From f6d7c5e52f8217036866b7c12dbaf54a5519fecc Mon Sep 17 00:00:00 2001
From: Scott Taylor <wonderboymusic@git.wordpress.org>
Date: Sun, 11 Jan 2015 22:30:26 +0000
Subject: [PATCH] In `wp_xmlrpc_server`, only allow `__call()` to run against
 `->_multisite_getUsersBlogs()`.

See #30891.


git-svn-id: https://develop.svn.wordpress.org/trunk@31149 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/class-wp-xmlrpc-server.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/wp-includes/class-wp-xmlrpc-server.php b/src/wp-includes/class-wp-xmlrpc-server.php
index 31ac095efb..30512b86b7 100644
--- a/src/wp-includes/class-wp-xmlrpc-server.php
+++ b/src/wp-includes/class-wp-xmlrpc-server.php
@@ -161,7 +161,10 @@ class wp_xmlrpc_server extends IXR_Server {
 	 * @return mixed|bool Return value of the callback, false otherwise.
 	 */
 	public function __call( $name, $arguments ) {
-		return call_user_func_array( array( $this, $name ), $arguments );
+		if ( '_multisite_getUsersBlogs' === $name ) {
+			return call_user_func_array( array( $this, $name ), $arguments );
+		}
+		return false;
 	}
 
 	public function serve_request() {