__group__ ticket summary owner component _version priority severity milestone type _status workflow _created modified _description _reporter Tickets Awaiting Review 33940 Double spaces in term names can cause problems XML-RPC normal normal Awaiting Review defect (bug) assigned 2015-09-20T22:56:04Z 2019-08-15T06:46:02Z "Create a tag called 'test term'. Use XML-RPC to create a post with a tag of: {{{ test term }}} (two spaces). You'll get an error thrown, with the post not created: {{{ A term with the name already exists in this taxonomy }}} This appears to be due to the `_insert_post` function in XML-RPC using `get_term_by( 'name', $term_name, $taxonomy );`, which is returning false - thus it tries to create the term as new, and fails. Most other aspects of WP seem to filter the term name to strip double spaces first - is that what is necessary here? Or could the issue affect more than just XML-RPC?" smerriman Tickets Awaiting Review 38300 Got a PHP warning: class-wp-xmlrpc-server.php L596: array_unshift() ... XML-RPC 4.6.1 normal normal Awaiting Review defect (bug) reopened 2016-10-13T06:46:16Z 2017-02-06T03:13:45Z "Sometimes the php_error.log file got a warning: {{{ PHP Warning: array_unshift() expects parameter 1 to be array, null given in /wp-includes/class-wp-xmlrpc-server.php on line 596 }}} {{{#!php blogger_getUsersBlogs( $args ); } ... } }}} The $args is NULL, it doesn't matter?" kmvan Tickets Awaiting Review 40863 WP 4.7.5 XMLRPC new method for parsing arguments omits menu_order XML-RPC 4.7.5 normal normal Awaiting Review defect (bug) reopened 2017-05-25T15:35:22Z 2017-08-04T16:43:29Z "In WP 4.7.5, in wp-includes/class-wp-xmlrpc-server.php, on line 1327, this line: {{{ $post_data = wp_parse_args( $content_struct, $defaults ); }}} was changed to: {{{ $post_data = wp_parse_args( array_intersect_key( $content_struct, $defaults ), $defaults ); }}} Unfortunately, the new intersection strips out any arguments from $content_struct that don't exist in $defaults. So you can no longer edit a post and change the ""menu_order"" field, because it doesn't exist in the $defaults declared just before this line. Please provide either an updated list of acceptable defaults (e.g. including menu fields), or allow for additional fields to pass through to wp_parse_args. Tested with latest version of WP, and confirmed that swapping the changed line above enables/disables the ability to change menu_order in posts. " bjminihan Tickets Awaiting Review 38622 XML-RPC wp_newComment should return an error when a field exceeds the maximum length XML-RPC 4.5 low normal Awaiting Review defect (bug) reopened has-patch 2016-11-02T16:09:56Z 2024-01-13T06:26:52Z "We return a `WP_Error` in `wp_handle_comment_submission()` when the comment content, author name, author email, or author url exceeds the maximum length of its respective database column. See #10377. We should do the same in the XML-RPC `wp_newComment()` method." rachelbaker Candidates for Closure 42995 WordPress XML-RPC editComment return error 500 changing date_created_gmt XML-RPC 4.9.1 normal normal Awaiting Review defect (bug) new reporter-feedback 2017-12-28T19:01:25Z 2019-06-20T14:10:09Z "Grettings, This: // Do some timestamp voodoo if (!empty($content_struct['date_created_gmt'])) { // We know this is supposed to be GMT, so we're going to slap that Z on there by force $dateCreated = rtrim($content_struct['date_created_gmt']->getIso(), 'Z') . 'Z'; $comment_date = get_date_from_gmt(iso8601_to_datetime($dateCreated)); $comment_date_gmt = iso8601_to_datetime($dateCreated, 'GMT'); } [Thu Dec 28 15:52:34.123148 2017] [php7:notice] [pid 5507] [client 127.0.0.1:39464] PHP Fatal error: Uncaught Error: Call to a member function getIso() on string in wp-includes/class-wp-xmlrpc-server.php:3533 " fpilee Candidates for Closure 33425 XML-RPC missing options on wp.getOptions XML-RPC 4.3 normal normal Awaiting Review defect (bug) new reporter-feedback 2015-08-19T08:35:27Z 2017-04-14T13:41:05Z "Why the list of options available here https://github.com/WordPress/WordPress/blob/ce557062f4123d8513378cf415b4e8b612c33ccc/wp-includes/class-wp-xmlrpc-server.php#L383 doesn’t match this https://codex.wordpress.org/Option_Reference For example default_category or blog_public fields are not available on XML-RPC." SergioEstevao Tickets with Patches 36030 Expose site icon on wp.getUsersBlogs XML-RPC normal normal Future Release enhancement new needs-unit-tests 2016-03-01T09:06:46Z 2019-06-20T14:07:35Z "WordPress 4.3 has added the ability for site owners to manage their site’s favicon, but never exposed it over the XML-RPC protocol. It's useful for XML-RPC clients to receive it back in the response of wp.getUsersBlogs, so they can show the proper icon beside the name of the site. In the patch I've provided an empty value is returned if site_icon is not set on the blog. I've avoided returning a default value, since it's better to leave this responsibility to clients. If siteIcon is empty, the client should show their default icon, or nothing." daniloercoli Tickets Needing Feedback 23020 wp.getPageList should act like wp.getPages XML-RPC 2.2 normal normal defect (bug) new dev-feedback 2012-12-20T13:47:13Z 2019-06-05T06:39:01Z "I know that wp.getPageList is obsolete, but I think it should act like wp.getPages At the moment wp.getPageList returns even the trashed pages and doesn't return the status of the page. The weird behavior i've seen with wp.getPageList on a third-party client is shown below: - Refresh the pages list. - The Page 'A' is in the list. - Select the page 'A' and delete it. - Refresh the pages list and the page is still there. Doh!" daniloercoli Tickets Needing Feedback 20070 Deprecate Blogger XML-RPC Methods XML-RPC 3.3 normal normal Future Release enhancement new dev-feedback 2012-02-18T18:32:26Z 2020-09-21T19:41:58Z "The XML-RPC API supports the legacy Blogger API methods, but these methods have apparently not been very well tested or maintained. Given that the `wp.*` XML-RPC namespace now covers everything that the Blogger API does, I suggest the blogger methods be officially deprecated with an eye towards removing them in a future version. At the very least, the MetaWeblog API should be used by clients instead, as it was explicitly designed to enhance and supersede the Blogger API." maxcutler Tickets Needing Feedback 37096 Unit tests for xmlrpc_getposttitle() and xmlrpc_getpostcategory() along with patch to trim and unique returned values SergeyBiryukov XML-RPC 0.71 low minor Future Release enhancement reviewing dev-feedback 2016-06-14T00:24:25Z 2022-01-20T13:01:43Z In tonight's Contrib 2 core we created this unit test for xmlrpc_getposttitle() function pbearne Tickets Needing Feedback 35993 Unit tests: XML-RPC Request routines XML-RPC 0.71 normal normal Future Release enhancement new dev-feedback 2016-02-29T01:07:36Z 2022-01-20T13:01:43Z "I wrote unit tests for the 3 methods regards to XML-RPC request in functions.php, the aim is improve de code coverage, theses methods are: * xmlrpc_getposttitle() * xmlrpc_getpostcategory() * xmlrpc_removepostdata() This patch cover 100% of coverage related to theses methods above. Only one thing to consider, I didn't found any XML-RPC format on the WordPress doc with title and category, so I've created a simple XML format with both, following the methods the behaviour is the same." borgesbruno Tickets Needing Feedback 23866 WordPress xmlrpc wp_getPosts filter for slug XML-RPC 3.4 normal normal enhancement new dev-feedback 2013-03-26T20:09:31Z 2019-06-05T06:39:12Z "When using the Wordpress xmlrpc, it is sometimes very useful to get posts based off of slugs rather than post id. A use case for this would be synchronizing or migrating two Wordpress sites with the same posts, but with different databases and post ID's. " SunWaves Tickets with Patches 17541 Blogger-XMLPRC API does not work with Multisite/SSL/DMZ combination westi* XML-RPC 3.2 normal major defect (bug) accepted has-patch 2011-05-23T07:26:29Z 2019-06-05T06:38:11Z "I have the following setup: My WordPress Blogs (multisite) are set up behind a firewall that exposes the public address via SSL. Inside my DMZ I'm only using HTTP, so that's what WordPress sees. When I now try to access the blogger.getUsersBlogs XMLPRC-API, I get an empty result back. I analyzed the WordPress source code and found out that the blogger.getUsersBlogs method in the file wp-includes\class-wp-xmlrpc-server.php uses another XMLRPC call to the wp.getUsersBlogs method in case of the multisite. I further checked and found out that this appears to be the only case in which WordPress executes a remote call itself to sevice the request. I then replaced the logic in _multisite_getUsersBlogs with the multisite part from wp_getUsersBlogs and it worked. I aso found an issue that might be related: http://core.trac.wordpress.org/ticket/16402 But since the source code in the trunk still uses the regular IXR_Client, I'm not sure if this would fix the issue. I attached my fix as a patch, but it's not refactored to remove code duplication since I don't have a dev-environment set up for WordPress. Michael" michael_k Tickets with Patches 21292 XML-RPC: wp_upload_bits should act like wp_handle_upload XML-RPC 3.0 normal normal defect (bug) assigned has-patch 2012-07-17T07:01:23Z 2023-03-02T15:07:16Z "At this moment there isn't a check for file size when uploading an image through the XML-RPC. The reason is that the method wp_upload_bits is used. This only checks it does is if the file size is to big for a network installation. The function check_upload_size() is something what you want except that it will use wp_die() if there is an error like this. The function is used as a filter: wp_handle_upload_prefilter. Which only get applied in the function wp_handle_upload. We should probably change check_upload_size() a bit so it doesn't use wp_die() but does it somewhere else. related: #6559 and #21085" markoheijnen Tickets with Patches 39699 Filter to check XML-RPC data before any DB insertion XML-RPC 4.8 normal normal Future Release enhancement new has-patch 2017-01-26T11:03:08Z 2017-10-03T03:39:32Z "After searching into XML-RPC server class code, I realized that it seems that there isn't way to check XML-RPC input data before starting to insert/update any rows to database nor to return an `IXR` custom error message. For example for new post, in order to check custom fields, a possible workaround is to use `wp_insert_post_empty_content` filter, but we are unable to customize the error message. Moreover at this point some DB rows are inserted, so inside the filter above we have to call `wp_delete_post` manually in order to clean DB (taking care to check `auto-draft` post status). In the case of editing post, things get a bit more complicated, so we could use transactions with the help of `xmlrpc_call`/`wp_insert_post` actions. So, the patch aims to add a new filter named `xmlrpc_before_insert_post` that allows to do this check in a more robust manner (for `wp.newPost` and `wp.editPost` XML-RCP methods). Typical usage: {{{#!php 'imgfile.png', 'type' => 'image/png', 'bits' => new IXR_Base64($bits), 'overwrite' => false); $client->query('wp.uploadFile',2, 'admin', 'password', $params); }}} The xmlrpc returns a packet containing this data: {{{ array ( 'id' => '30', 'file' => 'test2_889047515_2.png', 'url' => 'http://my-site.com/wp-content/uploads/2013/11/imgfile.png', 'type' => 'image/png', ) }}} " daki-san Unpatched Bugs 17382 XMLRPC wp_getUsersBlogs Scalability XML-RPC 3.0 normal normal defect (bug) new 2011-05-11T20:32:15Z 2019-06-05T06:38:07Z "If there is a root blog with many sub blogs on it and a user that is an admin on each sub blog, then when the when the XML RPC method wp_getUsersBlogs() is called it does not scale very well. My PHP memory_limit setting was 128MB, and the XML RPC request died when a user was a member of 230+ blogs. I noticed that the number of queries made to the database for a single user that has many blogs that they are an admin is very high. Affected line: http://core.trac.wordpress.org/browser/tags/3.0.1/xmlrpc.php#L443 I don't know exactly how the code would have to change so I am not providing a patch." bmorneau Unpatched Bugs 33389 posts contains png images via XMLRPC error response XML-RPC 4.2 normal normal defect (bug) new 2015-08-17T08:41:39Z 2019-06-05T06:41:29Z "file: wp-includes/class-wp-image-editor.php line: $result = call_user_func_array( $function, $arguments ); [[Image(http://ww3.sinaimg.cn/large/6dd29ac7jw1ev5p7avr0wj20ne0g9adk.jpg)]] [[Image(http://ww1.sinaimg.cn/large/6dd29ac7jw1ev5p91135lj20m30d0wh7.jpg)]] string(8) ""imagepng"" array(2) { [0]=> resource(167) of type (gd) [1]=> NULL } php function imagepng: filename The path to save the file to. If not set or NULL, the raw image stream will be outputted directly. [[Image(http://ww3.sinaimg.cn/large/6dd29ac7jw1ev5p500okij20aa06wwf9.jpg)]]" zhizuzhefu Unpatched Bugs 32863 set_custom_fields function in wp_xmlrpc_server class XML-RPC 4.2.2 normal trivial defect (bug) new 2015-07-02T10:04:32Z 2019-06-05T06:41:07Z "Hi, I was working with wp_xmlrpc_server class to insert and update woocommerce products but i found that my custom fields are not working properly. When i inspected the code of function set_custom_fields , i noticed that we are using wp_unslash to remove underscores from custom field keys. So keys like _price , _quantity and _stock were not working for the product custom post type. Secondly we are using add_post_meta to insert the meta data. Can we change it to the update_post_meta ? I have attached the updated function.Please test it and let me know. {{{ public function set_custom_fields($post_id, $fields) { $post_id = (int) $post_id; foreach ( (array) $fields as $meta ) { if ( isset($meta['id']) ) { $meta['id'] = (int) $meta['id']; $pmeta = get_metadata_by_mid( 'post', $meta['id'] ); if ( isset($meta['key']) ) { $meta['key'] = ( $meta['key'] ); if ( $meta['key'] !== $pmeta->meta_key ) continue; $meta['value'] = ( $meta['value'] ); if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) update_metadata_by_mid( 'post', $meta['id'], $meta['value'] ); } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) { delete_metadata_by_mid( 'post', $meta['id'] ); } } else{ update_post_meta( $post_id, $meta['key'], $meta['value'] ); } } } }}} Regards, Arif Skype: arifamir33 " marifamir Unpatched Enhancements 59414 XML-RPC - add updateMedia endpoint XML-RPC normal normal Future Release enhancement new 2023-09-20T19:33:26Z 2024-03-05T15:53:56Z "In #58582, @thomashorta reported on alt attributes missing from the XML RPC endpoints. Fetching that data was fixed in [56637], but adding an endpoint to update media that specifically handles media data like alt attributes requires a more substantial enhancement. From #58582: Updating MediaItems through the XML-RPC API is also done directly by the Posts API, more specifically through wp.editPost (codex), which also doesn't support an alt field. This makes sense, as this API is more generic, but at the same time, there are no specific updateMedia methods in the Media API. Suggestion for updating I'm not sure about this one, but I think a new method in the Media API would be needed (e.g.: wp.updateMediaItem) to properly manipulate a specific input struct and call the Post update functions internally." joedolson Unpatched Enhancements 21386 XML-RPC needs a user permission method XML-RPC normal normal enhancement new 2012-07-25T18:33:24Z 2019-06-05T06:38:43Z "At this moment when calling a XML-RPC method you will receive a error when the user can't do that method. What would be better if there is a way an app can retrieve the user permissions and act on that without the need to call the method." markoheijnen Tickets Awaiting Review 60104 Missing Plugin WordPress.org Site normal normal Awaiting Review defect (bug) new has-patch 2023-12-19T12:47:20Z 2023-12-19T12:47:20Z "https://events.wordpress.org/ahmedabad/2024/wordcast/ The Jetpack plugin is unavailable on this page, so its shortcode is visible instead of the form. For reference: https://prnt.sc/zGfUDXDW1dPo" parin96 Tickets Awaiting Review 58320 "Clarify meaning of ""beta"" with newer PHP versions (or remove)" WordPress.org Site normal normal Awaiting Review enhancement new 2023-05-15T18:31:59Z 2023-07-28T11:21:49Z "https://make.wordpress.org/core/handbook/references/php-compatibility-and-wordpress-versions/ That web page says that WordPress' support for PHP 8.0, 8.1, and 8.2 all are ""beta"". In this context, I believe the label is at best misleading. In my work role at a web host, I've seen a LOT of customers point to that page as a reason to resist/refuse upgrading their sites past PHP 7.4. My understanding is that the intent of the label, on that page, is not to indicate that WP core has compatibility issues; rather it is intended to highlight that many themes and plugins may not yet properly support those PHP versions. (My interpretation of that intent comes from https://make.wordpress.org/hosting/2023/05/15/is-wordpress-compatible-with-php-8/ , which I inadvertently inspired; if that is inaccurate, please let me know!) I believe the ""PHP compatibility"" page should more explicitly state that WP core is, in fact, fully compatible with PHP 8.x (assuming that's the case, of course). If that seems too much of a step, the page should at least clarify that the ""beta"" label is intended to represent the state of the larger community's support, and not necessarily that of core." desmith Tickets Awaiting Review 54500 Added Javascript (such as online chat) are displayed also in the widget editor Widgets 5.8.2 normal normal Awaiting Review defect (bug) new 2021-11-24T08:22:51Z 2021-11-24T08:22:51Z "See screenshots.. I don't think this is supposed to be like that, right? [[Image(https://i.imgur.com/tXYvaM6.png)]] [[Image(https://i.imgur.com/TSrKjU4.png)]] specifically, this is - theme GeneratePress - tawk.to plugin" mikulabc Tickets Awaiting Review 55095 Adding widgets to widget area with the classic editor in appearance => widgets, widget does not display on front-end (brand new widgets only)) Widgets 5.9 normal normal Awaiting Review defect (bug) new 2022-02-06T09:25:11Z 2022-02-06T09:25:11Z "Hi, I have noticed that when trying to create and manage widgets in the classic editor using the view; appearance => widgets, that when you attempt to display the widget on the front-end of the website using dynamic_sidebar('sidebar-name'), that for some reason the widget does not display. This only happens with brand new widget areas that have had no previous widgets assigned to them. I then added a new widget to the same widget area in the customizer => widgets view, and the widget then displayed using dynamic_sidebar('sidebar-name'). This then showed both widgets added to the area, the widget i assigned in appearance => widgets, and the new one i just assinged in customizer => widgets. To be clear these widgets were exactly the same in both widget used and content assigned. after doing this through the customizer, then adding another widget to the widget area in the appearance => widgets view, the updates are displaying on the front-end as you would expect. I am using self-hosted a self-hosted WordPress website. The widget I was trying to add to my website was a custom widget that, that followed the documentation in https://codex.wordpress.org/Widgets_API to the letter." morgscode94 Tickets Awaiting Review 43121 Custom HTML Widget Warning Tooltips Error Widgets 4.9.2 normal normal Awaiting Review defect (bug) new 2018-01-17T22:16:24Z 2018-01-19T14:26:14Z "I am using Custom HTML widgets in the current version of WordPress, and I have noticed an error in the display of warning tooltips within the current version of Firefox. When I mouseover a warning icon in the Custom HTML widget, the resulting tooltip displays beneath the editor pane, making the warning text unreadable. '''Warning Tooltip in Firefox:''' [[Image(https://img.nettech.net/Temp/CustomHTMLWidget_WarningTooltip_Firefox.jpg)]] The same warning tooltip appears correctly in the latest versions of Chrome and Edge. '''Warning Tooltip in Chrome''' [[Image(https://img.nettech.net/Temp/CustomHTMLWidget_WarningTooltip_Chrome_Edge.jpg)]] I have not tested across themes, so for reference I am currently working within Front Page sidebars in a Genesis child theme. I have tested the same widget across Firefox, Chrome, and Edge, and only Firefox exhibits the described behavior." JosefNT Tickets Awaiting Review 42743 Disable wp_options autoload for inactive widgets Widgets normal normal Awaiting Review defect (bug) new 2017-11-29T04:25:59Z 2023-09-07T11:58:23Z "Options/settings for all widgets are saved in wp_options with autoload=yes, but autoload is enabled for the wp_options even for deactivated widgets. On sites with many widgets installed (but not even activated), the size of data transferred from the DB to the PHP host on each and every page request can add significant overhead and introduce noticeable slowdowns. I can't see a reason why autoload can't be disabled on deactivation of a widget, preloaded on navigation to the widget settings page, and then re-enabled when said widget is activated." ComputerGuru Tickets Awaiting Review 53959 Error message when creating new widget using block editor Widgets 5.8 normal normal Awaiting Review defect (bug) new 2021-08-19T14:07:08Z 2021-08-23T14:48:47Z "Our church website stm.org.uk is WordPress hosted by IONOS. I have just tried the first update to the Content Sidebar since we were upgraded to WordPress 5.8. I attempted to add the 'Breakfast Church' item using the new block editor, but I got a message: There was an error. Invalid parameter(s): requests. I ended up installing the 'classic widget editor' plugin and managed to create the item by adding two block widgets at the beginning, copying the block HTML from a similar item. I did it this way, rather than setting up a text widget, to get a more consistent appearance. Incidentally, the 'our vicar' image widget has not been converted to a block and its appearance is not consistent with the others. There seems to be no good reason for the error message." mdrb55 Tickets Awaiting Review 40793 Events widget on back button loses location Widgets normal normal Awaiting Review defect (bug) new 2017-05-17T21:21:01Z 2017-05-17T21:22:38Z "I noticed that if you save a location, visit a meetup, then click back button in browser, you will lose your location. It returns on refreshing your browser. Here is video: [[Image(https://cldup.com/pyYG5Z4gtz.gif, 50%)]] " karmatosed Tickets Awaiting Review 55438 Flaky result when saving widgets in the Widgets Editor Widgets normal normal Awaiting Review defect (bug) new 2022-03-22T07:19:13Z 2022-03-31T09:47:43Z "I discovered this while trying to migrate the [https://github.com/WordPress/gutenberg/blob/3b1674a147c8e943b0d3727e0f4cbe379c2d9922/packages/e2e-tests/specs/widgets/editing-widgets.test.js#L123-L233 editing-widgets] e2e tests in Gutenberg. I think the test is currently skipped for the same reason. By un-skipping the test and running it several times, it sometimes fails at the last step where the snapshot doesn't match. It mysteriously contains a `wp_inactive_widgets: ''` field in the serialized result. I think the bug is from a race condition in the REST API. I managed to record a HAR file so that you can plug it in Chrome's devtools and inspect it. I'm not familiar with the PHP side of the code, but it seems like sometimes a widget block won't be saved to the specified sidebar, and instead be put inside `wp_inactive_widgets`. Maybe someone with more knowledge around this can help debugging it? Sorry that there's isn't a reliable reproduction steps though." kevin940726 Tickets Awaiting Review 47976 HTML attributes in uppercase show error in widgets Widgets 4.9 normal normal Awaiting Review defect (bug) reopened dev-feedback 2019-09-05T04:43:40Z 2022-10-18T08:29:01Z "'''[=#point1 (1)] How to reproduce''' go to p-admin/widgets.php and add custom HTML. in custom html box if i add this html, it will error. `
` '''[=#point1 (2)] Error -''' the attribute name of [ ""DATA-HREF"" ] must be in lowercase. '''[=#point1 (3)] Why need this''' some ad providers (such as flipkart) supply code where attributes are uppercase." sudhir600 Tickets Awaiting Review 59518 I getting ::marker and unable to remove bacause html not support Widgets 6.3.1 normal normal Awaiting Review defect (bug) new 2023-10-02T18:01:49Z 2023-10-02T18:01:49Z "we know
  • should be inside
      or