[wp-hackers] Bug in wp_upload_bits?

Lloyd Budd lloyd at wordpress.com
Mon Nov 27 18:16:59 GMT 2006


On 11/27/06, Steve Winton <stevewinton at gmail.com> wrote:
> Howdy folks
>
> I've been playing around with XML-RPC calls today, trying to upload a
> new media object (i.e. an MP3 file) using the
> metaWeblog.newMediaObject procedure, and I think I may have stumbled
> across a bug.
>
> Basically the content of the media file being uploaded needs to be
> base64 encoded at the client end, but at the server end,
> wp_upload_bits isn't base64-decoding the content again.
>
> I'm using WP 2.0.5, and the following fix, on line 957 of
> functions-post.php works for me:
>
>         $success = @ fwrite($ifp, base64_decode($bits));
>
> Any thoughts/comments on this change?

Hi Steve,

I do not understand the technical details, but I recall I similar
thread "XMLRPC and the patch"
http://comox.textdrive.com/pipermail/wp-hackers/2006-October/009397.html
recently where Peter Westwood wrote:


In xmlrpc.php (http://trac.wordpress.org/browser/trunk/xmlrpc.php) we
define a new class:

class wp_xmlrpc_server extends IXR_Server {
	function wp_xmlrpc_server() {

And then instatiate it thereby executing it's constructor:
$wp_xmlrpc_server = new wp_xmlrpc_server();

This is turn calls the constuctor of the base class:
$this->IXR_Server($this->methods);


In the base class constructor from
(http://trac.wordpress.org/browser/trunk/wp-includes/class-IXR.php):

    function IXR_Server($callbacks = false, $data = false) {
        ...
        $this->serve($data);
    }
    function serve($data = false) {
        ...
        $this->message = new IXR_Message($data);
        if (!$this->message->parse()) {

The IXR_Mesage class parsing code handles the base64 encoded field as
follows:

    function tag_close($parser, $tag) {
        $valueFlag = false;
        switch($tag) {
	    ...
            case 'base64':
                $value = base64_decode( trim( $this->_currentTagContents
) );
                $valueFlag = true;
                break;

This is where the base64_decode occurs.


More information about the wp-hackers mailing list