[wp-xmlrpc] Restricting available methods on a per blog basis
luke Mackenzie
luke at lukem.co.uk
Thu Sep 16 12:05:06 UTC 2010
thanks for the replies guys!
Luke.
On Thu, Sep 16, 2010 at 12:31 PM, nico <nsebban at gmail.com> wrote:
> WP3 doesn't bring any change (that I noticed) to the XML-RPC feature, so
> Joseph's solution will work great in both WP2.x and WP3. I think I would
> match the hostname instead of the blog_id, though.
>
> Have fun !
> Nicolas
>
>
>
>
> On Wed, Sep 15, 2010 at 5:33 PM, Joseph Scott <joseph at josephscott.org>wrote:
>
>> In the same way that you can add XML-RPC methods using that filter,
>> you can also remove them. If you hook into that filter and then do
>> your tests against blog_id (or some other parameter) to see what, if
>> any, methods should be removed.
>>
>> On Wed, Sep 15, 2010 at 4:21 AM, luke Mackenzie <luke at lukem.co.uk> wrote:
>> > I am using the xmlrpc_methods filter to add custom XMLRPC methods to my
>> WPMU
>> > 2.9.2 install in an MU plugin. I'd like to restrict the available
>> methods on
>> > a per blog basis so that if the endpoint being called is
>> > mydomain.com/blogname/xmlrpc.php, only a subset of methods are exposed.
>> The
>> > concern is one of security so that a particular endpoint cannot be used
>> to
>> > influence, for example, voting results.
>> > My initial thought was that I could use the REQUEST_URI and or the
>> > REMOTE_ADDR vars in $_SERVER and switch on those in my xmlrpc_methods
>> > function. We'll also be migrating to WP3 soon so it would be useful to
>> know
>> > if any relevant functionality exists in the later version.
>>
>>
>>
>> --
>> Joseph Scott
>> joseph at josephscott.org
>> http://josephscott.org/
>> _______________________________________________
>> wp-xmlrpc mailing list
>> wp-xmlrpc at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-xmlrpc
>>
>
>
> _______________________________________________
> wp-xmlrpc mailing list
> wp-xmlrpc at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-xmlrpc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.automattic.com/pipermail/wp-xmlrpc/attachments/20100916/82fe08e3/attachment.htm>
More information about the wp-xmlrpc
mailing list