pve2-api-php-client

pve2-api-php-client copied to clipboard

(Login Ticket validity) Timestamp is not checked correctly?

1

Line 145: if ($this->login_ticket_timestamp >= (time() + 7200)) { The timestamp is always expired this way. It should be: if ($this->login_ticket_timestamp

mvdgeijn

HTTP/2 not supported (in case of PVE Node behind Reverse Proxy)

1

If a Proxmox Host is behind a Reverse Proxy that responds with HTTP/2, the api will return "invalid HTTP Response". This is because HTTP is parsed manually: https://github.com/CpuID/pve2-api-php-client/blob/b9ef9cb4f040cf71bfa5281b1e31bfae7a984474/pve2_api.class.php#L245

Anuril

Debug Mode (Verbose Logging/Reporting); PSR-3 logging interface for PHP

4

the debug mode no longer exist in the new class . where we can active the debug mode and show the full response ?

naja7host

Get UPID as a response (where request launched worker/runner)

1

Hello, I need to update php client to always get a UPID for a valid request. It's valid for POST requests only. PUT returns boolean 1 if it's valid. Is...

BenJaziaSadok

Printing "FULL REPONSE" every time

1

Hi, I think you forgot to delete / comment line 233-238 because at every (get, put, post delete) action the script returns an full response from curl. 

GrabauNetwork

Improve error_log & error pass-back; Add getTicket(); Silence verbose logging; Link to repo

1

Helps as the class gets added to code-bases, easier to track it. You weren't wrong about not working with it! Investigate @danhunsaker concept of PSR-3 handling mentioned in Issue #19...

lsthompson

[Security] cURL SSL/TLS Verification -> option; Verbose Logging -> option/disabled

2

I found several security flaws in the action function. ### SSL/TLS Verification Disabled https://github.com/CpuID/pve2-api-php-client/blob/b9ef9cb4f040cf71bfa5281b1e31bfae7a984474/pve2_api.class.php#L219C20-L219C20 ``` curl_setopt($prox_ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($prox_ch, CURLOPT_SSL_VERIFYHOST, false); ``` This makes the requests vulnerable to Man-in-the-Middle (MITM)...

Anuril

Comment out the verbose error logging segment. Plan is to expose this via option as part of Issue #47 and Pull #42 @danhunsaker if you could please review & merge...

lsthompson

Add API Token Auth Support

1

Add the support for auth with API Token **How it works** ============ the class now parse the password parameter ($this->password). if there a ":" in password they will be use...

spamhome

Add support for parameters to GET requests

6

Addresses GitHub Issue #8 - Set parameters as CURLOPT_POSTFIELDS, which cURL will automatically translate into the URL query string. This lets us pass the ?params versus &params logic off to...

danhunsaker