diff --git a/ChangeLog b/ChangeLog index 59903256..4f1f1320 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2009-08-30 Tatsuhiro Tsujikawa + + Fixed the bug that XML-RPC authorization might be done before HTTP + request header is fully received. + * src/HttpServerCommand.cc + 2009-08-30 Tatsuhiro Tsujikawa Documented --xml-rpc-listen-all option in man page. diff --git a/src/HttpServerCommand.cc b/src/HttpServerCommand.cc index 38b9bdee..74518f42 100644 --- a/src/HttpServerCommand.cc +++ b/src/HttpServerCommand.cc @@ -91,6 +91,11 @@ bool HttpServerCommand::execute() SharedHandle header; header = _httpServer->receiveRequest(); + + if(header.isNull()) { + _e->commands.push_back(this); + return false; + } if(!_httpServer->authenticate()) { _httpServer->disableKeepAlive(); _httpServer->feedResponse("401 Unauthorized", @@ -102,24 +107,20 @@ bool HttpServerCommand::execute() _e->setNoWait(true); return true; } - if(header.isNull()) { - _e->commands.push_back(this); - return false; - } else if(static_cast - (_e->option->getAsInt(PREF_XML_RPC_MAX_REQUEST_SIZE)) < - _httpServer->getContentLength()) { + if(static_cast + (_e->option->getAsInt(PREF_XML_RPC_MAX_REQUEST_SIZE)) < + _httpServer->getContentLength()) { logger->info("Request too long. ContentLength=%s." " See --xml-rpc-max-request-size option to loose" " this limitation.", Util::uitos(_httpServer->getContentLength()).c_str()); return true; - } else { - Command* command = new HttpServerBodyCommand(cuid, _httpServer, _e, - _socket); - _e->commands.push_back(command); - _e->setNoWait(true); - return true; } + Command* command = new HttpServerBodyCommand(cuid, _httpServer, _e, + _socket); + _e->commands.push_back(command); + _e->setNoWait(true); + return true; } else { if(_timeout.elapsed(30)) { logger->info("HTTP request timeout.");