editPage and newPage escaping fixes from Joseph.
git-svn-id: https://develop.svn.wordpress.org/trunk@4874 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
parent
1a712fb612
commit
f6e2131c86
22
xmlrpc.php
22
xmlrpc.php
@ -148,6 +148,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
function escape(&$array) {
|
||||
global $wpdb;
|
||||
|
||||
if(is_string($array)) {
|
||||
return($wpdb->escape($array));
|
||||
}
|
||||
else {
|
||||
foreach ( (array) $array as $k => $v ) {
|
||||
if (is_array($v)) {
|
||||
$this->escape($array[$k]);
|
||||
@ -158,6 +162,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* WordPress XML-RPC API
|
||||
@ -283,11 +288,9 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
* wp_newPage
|
||||
*/
|
||||
function wp_newPage($args) {
|
||||
$this->escape($args);
|
||||
|
||||
$blog_id = $args[0];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
// Items not escaped here will be escaped in newPost.
|
||||
$username = $this->escape($args[1]);
|
||||
$password = $this->escape($args[2]);
|
||||
$page = $args[3];
|
||||
$publish = $args[4];
|
||||
|
||||
@ -355,12 +358,11 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
* wp_editPage
|
||||
*/
|
||||
function wp_editPage($args) {
|
||||
$this->escape($args);
|
||||
|
||||
// Items not escaped here will be escaped in editPost.
|
||||
$blog_id = $args[0];
|
||||
$page_id = $args[1];
|
||||
$username = $args[2];
|
||||
$password = $args[3];
|
||||
$page_id = $this->escape($args[1]);
|
||||
$username = $this->escape($args[2]);
|
||||
$password = $this->escape($args[3]);
|
||||
$content = $args[4];
|
||||
$publish = $args[5];
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user