[wp-trac] [WordPress Trac] #36055: Filter xmlrpc_enabled only partly works
WordPress Trac
noreply at wordpress.org
Thu Mar 10 07:40:10 UTC 2016
#36055: Filter xmlrpc_enabled only partly works
-------------------------------+-----------------------
Reporter: markoheijnen | Owner: dd32
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.5
Component: XML-RPC | Version: 2.9
Severity: normal | Resolution:
Keywords: close needs-patch | Focuses: docs
-------------------------------+-----------------------
Comment (by mensmaximus):
Replying to [comment:30 redsweater]:
> Getting to the root of what I think the intended goal is of blocking
XMLPRC completely,
Correct. The whole reason for contacting @markoheijnen was to tell that
the filter does not what it "says" it would do. It does not disable xmlrpc
it just removes methods with login needs.
And because any other method without login needs is still available users
who disable xmlrpc for security reasons get fooled about the security of
their installation.
Whether the filter gets patched as @markoheijnen already did or a new
filter is introduced does not matter. What does matter is the fact that
xmlrpc cant be switched off completely at the moment although the filter
connotes this.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36055#comment:32>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list