diff options
| -rw-r--r-- | inc/RemoteAPICore.php | 28 | ||||
| -rw-r--r-- | lib/exe/xmlrpc.php | 3 |
2 files changed, 20 insertions, 11 deletions
diff --git a/inc/RemoteAPICore.php b/inc/RemoteAPICore.php index 9da493210..36c518881 100644 --- a/inc/RemoteAPICore.php +++ b/inc/RemoteAPICore.php @@ -169,7 +169,7 @@ class RemoteAPICore { * @return page text. */ function rawPage($id,$rev=''){ - $id = cleanID($id); + $id = $this->resolvePageId($id); if(auth_quickaclcheck($id) < AUTH_READ){ throw new RemoteAccessDeniedException('You are not allowed to read this file', 111); } @@ -228,7 +228,7 @@ class RemoteAPICore { * Return a wiki page rendered to html */ function htmlPage($id,$rev=''){ - $id = cleanID($id); + $id = $this->resolvePageId($id); if(auth_quickaclcheck($id) < AUTH_READ){ throw new RemoteAccessDeniedException('You are not allowed to read this page', 111); } @@ -356,14 +356,14 @@ class RemoteAPICore { * Return a list of backlinks */ function listBackLinks($id){ - return ft_backlinks(cleanID($id)); + return ft_backlinks($this->resolvePageId($id)); } /** * Return some basic data about a page */ function pageInfo($id,$rev=''){ - $id = cleanID($id); + $id = $this->resolvePageId($id); if(auth_quickaclcheck($id) < AUTH_READ){ throw new RemoteAccessDeniedException('You are not allowed to read this page', 111); } @@ -394,7 +394,7 @@ class RemoteAPICore { global $TEXT; global $lang; - $id = cleanID($id); + $id = $this->resolvePageId($id); $TEXT = cleanText($text); $sum = $params['sum']; $minor = $params['minor']; @@ -507,7 +507,7 @@ class RemoteAPICore { * Returns the permissions of a given wiki page */ function aclCheck($id) { - $id = cleanID($id); + $id = $this->resolvePageId($id); return auth_quickaclcheck($id); } @@ -517,7 +517,7 @@ class RemoteAPICore { * @author Michael Klier <chi@chimeric.de> */ function listLinks($id) { - $id = cleanID($id); + $id = $this->resolvePageId($id); if(auth_quickaclcheck($id) < AUTH_READ){ throw new RemoteAccessDeniedException('You are not allowed to read this page', 111); } @@ -633,7 +633,7 @@ class RemoteAPICore { * @author Michael Klier <chi@chimeric.de> */ function pageVersions($id, $first) { - $id = cleanID($id); + $id = $this->resolvePageId($id); if(auth_quickaclcheck($id) < AUTH_READ) { throw new RemoteAccessDeniedException('You are not allowed to read this page', 111); } @@ -711,7 +711,7 @@ class RemoteAPICore { $unlockfail = array(); foreach((array) $set['lock'] as $id){ - $id = cleanID($id); + $id = $this->resolvePageId($id); if(auth_quickaclcheck($id) < AUTH_EDIT || checklock($id)){ $lockfail[] = $id; }else{ @@ -721,7 +721,7 @@ class RemoteAPICore { } foreach((array) $set['unlock'] as $id){ - $id = cleanID($id); + $id = $this->resolvePageId($id); if(auth_quickaclcheck($id) < AUTH_EDIT || !unlock($id)){ $unlockfail[] = $id; }else{ @@ -764,6 +764,14 @@ class RemoteAPICore { return $ok; } + private function resolvePageId($id) { + $id = cleanID($id); + if(empty($id)) { + global $conf; + $id = cleanID($conf['start']); + } + return $id; + } } diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index cf3682f11..5e6c197d0 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -30,10 +30,11 @@ class dokuwiki_xmlrpc_server extends IXR_Server { } catch (RemoteAccessDeniedException $e) { if (!isset($_SERVER['REMOTE_USER'])) { header('HTTP/1.1 401 Unauthorized'); + return new IXR_Error(-32603, "server error. not authorized to call method $methodname"); } else { header('HTTP/1.1 403 Forbidden'); + return new IXR_Error(-32604, "server error. forbidden to call the method $methodname"); } - return new IXR_Error(-32603, "server error. not authorized to call method $methodname"); } catch (RemoteException $e) { return new IXR_Error($e->getCode(), $e->getMessage()); } |