diff --git a/api.php b/api.php index 42bfaae4..c792d18b 100644 --- a/api.php +++ b/api.php @@ -13,10 +13,7 @@ if (Settings::Get('api.enabled') != 1) { header("Content-Type:application/json"); // get our request -$request = isset($_GET['request']) ? $_GET['request'] : null; -if (empty($request)) { - $request = isset($_POST['request']) ? $_POST['request'] : null; -} +$request = @file_get_contents('php://input'); // check if present if (empty($request)) { @@ -63,7 +60,7 @@ function json_response($status, $status_message, $data = null) $response['status_message'] = $status_message; $response['data'] = $data; - $json_response = json_encode($response, JSON_PRETTY_PRINT); + $json_response = json_encode($response, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT); echo $json_response; exit(); } diff --git a/lib/classes/api/abstract.ApiCommand.php b/lib/classes/api/abstract.ApiCommand.php index 43a5b688..dba62676 100644 --- a/lib/classes/api/abstract.ApiCommand.php +++ b/lib/classes/api/abstract.ApiCommand.php @@ -52,20 +52,50 @@ abstract class ApiCommand return (isset($this->user_data[$detail]) ? $this->user_data[$detail] : null); } + /** + * return user-data array + * + * @return array + */ + protected function getUserData() + { + return $this->user_data; + } + /** * receive field from parameter-list * * @param string $param - * + * @param mixed $default + * set if param is not found + * * @throws Exception * @return mixed */ - protected function getParam($param = null) + protected function getParam($param = null, $default = null) { if (isset($this->cmd_params[$param])) { return $this->cmd_params[$param]; } - return null; + return $default; + } + + /** + * update value of parameter + * + * @param string $param + * @param mixed $value + * + * @throws Exception + * @return boolean + */ + protected function updateParam($param, $value = null) + { + if (isset($this->cmd_params[$param])) { + $this->cmd_params[$param] = $value; + return true; + } + throw new Exception("Unable to update parameter '" . $param . "' as it does not exist", 500); } /** @@ -86,7 +116,7 @@ abstract class ApiCommand $response['status_message'] = $status_message; $response['data'] = $data; - $json_response = json_encode($response, JSON_PRETTY_PRINT); + $json_response = json_encode($response, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT); return $json_response; } @@ -95,7 +125,7 @@ abstract class ApiCommand public abstract function get(); public abstract function add(); - + public abstract function update(); public abstract function delete(); diff --git a/lib/classes/api/commands/class.IpsAndPorts.php b/lib/classes/api/commands/class.IpsAndPorts.php index 502d68a1..7aa13794 100644 --- a/lib/classes/api/commands/class.IpsAndPorts.php +++ b/lib/classes/api/commands/class.IpsAndPorts.php @@ -321,16 +321,14 @@ class IpsAndPorts extends ApiCommand if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) { $id = $this->getParam('id'); - $result_stmt = Database::prepare(" - SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :id - "); - $result = Database::pexecute_first($result_stmt, array( + $json_result = IpsAndPorts::getLocal($this->getUserData(), array( 'id' => $id - ), true, true); + ))->get(); + $result = json_decode($json_result, true)['data']; $result_checkdomain_stmt = Database::prepare(" - SELECT `id_domain` as `id` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_ipandports` = :id - "); + SELECT `id_domain` as `id` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_ipandports` = :id + "); $result_checkdomain = Database::pexecute_first($result_checkdomain_stmt, array( 'id' => $id ), true, true);