Conheça as melhorias da versão 8.0, 8.1, 8.2!
Clique aqui para saber mais
Conheça Características Quem usa Galeria Cursos Docs Fórum
Downloads
Posts Fique por dentro Sobre o Fórum Minha conta
webservice retornando todos os registro do banco Bom dia a toda comunidade, preparei um webservice pra retornar dados de um determinado registro da tabela Atendimento, para isso deve-se passar o protocolo de atendimento. Segue a chamada no WS: http://localhost/isonomicus_1.2/14476001000111/pagamento/191-TKI3-854/informarPagamento?prefeitura_cnpj=92923578000100&chave_acesso=202cb962ac59075b964b07152d234b70 O protocolo co...
RC
webservice retornando todos os registro do banco  
Ricardo Câmara 13/08/2019 (há 6 anos)
Bom dia a toda comunidade,
preparei um webservice pra retornar dados de um determinado registro da tabela Atendimento,
para isso deve-se passar o protocolo de atendimento.

Segue a chamada no WS:
http://localhost/isonomicus_1.2/14476001000111/pagamento/191-TKI3-854/informarPagamento?prefeitura_cnpj=92923578000100&chave_acesso=202cb962ac59075b964b07152d234b70


O protocolo consultado que está na string é o 191-TKI3-854
Esse é o protocolo exatamente igual ao que está registrado no banco e manda o retorno:
{ "status": "success", "data": "{ "atendimento_id":702, "system_user_id":"2", "registrado":"2019-08-13 11:43:25" }" }


Entretanto, se eu coloco um ponto em qualquer lugar do protocolo 19.1-TKI3-854 (tentativa de burlar o sistema), retorna-se todos os registros do banco, como pode se ver a seguir:

//query de WS http://localhost/isonomicus_1.2/14476001000111/pagamento/19.1-TKI3-854/informarPagamento?prefeitura_cnpj=92923578000100&chave_acesso=202cb962ac59075b964b07152d234b70 //retorno do WS { "status": "success", "data": [ { "id": 1, "atendimento_id": 272, "forma_pagamento_id": 3, "system_user_id": 2, "registrado": "2018-08-21 13:38:02", "valor_operacao": "470.43", "hash": "UEN25TMI1LIq713ZYV6500br", "email_enviado": null, "valor_parcela": "497.15", "qtd_parcelas": 2, "percentual_juros": "1.14" }, { "id": 2, "atendimento_id": 241, "forma_pagamento_id": 3, "system_user_id": 2, "registrado": "2019-01-03 18:07:01", "valor_operacao": "662.59", "hash": "YJW17AOT4YYx841SOW1333kf", "email_enviado": null, "valor_parcela": "324.49", "qtd_parcelas": 4, "percentual_juros": "7.8" }, { "id": 3, "atendimento_id": 387, "forma_pagamento_id": 3, "system_user_id": 2, "registrado": "2018-07-31 23:07:51", "valor_operacao": "420.66", "hash": "YZZ63CAE6PLw639SRK0062qq", "email_enviado": null, "valor_parcela": "108.95", "qtd_parcelas": 10, "percentual_juros": "0.59" }, { "id": 4, "atendimento_id": 697, "forma_pagamento_id": 3, "system_user_id": 2, "registrado": "2019-08-27 13:59:15", "valor_operacao": "573.46", "hash": "KWU08BLL2PLe818EDF8782rv", "email_enviado": null, "valor_parcela": "257.47", "qtd_parcelas": 7, "percentual_juros": "2.46" }, { "id": 5, "atendimento_id": 234, "forma_pagamento_id": 2, "system_user_id": 1, "registrado": "2019-11-07 02:01:55", "valor_operacao": "408.84", "hash": "XVO59PYN3RRh946LHZ3215qf", "email_enviado": null, "valor_parcela": "179.69", "qtd_parcelas": 2, "percentual_juros": "7.29" }, { "id": 6, "atendimento_id": 375, "forma_pagamento_id": 2, "system_user_id": 2, "registrado": "2018-09-13 23:11:54", "valor_operacao": "369.49", "hash": "FAT91LRV1EQw289TGV5671qw", "email_enviado": null, "valor_parcela": "252.62", "qtd_parcelas": 1, "percentual_juros": "5.7" }, { "id": 7, "atendimento_id": 583, "forma_pagamento_id": 1, "system_user_id": 1, "registrado": "2018-09-11 09:34:10", "valor_operacao": "495.84", "hash": "ARV91VGN2RQb732CCR2784vk", "email_enviado": null, "valor_parcela": "437.97", "qtd_parcelas": 6, "percentual_juros": "2.84" }, { "id": 8, "atendimento_id": 300, "forma_pagamento_id": 1, "system_user_id": 2, "registrado": "2019-05-25 02:23:58", "valor_operacao": "798.02", "hash": "SNN56NEU5UOj751KLR4106dt", "email_enviado": null, "valor_parcela": "339.5", "qtd_parcelas": 2, "percentual_juros": "5.09" }, { "id": 9, "atendimento_id": 551, "forma_pagamento_id": 3, "system_user_id": 1, "registrado": "2020-04-10 07:01:17", "valor_operacao": "624.84", "hash": "QOX16JAE0IHu263NDD4806gp", "email_enviado": null, "valor_parcela": "482.84", "qtd_parcelas": 3, "percentual_juros": "0.45" }, { "id": 10, "atendimento_id": 692, "forma_pagamento_id": 3, "system_user_id": 1, "registrado": "2020-02-19 05:26:46", "valor_operacao": "410.77", "hash": "AHP09TKN4QIg255UWE7234qo", "email_enviado": null, "valor_parcela": "330.27", "qtd_parcelas": 8, "percentual_juros": "8.92" }, { "id": 11, "atendimento_id": 555, "forma_pagamento_id": 3, "system_user_id": 2, "registrado": "2019-05-05 02:15:48", "valor_operacao": "832.33", "hash": "FMV72YLN1OLt431GXJ9074jc", "email_enviado": null, "valor_parcela": "181.69", "qtd_parcelas": 9, "percentual_juros": "7.4" } }


Tal comportamento É TOTALMENTE INDESEJADO.

Segue o código do serviço WS que construi: 

 
  1. <?php
  2. /**
  3.  * PagamentoService REST service
  4.  */
  5. class PagamentoService extends AdiantiRecordService
  6. {
  7.     const DATABASE      = 'sistema';
  8.     const ACTIVE_RECORD = 'Pagamento';
  9.     
  10.     
  11.     /**
  12.      * informarPagamento($param)
  13.      *
  14.      * informa o pagamento realizado para o Atendimento anteriormente gerado, 
  15.      * isto só é possível se o Atendimento estiver EM ABERTO
  16.      *
  17.      * @param $param['id'] protocolo do Atendimento
  18.      * @return TRUE or FALSE     
  19.      */
  20.     public function informarPagamento($param)
  21.     {                
  22.         TTransaction::open(self::DATABASE); 
  23.                                                                                      
  24.         //checa permissao do acesso ao webservice
  25.         if( WebserviceLog::checarPermissao($param) )
  26.         {                                           
  27.             //pega a prefeitura que se quer consultar os dados            
  28.                 $pref  = Prefeitura::loadByCNPJ($param['prefeitura_cnpj']);      
  30.                 //pega o credenciado que esta consumindo o webservice
  31.                 $dados = explode('/', $_SERVER['REQUEST_URI']);    
  32.                 $cred  = Credenciado::loadByCNPJ($dados[2]);
  33.                
  34.             //grava o log do webservice
  35.             WebserviceLog::registrar($pref->id, $cred->id); 
  36.             
  37.             //checa o protocolo do Atendimento
  38.             if( empty($param['id']) )
  39.             {
  40.                 throw new Exception('Informe o protocolo do Atendimento');                                
  41.             }                        
  42.             
  43.             //checa se existe Atendimento em aberto pelo protocolo informado
  44.             $atend = Atendimento::where('protocolo', '=', $param['id'])
  45.                                     ->where('atendimento_status_id', '=', AtendimentoStatus::ABERTO)    
  46.                                     ->load();
  47.                           
  48.             //Notifica o atendimento (caso exista) para o Contribuinte de Credenciado diferente daquele do protocolo gerado
  49.             if( isset($atend[0]) and ($atend[0]->credenciado_id != $cred->id))
  50.             {                                                                                                        
  51.                 //gera notificação para o administrador do sistema
  52.                 SystemNotification::register( 1, 'Pagamento realizado por Credenciado diferente', 
  53.                                              $cred->razao_social . ' informou Pagamento para o protocolo ' . $atend[0]->protocolo . 
  54.                                              ', mas este Atendimento está vinculado ao Credenciado ' . $atend[0]->credenciado->razao_social,  
  55.                                              'class=AtendimentoFormView&method=onShow&key=' . $atend[0]->id, 
  56.                                              'Consultar Atendimento', 'fa fa-search #478fca' );        
  57.             }
  58. //throw new Exception(print_r($atend));                        
  59.             //salva o Pagamento
  60.             $object                             = new Pagamento();    
  61.             $object->atendimento_id             = $atend[0]->id;                            
  62.                $object->system_user_id             = SystemUsers::ISONOMICUS;
  63.             $object->registrado                 = date('Y-m-d H:i:s');
  64.             /*
  65.             $object->forma_pagamento_id         = ;    
  66.             $object->valor_operacao = ;
  67.             $object->valor_parcela = ;
  68.                 $object->qtd_parcelas = ;
  69.                 $object->percentual_juros = ;
  70.             
  71.             $object-> = ;
  72.             $object->gerarHash();            
  73.             $object->store(); // save the object 
  74.             */
  75.                                                 
  76.             TTransaction::close();    
  77.             
  78.             return $object->toJson();        
  79.         } 
  80.     }
  81.     
  82.     
  83.     
  84.     /**
  85.      * delete($param)
  86.      *
  87.      * Delete an Active Records by its ID
  88.      * 
  89.      * @return The Operation result
  90.      * @param $param['id'] Object ID
  91.      */
  92.     public function delete($param)
  93.     {
  94.         throw new Exception('Função não permitida!');    
  95.     }
  96.     
  97.     
  98.     /**
  99.      * store($param)
  100.      *
  101.      * Save an Active Records
  102.      * 
  103.      * @return The Operation result
  104.      * @param $param['data'] Associative array with object data
  105.      */
  106.     public function store($param)
  107.     {
  108.         throw new Exception('Função não permitida!');    
  109.     }
  110.     
  111.     
  112.     /**
  113.      * loadall($param)
  114.      *
  115.      * List the Active Records by the filter
  116.      * 
  117.      * @return Array of records
  118.      * @param $param['offset']    Query offset
  119.      *        $param['limit']     Query limit
  120.      *        $param['order']     Query order by
  121.      *        $param['direction'] Query order direction (asc, desc)
  122.      *        $param['filters']   Query filters (array with field,operator,field)
  123.      */
  124.     public function loadall($param)
  125.     {
  126.         throw new Exception('Função não permitida!');    
  127.     }
  128.     
  129.     
  130.     /**
  131.      * deleteAll($param)
  132.      *
  133.      * Delete the Active Records by the filter
  134.      * 
  135.      * @return Array of records
  136.      * @param $param['filters']   Query filters (array with field,operator,field)
  137.      */
  138.     public function deleteAll($param)
  139.     {
  140.         throw new Exception('Função não permitida!');    
  141.     }
  142. }
  144. ?>

Curso Dominando o Adianti Framework

O material mais completo de treinamento do Framework.
Curso em vídeo aulas + Livro completo + Códigos fontes do projeto ERPHouse.
Conteúdo Atualizado!


Dominando o Adianti Framework Quero me inscrever agora!

Comentários (8)

RC
Ricardo Câmara - AUTOR DO POST       13/08/2019 (há 6 anos)

Se alguém conseguir identificar o problema avise, esta falha na segurança pode estar acontecendo em outros sistemas.
MG
Marcelo Gomes       14/08/2019 (há 6 anos)

Ricardo,
Para melhorar ainda mais a segurança use sempre POST no lugar de GET nas chamadas
Crie um token de segurança para checar quem está solicitando algum serviço, enviando ele pelo header.
Outro detalhe que faço em meus serviços, eu faço o tratamento do dado enviado, principalmente se for alguma chave. No seu caso, verifique a estrutura do Protocolo antes de continuar a execução do serviço.
Se o protocolo tem esta estrutura AAA-AAA-AAA, então antes de buscar, retire todos os outros caracteres que possa ser indesejados usando expressões regulares ou até mesmo um str_replace.
RC
Ricardo Câmara - AUTOR DO POST       14/08/2019 (há 6 anos)

Olá Marcelo Gomes,
eu tratei o parâmetro enviado com str_replace como havia sugerido.
Entretanto o erro continua.
Eu já utilizo token de segurança com jwt token.
Estou tentando tratar as requisições mesmo com GET para evitar que clientes mal intencionados tenham acesso indevido ao banco.

A requisição GET está assim:
http://localhost/isonomicus_1.2/14476001000111/prefeitura/929.23578000100/getPrefeitura?prefeitura_cnpj=929235800010&chave_acesso=202cb962ac59075b964b07152d234b70


Esta outra classe de serviço ficou assim: 
 
  1. <?php
  2. /**
  3.  * City REST service
  4.  */
  5. class PrefeituraService extends AdiantiRecordService
  6. {
  7.     const DATABASE      = 'isonomicus';
  8.     const ACTIVE_RECORD = 'Prefeitura';
  9.     
  10.     
  11.     /**
  12.      * getPrefeitura($param)
  13.      *
  14.      * Retorna os dados de uma Prefeitura
  15.      * 
  16.      * @return The Active Record as associative array
  17.      * @param $param dados da URL
  18.      */
  19.     public function getPrefeitura($param)
  20.     {         
  21.         TTransaction::open(self::DATABASE); 
  22.         
  23.         //retirar ponto '.' para não causar erro e retornar todos os registros do banco
  24.         //$param['id'] = str_replace('.', '', $param['id']);
  25. throw new Exception(str_replace(".", "", $param['id']));
  26.                                                                                          
  27.         //checa permissao do acesso ao webservice
  28.         if( WebserviceLog::checarPermissao($param) )
  29.         {
  30.             //pega a prefeitura que se quer consultar os dados            
  31.                 $pref  = Prefeitura::loadByCNPJ($param['prefeitura_cnpj']);      
  33.                 //pega o credenciado que esta consumindo o webservice
  34.                 $dados = explode('/', $_SERVER['REQUEST_URI']);    
  35.                 $cred  = Credenciado::loadByCNPJ($dados[2]);
  36.                 
  37.             //grava o log do webservice
  38.             WebserviceLog::registrar($pref->id, $cred->id); 
  39.             
  40.             //preenche os dados que devem ser enviados
  41.             $object           = new stdClass;
  42.             $object->cnpj = $pref->cnpj;
  43.             $object->nome = $pref->nome;
  44.             $object->site = $pref->site;    
  45.                                                                                                                   
  46.             $object->tributos = array_column($pref->getTributos(), 'sigla');
  47.     
  48.             TTransaction::close();
  49.             return $object;        
  50.         }      
  51.     }
  52.     
  53. ?>
NR
Nataniel Rabaioli       15/08/2019 (há 6 anos)

Imagino que o problema não esteja na função getPrefeitura, visto que ela sempre retorna um único objeto, independente do parâmetro passado.

Provavelmente é o mapeamento da rota no htaccess que tá fazendo com que seja chamada a função loadAll.
RC
Ricardo Câmara - AUTOR DO POST       15/08/2019 (há 6 anos)

Olá Nataniel,
obrigado pela ajuda.
A função getPrefeitura retorna apenas um objeto, quando o parâmetro está correto.
Entretanto, todas as funções retornam todos os registro do banco se houver um ponto "." dentro do parâmetro.

Mesmo tentando retirar o ponto, como fiz na linha 24 da classe PrefeituraService, o erro persiste.
$param['id'] = str_replace('.', '', $param['id']);

Com relação ao htaccess, vou postá-lo aqui:

RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d #Adianti Framework Template default routes RewriteRule ^system-program-list$ index.php?class=SystemProgramList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^system-program-edit$ index.php?class=SystemProgramForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^system-program-ondelete$ index.php?class=SystemProgramList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^system-program-delete$ index.php?class=SystemProgramList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-program-list$ engine.php?class=SystemProgramList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-program-ondelete$ engine.php?class=SystemProgramList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-program-delete$ engine.php?class=SystemProgramList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-program-edit$ engine.php?class=SystemProgramForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^system-group-list$ index.php?class=SystemGroupList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^system-group-edit$ index.php?class=SystemGroupForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^system-group-ondelete$ index.php?class=SystemGroupList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^system-group-delete$ index.php?class=SystemGroupList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-group-list$ engine.php?class=SystemGroupList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-group-edit$ engine.php?class=SystemGroupForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-group-ondelete$ engine.php?class=SystemGroupList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-group-delete$ engine.php?class=SystemGroupList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^system-unit-list$ index.php?class=SystemUnitList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^system-unit-edit$ index.php?class=SystemUnitForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^system-unit-ondelete$ index.php?class=SystemUnitList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^system-unit-delete$ index.php?class=SystemUnitList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-unit-list$ engine.php?class=SystemUnitList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-unit-edit$ engine.php?class=SystemUnitForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-unit-ondelete$ engine.php?class=SystemUnitList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-unit-delete$ engine.php?class=SystemUnitList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^system-user-list$ index.php?class=SystemUserList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^system-user-edit$ index.php?class=SystemUserForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^system-user-ondelete$ index.php?class=SystemUserList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^system-user-delete$ index.php?class=SystemUserList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-user-list$ engine.php?class=SystemUserList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-user-edit$ engine.php?class=SystemUserForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-user-ondelete$ engine.php?class=SystemUserList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-user-delete$ engine.php?class=SystemUserList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^system-database-explorer$ index.php?class=SystemDatabaseExplorer&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-database-explorer$ engine.php?class=SystemDatabaseExplorer&%{QUERY_STRING} [NC] RewriteRule ^system-sqlpanel$ index.php?class=SystemSQLPanel&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-sqlpanel$ engine.php?class=SystemSQLPanel&%{QUERY_STRING} [NC] RewriteRule ^system-phpinfo$ index.php?class=SystemPHPInfoView&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-phpinfo$ engine.php?class=SystemPHPInfoView&%{QUERY_STRING} [NC] RewriteRule ^system-modules$ index.php?class=SystemModulesCheckView&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-modules$ engine.php?class=SystemModulesCheckView&%{QUERY_STRING} [NC] RewriteRule ^system-preferences$ index.php?class=SystemPreferenceForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-preferences$ engine.php?class=SystemPreferenceForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^system-document-upload$ index.php?class=SystemDocumentUploadForm&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-document-upload$ engine.php?class=SystemDocumentUploadForm&%{QUERY_STRING} [NC] RewriteRule ^system-document-list$ index.php?class=SystemDocumentList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^system-document-edit$ index.php?class=SystemDocumentForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^system-document-ondelete$ index.php?class=SystemDocumentList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^system-document-delete$ index.php?class=SystemDocumentList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-document-list$ engine.php?class=SystemDocumentList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-document-edit$ engine.php?class=SystemDocumentForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-document-ondelete$ engine.php?class=SystemDocumentList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-document-delete$ engine.php?class=SystemDocumentList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^system-document-category-list$ index.php?class=SystemDocumentCategoryFormList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^system-document-category-edit$ index.php?class=SystemDocumentCategoryFormList&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^system-document-category-ondelete$ index.php?class=SystemDocumentCategoryFormList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^system-document-category-delete$ index.php?class=SystemDocumentCategoryFormList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-document-category-list$ engine.php?class=SystemDocumentCategoryFormList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-document-category-edit$ engine.php?class=SystemDocumentCategoryFormList&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-document-category-ondelete$ engine.php?class=SystemDocumentCategoryFormList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-document-category-delete$ engine.php?class=SystemDocumentCategoryFormList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^system-access-log-stat$ index.php?class=SystemAccessLogStats&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-access-log-stat$ engine.php?class=SystemAccessLogStats&%{QUERY_STRING} [NC] RewriteRule ^system-access-log-list$ index.php?class=SystemAccessLogList&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-access-log-list$ engine.php?class=SystemAccessLogList&%{QUERY_STRING} [NC] RewriteRule ^system-change-log-list$ index.php?class=SystemChangeLogView&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-change-log-list$ engine.php?class=SystemChangeLogView&%{QUERY_STRING} [NC] RewriteRule ^system-sql-log-list$ index.php?class=SystemSqlLogList&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-sql-log-list$ engine.php?class=SystemSqlLogList&%{QUERY_STRING} [NC] RewriteRule ^system-php-log-list$ index.php?class=SystemPHPErrorLogView&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-php-log-list$ engine.php?class=SystemPHPErrorLogView&%{QUERY_STRING} [NC] RewriteRule ^system-shared-document-list$ index.php?class=SystemSharedDocumentList&%{QUERY_STRING} [NC] RewriteRule ^xhr-system-shared-document-list$ engine.php?class=SystemSharedDocumentList&%{QUERY_STRING} [NC] RewriteRule ^welcome-view$ index.php?class=WelcomeView&%{QUERY_STRING} [NC] RewriteRule ^xhr-welcome-view$ engine.php?class=WelcomeView&%{QUERY_STRING} [NC] RewriteRule ^login-form$ index.php?class=LoginForm&%{QUERY_STRING} [NC] RewriteRule ^xhr-login-form$ engine.php?class=LoginForm&%{QUERY_STRING} [NC] #AUTH routes RewriteRule ^auth/([A-Za-z0-9]*)/([A-Za-z0-9]*)$ rest.php?class=ApplicationAuthenticationRestService&method=getToken&login=$1&password=$2&%{QUERY_STRING} [NC] #Application specific routes RewriteRule ^contact-edit$ index.php?class=ContactForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^contact-list$ index.php?class=ContactList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^contact-ondelete$ index.php?class=ContactList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^contact-delete$ index.php?class=ContactList&method=Delete&%{QUERY_STRING} [NC] RewriteRule ^xhr-contact-edit$ engine.php?class=ContactForm&method=onEdit&%{QUERY_STRING} [NC] RewriteRule ^xhr-contact-list$ engine.php?class=ContactList&method=onReload&%{QUERY_STRING} [NC] RewriteRule ^xhr-contact-ondelete$ engine.php?class=ContactList&method=onDelete&%{QUERY_STRING} [NC] RewriteRule ^xhr-contact-delete$ engine.php?class=ContactList&method=Delete&%{QUERY_STRING} [NC] #RESTFUL routes RewriteRule ^contacts/([A-Za-z0-9]*)$ rest.php?class=ContactRestService&method=handle&id=$1&%{QUERY_STRING} [NC] RewriteRule ^contacts/([A-Za-z-_0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=ContactRestService&method=$2&id=$1&%{QUERY_STRING} [NC] RewriteRule ^contacts$ rest.php?class=ContactRestService&method=handle&%{QUERY_STRING} [NC] #RESTFUL routes TAKI PAGAMENTOS, CNPJ 14476001000111 RewriteRule ^14476001000111/contribuinte/([A-Za-z0-9]*)$ rest.php?class=ContribuinteService&method=handle&id=$1&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/contribuinte/([A-Za-z-_0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=ContribuinteService&method=$2&id=$1&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/contribuinte rest.php?class=ContribuinteService&method=handle&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/tributo/([A-Za-z0-9]*)$ rest.php?class=TributoService&method=handle&id=$1&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/tributo/([A-Za-z-_0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=TributoService&method=$2&id=$1&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/tributo rest.php?class=TributoService&method=handle&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/prefeitura/([A-Za-z0-9]*)$ rest.php?class=PrefeituraService&method=handle&id=$1&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/prefeitura/([A-Za-z-_0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=PrefeituraService&method=$2&id=$1&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/prefeitura rest.php?class=PrefeituraService&method=handle&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/atendimento/([A-Za-z0-9]*)$ rest.php?class=AtendimentoService&method=handle&id=$1&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/atendimento/([A-Za-z-_0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=AtendimentoService&method=$2&id=$1&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/atendimento rest.php?class=AtendimentoService&method=handle&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/pagamento/([A-Za-z0-9]*)$ rest.php?class=PagamentoService&method=handle&id=$1&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/pagamento/([A-Za-z-_0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=PagamentoService&method=$2&id=$1&%{QUERY_STRING} [NC] RewriteRule ^14476001000111/pagamento rest.php?class=PagamentoService&method=handle&%{QUERY_STRING} [NC]
RC
Ricardo Câmara - AUTOR DO POST       15/08/2019 (há 6 anos)

Vou postar novamente, pois ficou mal formatado. 

 
  1. <?php  
  2. RewriteEngine On 
  3. RewriteCond %{REQUEST_FILENAME} !-f 
  4. RewriteCond %{REQUEST_FILENAME} !-d 
  5.  
  6.  
  7. #Adianti Framework Template default routes 
  8. RewriteRule ^system-program-list$ index.php?class=SystemProgramList&method=onReload&%{QUERY_STRING} [NC]
  9. RewriteRule ^system-program-edit$ index.php?class=SystemProgramForm&method=onEdit&%{QUERY_STRING} [NC] 
  10. RewriteRule ^system-program-ondelete$ index.php?class=SystemProgramList&method=onDelete&%{QUERY_STRING} [NC] 
  11. RewriteRule ^system-program-delete$ index.php?class=SystemProgramList&method=Delete&%{QUERY_STRING} [NC] 
  12.  
  13. RewriteRule ^xhr-system-program-list$ engine.php?class=SystemProgramList&method=onReload&%{QUERY_STRING} [NC] 
  14. RewriteRule ^xhr-system-program-ondelete$ engine.php?class=SystemProgramList&method=onDelete&%{QUERY_STRING} [NC]
  15. RewriteRule ^xhr-system-program-delete$ engine.php?class=SystemProgramList&method=Delete&%{QUERY_STRING} [NC] 
  16. RewriteRule ^xhr-system-program-edit$ engine.php?class=SystemProgramForm&method=onEdit&%{QUERY_STRING} [NC] 
  17.  
  18.  
  19. RewriteRule ^system-group-list$ index.php?class=SystemGroupList&method=onReload&%{QUERY_STRING} [NC] 
  20. RewriteRule ^system-group-edit$ index.php?class=SystemGroupForm&method=onEdit&%{QUERY_STRING} [NC] 
  21. RewriteRule ^system-group-ondelete$ index.php?class=SystemGroupList&method=onDelete&%{QUERY_STRING} [NC] 
  22. RewriteRule ^system-group-delete$ index.php?class=SystemGroupList&method=Delete&%{QUERY_STRING} [NC] 
  23.  
  24. RewriteRule ^xhr-system-group-list$ engine.php?class=SystemGroupList&method=onReload&%{QUERY_STRING} [NC] 
  25. RewriteRule ^xhr-system-group-edit$ engine.php?class=SystemGroupForm&method=onEdit&%{QUERY_STRING} [NC] 
  26. RewriteRule ^xhr-system-group-ondelete$ engine.php?class=SystemGroupList&method=onDelete&%{QUERY_STRING} [NC] 
  27. RewriteRule ^xhr-system-group-delete$ engine.php?class=SystemGroupList&method=Delete&%{QUERY_STRING} [NC] 
  28.  
  29.  
  30. RewriteRule ^system-unit-list$ index.php?class=SystemUnitList&method=onReload&%{QUERY_STRING} [NC] 
  31. RewriteRule ^system-unit-edit$ index.php?class=SystemUnitForm&method=onEdit&%{QUERY_STRING} [NC] 
  32. RewriteRule ^system-unit-ondelete$ index.php?class=SystemUnitList&method=onDelete&%{QUERY_STRING} [NC] 
  33. RewriteRule ^system-unit-delete$ index.php?class=SystemUnitList&method=Delete&%{QUERY_STRING} [NC] 
  34.  
  35. RewriteRule ^xhr-system-unit-list$ engine.php?class=SystemUnitList&method=onReload&%{QUERY_STRING} [NC] 
  36. RewriteRule ^xhr-system-unit-edit$ engine.php?class=SystemUnitForm&method=onEdit&%{QUERY_STRING} [NC] 
  37. RewriteRule ^xhr-system-unit-ondelete$ engine.php?class=SystemUnitList&method=onDelete&%{QUERY_STRING} [NC] 
  38. RewriteRule ^xhr-system-unit-delete$ engine.php?class=SystemUnitList&method=Delete&%{QUERY_STRING} [NC] 
  39.  
  40.  
  41. RewriteRule ^system-user-list$ index.php?class=SystemUserList&method=onReload&%{QUERY_STRING} [NC] 
  42. RewriteRule ^system-user-edit$ index.php?class=SystemUserForm&method=onEdit&%{QUERY_STRING} [NC] 
  43. RewriteRule ^system-user-ondelete$ index.php?class=SystemUserList&method=onDelete&%{QUERY_STRING} [NC] 
  44. RewriteRule ^system-user-delete$ index.php?class=SystemUserList&method=Delete&%{QUERY_STRING} [NC] 
  45.  
  46. RewriteRule ^xhr-system-user-list$ engine.php?class=SystemUserList&method=onReload&%{QUERY_STRING} [NC] 
  47. RewriteRule ^xhr-system-user-edit$ engine.php?class=SystemUserForm&method=onEdit&%{QUERY_STRING} [NC] 
  48. RewriteRule ^xhr-system-user-ondelete$ engine.php?class=SystemUserList&method=onDelete&%{QUERY_STRING} [NC]  
  49. RewriteRule ^xhr-system-user-delete$ engine.php?class=SystemUserList&method=Delete&%{QUERY_STRING} [NC] 
  50.  
  51.  
  52. RewriteRule ^system-database-explorer$ index.php?class=SystemDatabaseExplorer&%{QUERY_STRING} [NC] 
  53. RewriteRule ^xhr-system-database-explorer$ engine.php?class=SystemDatabaseExplorer&%{QUERY_STRING} [NC] 
  54.  
  55. RewriteRule ^system-sqlpanel$ index.php?class=SystemSQLPanel&%{QUERY_STRING} [NC] 
  56. RewriteRule ^xhr-system-sqlpanel$ engine.php?class=SystemSQLPanel&%{QUERY_STRING} [NC] 
  57.  
  58. RewriteRule ^system-phpinfo$ index.php?class=SystemPHPInfoView&%{QUERY_STRING} [NC] 
  59. RewriteRule ^xhr-system-phpinfo$ engine.php?class=SystemPHPInfoView&%{QUERY_STRING} [NC] 
  60.  
  61. RewriteRule ^system-modules$ index.php?class=SystemModulesCheckView&%{QUERY_STRING} [NC] 
  62. RewriteRule ^xhr-system-modules$ engine.php?class=SystemModulesCheckView&%{QUERY_STRING} [NC] 
  63.  
  64. RewriteRule ^system-preferences$ index.php?class=SystemPreferenceForm&method=onEdit&%{QUERY_STRING} [NC] 
  65. RewriteRule ^xhr-system-preferences$ engine.php?class=SystemPreferenceForm&method=onEdit&%{QUERY_STRING} [NC] 
  66.  
  68. RewriteRule ^system-document-upload$ index.php?class=SystemDocumentUploadForm&%{QUERY_STRING} [NC] 
  69. RewriteRule ^xhr-system-document-upload$ engine.php?class=SystemDocumentUploadForm&%{QUERY_STRING} [NC] 
  70.  
  71.  
  72. RewriteRule ^system-document-list$ index.php?class=SystemDocumentList&method=onReload&%{QUERY_STRING} [NC] 
  73. RewriteRule ^system-document-edit$ index.php?class=SystemDocumentForm&method=onEdit&%{QUERY_STRING} [NC] 
  74. RewriteRule ^system-document-ondelete$ index.php?class=SystemDocumentList&method=onDelete&%{QUERY_STRING} [NC] 
  75. RewriteRule ^system-document-delete$ index.php?class=SystemDocumentList&method=Delete&%{QUERY_STRING} [NC] 
  76.  
  77. RewriteRule ^xhr-system-document-list$ engine.php?class=SystemDocumentList&method=onReload&%{QUERY_STRING} [NC] 
  78. RewriteRule ^xhr-system-document-edit$ engine.php?class=SystemDocumentForm&method=onEdit&%{QUERY_STRING} [NC] 
  79. RewriteRule ^xhr-system-document-ondelete$ engine.php?class=SystemDocumentList&method=onDelete&%{QUERY_STRING} [NC] 
  80. RewriteRule ^xhr-system-document-delete$ engine.php?class=SystemDocumentList&method=Delete&%{QUERY_STRING} [NC] 
  81.  
  82.  
  83. RewriteRule ^system-document-category-list$ index.php?class=SystemDocumentCategoryFormList&method=onReload&%{QUERY_STRING} [NC] 
  84. RewriteRule ^system-document-category-edit$ index.php?class=SystemDocumentCategoryFormList&method=onEdit&%{QUERY_STRING} [NC] 
  85. RewriteRule ^system-document-category-ondelete$ index.php?class=SystemDocumentCategoryFormList&method=onDelete&%{QUERY_STRING} [NC] 
  86. RewriteRule ^system-document-category-delete$ index.php?class=SystemDocumentCategoryFormList&method=Delete&%{QUERY_STRING} [NC] 
  87.  
  88. RewriteRule ^xhr-system-document-category-list$ engine.php?class=SystemDocumentCategoryFormList&method=onReload&%{QUERY_STRING} [NC] 
  89. RewriteRule ^xhr-system-document-category-edit$ engine.php?class=SystemDocumentCategoryFormList&method=onEdit&%{QUERY_STRING} [NC] 
  90. RewriteRule ^xhr-system-document-category-ondelete$ engine.php?class=SystemDocumentCategoryFormList&method=onDelete&%{QUERY_STRING} [NC] 
  91. RewriteRule ^xhr-system-document-category-delete$ engine.php?class=SystemDocumentCategoryFormList&method=Delete&%{QUERY_STRING} [NC] 
  92.  
  93.  
  94. RewriteRule ^system-access-log-stat$ index.php?class=SystemAccessLogStats&%{QUERY_STRING} [NC]  
  95. RewriteRule ^xhr-system-access-log-stat$ engine.php?class=SystemAccessLogStats&%{QUERY_STRING} [NC]  
  96.  
  97. RewriteRule ^system-access-log-list$ index.php?class=SystemAccessLogList&%{QUERY_STRING} [NC] 
  98. RewriteRule ^xhr-system-access-log-list$ engine.php?class=SystemAccessLogList&%{QUERY_STRING} [NC] 
  99.  
  100. RewriteRule ^system-change-log-list$ index.php?class=SystemChangeLogView&%{QUERY_STRING} [NC] 
  101. RewriteRule ^xhr-system-change-log-list$ engine.php?class=SystemChangeLogView&%{QUERY_STRING} [NC] 
  102.  
  103. RewriteRule ^system-sql-log-list$ index.php?class=SystemSqlLogList&%{QUERY_STRING} [NC] 
  104. RewriteRule ^xhr-system-sql-log-list$ engine.php?class=SystemSqlLogList&%{QUERY_STRING} [NC] 
  105.   
  106. RewriteRule ^system-php-log-list$ index.php?class=SystemPHPErrorLogView&%{QUERY_STRING} [NC] 
  107. RewriteRule ^xhr-system-php-log-list$ engine.php?class=SystemPHPErrorLogView&%{QUERY_STRING} [NC] 
  108.  
  109.  
  110. RewriteRule ^system-shared-document-list$ index.php?class=SystemSharedDocumentList&%{QUERY_STRING} [NC] 
  111. RewriteRule ^xhr-system-shared-document-list$ engine.php?class=SystemSharedDocumentList&%{QUERY_STRING} [NC] 
  112.  
  113. RewriteRule ^welcome-view$ index.php?class=WelcomeView&%{QUERY_STRING} [NC] 
  114. RewriteRule ^xhr-welcome-view$ engine.php?class=WelcomeView&%{QUERY_STRING} [NC] 
  115.  
  116. RewriteRule ^login-form$ index.php?class=LoginForm&%{QUERY_STRING} [NC] 
  117. RewriteRule ^xhr-login-form$ engine.php?class=LoginForm&%{QUERY_STRING} [NC]  
  118.  
  119. #AUTH routes 
  120. RewriteRule ^auth/([A-Za-z0-9]*)/([A-Za-z0-9]*)$ rest.php?class=ApplicationAuthenticationRestService&method=getToken&login=$1&password=$2&%{QUERY_STRING} [NC] 
  121.  
  122. #Application specific routes 
  123. RewriteRule ^contact-edit$ index.php?class=ContactForm&method=onEdit&%{QUERY_STRING} [NC] 
  124. RewriteRule ^contact-list$ index.php?class=ContactList&method=onReload&%{QUERY_STRING} [NC]  
  125. RewriteRule ^contact-ondelete$ index.php?class=ContactList&method=onDelete&%{QUERY_STRING} [NC] 
  126. RewriteRule ^contact-delete$ index.php?class=ContactList&method=Delete&%{QUERY_STRING} [NC] 
  127.  
  128. RewriteRule ^xhr-contact-edit$ engine.php?class=ContactForm&method=onEdit&%{QUERY_STRING} [NC] 
  129. RewriteRule ^xhr-contact-list$ engine.php?class=ContactList&method=onReload&%{QUERY_STRING} [NC] 
  130. RewriteRule ^xhr-contact-ondelete$ engine.php?class=ContactList&method=onDelete&%{QUERY_STRING} [NC] 
  131. RewriteRule ^xhr-contact-delete$ engine.php?class=ContactList&method=Delete&%{QUERY_STRING} [NC] 
  132.  
  133.  
  134. #RESTFUL routes 
  135. RewriteRule ^contacts/([A-Za-z0-9]*)$ rest.php?class=ContactRestService&method=handle&id=$1&%{QUERY_STRING} [NC] 
  136. RewriteRule ^contacts/([A-Za-z-_0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=ContactRestService&method=$2&id=$1&%{QUERY_STRING} [NC] 
  137. RewriteRule ^contacts$ rest.php?class=ContactRestService&method=handle&%{QUERY_STRING} [NC] 
  138.  
  139.  
  140.  
  141. #RESTFUL routes 
  142. RewriteRule ^14476001000111/contribuinte/([A-Za-z0-9]*)$ rest.php?class=ContribuinteService&method=handle&id=$1&%{QUERY_STRING} [NC] 
  143. RewriteRule ^14476001000111/contribuinte/([A-Za-z-_0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=ContribuinteService&method=$2&id=$1&%{QUERY_STRING} [NC] 
  144. RewriteRule ^14476001000111/contribuinte rest.php?class=ContribuinteService&method=handle&%{QUERY_STRING} [NC] 
  145.  
  146. RewriteRule ^14476001000111/tributo/([A-Za-z0-9]*)$ rest.php?class=TributoService&method=handle&id=$1&%{QUERY_STRING} [NC] 
  147. RewriteRule ^14476001000111/tributo/([A-Za-z-_0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=TributoService&method=$2&id=$1&%{QUERY_STRING} [NC] 
  148. RewriteRule ^14476001000111/tributo rest.php?class=TributoService&method=handle&%{QUERY_STRING} [NC] 
  149.  
  150. RewriteRule ^14476001000111/prefeitura/([A-Za-z0-9]*)$ rest.php?class=PrefeituraService&method=handle&id=$1&%{QUERY_STRING} [NC] 
  151. RewriteRule ^14476001000111/prefeitura/([A-Za-z-_0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=PrefeituraService&method=$2&id=$1&%{QUERY_STRING} [NC] 
  152. RewriteRule ^14476001000111/prefeitura rest.php?class=PrefeituraService&method=handle&%{QUERY_STRING} [NC] 
  153.  
  154. RewriteRule ^14476001000111/atendimento/([A-Za-z0-9]*)$ rest.php?class=AtendimentoService&method=handle&id=$1&%{QUERY_STRING} [NC] 
  155. RewriteRule ^14476001000111/atendimento/([A-Za-z-_0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=AtendimentoService&method=$2&id=$1&%{QUERY_STRING} [NC] 
  156. RewriteRule ^14476001000111/atendimento rest.php?class=AtendimentoService&method=handle&%{QUERY_STRING} [NC] 
  157.  
  158. RewriteRule ^14476001000111/pagamento/([A-Za-z0-9]*)$ rest.php?class=PagamentoService&method=handle&id=$1&%{QUERY_STRING} [NC] 
  159. RewriteRule ^14476001000111/pagamento/([A-Za-z-_0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=PagamentoService&method=$2&id=$1&%{QUERY_STRING} [NC] 
  160. RewriteRule ^14476001000111/pagamento rest.php?class=PagamentoService&method=handle&%{QUERY_STRING} [NC] 
  161. ?>
NR
Nataniel Rabaioli       16/08/2019 (há 6 anos)

Parâmetros quando digitado o ponto: 
 
  1. <?php
  2. array(4) {
  3.   ["class"]=>
  4.   string(17) "PrefeituraService"
  5.   ["method"]=>
  6.   string(6) "handle"
  7.   ["prefeitura_cnpj"]=>
  8.   string(12) "929235800010"
  9.   ["chave_acesso"]=>
  10.   string(32) "202cb962ac59075b964b07152d234b70"
  11. }
  12. ?>

Parâmetros sem ponto: 
 
  1. <?php
  2. array(5) {
  3.   ["class"]=>
  4.   string(17) "PrefeituraService"
  5.   ["method"]=>
  6.   string(13) "getPrefeitura"
  7.   ["id"]=>
  8.   string(14) "92923578000100"
  9.   ["prefeitura_cnpj"]=>
  10.   string(12) "929235800010"
  11.   ["chave_acesso"]=>
  12.   string(32) "202cb962ac59075b964b07152d234b70"
  13. }
  14. ?>

Note que quando há ponto, method = handle e a chave "id" não é setada. E não havendo "id", a função handle chama loadAll.

Isso acontece porque no htaccess "[A-Za-z-_0-9]" não considera nada além de letras e números, com isso o ponto faz com que seja utilizada a última regra, que usa a função handle.
RC
Ricardo Câmara - AUTOR DO POST       16/08/2019 (há 6 anos)

Perfeito Nataniel,
segue suas orientações e o erro foi corrigido.
Meu htaccess ficou assim 
 
  1. <?php
  2. RewriteRule ^14476001000111/atendimento/([A-Za-z0-9]*)$ rest.php?class=AtendimentoService&method=handle&id=$1&%{QUERY_STRING} [NC]
  3. RewriteRule ^14476001000111/atendimento/([A-Za-z-_.0-9]*)/([A-Za-z-_0-9]*)$ rest.php?class=AtendimentoService&method=$2&id=$1&%{QUERY_STRING} [NC]
  4. RewriteRule ^14476001000111/atendimento rest.php?class=AtendimentoService&method=handle&%{QUERY_STRING} [NC]
  5. ?>


Então quando coloco o ponto na requisição o webservice retorna:
{ "status": "error", "data": "Nenhum atendimento aberto para o contribuinte 4587.9946151" }


Muito obrigado pela ajuda.