id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
16402	IXR client doesn't properly handle XMLRPC over HTTPS	bryanmaupin	westi	"There are two problems with the IXR XMLRPC client:

1. The current IXR client code defaults to port 80, and isn't smart enough to know the port should be 443 if an https URL is sent.

2. The IXR client doesn't create an SSL connection even if the port is 443.

I first noticed this because we're using an apache redirect to redirect XMLRPC requests to SSL (except the RSD) to avoid sending passwords in clear text.  Some clients (like windows live writer) use the blogger API instead of the wp API for wp sites.  For wp multisite, blogger_getUsersBlogs() calls _multisite_getUsersBlogs(), which creates a new IXR XMLRPC client.  But _multisite_getUsersBlogs() doesn't send a port number with the URL, so the IXR client defaults to port 80 (problem #1).  Even if _multisite_getUsersBlogs() sent a port, the IXR client connection wouldn't be SSL (problem #2).

I'm also going to look into submitting this upstream."	defect (bug)	closed	normal	3.2	XML-RPC	3.0	major	fixed	has-patch needs-testing	mdawaffe Michael_K