[wp-trac] [WordPress Trac] #36055: Filter xmlrpc_enabled only partly works
WordPress Trac
noreply at wordpress.org
Fri Mar 4 08:17:35 UTC 2016
#36055: Filter xmlrpc_enabled only partly works
--------------------------+------------------
Reporter: markoheijnen | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.5
Component: XML-RPC | Version: 2.9
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+------------------
Comment (by mensmaximus):
Replying to [comment:12 dd32]:
> We can't change the behaviour of that filter now to also block
pingbacks. What we could do instead is add a new way to completely remove
XML-RPC all together, but I'm not sure of the intentions behind that (as
this ticket doesn't have any context as to where it came from).
The request came originally from me. I contacted @markoheijnen on slack
due to the nature of the issue I discovered. As you already said in an
other comment this filter is named badly and users get a bad idea fro what
it is doing. The main reason behind it is to have an option do "really"
disable/switch off/remove XML-RPC if a customer does not need it. This has
different reasons like security, philosophy and architectural design (take
the one you like most).
My suggestion was to filter the server_request:
{{{#!php
<?php
public function serve_request() {
$enabled = apply_filters( 'xmlrpc_enabled', true );
if ( $enabled ) {
$this->IXR_Server($this->methods);
}
}
}}}
I understand your concern about the history of the filter and the backward
compatibility. Creating a new filter instead would be reasonable.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36055#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list