Make WordPress Core

Opened 7 years ago

Last modified 7 years ago

#39699 new enhancement

Filter to check XML-RPC data before any DB insertion

Reported by: enricosorcinelli's profile enrico.sorcinelli Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 4.8
Component: XML-RPC Keywords: has-patch needs-testing
Focuses: Cc:


After searching into XML-RPC server class code, I realized that it seems that there isn't way to check XML-RPC input data before starting to insert/update any rows to database nor to return an IXR custom error message.
For example for new post, in order to check custom fields, a possible workaround is to use wp_insert_post_empty_content filter, but we are unable to customize the error message. Moreover at this point some DB rows are inserted, so inside the filter above we have to call wp_delete_post manually in order to clean DB (taking care to check auto-draft post status).
In the case of editing post, things get a bit more complicated, so we could use transactions with the help of xmlrpc_call/wp_insert_post actions.

So, the patch aims to add a new filter named xmlrpc_before_insert_post that allows to do this check in a more robust manner (for wp.newPost and wp.editPost XML-RCP methods).

Typical usage:


if ( defined( 'XMLRPC_REQUEST' ) ) {
   add_filter( 'xmlrpc_before_insert_post', 'my_filter_xmlrpc_before_insert_post', 10, 3 );
function my_filter_xmlrpc_before_insert_post ( $post_data, $content_struct, $user  ) {
   // do checks with $post_data, i.e:
   if ( title_contains_stop_words( $post_data['post_title'] ) )
      return new IXR_Error( 500, 'Post title contains invalid words' );
   return $post_data,

The filter is placed inside _insert_post helper function before get_default_post_to_edit() that isthe first statement that adds a new DB row.


Attachments (1)

39699.patch (4.2 KB) - added by enrico.sorcinelli 7 years ago.

Download all attachments as: .zip

Change History (6)

#1 @SergeyBiryukov
7 years ago

  • Milestone changed from Awaiting Review to 4.9

#2 @jbpaul17
7 years ago

  • Keywords has-patch needs-testing added

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.

7 years ago

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.

7 years ago

#5 @jbpaul17
7 years ago

  • Milestone changed from 4.9 to Future Release

Punting to Future Release per today's 4.8 bug scrub.

Note: See TracTickets for help on using tickets.