[wp-hackers] XMLRPC and the patch

Peter Westwood peter.westwood at ftwr.co.uk
Mon Oct 30 21:24:07 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jens Strobel wrote:
> On 10/14/06, Peter Westwood <peter.westwood at ftwr.co.uk> wrote:
>>
>> [..]
> 
> 
> Back for conversation.
> 
>> According to my testing and code review no change is requried for either
>> of these bugs as it works fine.
>> (http://trac.wordpress.org/ticket/1008#comment:9)
> 
> In the ticket you write, that there are functions from class-IXR.php which
> are decoding the data. I can't see something like this, can you "open my
> eyes" please?
> 
> I still think the xmlrpc-metaweblog-functions should act like in the
> "official" api-doc written and this is: "[..]bits is a base64-encoded
> binary
> value containing the content of the object.[..]"
> 

We do follow the spec...

In xmlrpc.php (http://trac.wordpress.org/browser/trunk/xmlrpc.php) we
define a new class:

class wp_xmlrpc_server extends IXR_Server {
	function wp_xmlrpc_server() {

And then instatiate it thereby executing it's constructor:
$wp_xmlrpc_server = new wp_xmlrpc_server();

This is turn calls the constuctor of the base class:
$this->IXR_Server($this->methods);


In the base class constructor from
(http://trac.wordpress.org/browser/trunk/wp-includes/class-IXR.php):

    function IXR_Server($callbacks = false, $data = false) {
        ...
        $this->serve($data);
    }
    function serve($data = false) {
        ...
        $this->message = new IXR_Message($data);
        if (!$this->message->parse()) {

The IXR_Mesage class parsing code handles the base64 encoded field as
follows:

    function tag_close($parser, $tag) {
        $valueFlag = false;
        switch($tag) {
	    ...
            case 'base64':
                $value = base64_decode( trim( $this->_currentTagContents
) );
                $valueFlag = true;
                break;

This is where the base64_decode occurs.

>> If you are having issues with image upload over xml-rpc I would try
>> disabling all plugins and seeing if any of them interfere.
>>
> I don't think this is a problem with Plugins, because the clients send
> their
> data direct to http://blogname/xmlrpc.php i think. So there is no hook,
> where a plugin can interact. My written client is using this adress too.
> 

Yes the call into xmlrpc.php but this then calls interal WordPress API
functions which have hooks in for plugins.

For example for image upload (in 2.1) mw_newMediaObject calls
wp_upload_bits
(http://trac.wordpress.org/browser/trunk/wp-includes/functions.php)
which calls wp_check_filetype which has the 'upload_mimes' filter for
modifying supported file types.

Your will also find all the "normal" hooks like "plugins_loaded" and
"init" will run as wp-config.php and hence wp-settings.php are pulled in.

westi
- --
Peter Westwood
http://blog.ftwr.co.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFRm13VPRdzag0AcURAjXVAKCUqCxGlucMXjPsZ8cv7C+bRIouagCfVExh
z356FRWoSMAqbsu29MW4jww=
=pHp1
-----END PGP SIGNATURE-----

More information about the wp-hackers mailing list