2009-08-30 Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net>

Fixed the bug that XML-RPC authorization might be done before HTTP
	request header is fully received.
	* src/HttpServerCommand.cc

ChangeLog

@@ -1,3 +1,9 @@
+2009-08-30  Tatsuhiro Tsujikawa  <t-tujikawa@users.sourceforge.net>
+
+	Fixed the bug that XML-RPC authorization might be done before HTTP
+	request header is fully received.
+	* src/HttpServerCommand.cc
+
 2009-08-30  Tatsuhiro Tsujikawa  <t-tujikawa@users.sourceforge.net>
 
 	Documented --xml-rpc-listen-all option in man page.

src/HttpServerCommand.cc

@@ -91,6 +91,11 @@ bool HttpServerCommand::execute()
       SharedHandle<HttpHeader> header;
 
       header = _httpServer->receiveRequest();
+
+      if(header.isNull()) {
+	_e->commands.push_back(this);
+	return false;
+      }
       if(!_httpServer->authenticate()) {
 	_httpServer->disableKeepAlive();
 	_httpServer->feedResponse("401 Unauthorized",
@@ -102,10 +107,7 @@ bool HttpServerCommand::execute()
 	_e->setNoWait(true);
 	return true;
       }
-      if(header.isNull()) {
-	_e->commands.push_back(this);
-	return false;
-      } else if(static_cast<uint64_t>
+      if(static_cast<uint64_t>
 	 (_e->option->getAsInt(PREF_XML_RPC_MAX_REQUEST_SIZE)) <
 	 _httpServer->getContentLength()) {
 	logger->info("Request too long. ContentLength=%s."
@@ -113,13 +115,12 @@ bool HttpServerCommand::execute()
 		     " this limitation.",
 		     Util::uitos(_httpServer->getContentLength()).c_str());
 	return true;
-      } else {
+      }
       Command* command = new HttpServerBodyCommand(cuid, _httpServer, _e,
 						   _socket);
       _e->commands.push_back(command);
       _e->setNoWait(true);
       return true;
-      }
     } else {
       if(_timeout.elapsed(30)) {
 	logger->info("HTTP request timeout.");