You are here

function xmlrpc_server_multicall in Drupal 7

Same name and namespace in other branches
  1. 4 includes/xmlrpcs.inc \xmlrpc_server_multicall()
  2. 5 includes/xmlrpcs.inc \xmlrpc_server_multicall()
  3. 6 includes/xmlrpcs.inc \xmlrpc_server_multicall()

Dispatches multiple XML-RPC requests.

Parameters

array $methodcalls: An array of XML-RPC requests to make. Each request is an array with the following elements:

  • methodName: Name of the method to invoke.
  • params: Parameters to pass to the method.

Return value

An array of the results of each request.

See also

xmlrpc_server_call()

1 string reference to 'xmlrpc_server_multicall'
xmlrpc_server in includes/xmlrpcs.inc
Invokes XML-RPC methods on this server.

File

includes/xmlrpcs.inc, line 265
Provides API for defining and handling XML-RPC requests.

Code

function xmlrpc_server_multicall($methodcalls) {

  // See http://www.xmlrpc.com/discuss/msgReader$1208
  // To avoid multicall expansion attacks, limit the number of duplicate method
  // calls allowed with a default of 1. Set to -1 for unlimited.
  $duplicate_method_limit = variable_get('xmlrpc_multicall_duplicate_method_limit', 1);
  $method_count = array();
  $return = array();
  $xmlrpc_server = xmlrpc_server_get();
  foreach ($methodcalls as $call) {
    $ok = TRUE;
    if (!isset($call['methodName']) || !isset($call['params'])) {
      $result = xmlrpc_error(3, t('Invalid syntax for system.multicall.'));
      $ok = FALSE;
    }
    $method = $call['methodName'];
    $method_count[$method] = isset($method_count[$method]) ? $method_count[$method] + 1 : 1;
    $params = $call['params'];
    if ($method == 'system.multicall') {
      $result = xmlrpc_error(-32600, t('Recursive calls to system.multicall are forbidden.'));
    }
    elseif ($duplicate_method_limit > 0 && $method_count[$method] > $duplicate_method_limit) {
      $result = xmlrpc_error(-156579, t('Too many duplicate method calls in system.multicall.'));
    }
    elseif ($ok) {
      $result = xmlrpc_server_call($xmlrpc_server, $method, $params);
    }
    if (is_object($result) && !empty($result->is_error)) {
      $return[] = array(
        'faultCode' => $result->code,
        'faultString' => $result->message,
      );
    }
    else {
      $return[] = array(
        $result,
      );
    }
  }
  return $return;
}