Make WordPress Core

Opened 13 years ago

Last modified 5 years ago

#17541 accepted defect (bug)

Blogger-XMLPRC API does not work with Multisite/SSL/DMZ combination

Reported by: michael_k's profile michael_k Owned by: westi's profile westi
Milestone: Priority: normal
Severity: major Version: 3.2
Component: XML-RPC Keywords: has-patch, needs-refresh, https
Focuses: Cc:

Description

I have the following setup:
My WordPress Blogs (multisite) are set up behind a firewall that exposes the public address via SSL. Inside my DMZ I'm only using HTTP, so that's what WordPress sees. When I now try to access the blogger.getUsersBlogs XMLPRC-API, I get an empty result back.

I analyzed the WordPress source code and found out that the blogger.getUsersBlogs method in the file wp-includes\class-wp-xmlrpc-server.php uses another XMLRPC call to the wp.getUsersBlogs method in case of the multisite. I further checked and found out that this appears to be the only case in which WordPress executes a remote call itself to sevice the request. I then replaced the logic in _multisite_getUsersBlogs with the multisite part from wp_getUsersBlogs and it worked.

I aso found an issue that might be related: http://core.trac.wordpress.org/ticket/16402
But since the source code in the trunk still uses the regular IXR_Client, I'm not sure if this would fix the issue.

I attached my fix as a patch, but it's not refactored to remove code duplication since I don't have a dev-environment set up for WordPress.

Michael

Attachments (1)

class-wp-xmlrpc-server patch for multisite.patch (1.8 KB) - added by michael_k 13 years ago.

Download all attachments as: .zip

Change History (11)

#1 @Michael_K
13 years ago

  • Severity changed from normal to major

I've now an update: I've now changed my infrastructure to use SSL also inside the DMZ and upgraded to WordPress 3.2. The problem still persists. I also tries replacing the IXR-client with the WordPress HTTP-WP-IXR-Client mentioned in issue #16402. Still didn't work. Please consider getting rid of the (unnecessary) internal XML-RPC call as this seems to be the only to get the blogger-API working in a multisite-configuration.

Michael

#2 @westi
13 years ago

  • Keywords 3.3-early westi-likes added
  • Milestone changed from Awaiting Review to Future Release
  • Owner set to westi
  • Status changed from new to accepted
  • Version set to 3.2

#3 @SergeyBiryukov
13 years ago

  • Keywords has-patch needs-refresh added

#4 @westi
13 years ago

I think the simplest solution is just to use the enhanced version of the IXR_Client which should resolve this issue.

#5 follow-up: @Michael_K
13 years ago

Possibly. It might be a quick-fix, but the fact would remain, that this is the single method in the blog API that uses a web-service to call back to the same server instead of reusing functionality located in the same file.

Please also note my earlier comment. Just using the other IXR_Client didn't actually resolve the issue.

#6 in reply to: ↑ 5 @westi
13 years ago

Replying to Michael_K:

Possibly. It might be a quick-fix, but the fact would remain, that this is the single method in the blog API that uses a web-service to call back to the same server instead of reusing functionality located in the same file.

I'm not sure just switching to the relevant blog will provide the correct information as there could be per-blog plugins affecting the returned data which would mean it was more sensible to make the call onto the correct end-point.

Please also note my earlier comment. Just using the other IXR_Client didn't actually resolve the issue.

Didn't at the time but should now as further improvements to SSL support there have been made.

#7 @stuffmc
12 years ago

Just wanted to mention I just stumbled on the exact problem. I can use wp.getUsersBlogs but this should actually still somehow be fixed.

#8 @chriscct7
9 years ago

  • Keywords 3.3-early westi-likes removed

#9 @johnbillion
9 years ago

  • Keywords https added

This ticket was mentioned in Slack in #core-http by johnbillion. View the logs.


8 years ago

Note: See TracTickets for help on using tickets.