[wp-hackers] 1.5.1.3 XMLRPC problems

Robert Deaton false.hopes at gmail.com
Wed Jun 29 16:45:11 GMT 2005


It shouldn't, because only the object with the IXN_Date class isn't
being escaped, although this could potentially open another
vunerability if the date is not escaped properly, does mysql2date()
have anything to prevent this?

On 6/29/05, Scott Merrill <skippy at skippy.net> wrote:
> Ryan Boren wrote:
> > On Wed, 2005-06-29 at 12:17 -0400, Robert Deaton wrote:
> >
> >>Before I forget, hat tip to skippy for tracing down the line that was
> >>causing the problem, but the obvious solution of doing $this->escape
> >>on every $arg but $arg[3] didn't work, but $wpdb->escape does and
> >>achieves the same purpose. I haven't had time to look into why
> >>$this->escape doesn't work, in fact, I have not a damn clue what it
> >>is.
> >
> >
> > Not escaping the content_struct will result in breakage with content
> > that contains quotes.  A better solution might be to have the xmlrpc
> > escape() method not escape objects.
> 
> I admit to being a little out of my league with regards to the specifics
> of XMLRPC; but does this patch (not escaping objects) re-open the XMLRPC
> vulnerability that 1.5.1.3 was intended to fix?
> 
> --
> skippy at skippy.net | http://skippy.net/
> 
> gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
> 506C F8BB 17AE 8A05 0B49  3544 476A 7DEC 9CFA 4B35
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> 


-- 
--Robert Deaton
http://somethingunpredictable.com


More information about the wp-hackers mailing list