WordPress.org

Make WordPress Core

Ticket #10514: xmlrpc.php.2.diff

File xmlrpc.php.2.diff, 2.4 KB (added by sirzooro, 6 years ago)

Escape attributes using esc_attr()

  • xmlrpc.php

    old new  
    3030include('./wp-load.php'); 
    3131 
    3232if ( isset( $_GET['rsd'] ) ) { // http://archipelago.phrasewise.com/rsd 
    33 header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true); 
     33        $xmlrpc_url = site_url('xmlrpc.php', 'rpc'); 
     34        $apis = array( 
     35                array( 'name' => 'WordPress', 'blogID' => 1, 'preferred' => true, 'apiLink' => $xmlrpc_url ), 
     36                array( 'name' => 'Movable Type', 'blogID' => 1, 'preferred' => false, 'apiLink' => $xmlrpc_url ), 
     37                array( 'name' => 'MetaWeblog', 'blogID' => 1, 'preferred' => false, 'apiLink' => $xmlrpc_url ), 
     38                array( 'name' => 'Blogger', 'blogID' => 1, 'preferred' => false, 'apiLink' => $xmlrpc_url ), 
     39                array( 'name' => 'Atom', 'preferred' => false, 'apiLink' => apply_filters('atom_service_url', site_url('wp-app.php/service', 'rpc') ) ) 
     40        ); 
     41        $apis = apply_filters( 'xmlrpc_apis', $apis, $xmlrpc_url ); 
     42        header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true); 
    3443?> 
    3544<?php echo '<?xml version="1.0" encoding="'.get_option('blog_charset').'"?'.'>'; ?> 
    3645<rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd"> 
     
    3948    <engineLink>http://wordpress.org/</engineLink> 
    4049    <homePageLink><?php bloginfo_rss('url') ?></homePageLink> 
    4150    <apis> 
    42       <api name="WordPress" blogID="1" preferred="true" apiLink="<?php echo site_url('xmlrpc.php', 'rpc') ?>" /> 
    43       <api name="Movable Type" blogID="1" preferred="false" apiLink="<?php echo site_url('xmlrpc.php', 'rpc') ?>" /> 
    44       <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php echo site_url('xmlrpc.php', 'rpc') ?>" /> 
    45       <api name="Blogger" blogID="1" preferred="false" apiLink="<?php echo site_url('xmlrpc.php', 'rpc') ?>" /> 
    46       <api name="Atom" blogID="" preferred="false" apiLink="<?php echo apply_filters('atom_service_url', site_url('wp-app.php/service', 'rpc') ) ?>" /> 
     51<?php 
     52        foreach ( $apis as $api ) { 
     53                echo '      <api name="', esc_attr( $api['name'] ), '" blogID="', isset($api['blogID']) ? esc_attr( $api['blogID'] ) : '', 
     54                '" preferred="', isset( $api['preferred'] ) && $api['preferred'] ? 'true' : 'false',  
     55                '" apiLink="', esc_attr( $api['apiLink'] ), '" />', "\n"; 
     56        } 
     57?> 
    4758    </apis> 
    4859  </service> 
    4960</rsd> 
    5061<?php 
    51 exit; 
     62        exit; 
    5263} 
    5364 
    5465include_once(ABSPATH . 'wp-admin/includes/admin.php');