[wp-trac] [WordPress Trac] #9074: XML-RPC and SSL (Admin SSL)
WordPress Trac
wp-trac at lists.automattic.com
Mon Feb 9 19:32:40 GMT 2009
#9074: XML-RPC and SSL (Admin SSL)
-----------------------------+----------------------------------------------
Reporter: eceleste | Owner: ryan
Type: feature request | Status: new
Priority: low | Milestone: 2.8
Component: Security | Version:
Severity: normal | Keywords:
-----------------------------+----------------------------------------------
I would love for the native SSL support in WP to include support for
Shared SSL. For now I have to use Admin SSL. Even though the issue
described here is really and Admin SSL issue, I am adding it to trac just
in case folks are working on similar functionality within WP itself.
Beware xmlrpc.php when rewriting URLs.
The problem I was having is that xmlrpc.php in WordPress was passing
corrupted XML to my blog editor (MarsEdit) when it was secured by the
Admin SSL plugin. This turned out to be a bug with Admin SSL, as far as I
can tell. I have to use Admin SSL instead of WP's own SSL since my certs
are shared certificates, not certs on my blog's host.
It turns out that Admin SSL assumes that it should rewrite self-
referencing http URLs in the outbound buffer so that they point to https.
Normally this is a good idea (avoids many warnings from the browser). But
it is a bad idea when the outbound buffer is an XML file which WordPress
already assumes to be of a given length. Essentially, the rewritten buffer
became longer than WP expected and some tags (including the closing tag)
were getting cut off.
My solution: explicitly exempt xmlrpc.php from the substitution. I've done
this rather crudely, I'm sure Ben (the author of Admin SSL) may have a
prettier way of accomplishing the same thing. Here's the patch that worked
for me:
In the includes/https.php file within the Admin SSL plugin folder replace…
$buffer = str_replace($replace_this,$with_this,$buffer);
with…
if(strpos(req_uri(),"xmlrpc.php") === false) { $buffer =
str_replace($replace_this,$with_this,$buffer); }
--
Ticket URL: <http://trac.wordpress.org/ticket/9074>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list