From 794fc9db8fe6b243f202c740cea5a677b683341b Mon Sep 17 00:00:00 2001
From: Michael Hamann <michael@content-space.de>
Date: Sat, 15 Oct 2011 15:06:35 +0200
Subject: Only send 401 if user is not logged in in XML-RPC FS#2133

If the user is already logged in, a 403 is sent instead now.
---
 lib/exe/xmlrpc.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'lib/exe/xmlrpc.php')

diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php
index 93d7c70ba..6553d043f 100644
--- a/lib/exe/xmlrpc.php
+++ b/lib/exe/xmlrpc.php
@@ -53,7 +53,11 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
      */
     function call($methodname, $args){
         if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){
-            header('HTTP/1.1 401 Unauthorized');
+            if (!isset($_SERVER['REMOTE_USER'])) {
+                header('HTTP/1.1 401 Unauthorized');
+            } else {
+                header('HTTP/1.1 403 Forbidden');
+            }
             return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".');
         }
         return parent::call($methodname, $args);
-- 
cgit v1.2.3