golem
/
twentyGOLEM
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

editPage and newPage escaping fixes from Joseph. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@4874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-02-12 19:20:31 +00:00
parent 92cf3691ad
commit 715ea738eb
1 changed files with 19 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
xmlrpc.php
View File

@ -148,13 +148,18 @@ class wp_xmlrpc_server extends IXR_Server {
function escape(&$array) { function escape(&$array) {
global $wpdb; global $wpdb;
foreach ( (array) $array as $k => $v ) { if(is_string($array)) {
if (is_array($v)) { return($wpdb->escape($array));
$this->escape($array[$k]); }
} else if (is_object($v)) { else {
//skip foreach ( (array) $array as $k => $v ) {
} else { if (is_array($v)) {
$array[$k] = $wpdb->escape($v); $this->escape($array[$k]);
} else if (is_object($v)) {
//skip
} else {
$array[$k] = $wpdb->escape($v);
}
} }
} }
} }
@ -283,11 +288,9 @@ class wp_xmlrpc_server extends IXR_Server {
* wp_newPage * wp_newPage
*/ */
function wp_newPage($args) { function wp_newPage($args) {
$this->escape($args); // Items not escaped here will be escaped in newPost.
$username = $this->escape($args[1]);
$blog_id = $args[0]; $password = $this->escape($args[2]);
$username = $args[1];
$password = $args[2];
$page = $args[3]; $page = $args[3];
$publish = $args[4]; $publish = $args[4];
@ -355,12 +358,11 @@ class wp_xmlrpc_server extends IXR_Server {
* wp_editPage * wp_editPage
*/ */
function wp_editPage($args) { function wp_editPage($args) {
$this->escape($args); // Items not escaped here will be escaped in editPost.
$blog_id = $args[0]; $blog_id = $args[0];
$page_id = $args[1]; $page_id = $this->escape($args[1]);
$username = $args[2]; $username = $this->escape($args[2]);
$password = $args[3]; $password = $this->escape($args[3]);
$content = $args[4]; $content = $args[4];
$publish = $args[5]; $publish = $args[5];