WordPress.org

Make WordPress Core

Opened 20 months ago

Last modified 10 months ago

#35269 new feature request

Check data type of wp_xmlrpc_server_class filter before instantiate wp_xmlrpc_server_class

Reported by: onetarek Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.4
Component: XML-RPC Keywords: dev-feedback
Focuses: Cc:

Description

There is a filter 'wp_xmlrpc_server_class' in ./xmlrpc.php for a plugin to entirely replace the standard XML-RPC server implementation.

For some case we want to entirely disable XML-RPC server. So we pass a FALSE value through the wp_xmlrpc_server_class filter. And it causes a Fatal error in xmlrpc.php
To prevent this error we pass a fake class name that contains a blank method serve_request.
But it would better if there is a validity check of the return value of wp_xmlrpc_server_class filter.
If the return value is not a valid class_name then $wp_xmlrpc_server_class will not be instantiated and process will be exit there.

I have a patch for this.

Attachments (1)

xmlrpc.php.patch (669 bytes) - added by onetarek 20 months ago.

Download all attachments as: .zip

Change History (3)

#1 @markoheijnen
20 months ago

There is the filter 'xmlrpc_enabled' that handles this case. This is handled inside the class so it can pass a XML-RPC response that says "XML-RPC services are disabled on this site". Personally I think that would be the way to go.

So I'm tend to say that this is something we don't need but I would not have any problems with a class_exists check.

#2 @markoheijnen
10 months ago

  • Keywords dev-feedback added

My first feedback still stand with the addition that xmlrpc_enabled only works for the XML-RPC methods and not for pingback as described in #36055.

Any lead that can share their opinion if we should or shouldn't do this?

Note: See TracTickets for help on using tickets.