Opened 13 years ago
Closed 9 years ago
#18731 closed enhancement (fixed)
The XML-RPC Endpoint filename is hardcoded in the code (aka: my Host Blocks XML-RPC Access!)
Reported by: | daniloercoli | Owned by: | |
---|---|---|---|
Milestone: | 3.5 | Priority: | normal |
Severity: | normal | Version: | 3.2 |
Component: | XML-RPC | Keywords: | westi-likes has-patch needs-refresh dev-feedback |
Focuses: | Cc: |
Description
It's impossible to rename the file 'xmlrpc.php' to something different (for eg when your hosting provider blocks the access to the xmlrpc.php file) since the prefix "xmlrpc.php" is hardcoded within the src code. You can rename the file but the XML-RPC call wp.getUsersBlog always returns the hardcoded URL.
Same issue for the pingback link and the EditURI link.
We pubblished a plugin that should help users for the time being:
http://wordpress.org/extend/plugins/rename-xml-rpc/
Change History (20)
#1
follow-up:
↓ 2
@
13 years ago
- Keywords westi-likes added
- Milestone changed from Awaiting Review to Future Release
- Priority changed from normal to high
- Severity changed from normal to major
- Version set to 3.2
#2
in reply to:
↑ 1
@
13 years ago
Maybe we could support http://example.com/?xmlrpc=1 and http://example.com/xmlrpc/ as endpoints in core for the rewrite less and rewrite full usecases.
This would be fine, but probably we should also support http://example.com/?rsd=1 and http://example.com/rsd/ as RSD endpoints in core.
#3
@
13 years ago
- Cc josephscott added
If we are going to do this we should probably look at filtering all of the 'xmlrpc.php' values. Perhaps an 'xmlrpc_file_name' filter?
#4
@
13 years ago
We'll probably want to introduce get_xmlrpc_url( $type = '' )
, where 'type' can become 'rsd'.
#7
@
12 years ago
- Keywords has-patch added; needs-patch removed
- Milestone changed from Future Release to 3.5
Took a stab at this, most of the URLs were obtained using different flavors of site_url()
.
The only bizarre one was wp_xmlrpc_server::_multisite_getUsersBlogs()
which appears to be trying to support a network of many sites which have many blogs. site_url()
should work in this scenario as well.
Adds function: get_xmlrpc_url( $type = '' )
which is filtered by 'xmlrpc_url'
#8
@
12 years ago
Actually, I think this can be done a bit easier. There's an rpc "scheme" we pass to site_url() et al, which is used for forcing SSL when SSL login or admin is forced.
We should just always pass 'rpc' as the scheme to site_url(), which essentially means modifying the two instances in class-wp-xmlrpc-server.php. daniloercoli, that should be enough, no?
#9
@
12 years ago
I was even thinking even more difficult then this. I was thinking about moving all the code from xmlrpc.php to somewhere else and make xmlrpc.php to call that code. And then create some kind of endpoint system like /index.php?endpoint=xmlrpc. This way you can even use the rewrite API to have it another name as usual.
Most likely my mind is thinking more difficult but with this we can have added some steps for a RESTFUL or JSON API.
#10
@
12 years ago
- Keywords punt added
- Type changed from defect (bug) to enhancement
Sounds like this feature (not a bug) will likely need to be punted from 3.5 in the interest of further discussion about possible new endpoints.
#11
@
12 years ago
- Keywords punt removed
- Milestone changed from 3.5 to Future Release
- Type changed from enhancement to defect (bug)
This is a bug that does need to be fixed. It can result in an enhancement in a better API for new endpoints.
I did punted for now and hopefully this is something that can be discussed on the summit.
#12
@
12 years ago
- Type changed from defect (bug) to enhancement
This is not a bug. Allowing the endpoint to be changed is an enhancement.
The "bug" here is that some xmlrpc.php references are missing 'rpc'. I'll be fixing that in 3.5, but the rest of this should be punted.
#16
@
11 years ago
- Keywords dev-feedback added
- Severity changed from major to trivial
Pingbacks don't require a login/password or https to work, so I don't think this is a necessary fix.
I think we should maybe come up with an alternative endpoint name for WordPress in general.
Maybe we could support http://example.com/?xmlrpc=1 and http://example.com/xmlrpc/ as endpoints in core for the rewrite less and rewrite full usecases.
It seems to be common unfortunately for hosts to block the filename xmlrpc.php