WordPress.org

Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#19774 closed defect (bug) (fixed)

Potential undefined array access in XML-RPC mw_newPost/mw_editPost

Reported by: maxcutler Owned by: westi
Milestone: 3.4 Priority: normal
Severity: trivial Version: 3.3.1
Component: XML-RPC Keywords: has-patch
Focuses: Cc:

Description

When attempting to determine the appropriate cap check, some of the logic attempts to access members of the content_struct array that are not required to be set, resulting in 'undefined index' error/notice.

Specifically, this can occur when 'post_type' is supplied but not 'post_status'.

An example XML-RPC request that triggers one of the two if statements is in the test_call.txt attachment.

Attachments (3)

test_call.txt (927 bytes) - added by maxcutler 10 years ago.
class-wp-xmlrpc-server.php.patch (952 bytes) - added by maxcutler 10 years ago.
class-wp-xmlrpc-server.php.2.patch (1.8 KB) - added by maxcutler 10 years ago.

Download all attachments as: .zip

Change History (6)

@maxcutler
10 years ago

@maxcutler
10 years ago

#1 @maxcutler
10 years ago

  • Summary changed from Potential undefined array access in XML-RPC mw_newPost to Potential undefined array access in XML-RPC mw_newPost/mw_editPost

Discovered that the same logic was copy/pasted to mw_editPost, so patching that as well.

@maxcutler
10 years ago

#2 @SergeyBiryukov
10 years ago

  • Milestone changed from Awaiting Review to 3.4

#3 @westi
10 years ago

  • Owner set to westi
  • Resolution set to fixed
  • Status changed from new to closed

In [20323]:

XMLRPC: In mw_newPost check to see if the post_status has been supplied before trying to use it to avoid undefined array access notices. Fixes #19774 props maxcutler.

Note: See TracTickets for help on using tickets.