[wp-hackers] wpmu / adding users/sites/any other admin
horatio
bnabble at says.mu
Mon Apr 6 00:28:52 GMT 2009
strongly agree with both of you.
this is an issue of time for me, i assume by the time i put this on a public
server something else will have come along. if not, i'll make sure and plop
lots more security on top.
Alan, how about "gaping pits of hell"?
Mike Schinkel-5 wrote:
>
> I'd also really like to see a RESTful API rather than an RPC API. JMTCW.
>
> -Mike Schinkel
> Custom Wordpress Plugins
> http://mikeschinkel.com/custom-wordpress-plugins
>
> ----- Original Message -----
> From: "Alan Castonguay" <alan at verselogic.net>
> To: wp-hackers at lists.automattic.com
> Cc: wp-hackers at lists.automattic.com
> Sent: Sunday, April 5, 2009 8:16:36 PM GMT -05:00 US/Canada Eastern
> Subject: Re: [wp-hackers] wpmu / adding users/sites/any other admin
>
> Arbitrary remote code execution. "massive holes" is a bit of an
> understatement. You may wish to look at wpapp or xmlrpc and see if you
> can either hook into those, or better yet write a patch to provide the
> needed functionality. I agree that the need exists.
>
> Alan
>
> Sent from my iPhone
>
> On 5-Apr-09, at 20:09, horatio <bnabble at says.mu> wrote:
>
>>
>> i made a VERY ROUGH remote api for myself to use before anyone else
>> codes a
>> proper wp/wpmu api. it works very well for my purposes, but keep in
>> mind
>> that this leaves some massive holes open, so it should be checking
>> for a
>> localhost ip, put behind a password protected directory, whitelist
>> particular functions, check incoming data integrity, etc. use at
>> your own
>> risk.
>>
>> it works by posting
>> "function" (string containing wordpress core or custom function)
>> and
>> "args" (array containing the args to pass to the function)
>> to the script.
>>
>> you get back a serialized result of the data:
>> serialize(
>> success=>true,
>> results=>(function return value)
>> )
>>
>> so you could post
>> function=>'testfunc',
>> args=>Array('one', 'two')
>> to this script, and you would get back the serialized results from
>> serialize(testfunc('one, 'two'))
>>
>> i've also written a cakePHP component that deals with this remote
>> API, if
>> anyone is interested. i'm creating new domains/blogs/users through
>> it fine.
>>
>> code follows:
>>
>> // Location of Wordpress install
>> define('WP_LOCATION', '../../../site');
>>
>> // Trap errors
>> set_error_handler('return_error_php');
>> register_shutdown_function('return_shutdown_php');
>> error_reporting(E_ALL);
>> ini_set('display_errors', 0);
>>
>> // Help Wordpress be quiet
>> define('WP_INSTALLING', true);
>>
>> // Trick Wordpress into thinking we're in its directory, so it
>> pulls the
>> correct site from the DB.
>> // global $domain,$path;
>> // $_SERVER[ 'REQUEST_URI' ] = $path = "/site/";
>>
>> // Include WP headers
>> global $user, $wpdb, $allowedtags, $blog_id;
>> require_once(WP_LOCATION."/wp-config.php");
>> require_once(WP_LOCATION."/wp-includes/registration.php");
>>
>> if (!isset($_POST['function']) && !isset($_POST['args'])) {
>> return_error('You sent in an empty request.'); }
>>
>> // Check request validity
>> if (!function_exists($_POST['function']))
>> { return_error('Function
>> '.$_POST['function'].' is undefined.'); }
>>
>> // Run requested function
>> $result = call_user_func_array($_POST['function'],
>> $_POST['args']);
>>
>> // Check function results
>> if ($result == null || $result == false)
>> { return_error('Function
>> '.$_POST['function'].' returned false/null.'); }
>>
>> return_success(Array('return' => $result));
>>
>>
>> // For example above
>> function testfunc($one, $two){ return "testfunc(): arg one is
>> $one and arg
>> two is $two"; }
>>
>> // Traps large PHP problems
>> function return_shutdown_php(){
>> if ($error = error_get_last()){
>> switch($error['type']){
>> case E_ERROR:
>> case E_CORE_ERROR:
>> case E_COMPILE_ERROR:
>> case E_USER_ERROR:
>> return_error($error['message'], 'php');
>> break;
>> }
>> }
>> }
>>
>> // Traps simple PHP problems
>> function return_error_php($errno, $errstr, $errfile, $errline,
>> $errcontext)
>> {
>> switch ($errno)
>> {
>> case E_USER_WARNING:
>> case E_USER_NOTICE:
>> case E_WARNING:
>> case E_NOTICE:
>> break;
>> case E_CORE_WARNING:
>> case E_COMPILE_WARNING:
>> case E_USER_ERROR:
>> case E_ERROR:
>> case E_PARSE:
>> case E_CORE_ERROR:
>> case E_COMPILE_ERROR:
>> return_error($errstr, 'php');
>> }
>> }
>>
>> // Formats error messages for return_data()
>> function return_error($error, $class='wpmu') { return_data(Array(
>> 'success'=>false,
>> 'error'=>$error,
>> 'class'=>$class
>> )); }
>>
>> // Formats success messages for return_data()
>> function return_success($results) {
>> return_data(array_merge(Array('success'=>true, 'results'=>
>> $results))); }
>>
>> // Dumps results as serialized data
>> function return_data($data) { echo serialize($data); exit; }
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Re%3A-wpmu---adding-users-sites-any-other-admin-tp22811272p22900358.html
>> Sent from the Wordpress Hackers mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>
--
View this message in context: http://www.nabble.com/Re%3A-wpmu---adding-users-sites-any-other-admin-tp22811272p22900492.html
Sent from the Wordpress Hackers mailing list archive at Nabble.com.
More information about the wp-hackers
mailing list