Fixed: forgot session check

author: momo-i <momo-i@ampache> 2009-03-17 23:49:01 +0000
committer: momo-i <momo-i@ampache> 2009-03-17 23:49:01 +0000
commit: c31be1e56af311204098ce603f5600b44e611b27 (patch)
tree: 9cf2f0726f28aa3b1dbde89609165e8d08767ab6 /lib/class/xmlrpcserver.class.php
parent: 9b8d212ef24a038c2a92697e337c4de9bdbde2a0 (diff)
download: ampache-c31be1e56af311204098ce603f5600b44e611b27.tar.gz
ampache-c31be1e56af311204098ce603f5600b44e611b27.tar.bz2
ampache-c31be1e56af311204098ce603f5600b44e611b27.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/class/xmlrpcserver.class.php b/lib/class/xmlrpcserver.class.php
index 91fb78ec..06c6effd 100644
--- a/lib/class/xmlrpcserver.class.php
+++ b/lib/class/xmlrpcserver.class.php
@@ -196,6 +196,16 @@ class xmlRpcServer {
 	 */
 	public static function check_song($xmlrpc_object) {
 
+		// Pull out the key
+		$variable = $xmlrpc_object->getParam(1);
+		$key = $variable->scalarval();
+
+		// Check it and make sure we're super green
+		if (!vauth::session_exists('xml-rpc',$key)) {
+			debug_event('XMLSERVER','Error ' . $_SERVER['REMOTE_ADDR'] . ' with key ' . $key . ' does not match any ACLs','1');
+			return new XML_RPC_Response(0,'503','Key/IP Mis-match Access Denied');
+		}
+
 		$var = $xmlrpc_object->params['0']->me['int'];
 		$sql = "SELECT `song`.`id` FROM `song` WHERE `id`='" . Dba::escape($var) ."'";
 		$db_results = Dba::read($sql);
author	momo-i <momo-i@ampache>	2009-03-17 23:49:01 +0000
committer	momo-i <momo-i@ampache>	2009-03-17 23:49:01 +0000
commit	c31be1e56af311204098ce603f5600b44e611b27 (patch)
tree	9cf2f0726f28aa3b1dbde89609165e8d08767ab6 /lib/class/xmlrpcserver.class.php
parent	9b8d212ef24a038c2a92697e337c4de9bdbde2a0 (diff)
download	ampache-c31be1e56af311204098ce603f5600b44e611b27.tar.gz ampache-c31be1e56af311204098ce603f5600b44e611b27.tar.bz2 ampache-c31be1e56af311204098ce603f5600b44e611b27.zip