sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

escape before extracting. Props Alexander Concha.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@5721 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2007-06-18 00:18:18 +00:00
parent b6c8159a4c
commit df299289fe
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
xmlrpc.php
View File

@ -845,7 +845,7 @@ class wp_xmlrpc_server extends IXR_Server {
if ( !current_user_can('edit_post', $post_ID) ) if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
extract($actual_post); extract($actual_post, EXTR_SKIP);
if ( ('publish' == $post_status) && !current_user_can('publish_posts') ) if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.'));
@ -1121,8 +1121,8 @@ class wp_xmlrpc_server extends IXR_Server {
return(new IXR_Error(404, __("Invalid post id."))); return(new IXR_Error(404, __("Invalid post id.")));
} }
extract($postdata);
$this->escape($postdata); $this->escape($postdata);
extract($postdata, EXTR_SKIP);
// Let WordPress manage slug if none was provided. // Let WordPress manage slug if none was provided.
$post_name = ""; $post_name = "";