XML_RPC

PHP implementation of the XML-RPC protocol

A PEAR-ified version of Useful Inc's XML-RPC for PHP. It has support for HTTP/HTTPS transport, proxies and authentication. ssb Stig Bakken stig@php.net lead danielc Daniel Convissor danielc@php.net lead 1.4.0 2005-08-14 PHP License stable * MAJOR SECURITY FIX: eliminate use of eval(). * Using socket_get_status() because stream_get_meta_data() was introduced in 4.3.0, but we need to support 4.2.0. Bug 4805. 1.3.3 2005-07-15 stable * Eliminate memory leak by resetting $XML_RPC_xh each time parseResponse() is called. Bug 4780. * Using socket_set_timeout() because stream_set_timeout() was introduced in 4.3.0, but we need to support 4.2.0. Bug 4805. 1.3.2 2005-07-07 stable * Eliminate path disclosure vulnerabilities by suppressing error messages when eval()'ing. * Eliminate path disclosure vulnerability by catching bogus parameters submitted to XML_RPC_Value::serializeval(). * In XML_RPC_Server::service(), only call createServerPayload() and createServerHeaders() if necessary. Fixes compatibility issue introduced in Release 1.3.0RC1 for users who set the $serviceNow parameter of XML_RPC_Server() to 0. Bug 4757. * Change "var $errstring" to "var $errstr". Bug 4582. Was put into CVS version 1.75 of RPC.php but didn't make it into RELEASE_1_3_1. 1.3.1 2005-06-29 stable * Security fix. Update highly recommended! 1.3.0 2005-06-13 stable * Stable release. See earlier releases for changes since 1.2.2. 1.3.0RC3 2005-05-10 beta * When verifying requests against function signatures, if the number of parameters don't match, provide an appropriate message. NOTE: this resolves a path disclosure vulnerability. (Refines the changes made in the last commit.) Bug 4231. * XML_RPC_Message::getParam() now returns an XML_RPC_Response object upon error. Changed from Release 1.3.0RC2. * Add the XML_RPC_Value::isValue() method. For testing if an item is an XML_RPC_Value object. * If XML_RPC_Client::send() is given an incorrect $msg parameter, raise an error with the new XML_RPC_ERROR_PROGRAMMING code and return 0. * Improve cross-platform operation by using PEAR::loadExtension() instead of dl(). * Use <br /> instead of <br> in XML_RPC_Value::dump(). 1.3.0RC2 2005-05-05 beta * If XML_RPC_Message::getParam() is given an incorrect parameter, raise an error with the new XML_RPC_ERROR_INCORRECT_PARAMS code and return FALSE. * Handle improper requests to XML_RPC_Server::verifySignature(). Bug 4231. * Try to allow HTTP 100 responses if followed by a 200 response. Bug 4116. * Help Delphi users by making RPCMETHODNAME an alias for METHODNAME. Request 4205. 1.3.0RC1 2005-04-07 beta * Improve timeout handling for situations where connection to server is made but no response is not received in time. Accomplished via stream_set_timeout(). Request 3963. * Add Fault Code 6: "The requested method didn't return an XML_RPC_Response object." Request 4032. * Add the createServerPayload() and createServerHeaders() methods and the $server_payload and $server_headers properties. Request 3121. * As in earlier versions, if the $serviceNow parameter to XML_RPC_Server() is 0, no data will be returned, but now the new $server_payload and $server_headers properties will be set. * Convert the parser handle to an integer before using it as an index for $XML_RPC_xh[$parser]. Reduces E_STRICT notices. Bug 3782. * Add createHeaders() method and $headers property to XML_RPC_Client to make testing easier. 1.2.2 2005-03-07 stable * When using a proxy, add the protocol to the Request-URI, making it an "absoluteURI" as per the HTTP 1.0 spec. Bug 3679. 1.2.1 2005-03-01 stable * Add isset() check before examining the dispatch map. Bug 3658. 1.2.0 2005-02-27 stable * Provide the "stable" release. * Add package2.xml for compatibility with PEAR 1.4.0. * For changes since 1.1.0, see the changelogs for the various RC releases. 1.2.0RC7 2005-02-22 beta * Add the setSendEncoding() method and $send_encoding property to XML_RPC_Message. Request 3537. * Allow class methods to be mapped using either syntax: 'function' => 'hello::sayHello', or 'function' => array('hello', 'sayhello'), Bug 3363. * Use 8192 instead of 32768 for bytes in fread() in parseResponseFile(). Bug 3340. 1.2.0RC6 2005-01-25 beta * Don't put the protocol in the Host field of the POST data. (danielc) 1.2.0RC5 2005-01-24 beta * If $port is 443 but a protocol isn't specified in $server, assume ssl:// is the protocol. 1.2.0RC4 2005-01-24 beta * When a connection attempt fails, have the method return 0. (danielc) * Move the protocol/port checking/switching and the property settings from sendPayloadHTTP10() to the XML_RPC_Client constructor. (danielc) * Add tests for setting the client properties. (danielc) * Remove $GLOBALS['XML_RPC_twoslash'] since it's not used. (danielc) * Bundle the tests with the package. (danielc) 1.2.0RC3 2005-01-19 beta * ssl uses port 443, not 445. 1.2.0RC2 2005-01-11 beta * Handle ssl:// in the $server string. (danielc) * Also default to port 445 for ssl:// requests as well. (danielc) * Enhance debugging in the server. (danielc) 1.2.0RC1 2004-12-30 beta * Make things work with SSL. Bug 2489. (nkukard lbsd net) * Allow array function callbacks (Matt Kane) * Some minor speed-ups (Matt Kane) * Add Dump.php to the package (Christian Weiske) * Replace all line endings with \r\n. Had only done replacements on \n. Bug 2521. (danielc) * Silence fsockopen() errors. Bug 1714. (danielc) * Encode empty arrays as an array. Bug 1493. (danielc) * Eliminate undefined index notice when submitting empty arrays to XML_RPC_Encode(). Bug 1819. (danielc) * Speed up check for enumerated arrays in XML_RPC_Encode(). (danielc) * Prepend "XML_RPC_" to ERROR_NON_NUMERIC_FOUND, eliminating problem when eval()'ing error messages. (danielc) * Use XML_RPC_Base::raiseError() instead of PEAR::raiseError() in XML_RPC_ee() because PEAR.php is lazy loaded. (danielc) * Allow raiseError() to be called statically. (danielc) * Stop double escaping of character entities. Bug 987. (danielc) NOTICE: the following have been removed: * XML_RPC_dh() * $GLOBALS['XML_RPC_entities'] * XML_RPC_entity_decode() * XML_RPC_lookup_entity() * Determine the XML's encoding via the encoding attribute in the XML declaration. Bug 52. (danielc) 1.1.0 2004-03-15 stable * Added support for sequential arrays to XML_RPC_encode() (mroch) * Cleaned up new XML_RPC_encode() changes a bit (mroch, pierre) * Remove "require_once 'PEAR.php'", include only when needed to raise an error * Replace echo and error_log() with raiseError() (mroch) * Make all classes extend XML_RPC_Base, which will handle common functions (mroch) * be tolerant of junk after methodResponse (Luca Mariano, mroch) * Silent notice even in the error log (pierre) * fix include of shared xml extension on win32 (pierre) 1.0.4 2002-10-02 stable * added HTTP proxy authorization support (thanks to Arnaud Limbourg) 1.0.3 2002-05-19 stable * fix bug when parsing responses with boolean types 1.0.2 2002-04-16 stable * E_ALL fixes * fix HTTP response header parsing 1.0.1 2001-09-25 stable This is a PEAR-ified version of Useful Inc's 1.0.1 release. Includes an urgent security fix identified by Dan Libby <dan@libby.com>.