[wp-hackers] 1.5.1.3 XMLRPC problems

Ryan Boren ryan at boren.nu
Wed Jun 29 16:38:54 GMT 2005 

On Wed, 2005-06-29 at 12:33 -0400, Robert Deaton wrote:
> I just reverted and tested ryan's patch, and it appears to be working
> fine. Commit time?

It didn't break my tests, so it's in.

Ryan

> On 6/29/05, Ryan Boren <ryan at boren.nu> wrote:
> > On Wed, 2005-06-29 at 12:17 -0400, Robert Deaton wrote:
> > > Before I forget, hat tip to skippy for tracing down the line that was
> > > causing the problem, but the obvious solution of doing $this->escape
> > > on every $arg but $arg[3] didn't work, but $wpdb->escape does and
> > > achieves the same purpose. I haven't had time to look into why
> > > $this->escape doesn't work, in fact, I have not a damn clue what it
> > > is.
> > 
> > Not escaping the content_struct will result in breakage with content
> > that contains quotes.  A better solution might be to have the xmlrpc
> > escape() method not escape objects.
> > 
> > --- xmlrpc.php  (revision 2670)
> > +++ xmlrpc.php  (working copy)
> > @@ -133,6 +133,8 @@
> >                 foreach ($array as $k => $v) {
> >                         if (is_array($v)) {
> >                                 $this->escape($array[$k]);
> > +                       } else if (is_object($v)) {
> > +                               //skip
> >                         } else {
> >                                 $array[$k] = $wpdb->escape($v);
> > 
> > 
> > Ryan
> > 
> > > On 6/29/05, Robert Deaton <false.hopes at gmail.com> wrote:
> > > > I confirmed the problem, and have a fix that Works For Me (tm). Testing, anyone?
> > > >
> > > > Index: branches/1.5/xmlrpc.php
> > > > ===================================================================
> > > > --- branches/1.5/xmlrpc.php     (revision 2672)
> > > > +++ branches/1.5/xmlrpc.php     (working copy)
> > > > @@ -502,13 +502,11 @@
> > > >
> > > >           global $wpdb, $post_default_category;
> > > >
> > > > -               $this->escape($args);
> > > > -
> > > > -         $blog_ID     = $args[0]; // we will support this in the near future
> > > > -         $user_login  = $args[1];
> > > > -         $user_pass   = $args[2];
> > > > +         $blog_ID = $wpdb->escape($args[0]);
> > > > +         $user_login = $wpdb->escape($args[1]);
> > > > +         $user_pass = $wpdb->escape($args[2]);
> > > > +         $publish = $wpdb->escape($args[4]);
> > > >           $content_struct = $args[3];
> > > > -         $publish     = $args[4];
> > > >
> > > >           if (!$this->login_pass_ok($user_login, $user_pass)) {
> > > >             return $this->error;
> > > >
> > >
> > >
> > 
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > 
> 
>

More information about the wp-hackers mailing list