xmlrpc, use authentication through the basic auth header instead of extra user/pass parameters

1 files changed, 13 insertions, 11 deletions

diff --git a/src/etc/inc/xmlrpc_client.inc b/src/etc/inc/xmlrpc_client.inc
index 3db6bfe..26a93be 100644
--- a/src/etc/inc/xmlrpc_client.inc
+++ b/src/etc/inc/xmlrpc_client.inc
@@ -21,11 +21,9 @@
 
 require_once("XML/RPC2/Client.php");
 
-define('PEAR_IGNORE_BACKTRACE', 1);
-
 class pfsense_xmlrpc_client {
 	
-	private $username, $password, $url, $filenotice, $error;
+	private $username, $password, $url, $logurl, $filenotice, $error;
 	
 	public function __construct() {
 		global $config;
@@ -67,7 +65,11 @@ class pfsense_xmlrpc_client {
 		if (is_ipaddrv6($syncip)) {
 			$syncip = "[{$syncip}]";
 		}
-		$this->url = "{$scheme}://{$syncip}:{$port}/xmlrpc.php";
+		$user = urlencode($this->username);
+		$pass = urlencode($this->password);
+		
+		$this->logurl = "{$scheme}://{$syncip}:{$port}/xmlrpc.php";
+		$this->url = "{$scheme}://{$user}:{$pass}@{$syncip}:{$port}/xmlrpc.php";
 	}
 
 	public function set_noticefile($noticefile) {
@@ -86,10 +88,10 @@ class pfsense_xmlrpc_client {
 		while ($numberofruns < 2) {
 			$numberofruns++;
 
-			log_error(sprintf(gettext("Beginning XMLRPC sync data to %s."), $this->url));
+			log_error(sprintf(gettext("Beginning XMLRPC sync data to %s."), $this->logurl));
 			$cli = XML_RPC2_Client::create($this->url, $options);
 			if (!is_object($cli)) {
-				$this->error = sprintf(gettext("A communications error occurred while attempting XMLRPC sync with %s (pfsense.%s)."), $this->url, $method);
+				$this->error = sprintf(gettext("A communications error occurred while attempting XMLRPC sync with %s (pfsense.%s)."), $this->log, $method);
 				log_error($this->error);
 				file_notice($this->filenotice, $this->error, "Settings Sync", "");
 				continue;
@@ -97,7 +99,7 @@ class pfsense_xmlrpc_client {
 			try {//restore_config_section
 				$REQUEST_URI = $_SERVER['REQUEST_URI'];
 				unset($_SERVER['REQUEST_URI']); // force use of 'toText()' when setting XML_RPC2_CurlException message
-				$resp = $cli->$method($this->username, $this->password, $parameter);
+				$resp = $cli->$method($parameter);
 			} catch (XML_RPC2_FaultException $e) {
 				// The XMLRPC server returns a XMLRPC error
 				$this->error = "Exception calling XMLRPC method {$method} #" . $e->getFaultCode() . ' : ' . $e->getFaultString();
@@ -109,7 +111,7 @@ class pfsense_xmlrpc_client {
 				if ($previouserror == null) {
 					// CurlException doesnt get filled with PreviousError,
 					// however we dont want to show the stacktrace included in the 'message' to non sysadmin users
-					$this->error = "CurlException calling XMLRPC method {$method} #" . strtok($e->getMessage(), "\n");
+					$this->error = "CurlException calling XMLRPC method {$method} #" . $e->getMessage();
 				} else {
 					$this->error = "CurlException calling XMLRPC method {$method} #" . $previouserror->getMessage();
 				}
@@ -130,12 +132,12 @@ class pfsense_xmlrpc_client {
 			}
 
 			if (!is_array($resp) && trim($resp) == "Authentication failed") {
-				$this->error = "An authentication failure occurred while trying to access {$this->url} ({$method}).";
+				$this->error = "An authentication failure occurred while trying to access {$this->logurl} ({$method}).";
 				log_error($this->error);
 				file_notice($this->filenotice, $this->error, "Settings Sync", "");
 				continue;
 			}
-			log_error(sprintf(gettext("XMLRPC reload data success with %s (pfsense.{$method})."), $this->url));
+			log_error(sprintf(gettext("XMLRPC reload data success with %s (pfsense.{$method})."), $this->logurl));
 			return $resp;
 		}
 		return null;
@@ -156,6 +158,6 @@ class pfsense_xmlrpc_client {
 	}
 	
 	public function getUrl() {
-		return $this->url;
+		return $this->logurl;
 	}
 }
\ No newline at end of file