482956f2 |
1 | <?php |
2 | |
3 | /** |
85ae8774 |
4 | * squirrelmail_rpc.php |
482956f2 |
5 | * |
6 | * This file contains the entry point to the "SquirrelMail API" -- the |
7 | * remote procedure call request receiver. |
8 | * |
9 | * @copyright © 1999-2007 The SquirrelMail Project Team |
10 | * @license http://opensource.org/licenses/gpl-license.php GNU Public License |
11 | * @version $Id$ |
12 | * @package squirrelmail |
13 | * @since 1.5.2 |
14 | * |
15 | */ |
ebd2391c |
16 | |
17 | /** This is the squirrelmail_rpc page */ |
85ae8774 |
18 | define('PAGE_NAME', 'squirrelmail_rpc'); |
ebd2391c |
19 | |
482956f2 |
20 | //FIXME: If we decide to route ALL requests, even normal page |
21 | // requests through this file, need to change page requests |
22 | // to something like this |
85ae8774 |
23 | //http://example.org/squirrelmail/src/squirrelmail_rpc.php?page=read_body&passed_id=47633... |
482956f2 |
24 | // This file would then add ".php" to the "page" variable |
25 | // and pass the request on to that page by simply require()ing |
26 | // that page and exiting. |
27 | // Does this present problems, security or otherwise? What |
28 | // problems are created by the fact that the page request |
29 | // is always the same thing (some parts of the code and some |
30 | // plugins switch functionality based on $PHP_SELF and other |
31 | // $_SERVER variables that look for specific page names -- those |
32 | // can be fixed by looking at the "page" GET argument, but what |
33 | // other issues are created)? What about plugins? How would |
34 | // they work in this scheme? Would they be a lot more difficult |
35 | // to develop? |
36 | //NOTE: It is not entirely clear if doing the above is even desirable. |
37 | // Initial conversations on the squirrelmail-devel list were |
38 | // inconclusive. On one hand, doing so would give us one master |
39 | // file that handles any and all incoming requests, no matter |
40 | // where they came from or what format/type they are. On the |
41 | // other, keeping page requests out of this file keeps this file |
42 | // lean and specific to one technology: our RPC interface. |
43 | |
44 | |
45 | /** |
46 | * Include the SquirrelMail initialization file. |
47 | */ |
48 | //FIXME: init.php assumes it is being called by a browser, so some error |
49 | // conditions are handled by immediately calling error_box() or |
50 | // otherwise trying to push something to the browser, which should |
51 | // be avoided at all costs. This is also pervasive in the whole |
52 | // core and must be cleaned up entirely before this can be a very |
53 | // functional RPC interface |
54 | require('../include/init.php'); |
55 | |
56 | |
57 | |
58 | /** |
59 | * Get RPC Action (can be in either GET or POST) |
60 | * |
61 | */ |
62 | if (!sqGetGlobalVar('rpc_action', $rpc_action, SQ_FORM)) { |
63 | //FIXME: establish error codes (using 99 in the interim) |
64 | sm_rpc_return_error(99, _("No RPC action given")); |
65 | } |
66 | |
67 | |
68 | |
69 | /** |
70 | * No matter what our response is, the headers |
71 | * will not change. |
72 | * |
73 | */ |
74 | $oTemplate->header('Content-Type: text/xml'); |
75 | $oTemplate->header('Content-Type: application/xml'); // required by IE |
76 | //FIXME: which anti-cache headers do we want to use? |
77 | $oTemplate->header('Cache-Control: no-cache'); |
78 | // $oTemplate->header("Expires: Sat, 1 Jan 2000 00:00:00 GMT"); |
79 | // $oTemplate->header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT"); |
80 | // $oTemplate->header("Cache-Control: no-cache, must-revalidate"); |
81 | // $oTemplate->header("Pragma: no-cache"); |
82 | |
83 | |
84 | |
85 | /** |
86 | * Allow plugins to add their own RPC action |
87 | * or modify behavior of SM core RPC actions... |
88 | * |
89 | * A plugin that handles a custom RPC action must |
90 | * return TRUE to the hook so that it knows that |
91 | * the action was handled and was not an unknown |
92 | * action. If the action was not handled, the plugin |
93 | * should return FALSE to the hook. |
94 | * |
95 | * Developer note: the $rpc_action parameter is passed |
96 | * in an array in case we can think of more parameters |
97 | * to add in the future. |
98 | * |
99 | */ |
beb1a2f1 |
100 | $temp = array(&$rpc_action); |
101 | $handled_by_plugin = boolean_hook_function('squirrelmail_rpc', $temp, 1); |
482956f2 |
102 | |
103 | |
104 | |
105 | /** |
106 | * Go take care of each RPC action (unless plugin already did) |
107 | * |
108 | */ |
109 | if (!$handled_by_plugin) switch (strtolower($rpc_action)) { |
110 | |
111 | /** |
112 | * Delete Messages |
113 | * |
114 | */ |
115 | case 'delete_messages': |
116 | |
117 | require_once(SM_PATH . 'functions/mailbox_display.php'); |
118 | require_once(SM_PATH . 'functions/imap.php'); |
119 | |
120 | if (!sqGetGlobalVar('delete_ids', $delete_ids, SQ_FORM)) { |
121 | sm_rpc_return_error(99, _("No deletion ID given")); |
122 | } |
123 | $delete_ids = explode(',', $delete_ids); |
124 | if (!sqGetGlobalVar('mailbox', $mailbox, SQ_FORM)) { |
125 | sm_rpc_return_error(99, _("No mailbox given")); |
126 | } |
127 | if (sqGetGlobalVar('startMessage', $startMessage, SQ_INORDER, 1)) { |
128 | $startMessage = (int) $startMessage; |
129 | } |
130 | sqGetGlobalVar('what', $what, SQ_FORM, 0); |
131 | if (sqGetGlobalVar('account', $iAccount, SQ_GET, 0)) { |
132 | $iAccount = (int) $iAccount; |
133 | } |
134 | //FIXME: need to grab the bypass trash variable here too! probably other vars... |
135 | |
136 | /* FIXME: --- The following code was just experimental/proof-of-concept; the rest |
137 | of the implementation of this functionality still needs to be done "for real" |
138 | $oImapMessage = new IMAP_Message(0, $mailbox, $startMessage, $what, $iAccount); |
139 | foreach ($delete_ids as $id) { |
140 | $oImapMessage->setUid($id); |
141 | //FIXME: establish constants for $hide values (the 3 below indicates not to show errors, but to return any error string) |
142 | $result = $oImapMessage->deleteMessage(3); |
143 | if ($result !== TRUE) { |
144 | sm_rpc_return_error(99, $result); |
145 | } |
146 | } |
147 | --- */ |
148 | |
149 | sm_rpc_return_success(); |
150 | //FIXME: Just for testing the line above can be changed to something like this: |
151 | //sm_rpc_return_success(0, 'Hooray! Message(s) deleted. Refresh your message list and make sure.'); |
152 | break; |
153 | |
154 | |
155 | /** |
156 | * Default: error out |
157 | * |
158 | */ |
159 | default: |
160 | sm_rpc_return_error(99, _("RPC action not understood")); |
161 | break; |
162 | |
163 | } |
164 | |
165 | |
166 | |
167 | /** |
168 | * Returns an error message to the RPC caller and exits |
169 | * |
170 | * NOTE that this function exits and will never return |
171 | * |
172 | * @param int $error_code The error code for the current error condition |
173 | * @param string $error_text Any error message associated with the error |
174 | * condition (OPTIONAL; default empty string) |
175 | * |
176 | */ |
177 | function sm_rpc_return_error($error_code, $error_text='') { |
178 | |
179 | global $oTemplate; |
180 | $oTemplate->assign('error_code', $error_code); |
181 | $oTemplate->assign('error_text', $error_text); |
182 | |
183 | $oTemplate->display('rpc_response_error.tpl'); |
184 | |
185 | exit; |
186 | |
187 | } |
188 | |
189 | |
190 | |
191 | /** |
192 | * Returns a standard success result to the RPC caller and exits |
193 | * |
194 | * NOTE that this function exits and will never return |
195 | * |
196 | * @param int $result_code The result code (OPTIONAL; default 0) |
197 | * @param string $result_text Any result message (OPTIONAL; default |
198 | * empty string) |
199 | * |
200 | */ |
201 | function sm_rpc_return_success($result_code=0, $result_text='') { |
202 | |
203 | global $oTemplate; |
204 | $oTemplate->assign('result_code', $result_code); |
205 | $oTemplate->assign('result_text', $result_text); |
206 | |
207 | $oTemplate->display('rpc_response_success.tpl'); |
208 | |
209 | exit; |
210 | |
211 | } |
212 | |
213 | |
214 | |