Opened 7 years ago
Last modified 6 years ago
#39699 new enhancement
Filter to check XML-RPC data before any DB insertion
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 4.8 |
Component: | XML-RPC | Keywords: | has-patch needs-testing |
Focuses: | Cc: |
Description
After searching into XML-RPC server class code, I realized that it seems that there isn't way to check XML-RPC input data before starting to insert/update any rows to database nor to return an IXR
custom error message.
For example for new post, in order to check custom fields, a possible workaround is to use wp_insert_post_empty_content
filter, but we are unable to customize the error message. Moreover at this point some DB rows are inserted, so inside the filter above we have to call wp_delete_post
manually in order to clean DB (taking care to check auto-draft
post status).
In the case of editing post, things get a bit more complicated, so we could use transactions with the help of xmlrpc_call
/wp_insert_post
actions.
So, the patch aims to add a new filter named xmlrpc_before_insert_post
that allows to do this check in a more robust manner (for wp.newPost
and wp.editPost
XML-RCP methods).
Typical usage:
<?php if ( defined( 'XMLRPC_REQUEST' ) ) { add_filter( 'xmlrpc_before_insert_post', 'my_filter_xmlrpc_before_insert_post', 10, 3 ); } function my_filter_xmlrpc_before_insert_post ( $post_data, $content_struct, $user ) { // do checks with $post_data, i.e: if ( title_contains_stop_words( $post_data['post_title'] ) ) return new IXR_Error( 500, 'Post title contains invalid words' ); return $post_data, }
The filter is placed inside _insert_post
helper function before get_default_post_to_edit()
that isthe first statement that adds a new DB row.
Regards
Punting to Future Release per today's 4.8 bug scrub.