Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-54793

3.1 XML-RPC server does not use $_GET and $_POST correctly

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1, 3.1 regressions
    • Fix Version/s: 3.1.3
    • Component/s: Web Services
    • Labels:
    • Testing Instructions:
      Hide

      XML-RPC server test

      1. Login as admin.
      2. Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Mobile
      3. Set "Enable web services for mobile devices" (enablemobilewebservice) as checked. Click "Save changes".
      4. Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Manage protocols.
      5. Enable the XML-RPC protocol. Click "Save changes".
      6. Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Manage tokens.
      7. Click Add.
      8. On the Create token page, select a user among the list then click "Save changes". Take note of the generated token.
      9. Using a terminal, enter the following curl command:

        curl 'http://[SERVER_ADDRESS_HERE]/stable_master/webservice/xmlrpc/server.php?&wstoken=[TOKEN_HERE]' -H "Content-Type: text/xml" --data "<?xml version='1.0' encoding='UTF-8'?><methodCall><methodName>core_course_get_courses</methodName><params> </params></methodCall>"
        

        • Confirm that a proper XML-RPC response is being generated.
      10. Using the previous curl command, use an invalid token or an invalid web service method name.
        • Confirm that a proper XML-RPC fault response is being generated.
      11. Using the previous curl command, add another parameter to the URL e.g.,

        http://[SERVER_ADDRESS_HERE]/stable_master/webservice/xmlrpc/server.php?&wstoken=[TOKEN_HERE]&myparam=hello

        • Confirm that the same response from 9 is generated
      Show
      XML-RPC server test Login as admin. Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Mobile Set "Enable web services for mobile devices" (enablemobilewebservice) as checked. Click "Save changes". Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Manage protocols. Enable the XML-RPC protocol. Click "Save changes". Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Manage tokens. Click Add. On the Create token page, select a user among the list then click "Save changes". Take note of the generated token. Using a terminal, enter the following curl command: curl 'http://[SERVER_ADDRESS_HERE]/stable_master/webservice/xmlrpc/server.php?&wstoken=[TOKEN_HERE]' -H "Content-Type: text/xml" --data "<?xml version='1.0' encoding='UTF-8'?><methodCall><methodName>core_course_get_courses</methodName><params> </params></methodCall>" Confirm that a proper XML-RPC response is being generated. Using the previous curl command, use an invalid token or an invalid web service method name. Confirm that a proper XML-RPC fault response is being generated. Using the previous curl command, add another parameter to the URL e.g., http://[SERVER_ADDRESS_HERE]/stable_master/webservice/xmlrpc/server.php?&wstoken=[TOKEN_HERE]&myparam=hello Confirm that the same response from 9 is generated
    • Affected Branches:
      MOODLE_31_STABLE
    • Fixed Branches:
      MOODLE_31_STABLE
    • Pull Master Branch:
      MDL-54793-master

      Description

      3.1 XML-RPC implementation merges the $_GET and $_POST variables into the "$methodvariables" variable, using this last ones as arguments of the function call.

      This breaks the process, since :

      • $_GET can contain other params, not necessarily related with XML-RPC request
      • $_POST is wrong, since PHP waits for a "key=val" string, where XML-RPC waits for the XML code only as HTTP request body

      The problem seem to be solvable by resetting "$methodvariables" to an empty array, in "/webservice/xmlrpc/locallib.php", line 74 (just before the $rawpostdata = file_get_contents("php://input"))

      This trouble has been discovered after using webservices with 3.0 for several weeks, with no problems. After upgrade to 3.1, XML-RPC process was throwing errors, despite the fact that the XML-RPC client was the same, with the same Moodle configuration.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              cameron1729 cameron1729
              Reporter:
              Erika Erika DH
              Peer reviewer:
              Frédéric Massart
              Integrator:
              Dan Poltawski
              Tester:
              Jake Dallimore
              Participants:
              Component watchers:
              Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                14/Nov/16