Double Escaped Problem in wp_getComments
|Reported by:||josephscott||Owned by:||josephscott|
The XML-RPC method wp.getComments uses the wp_getComment function to gather up the individual comment details. It provides the wp_getComment with the already escaped version of blog_id, username, and password. The wp_getComment function then escapes those values again. This causes a problem if your password happens to have a single quote in it.
We need to pass the original, un-escaped, raw arguments to wp_getComment so that they don't end up escaped twice. I've created a patch that keeps a copy of $args in $raw_args and uses those when calling wp_getComment.
This is definitely a bug so I'd like to see it in 3.0. If we have another 2.9.x release it should probably go in there as well. I'm happy to put together a 2.9.x specific patch if we do that.