diff options
Diffstat (limited to 'lib/exe')
| -rw-r--r-- | lib/exe/xmlrpc.php | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index d232930a3..d40e338b2 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -296,6 +296,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { * Return a raw wiki page */ function rawPage($id,$rev=''){ + $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ return new IXR_Error(1, 'You are not allowed to read this page'); } @@ -351,6 +352,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { * Return a wiki page rendered to html */ function htmlPage($id,$rev=''){ + $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ return new IXR_Error(1, 'You are not allowed to read this page'); } @@ -488,6 +490,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { * Return some basic data about a page */ function pageInfo($id,$rev=''){ + $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ return new IXR_Error(1, 'You are not allowed to read this page'); } @@ -601,6 +604,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { * Michael Klier <chi@chimeric.de> */ function putAttachment($id, $file, $params) { + $id = cleanID($id); global $conf; global $lang; @@ -668,6 +672,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { * @author Gina Haeussge <osd@foosel.net> */ function deleteAttachment($id){ + $id = cleanID($id); $auth = auth_quickaclcheck(getNS($id).':*'); if($auth < AUTH_DELETE) return new IXR_ERROR(1, "You don't have permissions to delete files."); global $conf; @@ -725,6 +730,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { * Returns the permissions of a given wiki page */ function aclCheck($id) { + $id = cleanID($id); return auth_quickaclcheck($id); } @@ -734,13 +740,14 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { * @author Michael Klier <chi@chimeric.de> */ function listLinks($id) { + $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ return new IXR_Error(1, 'You are not allowed to read this page'); } $links = array(); // resolve page instructions - $ins = p_cached_instructions(wikiFN(cleanID($id))); + $ins = p_cached_instructions(wikiFN($id)); // instantiate new Renderer - needed for interwiki links include(DOKU_INC.'inc/parser/xhtml.php'); @@ -848,6 +855,10 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { * @author Michael Klier <chi@chimeric.de> */ function pageVersions($id, $first) { + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_READ){ + return new IXR_Error(1, 'You are not allowed to read this page'); + } global $conf; $versions = array(); @@ -923,7 +934,8 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { $unlockfail = array(); foreach((array) $set['lock'] as $id){ - if(checklock($id)){ + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_EDIT || checklock($id)){ $lockfail[] = $id; }else{ lock($id); @@ -932,10 +944,11 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { } foreach((array) $set['unlock'] as $id){ - if(unlock($id)){ - $unlocked[] = $id; - }else{ + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_EDIT || !unlock($id)){ $unlockfail[] = $id; + }else{ + $unlocked[] = $id; } } |