diff options
Diffstat (limited to 'engine')
-rw-r--r-- | engine/lib/api.php | 26 | ||||
-rw-r--r-- | engine/tests/services/api.php | 65 |
2 files changed, 81 insertions, 10 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php index f2424c766..63826cf74 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -335,8 +335,16 @@ function expose_function($method, $function, array $parameters = NULL, $descript // does not check whether callable - done in execute_method() $API_METHODS[$method]["function"] = $function; - if ($parameters != NULL && !is_array($parameters)) { - throw new InvalidParameterException(sprintf(elgg_echo('InvalidParameterException:APIParametersNotArray'), $method)); + if ($parameters != NULL) { + if (!is_array($parameters)) { + throw new InvalidParameterException(sprintf(elgg_echo('InvalidParameterException:APIParametersArrayStructure'), $method)); + } + + // catch common mistake of not setting up param array correctly + $first = current($parameters); + if (!is_array($first)) { + throw new InvalidParameterException(sprintf(elgg_echo('InvalidParameterException:APIParametersArrayStructure'), $method)); + } } if ($parameters != NULL) { @@ -668,10 +676,13 @@ function serialise_parameters($method, $parameters) { case 'boolean': // change word false to boolean false if (strcasecmp(trim($parameters[$key]), "false") == 0) { - $parameters[$key] = false; + $serialised_parameters .= ',false'; + } else if ($parameters[$key] == 0) { + $serialised_parameters .= ',false'; + } else { + $serialised_parameters .= ',true'; } - $serialised_parameters .= "," . (bool)trim($parameters[$key]); break; case 'string': $serialised_parameters .= ",'" . (string)mysql_real_escape_string(trim($parameters[$key])) . "'"; @@ -681,17 +692,18 @@ function serialise_parameters($method, $parameters) { break; case 'array': // we can handle an array of strings, maybe ints, definitely not booleans or other arrays - $array = "array("; if (!is_array($parameters[$key])) { throw APIException(sprintf(elgg_echo('APIException:ParameterNotArray'), $key)); } - + + $array = "array("; + foreach ($parameters[$key] as $k => $v) { $k = sanitise_string($k); $v = sanitise_string($v); - + $array .= "'$k'=>'$v',"; } diff --git a/engine/tests/services/api.php b/engine/tests/services/api.php index 4c3019538..cad28a452 100644 --- a/engine/tests/services/api.php +++ b/engine/tests/services/api.php @@ -20,6 +20,7 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest { // expose_function
public function testExposeFunctionNoMethod() {
+
$this->expectException('InvalidParameterException');
expose_function();
}
@@ -34,6 +35,11 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest { expose_function('test', 'test', 'BAD');
}
+ public function testExposeFunctionParametersNotArray() {
+ $this->expectException('InvalidParameterException');
+ expose_function('test', 'test', array('param1' => 'string'));
+ }
+
public function testExposeFunctionBadHttpMethod() {
$this->expectException('InvalidParameterException');
expose_function('test', 'test', null, '', 'BAD');
@@ -101,9 +107,17 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest { // execute_method
public function testExecuteMethodNonCallable() {
+ expose_function('test', 'foo');
+
+ $this->expectException('ApiException');
+ execute_method('test');
+ }
+
+ public function testExecuteMethodWrongMethod() {
$this->registerFunction();
- $this->expectException('APIException');
+ // get when it should be a post
+ $this->expectException('CallException');
execute_method('test');
}
@@ -120,13 +134,58 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest { public function testserialise_parameters() {
+ // int and bool
+ $this->registerFunction();
+ $parameters = array('param1' => 1, 'param2' => 0);
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, ',1,false');
+
+ // string
+ $this->registerFunction(false, false, array('param1' => array('type' => 'string')));
+ $parameters = array('param1' => 'testing');
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, ",'testing'");
+
+ // float
+ $this->registerFunction(false, false, array('param1' => array('type' => 'float')));
+ $parameters = array('param1' => 2.5);
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, ',2.5');
+
+ // indexed array of strings
+ $this->registerFunction(false, false, array('param1' => array('type' => 'array')));
+ $parameters = array('param1' => array('one', 'two'));
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, "array('0'=>'one','1'=>'two')");
+
+ // associative array of strings
+ $this->registerFunction(false, false, array('param1' => array('type' => 'array')));
+ $parameters = array('param1' => array('first' => 'one', 'second' => 'two'));
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, "array('first'=>'one','second'=>'two')");
+
+ // indexed array of strings
+ $this->registerFunction(false, false, array('param1' => array('type' => 'array')));
+ $parameters = array('param1' => array(1, 2));
+ $s = serialise_parameters('test', $parameters);
+ $this->assertIdentical($s, "array('0'=>'1','1'=>'2')");
+
+ // test unknown type
+ $this->registerFunction(false, false, array('param1' => array('type' => 'bad')));
+ $parameters = array('param1' => 'test');
+ $this->expectException('APIException');
+ $s = serialise_parameters('test', $parameters);
}
- protected function registerFunction($api_auth = false, $user_auth = false) {
+ protected function registerFunction($api_auth = false, $user_auth = false, $params = null) {
$parameters = array('param1' => array('type' => 'int', 'required' => true),
'param2' => array('type' => 'bool', 'required' => false), );
+
+ if ($params == null) {
+ $params = $parameters;
+ }
- expose_function('test', 'foo', $parameters, '', 'GET', $api_auth, $user_auth);
+ expose_function('test', 'elgg_echo', $params, '', 'POST', $api_auth, $user_auth);
}
}
|