Make WordPress Core


Ignore:
Timestamp:
06/29/2015 02:06:25 AM (9 years ago)
Author:
dd32
Message:

XML-RPC: Only escape what we need to in wp.editPage, this allows for passwords with the special characters "' to work in a request.
Props redsweater for initial Patch.
Fixes #32703

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-xmlrpc-server.php

    r32800 r32993  
    27482748     */
    27492749    public function wp_editPage( $args ) {
    2750         // Items not escaped here will be escaped in editPost.
    2751         $page_id  = (int) $this->escape($args[1]);
    2752         $username = $this->escape($args[2]);
    2753         $password = $this->escape($args[3]);
     2750        // Items will be escaped in mw_editPost.
     2751        $page_id  = (int) $args[1];
     2752        $username = $args[2];
     2753        $password = $args[3];
    27542754        $content  = $args[4];
    27552755        $publish  = $args[5];
    27562756
    2757         if ( !$user = $this->login($username, $password) )
    2758             return $this->error;
     2757        $escaped_username = $this->escape( $username );
     2758        $escaped_password = $this->escape( $password );
     2759
     2760        if ( !$user = $this->login( $escaped_username, $escaped_password ) ) {
     2761            return $this->error;
     2762        }
    27592763
    27602764        /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
Note: See TracChangeset for help on using the changeset viewer.