WordPress.org

Make WordPress Core

Changeset 29404


Ignore:
Timestamp:
08/06/14 17:37:22 (4 years ago)
Author:
nacin
Message:

Ignore entities in XML-RPC requests.

props mdawaffe, nacin.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-IXR.php

    r27552 r29404  
    204204        // first remove the XML declaration 
    205205        // merged from WP #10698 - this method avoids the RAM usage of preg_replace on very large messages 
    206         $header = preg_replace( '/<\?xml.*?\?'.'>/', '', substr($this->message, 0, 100), 1); 
    207         $this->message = substr_replace($this->message, $header, 0, 100); 
    208         if (trim($this->message) == '') { 
     206        $header = preg_replace( '/<\?xml.*?\?'.'>/s', '', substr( $this->message, 0, 100 ), 1 ); 
     207        $this->message = trim( substr_replace( $this->message, $header, 0, 100 ) ); 
     208        if ( '' == $this->message ) { 
    209209            return false; 
    210210        } 
     211 
     212        // Then remove the DOCTYPE 
     213        $header = preg_replace( '/^<!DOCTYPE[^>]*+>/i', '', substr( $this->message, 0, 200 ), 1 ); 
     214        $this->message = trim( substr_replace( $this->message, $header, 0, 200 ) ); 
     215        if ( '' == $this->message ) { 
     216            return false; 
     217        } 
     218 
     219        // Check that the root tag is valid 
     220        $root_tag = substr( $this->message, 0, strcspn( substr( $this->message, 0, 20 ), "> \t\r\n" ) ); 
     221        if ( '<!DOCTYPE' === strtoupper( $root_tag ) ) { 
     222            return false; 
     223        } 
     224        if ( ! in_array( $root_tag, array( '<methodCall', '<methodResponse', '<fault' ) ) ) { 
     225            return false; 
     226        } 
     227 
     228        // Bail if there are too many elements to parse 
     229        $element_limit = 30000; 
     230        if ( function_exists( 'apply_filters' ) ) { 
     231            $element_limit = apply_filters( 'xmlrpc_element_limit', $element_limit ); 
     232        } 
     233        if ( $element_limit && 2 * $element_limit < substr_count( $this->message, '<' ) ) { 
     234            return false; 
     235        } 
     236 
    211237        $this->_parser = xml_parser_create(); 
    212238        // Set XML parser to take the case of tags in to account 
Note: See TracChangeset for help on using the changeset viewer.