Send a 401 Unauthorized header in XML-RPC when access is denied

This is far from perfect but should solve most issues in the recommended configuration where only authorized users have access. Sending proper status codes should be implemented when the API implementation refactoring is done.

Send a 401 Unauthorized header in XML-RPC when access is denied
This is far from perfect but should solve most issues in the recommended configuration where only authorized users have access. Sending proper status codes should be implemented when the API implementation refactoring is done.
b760af94 · Michael Hamann · d8f7a7f3 · b760af94
Commit b760af94 authored 13 years ago by Michael Hamann
--- a/lib/exe/xmlrpc.php
+++ b/lib/exe/xmlrpc.php
@@ -53,6 +53,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
     */
    function call($methodname, $args){
        if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){
+            header('HTTP/1.1 401 Unauthorized');
            return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".');
        }
        return parent::call($methodname, $args);