WordPress.org

Make WordPress Core

Changeset 49862


Ignore:
Timestamp:
12/21/2020 08:21:12 PM (8 months ago)
Author:
johnbillion
Message:

XML-RPC: Emit an appropriate HTTP status code when an error is returned in response to an XML-RPC request.

This most notably affects the response when XML-RPC is disabled or when the supplied username and password is incorrect.

Props ericmann

Fixes #48213

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/IXR/class-IXR-server.php

    r47926 r49862  
    130130            $error = new IXR_Error($error, $message);
    131131        }
     132
     133        if ( function_exists( 'status_header' ) ) {
     134            status_header( $error->code );
     135        }
     136
    132137        $this->output($error->getXml());
    133138    }
  • trunk/src/wp-includes/class-wp-xmlrpc-server.php

    r49856 r49862  
    287287             * @since 3.5.0
    288288             *
    289              * @param string  $error The XML-RPC error message.
    290              * @param WP_Error $user  WP_Error object.
     289             * @param IXR_Error $error The XML-RPC error message.
     290             * @param WP_Error  $user  WP_Error object.
    291291             */
    292292            $this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user );
  • trunk/tests/phpunit/tests/xmlrpc/basic.php

    r48937 r49862  
    1515        // If disabled, 405 would result.
    1616        $this->assertSame( 403, $result->code );
     17    }
     18
     19    function test_disabled() {
     20        add_filter( 'xmlrpc_enabled', '__return_false' );
     21
     22        $result = $this->myxmlrpcserver->wp_getOptions( array( 1, 'username', 'password' ) );
     23
     24        $this->assertIXRError( $result );
     25        $this->assertSame( 405, $result->code );
    1726    }
    1827
Note: See TracChangeset for help on using the changeset viewer.