Send a 401 Unauthorized header in XML-RPC when access is denied
This is far from perfect but should solve most issues in the recommended configuration where only authorized users have access. Sending proper status codes should be implemented when the API implementation refactoring is done.
This commit is contained in:
parent
d8f7a7f328
commit
b760af946c
1 changed files with 1 additions and 0 deletions
|
@ -53,6 +53,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
|
|||
*/
|
||||
function call($methodname, $args){
|
||||
if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){
|
||||
header('HTTP/1.1 401 Unauthorized');
|
||||
return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".');
|
||||
}
|
||||
return parent::call($methodname, $args);
|
||||
|
|
Loading…
Reference in a new issue