Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#5666 closed defect (bug) (fixed)

faultString in xmlrpc responses is not properly escaped

Reported by: josephscott Owned by: josephscott
Priority: normal Milestone: 2.5.1
Component: XML-RPC Version: 2.3.2
Severity: normal Keywords: has-patch
Cc: josephscott

Description

The xmlrpc spec indicates that < and & be encoded as &lt; and &amp; in strings. When an error is returned from an xmlrpc call the IXR class doesn't attempt to encode these as it does with regular string values.

I'm inclined to have IXR make use of htmlspecialchars() for this as it does for regular string values.

Attachments (1)

class-IXR.php.diff (449 bytes) - added by josephscott 5 years ago.

Download all attachments as: .zip

Change History (5)

josephscott5 years ago

comment:1   josephscott5 years ago

  • Keywords has-patch added; needs-patch removed

Provide patch to the XML-RPC library (IXR) for escaping error text.

comment:2   ryan5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [7615]) Escape faultString in IXR. Props josephscott. fixes #5666 for trunk

comment:3   ryan5 years ago

(In [7616]) Escape faultString in IXR. Props josephscott. fixes #5666 for 2.5

comment:4   ryan5 years ago

  • Milestone changed from 2.6 to 2.5.1
Note: See TracTickets for help on using tickets.