[wp-hackers] 1.5.1.3 XMLRPC problems
Robert Deaton
false.hopes at gmail.com
Wed Jun 29 16:17:53 GMT 2005
Before I forget, hat tip to skippy for tracing down the line that was
causing the problem, but the obvious solution of doing $this->escape
on every $arg but $arg[3] didn't work, but $wpdb->escape does and
achieves the same purpose. I haven't had time to look into why
$this->escape doesn't work, in fact, I have not a damn clue what it
is.
On 6/29/05, Robert Deaton <false.hopes at gmail.com> wrote:
> I confirmed the problem, and have a fix that Works For Me (tm). Testing, anyone?
>
> Index: branches/1.5/xmlrpc.php
> ===================================================================
> --- branches/1.5/xmlrpc.php (revision 2672)
> +++ branches/1.5/xmlrpc.php (working copy)
> @@ -502,13 +502,11 @@
>
> global $wpdb, $post_default_category;
>
> - $this->escape($args);
> -
> - $blog_ID = $args[0]; // we will support this in the near future
> - $user_login = $args[1];
> - $user_pass = $args[2];
> + $blog_ID = $wpdb->escape($args[0]);
> + $user_login = $wpdb->escape($args[1]);
> + $user_pass = $wpdb->escape($args[2]);
> + $publish = $wpdb->escape($args[4]);
> $content_struct = $args[3];
> - $publish = $args[4];
>
> if (!$this->login_pass_ok($user_login, $user_pass)) {
> return $this->error;
>
--
--Robert Deaton
http://somethingunpredictable.com
More information about the wp-hackers
mailing list