[wp-xmlrpc] Restricting available methods on a per blog basis
nico
nsebban at gmail.com
Thu Sep 16 11:31:30 UTC 2010
WP3 doesn't bring any change (that I noticed) to the XML-RPC feature, so
Joseph's solution will work great in both WP2.x and WP3. I think I would
match the hostname instead of the blog_id, though.
Have fun !
Nicolas
On Wed, Sep 15, 2010 at 5:33 PM, Joseph Scott <joseph at josephscott.org>wrote:
> In the same way that you can add XML-RPC methods using that filter,
> you can also remove them. If you hook into that filter and then do
> your tests against blog_id (or some other parameter) to see what, if
> any, methods should be removed.
>
> On Wed, Sep 15, 2010 at 4:21 AM, luke Mackenzie <luke at lukem.co.uk> wrote:
> > I am using the xmlrpc_methods filter to add custom XMLRPC methods to my
> WPMU
> > 2.9.2 install in an MU plugin. I'd like to restrict the available methods
> on
> > a per blog basis so that if the endpoint being called is
> > mydomain.com/blogname/xmlrpc.php, only a subset of methods are exposed.
> The
> > concern is one of security so that a particular endpoint cannot be used
> to
> > influence, for example, voting results.
> > My initial thought was that I could use the REQUEST_URI and or the
> > REMOTE_ADDR vars in $_SERVER and switch on those in my xmlrpc_methods
> > function. We'll also be migrating to WP3 soon so it would be useful to
> know
> > if any relevant functionality exists in the later version.
>
>
>
> --
> Joseph Scott
> joseph at josephscott.org
> http://josephscott.org/
> _______________________________________________
> wp-xmlrpc mailing list
> wp-xmlrpc at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-xmlrpc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.automattic.com/pipermail/wp-xmlrpc/attachments/20100916/c5ecd6f3/attachment.htm>
More information about the wp-xmlrpc
mailing list