XML-RPC: Only escape what we need to in `wp.editPage`, this allows for passwords with the special characters `"'` to work in a request.
Props redsweater for initial Patch. Fixes #32703 git-svn-id: https://develop.svn.wordpress.org/trunk@32993 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
510aff0e2d
commit
2959d58c91
|
@ -2747,15 +2747,19 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
* @return array|IXR_Error
|
* @return array|IXR_Error
|
||||||
*/
|
*/
|
||||||
public function wp_editPage( $args ) {
|
public function wp_editPage( $args ) {
|
||||||
// Items not escaped here will be escaped in editPost.
|
// Items will be escaped in mw_editPost.
|
||||||
$page_id = (int) $this->escape($args[1]);
|
$page_id = (int) $args[1];
|
||||||
$username = $this->escape($args[2]);
|
$username = $args[2];
|
||||||
$password = $this->escape($args[3]);
|
$password = $args[3];
|
||||||
$content = $args[4];
|
$content = $args[4];
|
||||||
$publish = $args[5];
|
$publish = $args[5];
|
||||||
|
|
||||||
if ( !$user = $this->login($username, $password) )
|
$escaped_username = $this->escape( $username );
|
||||||
|
$escaped_password = $this->escape( $password );
|
||||||
|
|
||||||
|
if ( !$user = $this->login( $escaped_username, $escaped_password ) ) {
|
||||||
return $this->error;
|
return $this->error;
|
||||||
|
}
|
||||||
|
|
||||||
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
|
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
|
||||||
do_action( 'xmlrpc_call', 'wp.editPage' );
|
do_action( 'xmlrpc_call', 'wp.editPage' );
|
||||||
|
|
Loading…
Reference in New Issue