WordPress.org
Get WordPress

Make WordPress Core

Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#5666 closed defect (bug) (fixed)

faultString in xmlrpc responses is not properly escaped

Reported by: josephscott's profile josephscott Owned by: josephscott's profile josephscott
Milestone: 2.5.1 Priority: normal
Severity: normal Version: 2.3.2
Component: XML-RPC Keywords: has-patch
Focuses: Cc:

Description

The xmlrpc spec indicates that < and & be encoded as &lt; and &amp; in strings. When an error is returned from an xmlrpc call the IXR class doesn't attempt to encode these as it does with regular string values.

I'm inclined to have IXR make use of htmlspecialchars() for this as it does for regular string values.

Attachments (1)

class-IXR.php.diff (449 bytes) - added by josephscott 18 years ago.

Download all attachments as: .zip

Change History (5)

@josephscott
18 years ago

#1 @josephscott
18 years ago

  • Keywords has-patch added; needs-patch removed

Provide patch to the XML-RPC library (IXR) for escaping error text.

#2 @ryan
18 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [7615]) Escape faultString in IXR. Props josephscott. fixes #5666 for trunk

#3 @ryan
18 years ago

(In [7616]) Escape faultString in IXR. Props josephscott. fixes #5666 for 2.5

#4 @ryan
18 years ago

  • Milestone changed from 2.6 to 2.5.1
Note: See TracTickets for help on using tickets.