csw-proxy.php
3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php
// PHP CSW Proxy for CSW services.
// Responds to both HTTP GET and POST requests
//
// Author: Rob van Swol, NLR
// October 15th, 2008
//
$logging = false;
/* Optionally write all requests in a log file */
if ($logging) {
$fh = fopen("lib/proxy.log", "ab+");
$timestamp = strftime("[%Y-%m-%d %H:%M:%S]");
}
$allowed_hosts = array();
$doc = new DOMDocument();
$doc->load('./lib/xml/csw-hosts.xml');
$hosts = $doc->getElementsByTagName("option");
foreach ($hosts as $host) {
//$csw_host_id = trim($host->nodeValue);
$csw_host = trim($host->getAttribute("value"));
//echo $csw_host."\n";
array_push($allowed_hosts, $csw_host);
}
// Get the REST call path from the AJAX application
// Is it a POST or a GET?
$url = ($_POST['csw_host']) ? $_POST['csw_host'] : $_GET['csw_host'];
// Check if $url is a known host
if (!in_array($url, $allowed_hosts)) {
echo "not allowed";
if ($logging) {
fwrite($fh, $timestamp.": refused request...\n");
fwrite($fh, $timestamp.": HOST NOT ALLOWED> ".$url."\n");
}
} else {
if ($logging) {
fwrite($fh, $timestamp.": incoming request...\n");
fwrite($fh, $timestamp.": HOST> ".$url."\n");
}
// Open the Curl session
$session = curl_init($url);
// If it's a POST, put the POST data in the body
if ($_POST['csw_request']) {
//if (substr($_POST['csw_request'],0,5) == "<?xml") {
if (substr($_POST['csw_request'],0,1) == "<") {
// Is magic quotes on?
if (get_magic_quotes_gpc())
$xmlpost = stripslashes($_POST['csw_request']);
else
$xmlpost = $_POST['csw_request'];
curl_setopt ($session, CURLOPT_POST, true);
curl_setopt ($session, CURLOPT_POSTFIELDS, $xmlpost);
curl_setopt ($session, CURLOPT_HTTPHEADER, Array("Content-Type: application/xml"));
//curl_setopt ($session, CURLOPT_SSL_VERIFYPEER, 0);
if ($logging)
fwrite($fh, $timestamp.": POST> ".$xmlpost."\n");
} else {
$postvars = '';
while ($element = current($_POST)) {
if (key($_POST) != "csw_request")
$postvars .= key($_POST).'='.$element.'&';
else
$postvars .= $element.'&';
next($_POST);
}
curl_setopt ($session, CURLOPT_POST, true);
curl_setopt ($session, CURLOPT_POSTFIELDS, $_POST['csw_request']);
curl_setopt ($session, CURLOPT_HTTPHEADER, Array("Content-Type: application/x-www-form-urlencoded"));
if ($logging)
fwrite($fh, $timestamp.": POST> ".$_POST['csw_request']."\n");
}
} else if ($_GET['csw_request']) {
curl_setopt ($session, CURLOPT_POST, true);
curl_setopt ($session, CURLOPT_POSTFIELDS, $_GET['csw_request']);
curl_setopt ($session, CURLOPT_HTTPHEADER, Array("Content-Type: application/x-www-form-urlencoded"));
if ($logging)
fwrite($fh, $timestamp.": GET> ".$_GET['csw_request']."\n");
}
// Don't return HTTP headers. Do return the contents of the call
curl_setopt($session, CURLOPT_HEADER, false);
curl_setopt($session, CURLOPT_RETURNTRANSFER, true);
// Make the call
$xml = curl_exec($session);
// The web service returns XML. Set the Content-Type appropriately
/*
if(file_exists("c:/temp/csw.xml")){
$fp = fopen("c:/temp/csw.xml","r");
$xml = fread($fp,filesize("c:/temp/csw.xml"));
fclose($fp);
}
else
{$xml = curl_exec($session);}
*/
header("Content-Type: text/xml");
if ($logging) {
fwrite($fh, $timestamp.": RESPONSE> ".$xml."\n");
fclose($fh);
}
echo $xml;
curl_close($session);
}
?>