summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/exe/xmlrpc.php3
-rw-r--r--lib/plugins/acl/ajax.php11
2 files changed, 6 insertions, 8 deletions
diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php
index 93086e891..cbec90bff 100644
--- a/lib/exe/xmlrpc.php
+++ b/lib/exe/xmlrpc.php
@@ -1,9 +1,6 @@
<?php
if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../');
-// fix when '< ?xml' isn't on the very first line
-if(isset($HTTP_RAW_POST_DATA)) $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA);
-
require_once(DOKU_INC.'inc/init.php');
require_once(DOKU_INC.'inc/remote.php');
session_write_close(); //close session
diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php
index 71a2eb03a..3a5d89c08 100644
--- a/lib/plugins/acl/ajax.php
+++ b/lib/plugins/acl/ajax.php
@@ -6,16 +6,17 @@
* @author Andreas Gohr <andi@splitbrain.org>
*/
-//fix for Opera XMLHttpRequests
-if(!count($_POST) && !empty($HTTP_RAW_POST_DATA)){
- parse_str($HTTP_RAW_POST_DATA, $_POST);
-}
-
if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../../');
require_once(DOKU_INC.'inc/init.php');
//close session
session_write_close();
+//fix for Opera XMLHttpRequests
+$postData = http_get_raw_post_data();
+if(!count($_POST) && !empty($postData)){
+ parse_str($postData, $_POST);
+}
+
if(!auth_isadmin()) die('for admins only');
if(!checkSecurityToken()) die('CRSF Attack');
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 07:26:19 +0000