Changeset 1357

Timestamp:

12/17/07 17:35:40 (13 months ago)

Author:

vollmerk

Message:

cleaned up XML API errors so that they are always xml docs regardless

Location:

trunk

Files:

• docs/CHANGELOG (modified) (1 diff)
• lib/class/access.class.php (modified) (2 diffs)
• lib/init.php (modified) (1 diff)
• server/xml.server.php (modified) (13 diffs)

trunk/docs/CHANGELOG

@@ -5 +5 @@
 --------------------------------------------------------------------------
   v.3.4-Alpha4 
+        - Fixed it so that all errors should return an XML document when
+                using the XML API. 
         - Added Basic ShoutBox functionality, needs formating fixes
                 and needs to be moved to a better spot in classic theme it

trunk/lib/class/access.class.php

@@ -180 +180 @@
                          * however we don't have the key that was passed yet so we've got to do just ip
                          */
+                        case 'init-rpc':
                         case 'init-xml-rpc':
                                 $sql = "SELECT `id` FROM `access_list`" .
@@ -190 +191 @@
                                         " AND  `key` = '$key' AND `level` >= '$level' AND `type`='rpc'";
                         break;
+                        case 'init-api':
                         case 'network':
                         case 'interface':

trunk/lib/init.php

@@ -82 +82 @@
 
 /** This is the version.... fluf nothing more... **/
-$results['version']             = '3.4-Alpha4 Build (004)';
+$results['version']             = '3.4-Alpha4 Build (005)';
 $results['int_config_version']  = '6'; 
 

trunk/server/xml.server.php

@@ -28 +28 @@
 require_once '../lib/init.php';
 
-// If we don't even have access control on then we can't use this!
-if (!Config::get('access_control')) { access_denied(); exit; }  
 
-/** 
- * Verify the existance of the Session they passed in we do allow them to
- * login via this interface so we do have an exception for action=login
- */
-if (!Access::session_exists(array(),$_REQUEST['auth'],'api') AND $_REQUEST['action'] != 'handshake') { 
-        debug_event('Access Denied','Invalid Session or unthorized access attempt to API','5'); 
-        exit(); 
-}
 
 // If it's not a handshake then we can allow it to take up lots of time
@@ -49 +39 @@
 header("Content-Disposition: attachment; filename=information.xml");
 
+// If we don't even have access control on then we can't use this!
+if (!Config::get('access_control')) { 
+        ob_end_clean(); 
+        echo xmlData::error('Access Control not Enabled');
+        exit; 
+}  
+
+/** 
+ * Verify the existance of the Session they passed in we do allow them to
+ * login via this interface so we do have an exception for action=login
+ */
+if ((!Access::session_exists(array(),$_REQUEST['auth'],'api') AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'])) { 
+        debug_event('Access Denied','Invalid Session or unathorized access attempt to API','5'); 
+        ob_end_clean(); 
+        echo xmlData::error('Access Denied due to ACL or unauthorized access attempt to API, attempt logged');
+        exit(); 
+}
+
+
 switch ($_REQUEST['action']) { 
         case 'handshake': 
@@ -55 +64 @@
                 
                 if (!$token) { 
+                        ob_end_clean(); 
                         echo xmlData::error('Error Invalid Handshake, attempt logged'); 
                 } 
                 else { 
+                        ob_end_clean(); 
                         echo xmlData::keyed_array($token); 
                 } 
@@ -76 +87 @@
                 $artists = Browse::get_objects(); 
                 // echo out the resulting xml document
+                ob_end_clean(); 
                 echo xmlData::artists($artists); 
         break; 
@@ -85 +97 @@
                 // Set the offset
                 xmlData::set_offset($_REQUEST['offset']);
-
+                ob_end_clean(); 
                 echo xmlData::albums($albums); 
         break; 
@@ -94 +106 @@
                 // Set the offset
                 xmlData::set_offset($_REQUEST['offset']); 
-                xmlData::songs($songs); 
+                ob_end_clean(); 
+                echo xmlData::songs($songs); 
         break; 
         case 'albums': 
@@ -108 +121 @@
                 // Set the offset
                 xmlData::set_offset($_REQUEST['offset']);
-
+                ob_end_clean(); 
                 echo xmlData::albums($albums); 
         break; 
@@ -117 +130 @@
                 // Set the offset
                 xmlData::set_offset($_REQUEST['offset']);
-
+                ob_end_clean(); 
                 echo xmlData::songs($songs); 
         break; 
@@ -132 +145 @@
                 // Set the offset
                 xmlData::set_offset($_REQUEST['offset']);
-
+                ob_end_clean(); 
                 echo xmlData::genres($genres); 
         break; 
@@ -138 +151 @@
                 $genre = new Genre($_REQUEST['filter']); 
                 $artists = $genre->get_artists(); 
-                
+                ob_end_clean(); 
                 echo xmlData::artists($artists);        
         break; 
@@ -144 +157 @@
                 $genre = new Genre($_REQUEST['filter']); 
                 $albums = $genre->get_albums(); 
-
+                ob_end_clean(); 
                 echo xmlData::albums($albums); 
         break;
@@ -150 +163 @@
                 $genre = new Genre($_REQUEST['filter']); 
                 $songs = $genre->get_songs(); 
-        
+                ob_end_clean();         
                 echo xmlData::songs($songs); 
         break; 
@@ -165 +178 @@
                 // Set the offset
                 xmlData::set_offset($_REQUEST['offset']);
-
+                ob_end_clean(); 
                 echo xmlData::songs($songs); 
         break; 
         default:
-                // Rien a faire
+                ob_end_clean();
+                echo xmlData::error('Invalid Request');
         break;
 } // end switch action