WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 3 years ago

#10658 closed enhancement (wontfix)

XMLRPC failure string should convey disabled status for GET requests, too

Reported by: redsweater Owned by: josephscott
Milestone: Priority: normal
Severity: normal Version:
Component: XML-RPC Keywords: has-patch
Focuses: Cc:

Description

Currently if you issues a plain GET request (e.g. by trying to load an xmlrpc.php URL in a browser), you get the error string provided by wp-includes/class-IXR.php:

XML-RPC server accepts POST requests only.

This is not indicative of any configuration problem when XMLRPC has not been enabled for the blog. Compare to wp-app.php which, in a comparable situation, at least indicates the configuration problem:

AtomPub services are disabled on this blog. An admin user can enable them at http://192.168.1.20/wptrunk/wp-admin/options-writing.php

The attached patch changes xmlrpc.php so that it will provide the same type of verbose message as wp-app.php does, allowing clients to see immediately upon trying to access the xmlrpc endpoint URL, that service is disabled:

XML-RPC services are disabled on this blog. An admin user can enable them at http://192.168.1.20/wptrunk/wp-admin/options-writing.php

I think this will have a positive impact on providing support e.g. to users of applications that depend on the API. It's a shortcut when debugging functionality to type in the xmlrpc URL into the browser to make sure it's configured correctly, and not spewing any errors.

While I was at it I factored the generation of the string for disabled XMLRPC into a new method errorStringForDisabledXMLRPC().

Attachments (1)

XMLRPCErrorString.diff (1.8 KB) - added by redsweater 6 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 @redsweater6 years ago

  • Component changed from General to XML-RPC

comment:2 @westi6 years ago

  • Cc westi added

Interesting idea.

I wonder if we should always override GET and uses it as a way to point to documentation as well as giving feedback on enablement status.

comment:3 @nacin5 years ago

  • Milestone changed from Unassigned to Future Release

comment:4 @markoheijnen3 years ago

It's a interesting idea but I would say close this as wont-fix. The reason is that "POST requests only" is a message for developers. A user never should see that where the disable XML-RPC message is for users.

comment:5 @markoheijnen3 years ago

  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed

This isn't really a problem anymore since the XML-RPC is enabled by default (3.5). Also my previous reason still apply

Note: See TracTickets for help on using tickets.