dokuwiki/dokuwiki
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Send a 401 Unauthorized header in XML-RPC when access is denied

Browse source 
This is far from perfect but should solve most issues in the recommended
configuration where only authorized users have access. Sending proper
status codes should be implemented when the API implementation
refactoring is done.
This commit is contained in:
Michael Hamann 2011-10-15 14:54:10 +02:00
parent d8f7a7f328
commit b760af946c
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/exe/xmlrpc.php
View file

@ -53,6 +53,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
*/ */
function call($methodname, $args){ function call($methodname, $args){
if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){ if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){
header('HTTP/1.1 401 Unauthorized');
return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".'); return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".');
} }
return parent::call($methodname, $args); return parent::call($methodname, $args);