aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--engine/lib/api.php26
-rw-r--r--engine/tests/services/api.php65
-rw-r--r--languages/en.php2
3 files changed, 82 insertions, 11 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index f2424c766..63826cf74 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -335,8 +335,16 @@ function expose_function($method, $function, array $parameters = NULL, $descript
// does not check whether callable - done in execute_method()
$API_METHODS[$method]["function"] = $function;
- if ($parameters != NULL && !is_array($parameters)) {
- throw new InvalidParameterException(sprintf(elgg_echo('InvalidParameterException:APIParametersNotArray'), $method));
+ if ($parameters != NULL) {
+ if (!is_array($parameters)) {
+ throw new InvalidParameterException(sprintf(elgg_echo('InvalidParameterException:APIParametersArrayStructure'), $method));
+ }
+
+ // catch common mistake of not setting up param array correctly
+ $first = current($parameters);
+ if (!is_array($first)) {
+ throw new InvalidParameterException(sprintf(elgg_echo('InvalidParameterException:APIParametersArrayStructure'), $method));
+ }
}
if ($parameters != NULL) {
@@ -668,10 +676,13 @@ function serialise_parameters($method, $parameters) {
case 'boolean':
// change word false to boolean false
if (strcasecmp(trim($parameters[$key]), "false") == 0) {
- $parameters[$key] = false;
+ $serialised_parameters .= ',false';
+ } else if ($parameters[$key] == 0) {
+ $serialised_parameters .= ',false';
+ } else {
+ $serialised_parameters .= ',true';
}
- $serialised_parameters .= "," . (bool)trim($parameters[$key]);
break;
case 'string':
$serialised_parameters .= ",'" . (string)mysql_real_escape_string(trim($parameters[$key])) . "'";
@@ -681,17 +692,18 @@ function serialise_parameters($method, $parameters) {
break;
case 'array':
// we can handle an array of strings, maybe ints, definitely not booleans or other arrays
- $array = "array(";
if (!is_array($parameters[$key]))
{
throw APIException(sprintf(elgg_echo('APIException:ParameterNotArray'), $key));
}
-
+
+ $array = "array(";
+
foreach ($parameters[$key] as $k => $v)
{
$k = sanitise_string($k);
$v = sanitise_string($v);
-
+
$array .= "'$k'=>'$v',";
}
diff --git a/engine/tests/services/api.php b/engine/tests/services/api.php
index 4c3019538..cad28a452 100644
--- a/engine/tests/services/api.php
+++ b/engine/tests/services/api.php
@@ -20,6 +20,7 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
// expose_function
public function testExposeFunctionNoMethod() {
+
$this->expectException('InvalidParameterException');
expose_function();
}
@@ -34,6 +35,11 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
expose_function('test', 'test', 'BAD');
}
+ public function testExposeFunctionParametersNotArray() {
+ $this->expectException('InvalidParameterException');
+ expose_function('test', 'test', array('param1' => 'string'));
+ }
+
public function testExposeFunctionBadHttpMethod() {
$this->expectException('InvalidParameterException');
expose_function('test', 'test', null, '', 'BAD');
@@ -101,9 +107,17 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
// execute_method
public function testExecuteMethodNonCallable() {
+ expose_function('test', 'foo');
+
+ $this->expectException('ApiException');
+ execute_method('test');
+ }
+
+ public function testExecuteMethodWrongMethod() {
$this->registerFunction();
- $this->expectException('APIException');
+ // get when it should be a post
+ $this->expectException('CallException');
execute_method('test');
}
@@ -120,13 +134,58 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
public function testserialise_parameters() {
+ // int and bool
+ $this->registerFunction();
+ $parameters = array('param1' => 1, 'param2' => 0);
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, ',1,false');
+
+ // string
+ $this->registerFunction(false, false, array('param1' => array('type' => 'string')));
+ $parameters = array('param1' => 'testing');
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, ",'testing'");
+
+ // float
+ $this->registerFunction(false, false, array('param1' => array('type' => 'float')));
+ $parameters = array('param1' => 2.5);
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, ',2.5');
+
+ // indexed array of strings
+ $this->registerFunction(false, false, array('param1' => array('type' => 'array')));
+ $parameters = array('param1' => array('one', 'two'));
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, "array('0'=>'one','1'=>'two')");
+
+ // associative array of strings
+ $this->registerFunction(false, false, array('param1' => array('type' => 'array')));
+ $parameters = array('param1' => array('first' => 'one', 'second' => 'two'));
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, "array('first'=>'one','second'=>'two')");
+
+ // indexed array of strings
+ $this->registerFunction(false, false, array('param1' => array('type' => 'array')));
+ $parameters = array('param1' => array(1, 2));
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, "array('0'=>'1','1'=>'2')");
+
+ // test unknown type
+ $this->registerFunction(false, false, array('param1' => array('type' => 'bad')));
+ $parameters = array('param1' => 'test');
+ $this->expectException('APIException');
+ $s = serialise_parameters('test', $parameters);
}
- protected function registerFunction($api_auth = false, $user_auth = false) {
+ protected function registerFunction($api_auth = false, $user_auth = false, $params = null) {
$parameters = array('param1' => array('type' => 'int', 'required' => true),
'param2' => array('type' => 'bool', 'required' => false), );
+
+ if ($params == null) {
+ $params = $parameters;
+ }
- expose_function('test', 'foo', $parameters, '', 'GET', $api_auth, $user_auth);
+ expose_function('test', 'elgg_echo', $params, '', 'POST', $api_auth, $user_auth);
}
}
diff --git a/languages/en.php b/languages/en.php
index 6a692e55b..78310b9f7 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -121,7 +121,7 @@ $english = array(
'SecurityException:APIAccessDenied' => "Sorry, API access has been disabled by the administrator.",
'SecurityException:NoAuthMethods' => "No authentication methods were found that could authenticate this API request.",
'InvalidParameterException:APIMethodOrFunctionNotSet' => "Method or function not set in call in expose_method()",
- 'InvalidParameterException:APIParametersNotArray' => "Parameters must be array in call to expose method '%s'",
+ 'InvalidParameterException:APIParametersArrayStructure' => "Parameters array structure is incorrect for call to expose method '%s'",
'InvalidParameterException:UnrecognisedHttpMethod' => "Unrecognised http method %s for api method '%s'",
'APIException:MissingParameterInMethod' => "Missing parameter %s in method %s",
'APIException:ParameterNotArray' => "%s does not appear to be an array.",