Send a 401 Unauthorized header in XML-RPC when access is denied

This is far from perfect but should solve most issues in the recommended
configuration where only authorized users have access. Sending proper
status codes should be implemented when the API implementation
refactoring is done.
This commit is contained in:
Michael Hamann 2011-10-15 14:54:10 +02:00
parent d8f7a7f328
commit b760af946c

View file

@ -53,6 +53,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
*/
function call($methodname, $args){
if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){
header('HTTP/1.1 401 Unauthorized');
return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".');
}
return parent::call($methodname, $args);