Make WordPress Core

Opened 15 months ago

Closed 14 months ago

Last modified 14 months ago

#56492 closed defect (bug) (fixed)

blogger.getUsersBlogs doesn't work on Multisite when HTTPS is enforced

Reported by: dd32's profile dd32 Owned by: desrosj's profile desrosj
Milestone: 6.1 Priority: normal
Severity: normal Version:
Component: XML-RPC Keywords: has-patch
Focuses: multisite Cc:

Description

The XML-RPC endpoint blogger.getUsersBlogs doesn't work on Multisite environments which require HTTPS.

This is because the endpoint defers to wp_xmlrpc_server::_multisite_getUsersBlogs() on multisite which then performs a new IXR request against the current site, and IXR_Client only supports HTTP.

https://github.com/WordPress/wordpress-develop/blob/3a730ec57c2a29765b438cc8bd9559eda2e8f648/src/wp-includes/class-wp-xmlrpc-server.php#L4847-L4856

The attached PR simply changes the code to instead call the XMLRPC method directly, rather than through an additional HTTP request, avoiding the network loopback request and removing the failure points.

Change History (5)

This ticket was mentioned in PR #3167 on WordPress/wordpress-develop by dd32.


15 months ago
#1

  • Keywords has-patch added

#2 @SergeyBiryukov
15 months ago

  • Milestone changed from Awaiting Review to 6.1

#3 @desrosj
14 months ago

  • Owner set to desrosj
  • Status changed from new to reviewing

#4 @desrosj
14 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 54468:

XML-RPC: Avoid loopback request in blogger.getUsersBlogs.

The blogger.getUsersBlogs endpoint does not currently work on Multisite environments which require HTTPS.

This changes wp_xmlrpc_server::_multisite_getUsersBlogs() to call the method directly instead of relying on a new IXR_Client request, which only supports HTTP.

Props dd32.
Fixes #56492.

desrosj commented on PR #3167:


14 months ago
#5

Merged in wp_getUsersBlogs.

Note: See TracTickets for help on using tickets.