// http://bugs.php.net/bug.php?id=41293 if (empty($HTTP_RAW_POST_DATA)) { $HTTP_RAW_POST_DATA = file_get_contents('php://input'); } if (!empty($CFG->mnet_rpcdebug)) { trigger_error("HTTP_RAW_POST_DATA"); trigger_error($HTTP_RAW_POST_DATA); } // New global variable which ONLY gets set in this server page, so you know that // if you've been called by a remote Moodle, this should be set: $MNET_REMOTE_CLIENT = new mnet_remote_client(); // Peek at the message to see if it's an XML-ENC document. If it is, note that // the client connection was encrypted, and strip the xml-encryption and // xml-signature wrappers from the XML-RPC payload if (strpos(substr($HTTP_RAW_POST_DATA, 0, 100), '<encryptedMessage>')) { $MNET_REMOTE_CLIENT->was_encrypted(); // Extract the XML-RPC payload from the XML-ENC and XML-SIG wrappers. $payload = mnet_server_strip_wrappers($HTTP_RAW_POST_DATA); } else { $params = xmlrpc_decode_request($HTTP_RAW_POST_DATA, $method); if ($method == 'system.keyswap' || $method == 'system/keyswap') { // OK } elseif ($MNET_REMOTE_CLIENT->plaintext_is_ok() == false) { exit(mnet_server_fault(7021, 'forbidden-transport')); } // Looks like plaintext is ok. It is assumed that a plaintext call: // 1. Came from a trusted host on your local network // 2. Is *not* from a Moodle - otherwise why skip encryption/signing? // 3. Is free to execute ANY function in Moodle // 4. Cannot execute any methods (as it can't instantiate a class first) // To execute a method, you'll need to create a wrapper function that first