta
* @license code licensed under the BSD License: see file license.txt
*
* @todo add links to documentation from every option caption
* @todo switch params for http compression from 0,1,2 to values to be used directly
* @todo add a little bit more CSS formatting: we broke IE box model getting a width > 100%...
* @todo add support for more options, such as ntlm auth to proxy, or request charset encoding
* @todo parse content of payload textarea to be fed to visual editor
* @todo add http no-cache headers
**/
// make sure we set the correct charset type for output, so that we can display all characters
header('Content-Type: text/html; charset=utf-8');
include __DIR__ . '/common.php';
if ($action == '') {
$action = 'list';
}
// relative path to the visual xmlrpc editing dialog
$editorpath = '../../phpjsrpc/debugger/';
$editorlibs = '../../phpjsrpc/lib/';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>XMLRPC Debugger</title>
<meta name="robots" content="index,nofollow"/>
<script type="text/javascript" language="Javascript">
if (window.name != 'frmcontroller')
top.location.replace('index.php?run=' + escape(self.location));
</script>
<!-- xmlrpc/jsonrpc base library -->
<script type="text/javascript" src="<?php echo $editorlibs; ?>xmlrpc_lib.js"></script>
<script type="text/javascript" src="<?php echo $editorlibs; ?>jsonrpc_lib.js"></script>
<style type="text/css">
<!--
html {
overflow: -moz-scrollbars-vertical;
}
body {
padding: 0.5em;
background-color: #EEEEEE;
font-family: Verdana, Arial, Helvetica;
font-size: 8pt;
}
h1 {
font-size: 12pt;
margin: 0.5em;
}
h2 {
font-size: 10pt;
display: inline;
vertical-align: top;
}
table {
border: 1px solid gray;
margin-bottom: 0.5em;
padding: 0.25em;
width: 100%;
}
#methodpayload {
display: inline;
}
td {
vertical-align: top;
font-family: Verdana, Arial, Helvetica;
font-size: 8pt;
}
.labelcell {
text-align: right;
}
-->
</style>
<script language="JavaScript" type="text/javascript">
<!--
function verifyserver() {
if (document.frmaction.host.value == '') {
alert('Please insert a server name or address');
return false;
}
if (document.frmaction.path.value == '')
document.frmaction.path.value = '/';
var action = '';
for (counter = 0; counter < document.frmaction.action.length; counter++)
if (document.frmaction.action[counter].checked) {
action = document.frmaction.action[counter].value;
}
if (document.frmaction.method.value == '' && (action == 'execute' || action == 'wrap' || action == 'describe')) {
alert('Please insert a method name');
return false;
}
if (document.frmaction.authtype.value != '1' && document.frmaction.username.value == '') {
alert('No username for authenticating to server: authentication disabled');
}
return true;
}
function switchaction() {
// reset html layout depending on action to be taken
var action = '';
for (counter = 0; counter < document.frmaction.action.length; counter++)
if (document.frmaction.action[counter].checked) {
action = document.frmaction.action[counter].value;
}
if (action == 'execute') {
document.frmaction.methodpayload.disabled = false;
displaydialogeditorbtn(true);//if (document.getElementById('methodpayloadbtn') != undefined) document.getElementById('methodpayloadbtn').disabled = false;
document.frmaction.method.disabled = false;
document.frmaction.methodpayload.rows = 10;
}
else {
document.frmaction.methodpayload.rows = 1;
if (action == 'describe' || action == 'wrap') {
document.frmaction.methodpayload.disabled = true;
displaydialogeditorbtn(false); //if (document.getElementById('methodpayloadbtn') != undefined) document.getElementById('methodpayloadbtn').disabled = true;
document.frmaction.method.disabled = false;
}
else // list
{
document.frmaction.methodpayload.disabled = true;
displaydialogeditorbtn(false); //if (document.getElementById('methodpayloadbtn') != undefined) document.getElementById('methodpayloadbtn').disabled = false;
document.frmaction.method.disabled = true;
}
}
}
function switchssl() {
if (document.frmaction.protocol.value != '2') {
document.frmaction.verifypeer.disabled = true;
document.frmaction.verifyhost.disabled = true;
document.frmaction.cainfo.disabled = true;
}
else {
document.frmaction.verifypeer.disabled = false;
document.frmaction.verifyhost.disabled = false;
document.frmaction.cainfo.disabled = false;
}
}
function switchauth() {
if (document.frmaction.protocol.value != '0') {
document.frmaction.authtype.disabled = false;
}
else {
document.frmaction.authtype.disabled = true;
document.frmaction.authtype.value = 1;
}
}
function swicthcainfo() {
if (document.frmaction.verifypeer.checked == true) {
document.frmaction.cainfo.disabled = false;
}
else {
document.frmaction.cainfo.disabled = true;
}
}
function switchtransport(is_json) {
if (is_json == 0) {
document.getElementById("idcell").style.visibility = 'hidden';
document.frmjsonrpc.yes.checked = false;
document.frmxmlrpc.yes.checked = true;
document.frmaction.wstype.value = "0";
}
else {
document.getElementById("idcell").style.visibility = 'visible';
document.frmjsonrpc.yes.checked = true;
document.frmxmlrpc.yes.checked = false;
document.frmaction.wstype.value = "1";
}
}
function displaydialogeditorbtn(show) {
if (show && ((typeof base64_decode) == 'function')) {
document.getElementById('methodpayloadbtn').innerHTML = '[<a href="#" onclick="activateeditor(); return false;">Edit</a>]';
}
else {
document.getElementById('methodpayloadbtn').innerHTML = '';
}
}
function activateeditor() {
var url = '<?php echo $editorpath; ?>visualeditor.php?params=<?php echo $alt_payload; ?>';
if (document.frmaction.wstype.value == "1")
url += '&type=jsonrpc';
var wnd = window.open(url, '_blank', 'width=750, height=400, location=0, resizable=1, menubar=0, scrollbars=1');
}
// if javascript version of the lib is found, allow it to send us params
function buildparams(base64data) {
if (typeof base64_decode == 'function') {
if (base64data == '0') // workaround for bug in base64_encode...
document.getElementById('methodpayload').value = '';
else
document.getElementById('methodpayload').value = base64_decode(base64data);
}
}
// use GET for ease of refresh, switch to POST when payload is too big to fit in url (in IE: 2048 bytes! see http://support.microsoft.com/kb/q208427/)
function switchFormMethod() {
/// @todo use a more precise calculation, adding the rest of the fields to the actual generated url lenght
if (document.frmaction.methodpayload.value.length > 1536) {
document.frmaction.action = 'action.php?usepost=true';
document.frmaction.method = 'post';
}
}
//-->
</script>
</head>
<body
onload="switchtransport(<?php echo $wstype; ?>); switchaction(); switchssl(); switchauth(); swicthcainfo();<?php if ($run) {
echo ' document.forms[2].submit();';
} ?>">
<h1>XMLRPC
<form name="frmxmlrpc" style="display: inline;" action="."><input name="yes" type="radio" onclick="switchtransport(0);"/></form>
/
<form name="frmjsonrpc" style="display: inline;" action="."><input name="yes" type="radio" onclick="switchtransport(1);"/></form>
JSONRPC Debugger (based on the <a href="http://gggeek.github.io/phpxmlrpc/">PHP-XMLRPC</a> library)
</h1>
<form name="frmaction" method="get" action="action.php" target="frmaction" onSubmit="switchFormMethod();">
<table id="serverblock">
<tr>
<td><h2>Target server</h2></td>
<td class="labelcell">Address:</td>
<td><input type="text" name="host" value="<?php echo htmlspecialchars($host, ENT_COMPAT, $inputcharset); ?>"/></td>
<td class="labelcell">Port:</td>
<td><input type="text" name="port" value="<?php echo htmlspecialchars($port, ENT_COMPAT, $inputcharset); ?>" size="5" maxlength="5"/>
</td>
<td class="labelcell">Path:</td>
<td><input type="text" name="path" value="<?php echo htmlspecialchars($path, ENT_COMPAT, $inputcharset); ?>"/></td>
</tr>
</table>
<table id="actionblock">
<tr>
<td><h2>Action</h2></td>
<td>List available methods<input type="radio" name="action" value="list"<?php if ($action == 'list') { echo ' checked="checked"'; } ?> onclick="switchaction();"/></td>
<td>Describe method<input type="radio" name="action" value="describe"<?php if ($action == 'describe') { echo ' checked="checked"'; } ?> onclick="switchaction();"/></td>
<td>Execute method<input type="radio" name="action" value="execute"<?php if ($action == 'execute') { echo ' checked="checked"'; } ?> onclick="switchaction();"/></td>
<td>Generate stub for method call<input type="radio" name="action" value="wrap"<?php if ($action == 'wrap') { echo ' checked="checked"'; } ?> onclick="switchaction();"/></td>
</tr>
</table>
<input type="hidden" name="methodsig" value="<?php echo htmlspecialchars($methodsig, ENT_COMPAT, $inputcharset); ?>"/>
<table id="methodblock">
<tr>
<td><h2>Method</h2></td>
<td class="labelcell">Name:</td>
<td><input type="text" name="method" value="<?php echo htmlspecialchars($method, ENT_COMPAT, $inputcharset); ?>"/></td>
<td class="labelcell">Payload:<br/>
<div id="methodpayloadbtn"></div>
</td>
<td><textarea id="methodpayload" name="methodpayload" rows="1" cols="40"><?php echo htmlspecialchars($payload, ENT_COMPAT, $inputcharset); ?></textarea></td>
<td class="labelcell" id="idcell">Msg id: <input type="text" name="id" size="3" value="<?php echo htmlspecialchars($id, ENT_COMPAT, $inputcharset); ?>"/></td>
<td><input type="hidden" name="wstype" value="<?php echo $wstype; ?>"/>
<input type="submit" value="Execute" onclick="return verifyserver();"/></td>
</tr>
</table>
<table id="optionsblock">
<tr>
<td><h2>Client options</h2></td>
<td class="labelcell">Show debug info:</td>
<td><select name="debug">
<option value="0"<?php if ($debug == 0) { echo ' selected="selected"'; } ?>>No</option>
<option value="1"<?php if ($debug == 1) { echo ' selected="selected"'; } ?>>Yes</option>
<option value="2"<?php if ($debug == 2) { echo ' selected="selected"'; } ?>>More</option>
</select>
</td>
<td class="labelcell">Timeout:</td>
<td><input type="text" name="timeout" size="3" value="<?php if ($timeout > 0) { echo $timeout; } ?>"/></td>
<td class="labelcell">Protocol:</td>
<td><select name="protocol" onchange="switchssl(); switchauth(); swicthcainfo();">
<option value="0"<?php if ($protocol == 0) { echo ' selected="selected"'; } ?>>HTTP 1.0</option>
<option value="1"<?php if ($protocol == 1) { echo ' selected="selected"'; } ?>>HTTP 1.1</option>
<option value="2"<?php if ($protocol == 2) { echo ' selected="selected"'; } ?>>HTTPS</option>
</select></td>
</tr>
<tr>
<td class="labelcell">AUTH:</td>
<td class="labelcell">Username:</td>
<td><input type="text" name="username" value="<?php echo htmlspecialchars($username, ENT_COMPAT, $inputcharset); ?>"/></td>
<td class="labelcell">Pwd:</td>
<td><input type="password" name="password" value="<?php echo htmlspecialchars($password, ENT_COMPAT, $inputcharset); ?>"/></td>
<td class="labelcell">Type</td>
<td><select name="authtype">
<option value="1"<?php if ($authtype == 1) { echo ' selected="selected"'; } ?>>Basic</option>
<option value="2"<?php if ($authtype == 2) { echo ' selected="selected"'; } ?>>Digest</option>
<option value="8"<?php if ($authtype == 8) { echo ' selected="selected"'; } ?>>NTLM</option>
</select></td>
<td></td>
</tr>
<tr>
<td class="labelcell">SSL:</td>
<td class="labelcell">Verify Host's CN:</td>
<td><select name="verifyhost">
<option value="0"<?php if ($verifyhost == 0) { echo ' selected="selected"'; } ?>>No</option>
<option value="1"<?php if ($verifyhost == 1) { echo ' selected="selected"'; } ?>>Check CN existence</option>
<option value="2"<?php if ($verifyhost == 2) { echo ' selected="selected"'; } ?>>Check CN match</option>
</select></td>
<td class="labelcell">Verify Cert:</td>
<td><input type="checkbox" value="1" name="verifypeer" onclick="swicthcainfo();"<?php if ($verifypeer) { echo ' checked="checked"'; } ?> /></td>
<td class="labelcell">CA Cert file:</td>
<td><input type="text" name="cainfo" value="<?php echo htmlspecialchars($cainfo, ENT_COMPAT, $inputcharset); ?>"/></td>
</tr>
<tr>
<td class="labelcell">PROXY:</td>
<td class="labelcell">Server:</td>
<td><input type="text" name="proxy" value="<?php echo htmlspecialchars($proxy, ENT_COMPAT, $inputcharset); ?>"/></td>
<td class="labelcell">Proxy user:</td>
<td><input type="text" name="proxyuser" value="<?php echo htmlspecialchars($proxyuser, ENT_COMPAT, $inputcharset); ?>"/></td>
<td class="labelcell">Proxy pwd:</td>
<td><input type="password" name="proxypwd" value="<?php echo htmlspecialchars($proxypwd, ENT_COMPAT, $inputcharset); ?>"/></td>
</tr>
<tr>
<td class="labelcell">COMPRESSION:</td>
<td class="labelcell">Request:</td>
<td><select name="requestcompression">
<option value="0"<?php if ($requestcompression == 0) { echo ' selected="selected"'; } ?>>None </option>
<option value="1"<?php if ($requestcompression == 1) { echo ' selected="selected"'; } ?>>Gzip</option>
<option value="2"<?php if ($requestcompression == 2) { echo ' selected="selected"'; } ?>>Deflate</option>
</select></td>
<td class="labelcell">Response:</td>
<td><select name="responsecompression">
<option value="0"<?php if ($responsecompression == 0) { echo ' selected="selected"'; } ?>>None</option>
<option value="1"<?php if ($responsecompression == 1) { echo ' selected="selected"'; } ?>>Gzip</option>
<option value="2"<?php if ($responsecompression == 2) { echo ' selected="selected"'; } ?>>Deflate</option>
<option value="3"<?php if ($responsecompression == 3) { echo ' selected="selected"'; } ?>>Any</option>
</select></td>
<td></td>
</tr>
<tr>
<td class="labelcell">COOKIES:</td>
<td colspan="4" class="labelcell"><input type="text" name="clientcookies" size="80" value="<?php echo htmlspecialchars($clientcookies, ENT_COMPAT, $inputcharset); ?>"/></td>
<td colspan="2">Format: 'cookie1=value1, cookie2=value2'</td>
</tr>
</table>
</form>
</body>
</html>

21
lib/phpxmlrpc/debugger/index.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
$query = '';
if (isset($_GET['run'])) {
$path = parse_url($_GET['run']);
if (isset($path['query'])) {
$query = '?' . $path['query'];
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html>
<head>
<title>XMLRPC Debugger</title>
</head>
<frameset rows="360,*">
<frame name="frmcontroller" src="controller.php<?php echo htmlspecialchars($query); ?>" marginwidth="0"
marginheight="0" frameborder="0"/>
<frame name="frmaction" src="action.php" marginwidth="0" marginheight="0" frameborder="0"/>
</frameset>
</html>