From: Sylvester Johansson <scj@konservburken.localdomain> --- web/html/rpc.php | 8 +++++- web/lib/aurjson.class.php | 59 +++++++++++++++++++++++++++++++++++++++----- 2 files changed, 59 insertions(+), 8 deletions(-) diff --git a/web/html/rpc.php b/web/html/rpc.php index 033cba5..8ca0f4b 100644 --- a/web/html/rpc.php +++ b/web/html/rpc.php @@ -19,11 +19,17 @@ if ( $_SERVER['REQUEST_METHOD'] == 'GET' ) { echo '<ul>'; echo '<li>search</li>'; echo '<li>info</li>'; + echo '<li>query</li>'; echo '</ul><br />'; - echo 'Each method requires the following HTTP GET syntax:<br />'; + echo '<i>search</i> and <i>info</i> requires the following HTTP GET syntax:<br />'; echo ' type=<i>methodname</i>&arg=<i>data</i> <br /><br />'; echo 'Where <i>methodname</i> is the name of an allowed method, and <i>data</i> is the argument to the call.<br />'; echo '<br />'; + echo '<br />'; + echo '<i>query<i> has the following syntax: <br />'; + echo 'type=query&arg=<<i>term</i>>&include=<<i>field1</i>>:<<i>field2</i>>:...:<<i>fieldN</i>> <br />'; + echo 'where <i>fieldN</i> is a field to be included in the result. Allowed fields are: <br />'; + echo 'ID, Name, Version, Description, URL, URLPath, License, NumVotes and OutOfDate <br />'; echo 'If you need jsonp type callback specification, you can provide an additional variable <i>callback</i>.<br />'; echo 'Example URL: <br /> http://aur-url/rpc.php?type=search&arg=foobar&callback=jsonp1192244621103'; echo '</body></html>'; diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index be92c25..770a80a 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -21,7 +21,9 @@ if (!extension_loaded('json')) **/ class AurJSON { private $dbh = false; - private $exposed_methods = array('search','info'); + private $exposed_methods = array('search','info','query'); + private $valid_parameters = array('ID','Name','Version','Description','URL','URLPath','License','NumVotes','OutOfDate'); + /** * Handles post data, and routes the request. @@ -42,13 +44,18 @@ class AurJSON { // do the routing if ( in_array($http_data['type'], $this->exposed_methods) ) { // ugh. this works. I hate you php. - $json = call_user_func_array(array(&$this,$http_data['type']),$http_data['arg']); - // allow rpc callback for XDomainAjax - if ( isset($http_data['callback']) ) { - return $http_data['callback'] . "({$json})"; + if ($http_data['type'] === 'query') { + return $this->query($http_data['arg'],$http_data['include']); } - else { - return $json; + else { + $json = call_user_func_array(array(&$this,$http_data['type']),$http_data['arg']); + // allow rpc callback for XDomainAjax + if ( isset($http_data['callback']) ) { + return $http_data['callback'] . "({$json})"; + } + else { + return $json; + } } } else { @@ -137,5 +144,43 @@ class AurJSON { return $this->json_error('No result found'); } } + + private function query($value,$pqdata) { + $pqdata = explode(":",$pqdata); + $value = mysql_real_escape_string($value); + + if (! $this->parameter_sanity($pqdata)) { + return $this->json_error('Parameter error'); + } + + $base_query = "SELECT " . implode(',',$pqdata) . " FROM Packages WHERE DummyPkg=0 AND " . sprintf("( Name LIKE '%%%s%%' OR Description LIKE '%%%s%%' )",$value,$value); + $result = db_query($base_query,$this->dbh); + if($result && (mysql_num_rows($result)>0)){ + $search_data = array(); + while($row = mysql_fetch_assoc($result)) { + array_push($search_data,$row); + } + mysql_free_result($result); + return $this->json_results('query',$search_data); + } + else { + return $this->json_error('No result found'); + } + + } + + /** + * @param $parameters is a semicolon separated string of column names + * @return True if the parameters are acceptable, otherwise false + **/ + private function parameter_sanity($parameters) { + foreach($parameters as $param) { + if (!in_array($param, $this->valid_parameters)) { + return false; + } + } + return true; + } } ?> + -- 1.5.5.3