xml-rpc does not rethrow errors generated by plugins
|Reported by:||pidge||Owned by:||anonymous|
|Severity:||major||Keywords:||xml-rpc, exteded live archive, plugin|
The xml-rcp module (xmlrpc.php) does not propergate errors caused by plugins as xml-rpc faults. For example, one of our users (Zoundry Blog Writer client app user) was not able to post using xml-rpc.
We were able to reproduce the error using Extend Live Archive v 0.10 R5 plugin. This plug threw a SQL error when posting via xml-rcp API. The entry was posted, however, the newPost xml response included SQL errors with in HTML, followed by the actual xml-rpc response. For example, here is a typical response on a newPost api call:
HTTP/1.1 200 OK Date: Sat, 12 Nov 2005 21:44:30 GMT Server: Apache/2.0.52 (Win32) PHP/5.0.4 mod_jk2/2.0.4 X-Powered-By: PHP/5.0.4 Connection: close Content-Length: 162 Content-Type: text/xml <div id='error'> <p class='wpdberror'><strong>WordPress database error:</strong> [You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'ON (wp_posts.ID = .post_id) [ snip - a lot html explaining the SQL error] </div> <?xml version="1.0"?> <methodResponse> <params> <param> <value> <string>35</string> </value> </param> </params> </methodResponse>
Note that the actual xml-rpc response is following the html db error info. Maybe the xml-rpc layer should catch this error and rethrow as a xml-rpc fault.