Make WordPress Core

Ticket #10514: xmlrpc.php.2.diff

File xmlrpc.php.2.diff, 2.4 KB (added by sirzooro, 15 years ago)

Escape attributes using esc_attr()

  • xmlrpc.php

    old new  
    3030include('./wp-load.php');
    3131
    3232if ( isset( $_GET['rsd'] ) ) { // http://archipelago.phrasewise.com/rsd
    33 header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true);
     33        $xmlrpc_url = site_url('xmlrpc.php', 'rpc');
     34        $apis = array(
     35                array( 'name' => 'WordPress', 'blogID' => 1, 'preferred' => true, 'apiLink' => $xmlrpc_url ),
     36                array( 'name' => 'Movable Type', 'blogID' => 1, 'preferred' => false, 'apiLink' => $xmlrpc_url ),
     37                array( 'name' => 'MetaWeblog', 'blogID' => 1, 'preferred' => false, 'apiLink' => $xmlrpc_url ),
     38                array( 'name' => 'Blogger', 'blogID' => 1, 'preferred' => false, 'apiLink' => $xmlrpc_url ),
     39                array( 'name' => 'Atom', 'preferred' => false, 'apiLink' => apply_filters('atom_service_url', site_url('wp-app.php/service', 'rpc') ) )
     40        );
     41        $apis = apply_filters( 'xmlrpc_apis', $apis, $xmlrpc_url );
     42        header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true);
    3443?>
    3544<?php echo '<?xml version="1.0" encoding="'.get_option('blog_charset').'"?'.'>'; ?>
    3645<rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd">
     
    3948    <engineLink>http://wordpress.org/</engineLink>
    4049    <homePageLink><?php bloginfo_rss('url') ?></homePageLink>
    4150    <apis>
    42       <api name="WordPress" blogID="1" preferred="true" apiLink="<?php echo site_url('xmlrpc.php', 'rpc') ?>" />
    43       <api name="Movable Type" blogID="1" preferred="false" apiLink="<?php echo site_url('xmlrpc.php', 'rpc') ?>" />
    44       <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php echo site_url('xmlrpc.php', 'rpc') ?>" />
    45       <api name="Blogger" blogID="1" preferred="false" apiLink="<?php echo site_url('xmlrpc.php', 'rpc') ?>" />
    46       <api name="Atom" blogID="" preferred="false" apiLink="<?php echo apply_filters('atom_service_url', site_url('wp-app.php/service', 'rpc') ) ?>" />
     51<?php
     52        foreach ( $apis as $api ) {
     53                echo '      <api name="', esc_attr( $api['name'] ), '" blogID="', isset($api['blogID']) ? esc_attr( $api['blogID'] ) : '',
     54                '" preferred="', isset( $api['preferred'] ) && $api['preferred'] ? 'true' : 'false',
     55                '" apiLink="', esc_attr( $api['apiLink'] ), '" />', "\n";
     56        }
     57?>
    4758    </apis>
    4859  </service>
    4960</rsd>
    5061<?php
    51 exit;
     62        exit;
    5263}
    5364
    5465include_once(ABSPATH . 'wp-admin/includes/admin.php');