From 3ee5b583c45dfe6cdc2f746ad3ee33b4d6f09999 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 16 May 2009 13:43:51 +0200
Subject: restrict XMLRPC to configurable groups and users

Ignore-this: 1370cee84d44bb35ae7c0c988ed8f1ff

This patch adds a config option to define users or groups that may access
the XMLRPC API. ACLs are still checked on top of this intial access control.

darcs-hash:20090516114351-7ad00-155fb6c74c29f5f84e79544a534369eec0403ff0.gz
---
 conf/dokuwiki.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'conf/dokuwiki.php')

diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php
index efbf2948d..4c4912909 100644
--- a/conf/dokuwiki.php
+++ b/conf/dokuwiki.php
@@ -78,6 +78,9 @@ $conf['sneaky_index']   = 0;             //check for namespace read permission i
 $conf['auth_security_timeout'] = 900;    //time (seconds) auth data is considered valid, set to 0 to recheck on every page view
 $conf['securecookie'] = 1;               //never send HTTPS cookies via HTTP
 
+$conf['xmlrpc']      = 0;                //Enable/disable XML-RPC interface
+$conf['xmlrpcuser']  = '!!not set!!';    //Restrict XML-RPC access to this groups/users
+
 /* Advanced Options */
 
 $conf['updatecheck'] = 1;                //automatically check for new releases?
@@ -126,7 +129,6 @@ $conf['recent_days'] = 7;                //How many days of recent changes to ke
 $conf['rss_show_summary'] = 1;           //Add revision summary to title? 0|1
 $conf['broken_iua']  = 0;                //Platform with broken ignore_user_abort (IIS+CGI) 0|1
 $conf['xsendfile']   = 0;                //Use X-Sendfile (1 = lighttpd, 2 = standard)
-$conf['xmlrpc'] = 0;                     //Enable/disable XML-RPC interface
 $conf['renderer_xhtml'] = 'xhtml';       //renderer to use for main page generation
 $conf['rememberme'] = 1;                 //Enable/disable remember me on login
 
-- 
cgit v1.2.3