Docs: Clarify documentation for the `xmlrpc_enabled` filter to better explain that its scope only extends to methods requiring authentication.

When the `xmlrpc_enabled` filter was initially introduced in [21509], it was effectively intended to replace the `enable_xmlrpc' UI option, which only controlled whether authenticated XML-RPC methods were enabled, such as for publishing actions. This change clarifies the expected behavior and adds information about ways to more granularly control XML-RPC method and request behavior with related hooks.

Part props mensmaximus.
See #21509. Fixes #36055.


git-svn-id: https://develop.svn.wordpress.org/trunk@37025 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Drew Jaynes 2016-03-17 03:52:40 +00:00
parent 57646fb7ba
commit e4547b78e3
1 changed files with 15 additions and 2 deletions

View File

@ -247,9 +247,22 @@ class wp_xmlrpc_server extends IXR_Server {
} }
/** /**
* Filter whether XML-RPC is enabled. * Filter whether XML-RPC methods requiring authentication are enabled.
* *
* This is the proper filter for turning off XML-RPC. * Contrary to the way it's named, this filter does not control whether XML-RPC is *fully*
* enabled, rather, it only controls whether XML-RPC methods requiring authentication - such
* as for publishing purposes - are enabled.
*
* Further, the filter does not control whether pingbacks or other custom endpoints that don't
* require authentication are enabled. This behavior is expected, and due to how parity was matched
* with the `enable_xmlrpc` UI option the filter replaced when it was introduced in 3.5.
*
* To disable XML-RPC methods that require authentication, use:
*
* add_filter( 'xmlrpc_enabled', '__return_false' );
*
* For more granular control over all XML-RPC methods and requests, see the {@see 'xmlrpc_methods'}
* and {@see 'xmlrpc_element_limit'} hooks.
* *
* @since 3.5.0 * @since 3.5.0
* *