[wp-hackers] 1.5.1.3 XMLRPC problems
Ryan Boren
ryan at boren.nu
Wed Jun 29 16:26:18 GMT 2005
On Wed, 2005-06-29 at 12:17 -0400, Robert Deaton wrote:
> Before I forget, hat tip to skippy for tracing down the line that was
> causing the problem, but the obvious solution of doing $this->escape
> on every $arg but $arg[3] didn't work, but $wpdb->escape does and
> achieves the same purpose. I haven't had time to look into why
> $this->escape doesn't work, in fact, I have not a damn clue what it
> is.
Not escaping the content_struct will result in breakage with content
that contains quotes. A better solution might be to have the xmlrpc
escape() method not escape objects.
--- xmlrpc.php (revision 2670)
+++ xmlrpc.php (working copy)
@@ -133,6 +133,8 @@
foreach ($array as $k => $v) {
if (is_array($v)) {
$this->escape($array[$k]);
+ } else if (is_object($v)) {
+ //skip
} else {
$array[$k] = $wpdb->escape($v);
Ryan
> On 6/29/05, Robert Deaton <false.hopes at gmail.com> wrote:
> > I confirmed the problem, and have a fix that Works For Me (tm). Testing, anyone?
> >
> > Index: branches/1.5/xmlrpc.php
> > ===================================================================
> > --- branches/1.5/xmlrpc.php (revision 2672)
> > +++ branches/1.5/xmlrpc.php (working copy)
> > @@ -502,13 +502,11 @@
> >
> > global $wpdb, $post_default_category;
> >
> > - $this->escape($args);
> > -
> > - $blog_ID = $args[0]; // we will support this in the near future
> > - $user_login = $args[1];
> > - $user_pass = $args[2];
> > + $blog_ID = $wpdb->escape($args[0]);
> > + $user_login = $wpdb->escape($args[1]);
> > + $user_pass = $wpdb->escape($args[2]);
> > + $publish = $wpdb->escape($args[4]);
> > $content_struct = $args[3];
> > - $publish = $args[4];
> >
> > if (!$this->login_pass_ok($user_login, $user_pass)) {
> > return $this->error;
> >
>
>
More information about the wp-hackers
mailing list