← Back to branch summary

~ubuntu-branches/ubuntu/quantal/dokuwiki/quantal

« back to all changes in this revision

Viewing changes to lib/exe/xmlrpc.php

  • Committer: Package Import Robot
  • Author(s): Tanguy Ortolo
  • Date: 2012-01-26 23:10:28 UTC
  • mfrom: (1.1.14) (19.1.3 experimental)
  • Revision ID: package-import@ubuntu.com-20120126231028-gdcxrxo3j4jqp2de
Tags: 0.0.20120125-1
* New upstream release.
* debian/patches/debianize.diff: updated for the new release.

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/exe/xmlrpc.php
7
7
/**
8
8
 * Increased whenever the API is changed
9
9
 */
10
 
define('DOKU_XMLRPC_API_VERSION',5);
 
10
define('DOKU_XMLRPC_API_VERSION', 6);
11
11
 
12
12
require_once(DOKU_INC.'inc/init.php');
13
13
session_write_close();  //close session
30
30
        global $USERINFO;
31
31
 
32
32
        if(!$conf['useacl']) return true; //no ACL - then no checks
33
 
 
34
 
        $allowed = explode(',',$conf['xmlrpcuser']);
35
 
        $allowed = array_map('trim', $allowed);
36
 
        $allowed = array_unique($allowed);
37
 
        $allowed = array_filter($allowed);
38
 
 
39
 
        if(!count($allowed)) return true; //no restrictions
40
 
 
41
 
        $user   = $_SERVER['REMOTE_USER'];
42
 
        $groups = (array) $USERINFO['grps'];
43
 
 
44
 
        if(in_array($user,$allowed)) return true; //user explicitly mentioned
45
 
 
46
 
        //check group memberships
47
 
        foreach($groups as $group){
48
 
            if(in_array('@'.$group,$allowed)) return true;
49
 
        }
50
 
 
51
 
        //still here? no access!
52
 
        return false;
 
33
        if(trim($conf['xmlrpcuser']) == '') return true; //no restrictions
 
34
 
 
35
        return auth_isMember($conf['xmlrpcuser'],$_SERVER['REMOTE_USER'],(array) $USERINFO['grps']);
53
36
    }
54
37
 
55
38
    /**
70
53
     */
71
54
    function call($methodname, $args){
72
55
        if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){
 
56
            if (!isset($_SERVER['REMOTE_USER'])) {
 
57
                header('HTTP/1.1 401 Unauthorized');
 
58
            } else {
 
59
                header('HTTP/1.1 403 Forbidden');
 
60
            }
73
61
            return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".');
74
62
        }
75
63
        return parent::call($methodname, $args);
423
411
 
424
412
            $pages[] = array(
425
413
                'id'      => $id,
426
 
                'score'   => $score,
 
414
                'score'   => intval($score),
427
415
                'rev'     => filemtime($file),
428
416
                'mtime'   => filemtime($file),
429
417
                'size'    => filesize($file),
596
584
 
597
585
        // save temporary file
598
586
        @unlink($ftmp);
599
 
        $buff = base64_decode($file);
600
 
        io_saveFile($ftmp, $buff);
 
587
        if (preg_match('/^[A-Za-z0-9\+\/]*={0,2}$/', $file) === 1) {
 
588
            // DEPRECATED: Double-decode file if it still looks like base64
 
589
            // after first decoding (which is done by the library)
 
590
            $file = base64_decode($file);
 
591
        }
 
592
        io_saveFile($ftmp, $file);
601
593
 
602
594
        $res = media_save(array('name' => $ftmp), $id, $params['ow'], $auth, 'rename');
603
595
        if (is_array($res)) {
870
862
        global $auth;
871
863
        if(!$conf['useacl']) return 0;
872
864
        if(!$auth) return 0;
 
865
 
 
866
        @session_start(); // reopen session for login
873
867
        if($auth->canDo('external')){
874
 
            return $auth->trustExternal($user,$pass,false);
 
868
            $ok = $auth->trustExternal($user,$pass,false);
875
869
        }else{
876
 
            return auth_login($user,$pass,false,true);
 
870
            $evdata = array(
 
871
                'user'     => $user,
 
872
                'password' => $pass,
 
873
                'sticky'   => false,
 
874
                'silent'   => true,
 
875
            );
 
876
            $ok = trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper');
877
877
        }
 
878
        session_write_close(); // we're done with the session
 
879
 
 
880
        return $ok;
878
881
    }
879
882
 
880
883