Opened 13 years ago
Last modified 5 years ago
#17541 accepted defect (bug)
Blogger-XMLPRC API does not work with Multisite/SSL/DMZ combination
Reported by: | michael_k | Owned by: | westi |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | major | Version: | 3.2 |
Component: | XML-RPC | Keywords: | has-patch, needs-refresh, https |
Focuses: | Cc: |
Description
I have the following setup:
My WordPress Blogs (multisite) are set up behind a firewall that exposes the public address via SSL. Inside my DMZ I'm only using HTTP, so that's what WordPress sees. When I now try to access the blogger.getUsersBlogs XMLPRC-API, I get an empty result back.
I analyzed the WordPress source code and found out that the blogger.getUsersBlogs method in the file wp-includes\class-wp-xmlrpc-server.php uses another XMLRPC call to the wp.getUsersBlogs method in case of the multisite. I further checked and found out that this appears to be the only case in which WordPress executes a remote call itself to sevice the request. I then replaced the logic in _multisite_getUsersBlogs with the multisite part from wp_getUsersBlogs and it worked.
I aso found an issue that might be related: http://core.trac.wordpress.org/ticket/16402
But since the source code in the trunk still uses the regular IXR_Client, I'm not sure if this would fix the issue.
I attached my fix as a patch, but it's not refactored to remove code duplication since I don't have a dev-environment set up for WordPress.
Michael
Attachments (1)
Change History (11)
#2
@
13 years ago
- Keywords 3.3-early westi-likes added
- Milestone changed from Awaiting Review to Future Release
- Owner set to westi
- Status changed from new to accepted
- Version set to 3.2
#4
@
13 years ago
I think the simplest solution is just to use the enhanced version of the IXR_Client which should resolve this issue.
#5
follow-up:
↓ 6
@
13 years ago
Possibly. It might be a quick-fix, but the fact would remain, that this is the single method in the blog API that uses a web-service to call back to the same server instead of reusing functionality located in the same file.
Please also note my earlier comment. Just using the other IXR_Client didn't actually resolve the issue.
#6
in reply to:
↑ 5
@
13 years ago
Replying to Michael_K:
Possibly. It might be a quick-fix, but the fact would remain, that this is the single method in the blog API that uses a web-service to call back to the same server instead of reusing functionality located in the same file.
I'm not sure just switching to the relevant blog will provide the correct information as there could be per-blog plugins affecting the returned data which would mean it was more sensible to make the call onto the correct end-point.
Please also note my earlier comment. Just using the other IXR_Client didn't actually resolve the issue.
Didn't at the time but should now as further improvements to SSL support there have been made.
#7
@
12 years ago
Just wanted to mention I just stumbled on the exact problem. I can use wp.getUsersBlogs but this should actually still somehow be fixed.
I've now an update: I've now changed my infrastructure to use SSL also inside the DMZ and upgraded to WordPress 3.2. The problem still persists. I also tries replacing the IXR-client with the WordPress HTTP-WP-IXR-Client mentioned in issue #16402. Still didn't work. Please consider getting rid of the (unnecessary) internal XML-RPC call as this seems to be the only to get the blogger-API working in a multisite-configuration.
Michael