// http://bugs.php.net/bug.php?id=41293
if (empty($HTTP_RAW_POST_DATA)) {
$HTTP_RAW_POST_DATA = file_get_contents('php://input');
}
if (!empty($CFG->mnet_rpcdebug)) {
trigger_error("HTTP_RAW_POST_DATA");
trigger_error($HTTP_RAW_POST_DATA);
}
// New global variable which ONLY gets set in this server page, so you know that
// if you've been called by a remote Moodle, this should be set:
$MNET_REMOTE_CLIENT = new mnet_remote_client();
// Peek at the message to see if it's an XML-ENC document. If it is, note that
// the client connection was encrypted, and strip the xml-encryption and
// xml-signature wrappers from the XML-RPC payload
if (strpos(substr($HTTP_RAW_POST_DATA, 0, 100), '<encryptedMessage>')) {
$MNET_REMOTE_CLIENT->was_encrypted();
// Extract the XML-RPC payload from the XML-ENC and XML-SIG wrappers.
$payload = mnet_server_strip_wrappers($HTTP_RAW_POST_DATA);
} else {
$params = xmlrpc_decode_request($HTTP_RAW_POST_DATA, $method);
if ($method == 'system.keyswap' || $method == 'system/keyswap') {
// OK
} elseif ($MNET_REMOTE_CLIENT->plaintext_is_ok() == false) {
exit(mnet_server_fault(7021, 'forbidden-transport'));
}
// Looks like plaintext is ok. It is assumed that a plaintext call:
// 1. Came from a trusted host on your local network
// 2. Is *not* from a Moodle - otherwise why skip encryption/signing?
// 3. Is free to execute ANY function in Moodle
// 4. Cannot execute any methods (as it can't instantiate a class first)
// To execute a method, you'll need to create a wrapper function that first
