From b760af946cf29d1bee05a5cb33cfc6e357df441f Mon Sep 17 00:00:00 2001
From: Michael Hamann <michael@content-space.de>
Date: Sat, 15 Oct 2011 14:54:10 +0200
Subject: Send a 401 Unauthorized header in XML-RPC when access is denied

This is far from perfect but should solve most issues in the recommended
configuration where only authorized users have access. Sending proper
status codes should be implemented when the API implementation
refactoring is done.
---
 lib/exe/xmlrpc.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/exe/xmlrpc.php')

diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php
index 8b572d213..93d7c70ba 100644
--- a/lib/exe/xmlrpc.php
+++ b/lib/exe/xmlrpc.php
@@ -53,6 +53,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
      */
     function call($methodname, $args){
         if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){
+            header('HTTP/1.1 401 Unauthorized');
             return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".');
         }
         return parent::call($methodname, $args);
-- 
cgit v1.2.3