diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2011-07-10 13:14:07 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2011-07-10 13:14:07 +0200 |
| commit | 992ded5a7e2cbd2c8092ded03d035d0cbeade327 (patch) | |
| tree | 9f86de41848a2fe7dd33bc124392365cfa8ad84b /lib | |
| parent | 0cacf91f96aa51a4c66082fe6c9b034fe61a1290 (diff) | |
| download | rpg-992ded5a7e2cbd2c8092ded03d035d0cbeade327.tar.gz rpg-992ded5a7e2cbd2c8092ded03d035d0cbeade327.tar.bz2 | |
make use of auth_isMember() in XMLRPC authentication check FS#2287
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/exe/xmlrpc.php | 21 |
1 files changed, 2 insertions, 19 deletions
diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 108dd8fd1..8b572d213 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -30,26 +30,9 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { global $USERINFO; if(!$conf['useacl']) return true; //no ACL - then no checks + if(trim($conf['xmlrpcuser']) == '') return true; //no restrictions - $allowed = explode(',',$conf['xmlrpcuser']); - $allowed = array_map('trim', $allowed); - $allowed = array_unique($allowed); - $allowed = array_filter($allowed); - - if(!count($allowed)) return true; //no restrictions - - $user = $_SERVER['REMOTE_USER']; - $groups = (array) $USERINFO['grps']; - - if(in_array($user,$allowed)) return true; //user explicitly mentioned - - //check group memberships - foreach($groups as $group){ - if(in_array('@'.$group,$allowed)) return true; - } - - //still here? no access! - return false; + return auth_isMember($conf['xmlrpcuser'],$_SERVER['REMOTE_USER'],(array) $USERINFO['grps']); } /** |