Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-54793

3.1 XML-RPC server does not use $_GET and $_POST correctly

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 3.1, 3.1 regressions
    • 3.1.3
    • Web Services
    • MOODLE_31_STABLE
    • MOODLE_31_STABLE
    • MDL-54793-master
    • Hide

      XML-RPC server test

      1. Login as admin.
      2. Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Mobile
      3. Set "Enable web services for mobile devices" (enablemobilewebservice) as checked. Click "Save changes".
      4. Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Manage protocols.
      5. Enable the XML-RPC protocol. Click "Save changes".
      6. Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Manage tokens.
      7. Click Add.
      8. On the Create token page, select a user among the list then click "Save changes". Take note of the generated token.
      9. Using a terminal, enter the following curl command: 

        curl 'http://[SERVER_ADDRESS_HERE]/stable_master/webservice/xmlrpc/server.php?&wstoken=[TOKEN_HERE]' -H "Content-Type: text/xml" --data "<?xml version='1.0' encoding='UTF-8'?><methodCall><methodName>core_course_get_courses</methodName><params> </params></methodCall>"

        • Confirm that a proper XML-RPC response is being generated.
      10. Using the previous curl command, use an invalid token or an invalid web service method name.
        • Confirm that a proper XML-RPC fault response is being generated.
      11. Using the previous curl command, add another parameter to the URL e.g., 

        http://[SERVER_ADDRESS_HERE]/stable_master/webservice/xmlrpc/server.php?&wstoken=[TOKEN_HERE]&myparam=hello

        • Confirm that the same response from 9 is generated
      Show
      XML-RPC server test Login as admin. Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Mobile Set "Enable web services for mobile devices" (enablemobilewebservice) as checked. Click "Save changes". Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Manage protocols. Enable the XML-RPC protocol. Click "Save changes". Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Manage tokens. Click Add. On the Create token page, select a user among the list then click "Save changes". Take note of the generated token. Using a terminal, enter the following curl command: curl 'http://[SERVER_ADDRESS_HERE]/stable_master/webservice/xmlrpc/server.php?&wstoken=[TOKEN_HERE]' -H "Content-Type: text/xml" --data "<?xml version='1.0' encoding='UTF-8'?><methodCall><methodName>core_course_get_courses</methodName><params> </params></methodCall>" Confirm that a proper XML-RPC response is being generated. Using the previous curl command, use an invalid token or an invalid web service method name. Confirm that a proper XML-RPC fault response is being generated. Using the previous curl command, add another parameter to the URL e.g., http://[SERVER_ADDRESS_HERE]/stable_master/webservice/xmlrpc/server.php?&wstoken=[TOKEN_HERE]&myparam=hello Confirm that the same response from 9 is generated

    Description

      3.1 XML-RPC implementation merges the $_GET and $_POST variables into the "$methodvariables" variable, using this last ones as arguments of the function call.

      This breaks the process, since :

      • $_GET can contain other params, not necessarily related with XML-RPC request
      • $_POST is wrong, since PHP waits for a "key=val" string, where XML-RPC waits for the XML code only as HTTP request body

      The problem seem to be solvable by resetting "$methodvariables" to an empty array, in "/webservice/xmlrpc/locallib.php", line 74 (just before the $rawpostdata = file_get_contents("php://input"))

      This trouble has been discovered after using webservices with 3.0 for several weeks, with no problems. After upgrade to 3.1, XML-RPC process was throwing errors, despite the fact that the XML-RPC client was the same, with the same Moodle configuration.

      Attachments

        Issue Links

          is a regression caused by

          Task - A task that needs to be completed. Tasks usually refer to work that must be done outside the product. MDL-52209 Remove Zend XML-RPC from Moodle's XML-RPC web service

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              cameron1729 cameron1729
              Erika Erika DH
              Frédéric Massart Frédéric Massart
              Dan Poltawski Dan Poltawski
              Jake Dallimore Jake Dallimore
              Juan Leyva, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                14/Nov/16