[wp-hackers] XMLRPC and the patch

Peter Westwood peter.westwood at ftwr.co.uk
Mon Oct 30 21:24:07 GMT 2006

Hash: SHA1

Jens Strobel wrote:
> On 10/14/06, Peter Westwood <peter.westwood at ftwr.co.uk> wrote:
>> [..]
> Back for conversation.
>> According to my testing and code review no change is requried for either
>> of these bugs as it works fine.
>> (http://trac.wordpress.org/ticket/1008#comment:9)
> In the ticket you write, that there are functions from class-IXR.php which
> are decoding the data. I can't see something like this, can you "open my
> eyes" please?
> I still think the xmlrpc-metaweblog-functions should act like in the
> "official" api-doc written and this is: "[..]bits is a base64-encoded
> binary
> value containing the content of the object.[..]"

We do follow the spec...

In xmlrpc.php (http://trac.wordpress.org/browser/trunk/xmlrpc.php) we
define a new class:

class wp_xmlrpc_server extends IXR_Server {
	function wp_xmlrpc_server() {

And then instatiate it thereby executing it's constructor:
$wp_xmlrpc_server = new wp_xmlrpc_server();

This is turn calls the constuctor of the base class:

In the base class constructor from

    function IXR_Server($callbacks = false, $data = false) {
    function serve($data = false) {
        $this->message = new IXR_Message($data);
        if (!$this->message->parse()) {

The IXR_Mesage class parsing code handles the base64 encoded field as

    function tag_close($parser, $tag) {
        $valueFlag = false;
        switch($tag) {
            case 'base64':
                $value = base64_decode( trim( $this->_currentTagContents
) );
                $valueFlag = true;

This is where the base64_decode occurs.

>> If you are having issues with image upload over xml-rpc I would try
>> disabling all plugins and seeing if any of them interfere.
> I don't think this is a problem with Plugins, because the clients send
> their
> data direct to http://blogname/xmlrpc.php i think. So there is no hook,
> where a plugin can interact. My written client is using this adress too.

Yes the call into xmlrpc.php but this then calls interal WordPress API
functions which have hooks in for plugins.

For example for image upload (in 2.1) mw_newMediaObject calls
which calls wp_check_filetype which has the 'upload_mimes' filter for
modifying supported file types.

Your will also find all the "normal" hooks like "plugins_loaded" and
"init" will run as wp-config.php and hence wp-settings.php are pulled in.

- --
Peter Westwood
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the wp-hackers mailing list