Changeset 49862

Timestamp:

12/21/2020 08:21:12 PM (2 years ago)

Author:

johnbillion

Message:

XML-RPC: Emit an appropriate HTTP status code when an error is returned in response to an XML-RPC request.

This most notably affects the response when XML-RPC is disabled or when the supplied username and password is incorrect.

Props ericmann

Fixes #48213

Location:

trunk

Files:

• src/wp-includes/IXR/class-IXR-server.php (modified) (1 diff)
• src/wp-includes/class-wp-xmlrpc-server.php (modified) (1 diff)
• tests/phpunit/tests/xmlrpc/basic.php (modified) (1 diff)

trunk/src/wp-includes/IXR/class-IXR-server.php

@@ -130 +130 @@
             $error = new IXR_Error($error, $message);
         }
+
+        if ( function_exists( 'status_header' ) ) {
+            status_header( $error->code );
+        }
+
         $this->output($error->getXml());
     }

trunk/src/wp-includes/class-wp-xmlrpc-server.php

@@ -287 +287 @@
              * @since 3.5.0
              *
-             * @param string   $error The XML-RPC error message.
-             * @param WP_Error $user  WP_Error object.
+             * @param IXR_Error $error The XML-RPC error message.
+             * @param WP_Error  $user  WP_Error object.
              */
             $this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user );

trunk/tests/phpunit/tests/xmlrpc/basic.php

@@ -15 +15 @@
         // If disabled, 405 would result.
         $this->assertSame( 403, $result->code );
+    }
+
+    function test_disabled() {
+        add_filter( 'xmlrpc_enabled', '__return_false' );
+
+        $result = $this->myxmlrpcserver->wp_getOptions( array( 1, 'username', 'password' ) );
+
+        $this->assertIXRError( $result );
+        $this->assertSame( 405, $result->code );
     }