Merge pull request #835 from greezybacon/oops/api-size

oops: Add "size" to allowed API properties for attachments Reviewed-By: Peter Rotich <peter@osticket.com>

Merge pull request #835 from greezybacon/oops/api-size
529c1c4f · Peter Rotich · 12bcb16b · d61df1f3 · 529c1c4f · 529c1c4f
Commit 529c1c4f authored 11 years ago by Peter Rotich
--- a/include/api.tickets.php
+++ b/include/api.tickets.php
@@ -12,7 +12,7 @@ class TicketApiController extends ApiController {
        $supported = array(
            "alert", "autorespond", "source", "topicId",
            "attachments" => array("*" =>
-                array("name", "type", "data", "encoding")
+                array("name", "type", "data", "encoding", "size")
            ),
            "message", "ip", "priorityId"
        );
@@ -53,11 +53,11 @@ class TicketApiController extends ApiController {
    /*
     Validate data - overwrites parent's validator for additional validations.
    */
-    function validate(&$data, $format) {
+    function validate(&$data, $format, $strict=true) {
        global $ost;

        //Call parent to Validate the structure
-        if(!parent::validate($data, $format))
+        if(!parent::validate($data, $format, $strict) && $strict)
            $this->exerr(400, 'Unexpected or invalid data received');

        //Nuke attachments IF API files are not allowed.

--- a/include/class.api.php
+++ b/include/class.api.php
@@ -221,7 +221,7 @@ class ApiController {
            $this->exerr(400, $parser->lastError());

        //Validate structure of the request.
-        $this->validate($data, $format);
+        $this->validate($data, $format, false);

        return $data;
    }
@@ -241,19 +241,25 @@ class ApiController {
     * expected. It is assumed that the functions actually implementing the
     * API will further validate the contents of the request
     */
-    function validateRequestStructure($data, $structure, $prefix="") {
+    function validateRequestStructure($data, $structure, $prefix="", $strict=true) {
+        global $ost;

        foreach ($data as $key=>$info) {
            if (is_array($structure) and is_array($info)) {
                $search = (isset($structure[$key]) && !is_numeric($key)) ? $key : "*";
                if (isset($structure[$search])) {
-                    $this->validateRequestStructure($info, $structure[$search], "$prefix$key/");
+                    $this->validateRequestStructure($info, $structure[$search], "$prefix$key/", $strict);
                    continue;
                }
            } elseif (in_array($key, $structure)) {
                continue;
            }
-            return $this->exerr(400, "$prefix$key: Unexpected data received");
+            if ($strict)
+                return $this->exerr(400, "$prefix$key: Unexpected data received");
+            else
+                $ost->logWarning('API Unexpected Data',
+                    "$prefix$key: Unexpected data received in API request",
+                    false);
        }

        return true;
@@ -263,11 +269,12 @@ class ApiController {
     * Validate request.
     *
     */
-    function validate(&$data, $format) {
+    function validate(&$data, $format, $strict=true) {
        return $this->validateRequestStructure(
                $data,
-                $this->getRequestStructure($format, $data)
-                );
+                $this->getRequestStructure($format, $data),
+                "",
+                $strict);
    }

    /**

--- a/include/class.mailfetch.php
+++ b/include/class.mailfetch.php
@@ -663,6 +663,7 @@ class MailFetcher {
                    $attachments[] = array(
                        'cid' => @$at->AttachContentId ?: false,
                        'data' => $at,
+                        'size' => @$at->DataSize ?: null,
                        'type' => @$at->AttachMimeTag ?: false,
                        'name' => $at->getName(),
                    );

--- a/include/class.mailparse.php
+++ b/include/class.mailparse.php
@@ -424,6 +424,7 @@ class Mail_Parse {
                $files[] = array(
                    'cid' => @$at->AttachContentId ?: false,
                    'data' => $at->getData(),
+                    'size' => @$at->DataSize ?: null,
                    'type' => @$at->AttachMimeTag ?: false,
                    'name' => $at->getName(),
                );

--- a/include/tnef_decoder.php
+++ b/include/tnef_decoder.php
@@ -491,6 +491,7 @@ class TnefStreamParser {
                break;
            case self::attAttachData:
                $attach->_setData($info['data']);
+                $attach->_setDataSize($info['length']);
                break;
            }
        }
@@ -557,6 +558,10 @@ class TnefAttachment extends AbstractTnefObject {
        $this->Data = $data;
    }

+    function _setDataSize($size) {
+        $this->DataSize = $size;
+    }
+
    function getData() {
        if (isset($this->Data))
            return $this->Data;