From e4729a050059243371391631dfa8cd14d15f28e1 Mon Sep 17 00:00:00 2001 From: Martijn Ras Date: Mon, 30 Jun 2014 13:32:35 +0200 Subject: [PATCH 1/2] Fixed typo and added check --- conf/dokuwiki.php | 2 +- inc/remote.php | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php index bdc9739d18..ef62b41e70 100644 --- a/conf/dokuwiki.php +++ b/conf/dokuwiki.php @@ -65,7 +65,7 @@ $conf['auth_security_timeout'] = 900; //time (seconds) auth data is considered valid, set to 0 to recheck on every page view $conf['securecookie'] = 1; //never send HTTPS cookies via HTTP $conf['remote'] = 0; //Enable/disable remote interfaces -$conf['remoteuser'] = '!!not set !!'; //user/groups that have access to remote interface (comma separated) +$conf['remoteuser'] = '!!not set!!'; //user/groups that have access to remote interface (comma separated) /* Antispam Features */ $conf['usewordblock']= 1; //block spam based on words? 0|1 diff --git a/inc/remote.php b/inc/remote.php index e27aa74f8a..8287f5ce46 100644 --- a/inc/remote.php +++ b/inc/remote.php @@ -175,6 +175,9 @@ public function hasAccess() { if (!$conf['remote']) { return false; } + if(trim($conf['remoteuser']) == '!!not set!!') { + return false; + } if(!$conf['useacl']) { return true; } From 188eedde2362cd12846432198ac6e13f313664c9 Mon Sep 17 00:00:00 2001 From: Martijn Ras Date: Fri, 13 Feb 2015 20:23:54 +0100 Subject: [PATCH 2/2] Updated test --- _test/tests/inc/remote.test.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/_test/tests/inc/remote.test.php b/_test/tests/inc/remote.test.php index d0d4eb7ce0..b34eacf88f 100644 --- a/_test/tests/inc/remote.test.php +++ b/_test/tests/inc/remote.test.php @@ -157,6 +157,8 @@ function test_pluginMethods() { } function test_hasAccessSuccess() { + global $conf; + $conf['remoteuser'] = ''; $this->assertTrue($this->remote->hasAccess()); } @@ -203,6 +205,7 @@ function test_hasAccessFailAcl2() { function test_forceAccessSuccess() { global $conf; $conf['remote'] = 1; + $conf['remoteuser'] = ''; $this->remote->forceAccess(); // no exception should occur } @@ -217,7 +220,11 @@ function test_forceAccessFail() { function test_generalCoreFunctionWithoutArguments() { global $conf; + global $USERINFO; $conf['remote'] = 1; + $conf['remoteuser'] = ''; + $conf['useacl'] = 1; + $USERINFO['grps'] = array('grp'); $remoteApi = new RemoteApi(); $remoteApi->getCoreMethods(new RemoteAPICoreTest()); @@ -243,7 +250,10 @@ function test_generalCoreFunctionOnArgumentMismatch() { function test_generalCoreFunctionWithArguments() { global $conf; + global $USERINFO; $conf['remote'] = 1; + $conf['remoteuser'] = ''; + $conf['useacl'] = 1; $remoteApi = new RemoteApi(); $remoteApi->getCoreMethods(new RemoteAPICoreTest()); @@ -256,7 +266,10 @@ function test_generalCoreFunctionWithArguments() { function test_pluginCallMethods() { global $conf; + global $USERINFO; $conf['remote'] = 1; + $conf['remoteuser'] = ''; + $conf['useacl'] = 1; $remoteApi = new RemoteApi(); $this->assertEquals($remoteApi->call('plugin.testplugin.method1'), null); @@ -313,6 +326,11 @@ function test_publicCallPluginDeny() { } function test_pluginCallCustomPath() { + global $conf; + global $USERINFO; + $conf['remote'] = 1; + $conf['remoteuser'] = ''; + $conf['useacl'] = 1; global $EVENT_HANDLER; $EVENT_HANDLER->register_hook('RPC_CALL_ADD', 'BEFORE', $this, 'pluginCallCustomPathRegister');