Index: wp-includes/class-wp-xmlrpc-server.php =================================================================== --- wp-includes/class-wp-xmlrpc-server.php (revision 20408) +++ wp-includes/class-wp-xmlrpc-server.php (working copy) @@ -208,6 +208,24 @@ } /** + * Checks if the argument have a certain length before running the method + * + * @since 3.4 + * + * @param string|array $array Sanitize single string or array of strings. + * @param string|array $array Sanitize single string or array of strings. + * @return boolean if it match + */ + function guard_condition( $args, $length ) { + if ( count( $args ) < $length ) { + $this->error = new IXR_Error( 400, __( "You didn't passed enough arguments to this XML-RPC method" ) ); + return false; + } + + return true; + } + + /** * Sanitize string or array of strings for database. * * @since 1.5.2 @@ -456,6 +474,9 @@ $this->escape( $args ); + if( ! $this->guard_condition( $args, 2 ) ) + return $this->error; + $username = $args[0]; $password = $args[1]; @@ -733,6 +754,9 @@ function wp_newPost( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1005,6 +1029,9 @@ function wp_editPost( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 5 ) ) + return $this->error; + $blog_id = (int) $args[0]; // we will support this in the near future $username = $args[1]; $password = $args[2]; @@ -1057,6 +1084,9 @@ function wp_deletePost( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1128,6 +1158,9 @@ function wp_getPost( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1180,6 +1213,9 @@ function wp_getPosts( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1266,6 +1302,9 @@ function wp_newTerm( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1348,6 +1387,9 @@ function wp_editTerm( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 5 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1435,6 +1477,9 @@ function wp_deleteTerm( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 5 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1497,6 +1542,9 @@ function wp_getTerm( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 5 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1545,6 +1593,9 @@ function wp_getTerms( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1615,6 +1666,9 @@ function wp_getTaxonomy( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1649,6 +1703,9 @@ function wp_getTaxonomies( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1689,6 +1746,9 @@ function wp_getPage($args) { $this->escape($args); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $page_id = (int) $args[1]; $username = $args[2]; @@ -1790,6 +1850,9 @@ function wp_getPages($args) { $this->escape($args); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1834,6 +1897,9 @@ * @return unknown */ function wp_newPage($args) { + if( ! $this->guard_condition( $args, 5 ) ) + return $this->error; + // Items not escaped here will be escaped in newPost. $username = $this->escape($args[1]); $password = $this->escape($args[2]); @@ -1863,6 +1929,9 @@ function wp_deletePage($args) { $this->escape($args); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1902,6 +1971,9 @@ * @return unknown */ function wp_editPage($args) { + if( ! $this->guard_condition( $args, 6 ) ) + return $this->error; + // Items not escaped here will be escaped in editPost. $blog_id = (int) $args[0]; $page_id = (int) $this->escape($args[1]); @@ -1953,6 +2025,9 @@ $this->escape($args); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2001,9 +2076,11 @@ * @return array */ function wp_getAuthors($args) { - $this->escape($args); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2039,6 +2116,9 @@ function wp_getTags( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2080,6 +2160,9 @@ function wp_newCategory($args) { $this->escape($args); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2141,6 +2224,9 @@ function wp_deleteCategory($args) { $this->escape($args); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2173,11 +2259,14 @@ function wp_suggestCategories($args) { $this->escape($args); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $category = $args[3]; - $max_results = (int) $args[4]; + $max_results = isset( $args[4] ) ? (int) $args[4] : ''; if ( !$user = $this->login($username, $password) ) return $this->error; @@ -2210,6 +2299,9 @@ function wp_getComment($args) { $this->escape($args); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2284,6 +2376,9 @@ $raw_args = $args; $this->escape($args); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2352,6 +2447,9 @@ function wp_deleteComment($args) { $this->escape($args); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2406,6 +2504,9 @@ function wp_editComment($args) { $this->escape($args); + if( ! $this->guard_condition( $args, 5 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2482,6 +2583,9 @@ $this->escape($args); + if( ! $this->guard_condition( $args, 5 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2567,6 +2671,9 @@ function wp_getCommentStatusList($args) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2593,6 +2700,9 @@ function wp_getCommentCount( $args ) { $this->escape($args); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2626,6 +2736,9 @@ function wp_getPostStatusList( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2652,6 +2765,9 @@ function wp_getPageStatusList( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2678,6 +2794,9 @@ function wp_getPageTemplates( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2705,6 +2824,9 @@ function wp_getOptions( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2755,6 +2877,9 @@ function wp_setOptions( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2804,6 +2929,9 @@ function wp_getMediaItem($args) { $this->escape($args); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2869,6 +2997,9 @@ $raw_args = $args; $this->escape($args); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2915,6 +3046,9 @@ function wp_getPostFormats( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2967,6 +3101,9 @@ function wp_getPostType( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3010,6 +3147,9 @@ function wp_getPostTypes( $args ) { $this->escape( $args ); + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3059,7 +3199,10 @@ $this->escape($args); - $username = $args[1]; + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + + $username = $args[1]; $password = $args[2]; if ( !$user = $this->login($username, $password) ) @@ -3120,10 +3263,12 @@ * @return array */ function blogger_getUserInfo($args) { - $this->escape($args); - $username = $args[1]; + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + + $username = $args[1]; $password = $args[2]; if ( !$user = $this->login($username, $password) ) @@ -3154,11 +3299,13 @@ * @return array */ function blogger_getPost($args) { - $this->escape($args); - $post_ID = (int) $args[1]; - $username = $args[2]; + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + + $post_ID = (int) $args[1]; + $username = $args[2]; $password = $args[3]; if ( !$user = $this->login($username, $password) ) @@ -3196,13 +3343,16 @@ * @return array */ function blogger_getRecentPosts($args) { - $this->escape($args); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + // $args[0] = appkey - ignored - $blog_ID = (int) $args[1]; /* though we don't use it yet */ - $username = $args[2]; + $blog_ID = (int) $args[1]; /* though we don't use it yet */ + $username = $args[2]; $password = $args[3]; + if ( isset( $args[4] ) ) $query = array( 'numberposts' => absint( $args[4] ) ); else @@ -3257,13 +3407,15 @@ * @return string */ function blogger_getTemplate($args) { - $this->escape($args); - $blog_ID = (int) $args[1]; - $username = $args[2]; + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + + $blog_ID = (int) $args[1]; + $username = $args[2]; $password = $args[3]; - $template = $args[4]; /* could be 'main' or 'archiveIndex', but we don't use it */ + $template = isset( $args[4] ) ? $args[4] : ''; /* could be 'main' or 'archiveIndex', but we don't use it */ if ( !$user = $this->login($username, $password) ) return $this->error; @@ -3296,14 +3448,16 @@ * @return bool True when done. */ function blogger_setTemplate($args) { - $this->escape($args); - $blog_ID = (int) $args[1]; - $username = $args[2]; + if( ! $this->guard_condition( $args, 5 ) ) + return $this->error; + + $blog_ID = (int) $args[1]; + $username = $args[2]; $password = $args[3]; - $content = $args[4]; - $template = $args[5]; /* could be 'main' or 'archiveIndex', but we don't use it */ + $content = $args[4]; + $template = isset( $args[5] ) ? $args[5] : ''; /* could be 'main' or 'archiveIndex', but we don't use it */ if ( !$user = $this->login($username, $password) ) return $this->error; @@ -3336,14 +3490,16 @@ * @return int */ function blogger_newPost($args) { - $this->escape($args); - $blog_ID = (int) $args[1]; /* though we don't use it yet */ - $username = $args[2]; + if( ! $this->guard_condition( $args, 6 ) ) + return $this->error; + + $blog_ID = (int) $args[1]; /* though we don't use it yet */ + $username = $args[2]; $password = $args[3]; - $content = $args[4]; - $publish = $args[5]; + $content = $args[4]; + $publish = $args[5]; if ( !$user = $this->login($username, $password) ) return $this->error; @@ -3390,14 +3546,16 @@ * @return bool true when done. */ function blogger_editPost($args) { - $this->escape($args); - $post_ID = (int) $args[1]; - $username = $args[2]; + if( ! $this->guard_condition( $args, 6 ) ) + return $this->error; + + $post_ID = (int) $args[1]; + $username = $args[2]; $password = $args[3]; - $content = $args[4]; - $publish = $args[5]; + $content = $args[4]; + $publish = $args[5]; if ( !$user = $this->login($username, $password) ) return $this->error; @@ -3448,10 +3606,13 @@ function blogger_deletePost($args) { $this->escape($args); - $post_ID = (int) $args[1]; - $username = $args[2]; + if( ! $this->guard_condition( $args, 5 ) ) + return $this->error; + + $post_ID = (int) $args[1]; + $username = $args[2]; $password = $args[3]; - $publish = $args[4]; + $publish = $args[4]; if ( !$user = $this->login($username, $password) ) return $this->error; @@ -3518,11 +3679,14 @@ function mw_newPost($args) { $this->escape($args); - $blog_ID = (int) $args[0]; // we will support this in the near future - $username = $args[1]; - $password = $args[2]; + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + + $blog_ID = (int) $args[0]; // we will support this in the near future + $username = $args[1]; + $password = $args[2]; $content_struct = $args[3]; - $publish = isset( $args[4] ) ? $args[4] : 0; + $publish = isset( $args[4] ) ? $args[4] : 0; if ( !$user = $this->login($username, $password) ) return $this->error; @@ -3833,14 +3997,16 @@ * @return bool True on success. */ function mw_editPost($args) { - $this->escape($args); - $post_ID = (int) $args[0]; - $username = $args[1]; - $password = $args[2]; + if( ! $this->guard_condition( $args, 5 ) ) + return $this->error; + + $post_ID = (int) $args[0]; + $username = $args[1]; + $password = $args[2]; $content_struct = $args[3]; - $publish = $args[4]; + $publish = $args[4]; if ( ! $user = $this->login($username, $password) ) return $this->error; @@ -3994,6 +4160,7 @@ if ( isset( $content_struct['mt_excerpt'] ) ) $post_excerpt = $content_struct['mt_excerpt']; + $post_more = null; if ( isset( $content_struct['mt_text_more'] ) ) $post_more = $content_struct['mt_text_more']; @@ -4102,11 +4269,13 @@ * @return array */ function mw_getPost($args) { - $this->escape($args); - $post_ID = (int) $args[0]; - $username = $args[1]; + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + + $post_ID = (int) $args[0]; + $username = $args[1]; $password = $args[2]; if ( !$user = $this->login($username, $password) ) @@ -4225,12 +4394,15 @@ * @return array */ function mw_getRecentPosts($args) { - $this->escape($args); - $blog_ID = (int) $args[0]; - $username = $args[1]; + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + + $blog_ID = (int) $args[0]; + $username = $args[1]; $password = $args[2]; + if ( isset( $args[3] ) ) $query = array( 'numberposts' => absint( $args[3] ) ); else @@ -4340,11 +4512,13 @@ * @return array */ function mw_getCategories($args) { - $this->escape($args); - $blog_ID = (int) $args[0]; - $username = $args[1]; + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + + $blog_ID = (int) $args[0]; + $username = $args[1]; $password = $args[2]; if ( !$user = $this->login($username, $password) ) @@ -4389,10 +4563,13 @@ function mw_newMediaObject($args) { global $wpdb; - $blog_ID = (int) $args[0]; - $username = $wpdb->escape($args[1]); + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + + $blog_ID = (int) $args[0]; + $username = $wpdb->escape($args[1]); $password = $wpdb->escape($args[2]); - $data = $args[3]; + $data = $args[3]; $name = sanitize_file_name( $data['name'] ); $type = $data['type']; @@ -4474,12 +4651,15 @@ * @return array */ function mt_getRecentPostTitles($args) { - $this->escape($args); - $blog_ID = (int) $args[0]; - $username = $args[1]; + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + + $blog_ID = (int) $args[0]; + $username = $args[1]; $password = $args[2]; + if ( isset( $args[3] ) ) $query = array( 'numberposts' => absint( $args[3] ) ); else @@ -4534,11 +4714,13 @@ * @return array */ function mt_getCategoryList($args) { - $this->escape($args); - $blog_ID = (int) $args[0]; - $username = $args[1]; + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + + $blog_ID = (int) $args[0]; + $username = $args[1]; $password = $args[2]; if ( !$user = $this->login($username, $password) ) @@ -4572,11 +4754,13 @@ * @return array */ function mt_getPostCategories($args) { - $this->escape($args); - $post_ID = (int) $args[0]; - $username = $args[1]; + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + + $post_ID = (int) $args[0]; + $username = $args[1]; $password = $args[2]; if ( !$user = $this->login($username, $password) ) @@ -4612,13 +4796,15 @@ * @return bool True on success. */ function mt_setPostCategories($args) { - $this->escape($args); - $post_ID = (int) $args[0]; - $username = $args[1]; + if( ! $this->guard_condition( $args, 4 ) ) + return $this->error; + + $post_ID = (int) $args[0]; + $username = $args[1]; $password = $args[2]; - $categories = $args[3]; + $categories = $args[3]; if ( !$user = $this->login($username, $password) ) return $this->error; @@ -4720,11 +4906,13 @@ * @return int */ function mt_publishPost($args) { - $this->escape($args); - $post_ID = (int) $args[0]; - $username = $args[1]; + if( ! $this->guard_condition( $args, 3 ) ) + return $this->error; + + $post_ID = (int) $args[0]; + $username = $args[1]; $password = $args[2]; if ( !$user = $this->login($username, $password) ) @@ -4768,6 +4956,9 @@ $this->escape($args); + if( ! $this->guard_condition( $args, 2 ) ) + return $this->error; + $pagelinkedfrom = $args[0]; $pagelinkedto = $args[1];