summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--server/xml.server.php13
1 files changed, 10 insertions, 3 deletions
diff --git a/server/xml.server.php b/server/xml.server.php
index 3da772d1..aeae5798 100644
--- a/server/xml.server.php
+++ b/server/xml.server.php
@@ -48,11 +48,18 @@ if (!Config::get('access_control')) {
* login via this interface so we do have an exception for action=login
*/
+if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake')) {
+ debug_event('Access Denied','Invalid Session attempt to API [' . $_REQUEST['action'] . ']','5');
+ ob_end_clean();
+ echo xmlData::error('Session Expired');
+ exit();
+}
+
-if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) {
- debug_event('Access Denied','Invalid Session or unathorized access attempt to API [' . $_REQUEST['action'] . ']', '5');
+if (!Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) {
+ debug_event('Access Denied','Unathorized access attempt to API [' . $_SERVER['REMOTE_ADDR'] . ']', '5');
ob_end_clean();
- echo xmlData::error('Access Denied due to ACL or unauthorized access attempt to API, attempt logged');
+ echo xmlData::error('ACL Error');
exit();
}
generated by cgit (git 2.34.1) at 2025-08-13 10:31:57 +0000