Make WordPress Core

Opened 6 years ago

Last modified 3 years ago

#35269 new feature request

Check data type of wp_xmlrpc_server_class filter before instantiate wp_xmlrpc_server_class

Reported by: onetarek Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.4
Component: XML-RPC Keywords: dev-feedback
Focuses: Cc:


There is a filter 'wp_xmlrpc_server_class' in ./xmlrpc.php for a plugin to entirely replace the standard XML-RPC server implementation.

For some case we want to entirely disable XML-RPC server. So we pass a FALSE value through the wp_xmlrpc_server_class filter. And it causes a Fatal error in xmlrpc.php
To prevent this error we pass a fake class name that contains a blank method serve_request.
But it would better if there is a validity check of the return value of wp_xmlrpc_server_class filter.
If the return value is not a valid class_name then $wp_xmlrpc_server_class will not be instantiated and process will be exit there.

I have a patch for this.

Attachments (1)

xmlrpc.php.patch (669 bytes) - added by onetarek 6 years ago.

Download all attachments as: .zip

Change History (3)

6 years ago

#1 @markoheijnen
6 years ago

There is the filter 'xmlrpc_enabled' that handles this case. This is handled inside the class so it can pass a XML-RPC response that says "XML-RPC services are disabled on this site". Personally I think that would be the way to go.

So I'm tend to say that this is something we don't need but I would not have any problems with a class_exists check.

#2 @markoheijnen
5 years ago

  • Keywords dev-feedback added

My first feedback still stand with the addition that xmlrpc_enabled only works for the XML-RPC methods and not for pingback as described in #36055.

Any lead that can share their opinion if we should or shouldn't do this?

Note: See TracTickets for help on using tickets.