phpgroupware-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-cvs] phpgroupware xmlrpc.php

From: Dave Hall
Subject: [Phpgroupware-cvs] phpgroupware xmlrpc.php
Date: Tue, 24 Oct 2006 22:53:55 +0000 
CVSROOT:        /sources/phpgroupware
Module name:    phpgroupware
Changes by:     Dave Hall <skwashd>     06/10/24 22:53:55

Modified files:
        .              : xmlrpc.php 

Log message:
        merge in patch ##2904

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/phpgroupware/xmlrpc.php?cvsroot=phpgroupware&r1=1.15&r2=1.16

Patches:
Index: xmlrpc.php
===================================================================
RCS file: /sources/phpgroupware/phpgroupware/xmlrpc.php,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -b -r1.15 -r1.16
--- xmlrpc.php  4 May 2005 14:02:54 -0000       1.15
+++ xmlrpc.php  24 Oct 2006 22:53:55 -0000      1.16
@@ -7,23 +7,16 @@
        * @copyright Copyright (C) 2000-2005 Free Software Foundation, Inc. 
http://www.fsf.org/
        * @license http://www.gnu.org/licenses/gpl.html GNU General Public 
License
        * @package phpgroupware
-       * @version $Id: xmlrpc.php,v 1.15 2005/05/04 14:02:54 powerstat Exp $
+       * @version $Id: xmlrpc.php,v 1.16 2006/10/24 22:53:55 skwashd Exp $
        */
 
-       // NOTE! This file is still in the experimental stages, use at your own 
risk!
-       // The only current documentation for it is the code and the comments
-       // A document explaining its usage should be done shortly
-       // PLEASE, do *NOT* make any changes to this file without talking to me
-       // directly first.  Until I get it fully undercontrol.
-       // There might be possiable security holes in this, I haven't fully 
tested it
-       // (jengo)
-
        $GLOBALS['phpgw_info'] = array();
        
-       $GLOBALS['phpgw_info']['flags'] = array(
+       $GLOBALS['phpgw_info']['flags'] = array
+       (
                'currentapp'            => 'login',
                'noheader'              => True,
-               'disable_Template_class' => True
+               'disable_Template_class'=> True
        );
        
        /**
@@ -31,6 +24,11 @@
        */
        include_once('header.inc.php');
 
+       /**
+       * Include the XMLRPC specific functions
+       */
+       include_once(PHPGW_API_INC . '/xml_functions.inc.php');
+
        // If XML-RPC isn't enabled in PHP, return an XML-RPC response stating 
so
        if (! function_exists('xmlrpc_server_create'))
        {
@@ -66,23 +64,27 @@
        set_error_handler('xmlrpc_custom_error');
 
        $headers = getallheaders();
-       if (ereg('Basic',$headers['Authorization']))
-       {
-               $tmp  = $headers['Authorization'];
-               $tmp  = ereg_replace(' ','',$tmp);
-               $tmp  = ereg_replace('Basic','',$tmp);
-               $auth = base64_decode(trim($tmp));
-               list($sessionid,$kp3) = split(':',$auth);
 
-               if ($GLOBALS['phpgw']->session->verify($sessionid,$kp3))
-               {
                        $GLOBALS['xmlrpc_server'] = xmlrpc_server_create();
-                       $request_xml              = $HTTP_RAW_POST_DATA;
+       if ( isset($_SERVER['HTTP_RAW_POST_DATA']) )
+       {
+               $request_xml = $_SERVER['HTTP_RAW_POST_DATA'];
+       }
+       else
+       {
+               $request_xml = implode("\r\n", file('php://input'));
+       }
 
+       if ( isset($headers['Authorization']) 
+               && ereg('Basic', $headers['Authorization']) )
+       {
+               if ( 
$GLOBALS['phpgw']->session->verify($_SERVER['PHP_AUTH_USER'], 
$_SERVER['PHP_AUTH_PW']) )
+               {
                        // Find out what method they are calling
                        // This function is odd, you *NEED* to assign the 
results
                        // to a value, or $method is never returned.  (jengo)
                        $null = xmlrpc_decode_request($request_xml, $method);
+                       
                        $GLOBALS['phpgw']->session->xmlrpc_method_called = 
$method;
                        $GLOBALS['phpgw']->session->update_dla();
 
@@ -118,17 +120,12 @@
                }
                else
                {
-                       // Session is invalied
+                       // Session is invalid
                        xmlrpc_error(1001,'Session expired');
                }
        }
        else
        {
-               // First, create a single method being system.login
-               // If they don't request this, then just return a failed 
session error
-               $xmlrpc_server = xmlrpc_server_create();
-               $request_xml   = $HTTP_RAW_POST_DATA;
-
                // Find out what method they are calling
                // This function is odd, you *NEED* to assign the results
                // to a value, or $method is never returned.  (jengo)
@@ -181,7 +178,8 @@
        */
        function xmlrpc_error($error_number, $error_string)
        {
-               $values = array(
+               $values = array
+               (
                        'faultString' => $error_string,
                        'faultCode'   => $error_number
                );
@@ -291,7 +289,7 @@
        {
                $p = $parameters[0];
 
-               if ($p['domain'])
+               if ( isset($p['domain']) && $p['domain'] )
                {
                        $username = $p['username'] . '@' . $p['domain'];
                }
@@ -306,7 +304,8 @@
 
                if ($sessionid && $kp3)
                {
-                       return array(
+                       return array
+                       (
                                'sessionid' => $sessionid,
                                'kp3'       => $kp3,
                                'domain'    => $domain
reply via email to
[Prev in Thread] Current Thread [Next in Thread]