Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-54793

3.1 XML-RPC server does not use $_GET and $_POST correctly

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 3.1, 3.1 regressions
    • 3.1.3
    • Web Services
    • MOODLE_31_STABLE
    • MOODLE_31_STABLE
    • MDL-54793-master
    • Hide

      XML-RPC server test

      1. Login as admin.
      2. Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Mobile
      3. Set "Enable web services for mobile devices" (enablemobilewebservice) as checked. Click "Save changes".
      4. Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Manage protocols.
      5. Enable the XML-RPC protocol. Click "Save changes".
      6. Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Manage tokens.
      7. Click Add.
      8. On the Create token page, select a user among the list then click "Save changes". Take note of the generated token.
      9. Using a terminal, enter the following curl command: 

        curl 'http://[SERVER_ADDRESS_HERE]/stable_master/webservice/xmlrpc/server.php?&wstoken=[TOKEN_HERE]' -H "Content-Type: text/xml" --data "<?xml version='1.0' encoding='UTF-8'?><methodCall><methodName>core_course_get_courses</methodName><params> </params></methodCall>"

        • Confirm that a proper XML-RPC response is being generated.
      10. Using the previous curl command, use an invalid token or an invalid web service method name.
        • Confirm that a proper XML-RPC fault response is being generated.
      11. Using the previous curl command, add another parameter to the URL e.g., 

        http://[SERVER_ADDRESS_HERE]/stable_master/webservice/xmlrpc/server.php?&wstoken=[TOKEN_HERE]&myparam=hello

        • Confirm that the same response from 9 is generated
      Show
      XML-RPC server test Login as admin. Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Mobile Set "Enable web services for mobile devices" (enablemobilewebservice) as checked. Click "Save changes". Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Manage protocols. Enable the XML-RPC protocol. Click "Save changes". Go to Site administration ▶︎ Plugins ▶︎ Web services ▶︎ Manage tokens. Click Add. On the Create token page, select a user among the list then click "Save changes". Take note of the generated token. Using a terminal, enter the following curl command: curl 'http://[SERVER_ADDRESS_HERE]/stable_master/webservice/xmlrpc/server.php?&wstoken=[TOKEN_HERE]' -H "Content-Type: text/xml" --data "<?xml version='1.0' encoding='UTF-8'?><methodCall><methodName>core_course_get_courses</methodName><params> </params></methodCall>" Confirm that a proper XML-RPC response is being generated. Using the previous curl command, use an invalid token or an invalid web service method name. Confirm that a proper XML-RPC fault response is being generated. Using the previous curl command, add another parameter to the URL e.g., http://[SERVER_ADDRESS_HERE]/stable_master/webservice/xmlrpc/server.php?&wstoken=[TOKEN_HERE]&myparam=hello Confirm that the same response from 9 is generated

    Description

      3.1 XML-RPC implementation merges the $_GET and $_POST variables into the "$methodvariables" variable, using this last ones as arguments of the function call.

      This breaks the process, since :

      • $_GET can contain other params, not necessarily related with XML-RPC request
      • $_POST is wrong, since PHP waits for a "key=val" string, where XML-RPC waits for the XML code only as HTTP request body

      The problem seem to be solvable by resetting "$methodvariables" to an empty array, in "/webservice/xmlrpc/locallib.php", line 74 (just before the $rawpostdata = file_get_contents("php://input"))

      This trouble has been discovered after using webservices with 3.0 for several weeks, with no problems. After upgrade to 3.1, XML-RPC process was throwing errors, despite the fact that the XML-RPC client was the same, with the same Moodle configuration.

      Attachments

        Issue Links

          is a regression caused by

          Task - A task that needs to be completed. Tasks usually refer to work that must be done outside the product. MDL-52209 Remove Zend XML-RPC from Moodle's XML-RPC web service

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              cameron1729 cameron1729
              Erika Erika DH
              Frédéric Massart Frédéric Massart
              Dan Poltawski Dan Poltawski
              Jake Dallimore Jake Dallimore
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                14/Nov/16