diff options
Diffstat (limited to 'lib/exe')
| -rw-r--r-- | lib/exe/ajax.php | 3 | ||||
| -rw-r--r-- | lib/exe/css.php | 3 | ||||
| -rw-r--r-- | lib/exe/multipleUpload.swf | bin | 64561 -> 0 bytes | |||
| -rw-r--r-- | lib/exe/xmlrpc.php | 30 |
4 files changed, 29 insertions, 7 deletions
diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php index d4ef8dc11..f8d62cb57 100644 --- a/lib/exe/ajax.php +++ b/lib/exe/ajax.php @@ -281,7 +281,8 @@ function ajax_mediaupload(){ } $result = array('error' => $msg['msg'], 'ns' => $NS); } - echo htmlspecialchars(json_encode($result), ENT_NOQUOTES); + $json = new JSON; + echo htmlspecialchars($json->encode($result), ENT_NOQUOTES); } function dir_delete($path) { diff --git a/lib/exe/css.php b/lib/exe/css.php index 81f47d8fa..d54e2e46c 100644 --- a/lib/exe/css.php +++ b/lib/exe/css.php @@ -319,7 +319,8 @@ function css_compress($css){ // strip whitespaces $css = preg_replace('![\r\n\t ]+!',' ',$css); - $css = preg_replace('/ ?([:;,{}\/]) ?/','\\1',$css); + $css = preg_replace('/ ?([;,{}\/]) ?/','\\1',$css); + $css = preg_replace('/ ?: /',':',$css); // shorten colors $css = preg_replace("/#([0-9a-fA-F]{1})\\1([0-9a-fA-F]{1})\\2([0-9a-fA-F]{1})\\3/", "#\\1\\2\\3",$css); diff --git a/lib/exe/multipleUpload.swf b/lib/exe/multipleUpload.swf Binary files differdeleted file mode 100644 index 888aab045..000000000 --- a/lib/exe/multipleUpload.swf +++ /dev/null diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 8b572d213..e5e3298ae 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -7,7 +7,7 @@ if(isset($HTTP_RAW_POST_DATA)) $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA); /** * Increased whenever the API is changed */ -define('DOKU_XMLRPC_API_VERSION',5); +define('DOKU_XMLRPC_API_VERSION', 6); require_once(DOKU_INC.'inc/init.php'); session_write_close(); //close session @@ -53,6 +53,11 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { */ function call($methodname, $args){ if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){ + if (!isset($_SERVER['REMOTE_USER'])) { + header('HTTP/1.1 401 Unauthorized'); + } else { + header('HTTP/1.1 403 Forbidden'); + } return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".'); } return parent::call($methodname, $args); @@ -579,8 +584,12 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { // save temporary file @unlink($ftmp); - $buff = base64_decode($file); - io_saveFile($ftmp, $buff); + if (preg_match('/^[A-Za-z0-9\+\/]*={0,2}$/', $file) === 1) { + // DEPRECATED: Double-decode file if it still looks like base64 + // after first decoding (which is done by the library) + $file = base64_decode($file); + } + io_saveFile($ftmp, $file); $res = media_save(array('name' => $ftmp), $id, $params['ow'], $auth, 'rename'); if (is_array($res)) { @@ -853,11 +862,22 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { global $auth; if(!$conf['useacl']) return 0; if(!$auth) return 0; + + @session_start(); // reopen session for login if($auth->canDo('external')){ - return $auth->trustExternal($user,$pass,false); + $ok = $auth->trustExternal($user,$pass,false); }else{ - return auth_login($user,$pass,false,true); + $evdata = array( + 'user' => $user, + 'password' => $pass, + 'sticky' => false, + 'silent' => true, + ); + $ok = trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper'); } + session_write_close(); // we're done with the session + + return $ok; } |