File Editor
Directories:
.. (Back)
Files:
APIHandler.php
Bootstrap.php
Configuration.php
FileSystem.php
Handler.php
OriginAPI.php
OriginRequest.php
Output.php
helpers.php
w_published_data.txt
Create New File
Create
Edit File: APIHandler.php
<?php /** * APIHandler handles requests from origin to the available APIs of a deployed package * * @package Weebly * @subpackage ResellerServices * @author Dustin Doiron <dustin@weebly.com> * @since 2014-07-30 * @copyright 2014 Weebly, Inc */ require_once( __DIR__ . '/Bootstrap.php' ); class APIHandler { /** * @var $request */ private $request = NULL; /** * Builds the request object from the given request, performs the given API command, if available * * @param array $request * * @return void */ public function __construct( $request ) { $this->validateRequest( $request ); $this->request = $request; if ( method_exists( $this, $this->request['method'] ) === true ) { call_user_func( array( $this, $this->request['method'] ) ); } else { \Output::render404( ); } } /** * Unpublishes the site at docroot by removing HTML and assets * * @return void */ private function unpublishSite( ) { $site = json_decode( file_get_contents( \BASE_SERVICES_DIR . '/' . Configuration::PUBLISHED_DATA_LOCATION ), true ); if ( $site === false ) { return; } // cleanup weebly part of .htaccess $htaccessLocation = \BASE_DOCROOT_DIR . '/.htaccess'; $htaccessContent = file_get_contents($htaccessLocation); $htaccessContent = preg_replace("/\s*#Weebly Additions Start.*#Weebly Additions End/s", "", $htaccessContent); file_put_contents($htaccessLocation, $htaccessContent); foreach ( $site['pages'] as $page ) { if ( $page !== '' && is_file( \BASE_DOCROOT_DIR . '/' . $page ) === true ) { unlink( \BASE_DOCROOT_DIR . '/' . $page ); } } foreach ( Configuration::$publishedArtifacts as $item ) { if ( is_dir( \BASE_DOCROOT_DIR . $item ) === true || is_file( \BASE_DOCROOT_DIR . $item ) === true ) { \FileSystem::deleteTree( \BASE_DOCROOT_DIR . $item ); } } // clean up all temp file if exists. \FileSystem::deleteTempFiles(\BASE_DOCROOT_DIR); /** * Fix for the bug identified on 2014-04-20 with redirects to .html on non-.html requests */ if ( is_dir( \BASE_DOCROOT_DIR . '/blog' ) === true ) { \rmdir( \BASE_DOCROOT_DIR . '/blog' ); } if ( is_dir( \BASE_DOCROOT_DIR . '/store' ) === true ) { \rmdir( \BASE_DOCROOT_DIR . '/store' ); } return; } /** * Receives a new deployed services package to upgrade the running version * * @return void */ private function upgradeServices( ) { if ( isset( $this->request['package'] ) === false ) { return; } $this->request['package'] = \Output::decodeWireObject( $this->request['package'] ); /** * Confirm authenticity with origin before upgrading. */ $checksum = hash( 'sha1', $this->request['package'] ); if ( \OriginRequest::validateDeployedPackage( $checksum, $this->request['timestamp'] ) !== true ) { \Output::render404( ); } $upgradeDir = \BASE_DOCROOT_DIR . '/w_api_upgrade/'; if ( mkdir( $upgradeDir ) !== true ) { \Output::sendHeader( $_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error' ); } file_put_contents( $upgradeDir . 'w_api.zip', $this->request['package'] ); $zip = new \ZipArchive( ); if ( $zip->open( $upgradeDir . 'w_api.zip', \ZipArchive::CHECKCONS ) !== true ) { /** * Bad archive -- do not upgrade */ $zip->close( ); return; } if ( $zip->extractTo( $upgradeDir ) !== true ) { $zip->close( ); return; } foreach ( scandir( $upgradeDir . '/w_api/' ) as $file ) { if ( strpos( $file, '.php' ) !== false ) { if ( unlink( \BASE_SERVICES_DIR . $file ) === false ) { /** * Can't upgrade these services due to permissions errors, looks like */ $failure = true; break; } file_put_contents( \BASE_SERVICES_DIR . $file, file_get_contents( $upgradeDir . '/w_api/' . $file ) ); unlink( $upgradeDir . '/w_api/' . $file ); } } \FileSystem::deleteTree( $upgradeDir ); $zip->close( ); if ( isset( $failure ) === true ) { \Output::sendHeader( $_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error' ); } } /** * Receives an array containing hashes for all uploaded files, compares our uploaded files * retreives new objects if necessary * * @return void */ private function updateFiles( ) { $uploads = json_decode( $this->request['files'], true ); if ( is_array( $uploads ) === false ) { return; } foreach ( $uploads as $upload => $hash ) { $file = \BASE_DOCROOT_DIR . $upload; if ( file_exists( $file ) === true ) { if ( hash_file( 'crc32b', $file ) !== $hash ) { \unlink( $file ); // the value of forceDownload is 0 or 1 if ( $this->request['forceDownload'] == true ) { \OriginRequest::getUpdatedFile( $upload ); } } } elseif ( $this->request['forceDownload'] == true ) { /** * The files don't currenty exist, but origin wants us to retrieve them now * Make an OriginRequest for the file path */ \OriginRequest::getUpdatedFile( $upload ); } } } /** * Receives an object to be placed at docroot * * @return void */ private function receiveObject( ) { \OriginRequest::expandObject( $this->request['object'] ); return; } /** * Validates a given API request as being sent from origin via request signature * * @param string $body * * @return void */ private function validateRequest( $request ) { $token = $request['requestToken']; unset( $request['requestToken'] ); if ( $token === OriginAPI::generateSignedRequest( http_build_query( $request ) ) ) { return; } Output::render404( ); } } // For older PHP or special FTP setting, force turn off PHP magic quotes. So $_REQUEST value can match server. // If with magic quotes, validate request will fail due to mismatching request value from extra escaping. if (function_exists('get_magic_quotes_gpc') === true && get_magic_quotes_gpc() === true) { $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); while (list($key, $val) = each($process)) { foreach ($val as $k => $v) { unset($process[$key][$k]); if (is_array($v)) { $process[$key][stripslashes($k)] = $v; $process[] = &$process[$key][stripslashes($k)]; } else { $process[$key][stripslashes($k)] = stripslashes($v); } } } unset($process); } new APIHandler( $_REQUEST );
Save Changes
Rename File
Rename