diff options
| author | Michael Hamann <michael@content-space.de> | 2011-10-15 14:54:10 +0200 |
|---|---|---|
| committer | Michael Hamann <michael@content-space.de> | 2011-10-15 14:57:13 +0200 |
| commit | b760af946cf29d1bee05a5cb33cfc6e357df441f (patch) | |
| tree | 46b8c6b79bf15c14700f24165e8d1c962f011749 | |
| parent | d8f7a7f328a68b48d9ef5c0987b6a4915d43735e (diff) | |
| download | rpg-b760af946cf29d1bee05a5cb33cfc6e357df441f.tar.gz rpg-b760af946cf29d1bee05a5cb33cfc6e357df441f.tar.bz2 | |
Send a 401 Unauthorized header in XML-RPC when access is denied
This is far from perfect but should solve most issues in the recommended
configuration where only authorized users have access. Sending proper
status codes should be implemented when the API implementation
refactoring is done.
| -rw-r--r-- | lib/exe/xmlrpc.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 8b572d213..93d7c70ba 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -53,6 +53,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { */ function call($methodname, $args){ if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){ + header('HTTP/1.1 401 Unauthorized'); return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".'); } return parent::call($methodname, $args); |