3 files changed, 82 insertions, 11 deletions

diff --git a/engine/lib/api.php b/engine/lib/api.php
index f2424c766..63826cf74 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -335,8 +335,16 @@ function expose_function($method, $function, array $parameters = NULL, $descript
 	// does not check whether callable - done in execute_method()
 	$API_METHODS[$method]["function"] = $function;
 
-	if ($parameters != NULL && !is_array($parameters)) {
-		throw new InvalidParameterException(sprintf(elgg_echo('InvalidParameterException:APIParametersNotArray'), $method));	
+	if ($parameters != NULL) {	
+		if (!is_array($parameters)) {
+			throw new InvalidParameterException(sprintf(elgg_echo('InvalidParameterException:APIParametersArrayStructure'), $method));
+		}
+		
+		// catch common mistake of not setting up param array correctly
+		$first = current($parameters);
+		if (!is_array($first)) {
+			throw new InvalidParameterException(sprintf(elgg_echo('InvalidParameterException:APIParametersArrayStructure'), $method));
+		}
 	}
 	
 	if ($parameters != NULL) {
@@ -668,10 +676,13 @@ function serialise_parameters($method, $parameters) {
 			case 'boolean': 
 				// change word false to boolean false
 				if (strcasecmp(trim($parameters[$key]), "false") == 0) { 
-					$parameters[$key] = false;
+					$serialised_parameters .= ',false';
+				} else if ($parameters[$key] == 0) {
+					$serialised_parameters .= ',false';
+				} else {
+					$serialised_parameters .= ',true';
 				}
 				
-				$serialised_parameters .= "," . (bool)trim($parameters[$key]); 
 				break;
 			case 'string': 
 				$serialised_parameters .= ",'" .  (string)mysql_real_escape_string(trim($parameters[$key])) . "'"; 
@@ -681,17 +692,18 @@ function serialise_parameters($method, $parameters) {
 				break;
 			case 'array':
 				// we can handle an array of strings, maybe ints, definitely not booleans or other arrays										
-				$array = "array(";
 				if (!is_array($parameters[$key]))
 				{
 					throw APIException(sprintf(elgg_echo('APIException:ParameterNotArray'), $key));
 				}
-							
+									
+				$array = "array(";
+				
 				foreach ($parameters[$key] as $k => $v)
 				{
 					$k = sanitise_string($k);
 					$v = sanitise_string($v);
-								
+									
 					$array .= "'$k'=>'$v',";
 				}
 							
diff --git a/engine/tests/services/api.php b/engine/tests/services/api.php
index 4c3019538..cad28a452 100644
--- a/engine/tests/services/api.php
+++ b/engine/tests/services/api.php
@@ -20,6 +20,7 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
 	

 // expose_function

 	public function testExposeFunctionNoMethod() {

+		

 		$this->expectException('InvalidParameterException');

 		expose_function();

 	}

@@ -34,6 +35,11 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
 		expose_function('test', 'test', 'BAD');

 	}

 	

+	public function testExposeFunctionParametersNotArray() {

+		$this->expectException('InvalidParameterException');

+		expose_function('test', 'test', array('param1' => 'string'));

+	}

+	

 	public function testExposeFunctionBadHttpMethod() {

 		$this->expectException('InvalidParameterException');

 		expose_function('test', 'test', null, '', 'BAD');

@@ -101,9 +107,17 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
 	

 // execute_method

 	public function testExecuteMethodNonCallable() {

+		expose_function('test', 'foo');

+		

+		$this->expectException('ApiException');

+		execute_method('test');

+	}

+

+	public function testExecuteMethodWrongMethod() {

 		$this->registerFunction();

 		

-		$this->expectException('APIException');

+		// get when it should be a post

+		$this->expectException('CallException');

 		execute_method('test');

 	}

 	

@@ -120,13 +134,58 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
 	

 	public function testserialise_parameters() {

 		

+		// int and bool

+		$this->registerFunction();

+		$parameters = array('param1' => 1, 'param2' => 0);

+		$s = serialise_parameters('test', $parameters);

+		$this->assertIdentical($s, ',1,false');

+		

+		// string

+		$this->registerFunction(false, false, array('param1' => array('type' => 'string')));

+		$parameters = array('param1' => 'testing');

+		$s = serialise_parameters('test', $parameters);

+		$this->assertIdentical($s, ",'testing'");

+

+		// float

+		$this->registerFunction(false, false, array('param1' => array('type' => 'float')));

+		$parameters = array('param1' => 2.5);

+		$s = serialise_parameters('test', $parameters);

+		$this->assertIdentical($s, ',2.5');

+

+		// indexed array of strings

+		$this->registerFunction(false, false, array('param1' => array('type' => 'array')));

+		$parameters = array('param1' => array('one', 'two'));

+		$s = serialise_parameters('test', $parameters);

+		$this->assertIdentical($s, "array('0'=>'one','1'=>'two')");

+

+		// associative array of strings

+		$this->registerFunction(false, false, array('param1' => array('type' => 'array')));

+		$parameters = array('param1' => array('first' => 'one', 'second' => 'two'));

+		$s = serialise_parameters('test', $parameters);

+		$this->assertIdentical($s, "array('first'=>'one','second'=>'two')");

+

+		// indexed array of strings

+		$this->registerFunction(false, false, array('param1' => array('type' => 'array')));

+		$parameters = array('param1' => array(1, 2));

+		$s = serialise_parameters('test', $parameters);

+		$this->assertIdentical($s, "array('0'=>'1','1'=>'2')");

+

+		// test unknown type

+		$this->registerFunction(false, false, array('param1' => array('type' => 'bad')));

+		$parameters = array('param1' => 'test');

+		$this->expectException('APIException');

+		$s = serialise_parameters('test', $parameters);

 	}

 	

-	protected function registerFunction($api_auth = false, $user_auth = false) {

+	protected function registerFunction($api_auth = false, $user_auth = false, $params = null) {

 		$parameters = array('param1' => array('type' => 'int', 'required' => true),

 							'param2' => array('type' => 'bool', 'required' => false), );

+		

+		if ($params == null) {

+			$params = $parameters;

+		}

 

-		expose_function('test', 'foo', $parameters, '', 'GET', $api_auth, $user_auth);

+		expose_function('test', 'elgg_echo', $params, '', 'POST', $api_auth, $user_auth);

 	}

 	

 }

diff --git a/languages/en.php b/languages/en.php
index 6a692e55b..78310b9f7 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -121,7 +121,7 @@ $english = array(
 	'SecurityException:APIAccessDenied' => "Sorry, API access has been disabled by the administrator.",
 	'SecurityException:NoAuthMethods' => "No authentication methods were found that could authenticate this API request.",
 	'InvalidParameterException:APIMethodOrFunctionNotSet' => "Method or function not set in call in expose_method()",
-	'InvalidParameterException:APIParametersNotArray' => "Parameters must be array in call to expose method '%s'",
+	'InvalidParameterException:APIParametersArrayStructure' => "Parameters array structure is incorrect for call to expose method '%s'",
 	'InvalidParameterException:UnrecognisedHttpMethod' => "Unrecognised http method %s for api method '%s'",
 	'APIException:MissingParameterInMethod' => "Missing parameter %s in method %s",
 	'APIException:ParameterNotArray' => "%s does not appear to be an array.",