WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 3 years ago

#17541 accepted defect (bug)

Blogger-XMLPRC API does not work with Multisite/SSL/DMZ combination

Reported by: michael_k Owned by: westi
Milestone: Future Release Priority: normal
Severity: major Version: 3.2
Component: XML-RPC Keywords: 3.3-early westi-likes has-patch needs-refresh
Focuses: Cc:

Description

I have the following setup:
My WordPress Blogs (multisite) are set up behind a firewall that exposes the public address via SSL. Inside my DMZ I'm only using HTTP, so that's what WordPress sees. When I now try to access the blogger.getUsersBlogs XMLPRC-API, I get an empty result back.

I analyzed the WordPress source code and found out that the blogger.getUsersBlogs method in the file wp-includes\class-wp-xmlrpc-server.php uses another XMLRPC call to the wp.getUsersBlogs method in case of the multisite. I further checked and found out that this appears to be the only case in which WordPress executes a remote call itself to sevice the request. I then replaced the logic in _multisite_getUsersBlogs with the multisite part from wp_getUsersBlogs and it worked.

I aso found an issue that might be related: http://core.trac.wordpress.org/ticket/16402
But since the source code in the trunk still uses the regular IXR_Client, I'm not sure if this would fix the issue.

I attached my fix as a patch, but it's not refactored to remove code duplication since I don't have a dev-environment set up for WordPress.

Michael

Attachments (1)

class-wp-xmlrpc-server patch for multisite.patch (1.8 KB) - added by michael_k 4 years ago.

Download all attachments as: .zip

Change History (8)

comment:1 @Michael_K4 years ago

  • Severity changed from normal to major

I've now an update: I've now changed my infrastructure to use SSL also inside the DMZ and upgraded to WordPress 3.2. The problem still persists. I also tries replacing the IXR-client with the WordPress HTTP-WP-IXR-Client mentioned in issue #16402. Still didn't work. Please consider getting rid of the (unnecessary) internal XML-RPC call as this seems to be the only to get the blogger-API working in a multisite-configuration.

Michael

comment:2 @westi4 years ago

  • Keywords 3.3-early westi-likes added
  • Milestone changed from Awaiting Review to Future Release
  • Owner set to westi
  • Status changed from new to accepted
  • Version set to 3.2

comment:3 @SergeyBiryukov4 years ago

  • Keywords has-patch needs-refresh added

comment:4 @westi4 years ago

I think the simplest solution is just to use the enhanced version of the IXR_Client which should resolve this issue.

comment:5 follow-up: @Michael_K4 years ago

Possibly. It might be a quick-fix, but the fact would remain, that this is the single method in the blog API that uses a web-service to call back to the same server instead of reusing functionality located in the same file.

Please also note my earlier comment. Just using the other IXR_Client didn't actually resolve the issue.

comment:6 in reply to: ↑ 5 @westi4 years ago

Replying to Michael_K:

Possibly. It might be a quick-fix, but the fact would remain, that this is the single method in the blog API that uses a web-service to call back to the same server instead of reusing functionality located in the same file.

I'm not sure just switching to the relevant blog will provide the correct information as there could be per-blog plugins affecting the returned data which would mean it was more sensible to make the call onto the correct end-point.

Please also note my earlier comment. Just using the other IXR_Client didn't actually resolve the issue.

Didn't at the time but should now as further improvements to SSL support there have been made.

comment:7 @stuffmc3 years ago

Just wanted to mention I just stumbled on the exact problem. I can use wp.getUsersBlogs but this should actually still somehow be fixed.

Note: See TracTickets for help on using tickets.