From 96946cc94d3ecb3832e2a1ce35c49743e25329e1 Mon Sep 17 00:00:00 2001 From: Dominik Eckelmann Date: Wed, 21 Mar 2012 11:25:00 +0100 Subject: replaced $HTTP_RAW_POST_DATA with http_get_raw_post_data function --- inc/IXR_Library.php | 7 ++++--- inc/httputils.php | 8 ++++++++ lib/exe/xmlrpc.php | 3 --- lib/plugins/acl/ajax.php | 11 ++++++----- 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/inc/IXR_Library.php b/inc/IXR_Library.php index c8255e6d9..ce5a4d914 100644 --- a/inc/IXR_Library.php +++ b/inc/IXR_Library.php @@ -302,11 +302,12 @@ class IXR_Server { } function serve($data = false) { if (!$data) { - global $HTTP_RAW_POST_DATA; - if (!$HTTP_RAW_POST_DATA) { + + $postData = trim(http_get_raw_post_data()); + if (!$postData) { die('XML-RPC server accepts POST requests only.'); } - $data = $HTTP_RAW_POST_DATA; + $data = $postData; } $this->message = new IXR_Message($data); if (!$this->message->parse()) { diff --git a/inc/httputils.php b/inc/httputils.php index 0ad97a9a1..b815f3ca6 100644 --- a/inc/httputils.php +++ b/inc/httputils.php @@ -249,3 +249,11 @@ function http_cached_finish($file, $content) { print $content; } } + +function http_get_raw_post_data() { + static $postData = null; + if ($postData === null) { + $postData = file_get_contents('php://input'); + } + return $postData; +} diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 93086e891..cbec90bff 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -1,9 +1,6 @@ */ -//fix for Opera XMLHttpRequests -if(!count($_POST) && !empty($HTTP_RAW_POST_DATA)){ - parse_str($HTTP_RAW_POST_DATA, $_POST); -} - if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../../'); require_once(DOKU_INC.'inc/init.php'); //close session session_write_close(); +//fix for Opera XMLHttpRequests +$postData = http_get_raw_post_data(); +if(!count($_POST) && !empty($postData)){ + parse_str($postData, $_POST); +} + if(!auth_isadmin()) die('for admins only'); if(!checkSecurityToken()) die('CRSF Attack'); -- cgit v1.2.3