[wp-trac] [WordPress Trac] #64479: XML-RPC addTwoNumbers needs to check arg types

WordPress Trac noreply at wordpress.org
Wed Jan 7 18:31:17 UTC 2026 

#64479: XML-RPC addTwoNumbers needs to check arg types
--------------------------+-----------------------------
 Reporter:  josephscott   |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  XML-RPC       |    Version:
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 The current `addTwoNumbers` code will generate a fatal error in PHP when
 given something unexpected.  It is trivial to reproduce this problem via:

 {{{
 curl -v -H "content-type:text/xml" http://localhost:8889/xmlrpc.php -d
 "<?xml
 version="1.0"?><methodCall><methodName>demo.addTwoNumbers</methodName><params><param><value><int>3</int></value></param><param><value><string>abc</string></value></param></params></methodCall>"
 }}}

 That generates a `500 Internal Server Error` response:

 {{{
 <?xml version="1.0" encoding="UTF-8"?>
 <methodResponse>
   <fault>
     <value>
       <struct>
         <member>
           <name>faultCode</name>
           <value><int>500</int></value>
         </member>
         <member>
           <name>faultString</name>
           <value><string><p>There has been a critical error on this
 website.</p><p><a
 href="https://wordpress.org/documentation/article/faq-
 troubleshooting/">Learn more about troubleshooting
 WordPress.</a></p></string></value>
         </member>
       </struct>
     </value>
   </fault>
 </methodResponse>
 }}}

 In general WordPress shouldn't fall over with a fatal error when given
 something unexpected.  I've got a trivial patch to `addTwoNumbers` to
 catch this condition and return a helpful error message ( as a `200 OK` ):

 {{{
 <?xml version="1.0" encoding="UTF-8"?>
 <methodResponse>
   <fault>
     <value>
       <struct>
         <member>
           <name>faultCode</name>
           <value><int>400</int></value>
         </member>
         <member>
           <name>faultString</name>
           <value><string>Invalid arguments passed to this XML-RPC method.
 Requires two integers.</string></value>
         </member>
       </struct>
     </value>
   </fault>
 </methodResponse>
 }}}

 As the docs indicate that `addTwoNumbers` takes two integers as arguments
 -
 https://developer.wordpress.org/reference/classes/wp_xmlrpc_server/addtwonumbers/
 - that is what the code should check for and enforce.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/64479>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list