MDL-30495 HTML5 apps cannot call Webservices functions if a HTTP resource is retrieve...
authorJerome Mouneyrac <jerome@moodle.com>
Wed, 15 Feb 2012 03:33:11 +0000 (11:33 +0800)
committerJerome Mouneyrac <jerome@moodle.com>
Wed, 15 Feb 2012 03:33:11 +0000 (11:33 +0800)
webservice/lib.php
webservice/rest/locallib.php
webservice/rest/server.php
webservice/soap/locallib.php

index ecb6a9b..bc8ece9 100644 (file)
@@ -1209,24 +1209,28 @@ class '.$classname.' {
     }
 
     /**
-     * This method parses the $_REQUEST superglobal and looks for
+     * This method parses the $_POST and $_GET superglobals and looks for
      * the following information:
      *  1/ user authentication - username+password or token (wsusername, wspassword and wstoken parameters)
      *
      * @return void
      */
     protected function parse_request() {
+
+        //Get GET and POST paramters
+        $methodvariables = array_merge($_GET,$_POST);
+
         if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) {
             //note: some clients have problems with entity encoding :-(
-            if (isset($_REQUEST['wsusername'])) {
-                $this->username = $_REQUEST['wsusername'];
+            if (isset($methodvariables['wsusername'])) {
+                $this->username = $methodvariables['wsusername'];
             }
-            if (isset($_REQUEST['wspassword'])) {
-                $this->password = $_REQUEST['wspassword'];
+            if (isset($methodvariables['wspassword'])) {
+                $this->password = $methodvariables['wspassword'];
             }
         } else {
-            if (isset($_REQUEST['wstoken'])) {
-                $this->token = $_REQUEST['wstoken'];
+            if (isset($methodvariables['wstoken'])) {
+                $this->token = $methodvariables['wstoken'];
             }
         }
     }
index 2c75799..075f6b6 100644 (file)
@@ -44,7 +44,7 @@ class webservice_rest_server extends webservice_base_server {
     }
 
     /**
-     * This method parses the $_REQUEST superglobal and looks for
+     * This method parses the $_POST and $_GET superglobals and looks for
      * the following information:
      *  1/ user authentication - username+password or token (wsusername, wspassword and wstoken parameters)
      *  2/ function name (wsfunction parameter)
@@ -53,26 +53,30 @@ class webservice_rest_server extends webservice_base_server {
      * @return void
      */
     protected function parse_request() {
+
+        //Get GET and POST paramters
+        $methodvariables = array_merge($_GET,$_POST);
+
         if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) {
-            $this->username = isset($_REQUEST['wsusername']) ? $_REQUEST['wsusername'] : null;
-            unset($_REQUEST['wsusername']);
+            $this->username = isset($methodvariables['wsusername']) ? $methodvariables['wsusername'] : null;
+            unset($methodvariables['wsusername']);
 
-            $this->password = isset($_REQUEST['wspassword']) ? $_REQUEST['wspassword'] : null;
-            unset($_REQUEST['wspassword']);
+            $this->password = isset($methodvariables['wspassword']) ? $methodvariables['wspassword'] : null;
+            unset($methodvariables['wspassword']);
 
-            $this->functionname = isset($_REQUEST['wsfunction']) ? $_REQUEST['wsfunction'] : null;
-            unset($_REQUEST['wsfunction']);
+            $this->functionname = isset($methodvariables['wsfunction']) ? $methodvariables['wsfunction'] : null;
+            unset($methodvariables['wsfunction']);
 
-            $this->parameters = $_REQUEST;
+            $this->parameters = $methodvariables;
 
         } else {
-            $this->token = isset($_REQUEST['wstoken']) ? $_REQUEST['wstoken'] : null;
-            unset($_REQUEST['wstoken']);
+            $this->token = isset($methodvariables['wstoken']) ? $methodvariables['wstoken'] : null;
+            unset($methodvariables['wstoken']);
 
-            $this->functionname = isset($_REQUEST['wsfunction']) ? $_REQUEST['wsfunction'] : null;
-            unset($_REQUEST['wsfunction']);
+            $this->functionname = isset($methodvariables['wsfunction']) ? $methodvariables['wsfunction'] : null;
+            unset($methodvariables['wsfunction']);
 
-            $this->parameters = $_REQUEST;
+            $this->parameters = $methodvariables;
         }
     }
 
index d89e0c1..ec97e05 100644 (file)
@@ -36,9 +36,6 @@ if (!webservice_protocol_is_enabled('rest')) {
 
 $restformat = optional_param('moodlewsrestformat', 'xml', PARAM_ALPHA);
 //remove the alt from the request
-if(isset($_REQUEST['moodlewsrestformat'])) {
-    unset($_REQUEST['moodlewsrestformat']);
-}
 if(isset($_GET['moodlewsrestformat'])) {
     unset($_GET['moodlewsrestformat']);
 }
index fd49087..bcc8ecb 100644 (file)
@@ -125,7 +125,7 @@ class webservice_soap_server extends webservice_zend_server {
     }
 
     /**
-     * This method parses the $_REQUEST superglobal and looks for
+     * This method parses the $_POST and $_GET superglobals and looks for
      * the following information:
      *  1/ user authentication - username+password or token (wsusername, wspassword and wstoken parameters)
      *