allow api as app like home for everyone, and implement calling of namespaced class-names from EGroupware namespace in index.php and json.php

2024-11-24 17:04:14 +01:00 · 2016-03-19 15:24:36 +00:00 · 2016-03-19 15:24:36 +00:00 · 3453021a6d
commit 3453021a6d
parent d8514e47b9
4 changed files with 31 additions and 9 deletions
--- a/index.php
+++ b/index.php
@ -34,10 +34,20 @@ if(isset($_GET['hasupdates']) && $_GET['hasupdates'] == 'yes')
 /*
 	This is the menuaction driver for the multi-layered design
 */
-if(isset($_GET['menuaction']) && preg_match('/^[A-Za-z0-9_]+\.[A-Za-z0-9_]+\.[A-Za-z0-9_]+$/',$_GET['menuaction']))
+if(isset($_GET['menuaction']) && preg_match('/^[A-Za-z0-9_]+\.[A-Za-z0-9_\\\\]+\.[A-Za-z0-9_]+$/',$_GET['menuaction']))
 {
 	list($app,$class,$method) = explode('.',$_GET['menuaction']);
-	if(! $app || ! $class || ! $method)
+
 	// check if autoloadable class belongs to given app
 	if (substr($class, 0, 11) == 'EGroupware\\')
 	{
 		list(,$app_from_class) = explode('\\', strtolower($class));
 	}
 	elseif(strpos($class, '_') !== false)
 	{
 		list($app_from_class) = explode('_', $class);
 	}
 	if(!$app || !$class || !$method || isset($app_from_class) && $app_from_class != $app)
 	{
 		$invalid_data = True;
 	}
@ -62,9 +72,6 @@ $GLOBALS['egw_info'] = array(
 	)
 );
 include('./header.inc.php');
 // check if users are supposed to change their password every x sdays, then check if password is of old age or the devil-admin reset the users password
 // and forced the user to change his password on next login.
 auth::check_password_age($app,$class,$method);
 // user changed timezone
 if (isset($_GET['tz']))
@ -130,7 +137,14 @@ else
 		$app = 'phpgwapi';
 	}
-	$obj = CreateObject($app.'.'.$class);
+	if (class_exists($class))
 	{
 		$obj = new $class;
 	}
 	else
 	{
 		$obj = CreateObject($app.'.'.$class);
 	}
 	if((is_array($obj->public_functions) && $obj->public_functions[$method]) && !$invalid_data)
 	{
 		$obj->$method();
--- a/json.php
+++ b/json.php
@ -71,7 +71,15 @@ if (isset($_GET['menuaction']))
 	if (strpos($_GET['menuaction'],'::') !== false && strpos($_GET['menuaction'],'.') === false)	// static method name app_something::method
 	{
 		@list($className,$functionName,$handler) = explode('::',$_GET['menuaction']);
-		list($appName) = explode('_',$className);
+
 		if (substr($className, 0, 11) == 'EGroupware\\')
 		{
 			list(,$appName) = explode('\\', strtolower($className));
 		}
 		else
 		{
 			list($appName) = explode('_',$className);
 		}
 	}
 	else
 	{
--- a/phpgwapi/inc/class.egw.inc.php
+++ b/phpgwapi/inc/class.egw.inc.php
@ -350,7 +350,7 @@ class egw extends egw_minimal
 	{
 		$this->currentapp = $GLOBALS['egw_info']['flags']['currentapp'];	// some apps change it later
-		if ($GLOBALS['egw_info']['flags']['currentapp'] != 'home')	// give everyone implicit home rights
+		if (!in_array($GLOBALS['egw_info']['flags']['currentapp'], array('api', 'home')))	// give everyone implicit home rights
 		{
 			// This will need to use ACL in the future
 			if (!$GLOBALS['egw_info']['user']['apps'][$currentapp = $GLOBALS['egw_info']['flags']['currentapp']] ||
--- a/phpgwapi/inc/common_functions.inc.php
+++ b/phpgwapi/inc/common_functions.inc.php
@ -985,7 +985,7 @@ function get_var($variable,$method='any',$default_value='')
 * @param $p1,$p2,... class parameters (all optional)
 * @return object reference to an object
 */
-function &CreateObject($class)
+function CreateObject($class)
 {
 	list($appname,$classname) = explode('.',$class);