I would appreciate some feedback on a web service I'm working on that provides the ability to programmatically post course announcements.
The service is in .../htdocs/moodle/mod/forum/rpclib.php:
<?php
require_once 'lib.php';
function mnet_publishes() {
$lib = array();
$lib['name'] = 'mnet_post_news';
$lib['apiversion'] = 1;
$lib['methods'] = array('forum_add_discussion1');
return array($lib);
}
function forum_add_discussion1($forum, $name, $intro, $format, $userid, $mailnow) {
global $USER;
$USER->id = 2;
if ($userid) $USER->id = $userid;
if (! $forum = get_record("forum", "id", $forum)) {
return "The forum number was incorrect ($forum)";
}
$sd = new stdClass;
$sd->forum = $forum;
$sd->name = $name;
$sd->intro = $intro;
$sd->format = $format;
$sd->mailnow = $mailnow;
$sd->course = $forum->course;
$result = forum_add_discussion($sd, $message);
return "$result";
}
?>
These lines were added to forum.php:
$string['forum_add_discussion1_name'] = 'forum_add_discussion';
$string['forum_add_discussion1_description'] = 'calls forum_add_discussion';
Python 3 client for testing:
import time
import xmlrpc.client
timestamp = time.strftime("%Y-%m-%dT%H:%M:%S") # iso_time
forum="1" # BS101
name="subject " + timestamp
intro="msg " + timestamp
format="1"
userid=2 # admin
mailnow=0
serverAddress = "http://localhost:80/moodle/mnet/xmlrpc/server.php"
fnc = "mod/forum/rpclib.php/forum_add_discussion1"
server = xmlrpc.client.Server(serverAddress)
print("*** Calling XML-RPC fnc {0} on {1}".format(fnc, serverAddress))
try:
result = server._ServerProxy__request(fnc, (forum, name, intro, format, userid, mailnow))
print("result =", result)
except:
print("Unexpected error:", sys.exc_info())
raise
Some questions I have:
1. What functions should I use to validate the inputs to prevent exploits?
2. Is this the right way to create this kind of web service?
3. Do you have any other suggestions to improve this?
Thanks,
Bill
Web services
feedback on course announcement web service
This discussion has been locked so you can no longer reply to it.