sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

XML-RPC: Only escape what we need to in `wp.editPage`, this allows for passwords with the special characters `"'` to work in a request. 

Props redsweater for initial Patch.
Fixes #32703


git-svn-id: https://develop.svn.wordpress.org/trunk@32993 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dion Hulse 2015-06-29 02:06:25 +00:00
parent 510aff0e2d
commit 2959d58c91
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/wp-includes/class-wp-xmlrpc-server.php
View File

@ -2747,15 +2747,19 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array|IXR_Error
*/
public function wp_editPage( $args ) {
// Items not escaped here will be escaped in editPost.
$page_id = (int) $this->escape($args[1]);
$username = $this->escape($args[2]);
$password = $this->escape($args[3]);
// Items will be escaped in mw_editPost.
$page_id = (int) $args[1];
$username = $args[2];
$password = $args[3];
$content = $args[4];
$publish = $args[5];
if ( !$user = $this->login($username, $password) )
$escaped_username = $this->escape( $username );
$escaped_password = $this->escape( $password );
if ( !$user = $this->login( $escaped_username, $escaped_password ) ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.editPage' );