[wp-hackers] 1.5.1.3 XMLRPC problems

Robert Deaton false.hopes at gmail.com
Wed Jun 29 16:33:42 GMT 2005 

I just reverted and tested ryan's patch, and it appears to be working
fine. Commit time?

On 6/29/05, Ryan Boren <ryan at boren.nu> wrote:
> On Wed, 2005-06-29 at 12:17 -0400, Robert Deaton wrote:
> > Before I forget, hat tip to skippy for tracing down the line that was
> > causing the problem, but the obvious solution of doing $this->escape
> > on every $arg but $arg[3] didn't work, but $wpdb->escape does and
> > achieves the same purpose. I haven't had time to look into why
> > $this->escape doesn't work, in fact, I have not a damn clue what it
> > is.
> 
> Not escaping the content_struct will result in breakage with content
> that contains quotes.  A better solution might be to have the xmlrpc
> escape() method not escape objects.
> 
> --- xmlrpc.php  (revision 2670)
> +++ xmlrpc.php  (working copy)
> @@ -133,6 +133,8 @@
>                 foreach ($array as $k => $v) {
>                         if (is_array($v)) {
>                                 $this->escape($array[$k]);
> +                       } else if (is_object($v)) {
> +                               //skip
>                         } else {
>                                 $array[$k] = $wpdb->escape($v);
> 
> 
> Ryan
> 
> > On 6/29/05, Robert Deaton <false.hopes at gmail.com> wrote:
> > > I confirmed the problem, and have a fix that Works For Me (tm). Testing, anyone?
> > >
> > > Index: branches/1.5/xmlrpc.php
> > > ===================================================================
> > > --- branches/1.5/xmlrpc.php     (revision 2672)
> > > +++ branches/1.5/xmlrpc.php     (working copy)
> > > @@ -502,13 +502,11 @@
> > >
> > >           global $wpdb, $post_default_category;
> > >
> > > -               $this->escape($args);
> > > -
> > > -         $blog_ID     = $args[0]; // we will support this in the near future
> > > -         $user_login  = $args[1];
> > > -         $user_pass   = $args[2];
> > > +         $blog_ID = $wpdb->escape($args[0]);
> > > +         $user_login = $wpdb->escape($args[1]);
> > > +         $user_pass = $wpdb->escape($args[2]);
> > > +         $publish = $wpdb->escape($args[4]);
> > >           $content_struct = $args[3];
> > > -         $publish     = $args[4];
> > >
> > >           if (!$this->login_pass_ok($user_login, $user_pass)) {
> > >             return $this->error;
> > >
> >
> >
> 
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> 


-- 
--Robert Deaton
http://somethingunpredictable.com

More information about the wp-hackers mailing list