mirror of
https://github.com/mbirth/tcl_update_db.git
synced 2024-12-27 04:54:08 +00:00
Added incoming data validation.
This commit is contained in:
parent
44cd418c7b
commit
ddb5c35ccd
21
index.php
21
index.php
@ -2,6 +2,25 @@
|
|||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
$input_xml = file_get_contents('php://input', false, NULL, -1, 8192); // read max 8 KiB
|
$input_xml = file_get_contents('php://input', false, NULL, -1, 8192); // read max 8 KiB
|
||||||
|
if (strlen($input_xml) >= 8192) {
|
||||||
|
// Max length, probably even longer, definitely no XML
|
||||||
|
http_response_code(413); // "Payload too large"
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
$dom = new DOMDocument();
|
||||||
|
$load_ok = $dom->loadXML($input_xml, LIBXML_NOENT);
|
||||||
|
if (!$load_ok || $dom->childNodes->length < 1) {
|
||||||
|
// XML could not be parsed - invalid or no XML
|
||||||
|
http_response_code(406); // "Not acceptable"
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
$root_node = $dom->childNodes->item(0);
|
||||||
|
if ($root_node->nodeName != 'GOTU') {
|
||||||
|
// Root node isn't <GOTU>, so no update XML
|
||||||
|
http_response_code(412); // "Precondition failed"
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
// ### At this point we can be relatively sure to have the XML we want
|
||||||
echo "Input length is " . strlen($input_xml) . " Bytes." . PHP_EOL;
|
echo "Input length is " . strlen($input_xml) . " Bytes." . PHP_EOL;
|
||||||
echo $input_xml . PHP_EOL;
|
echo $input_xml . PHP_EOL;
|
||||||
// TODO: Check if it's XML
|
// TODO: Check if it's XML
|
||||||
@ -10,7 +29,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
echo "Here is the normal page.";
|
echo "Here is the normal page. " . $_SERVER['REQUEST_METHOD'];
|
||||||
|
|
||||||
|
|
||||||
// TODO: Show statistics from database
|
// TODO: Show statistics from database
|
||||||
|
Loading…
Reference in New Issue
Block a user