editPage and newPage escaping fixes from Joseph.
git-svn-id: http://svn.automattic.com/wordpress/trunk@4874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
92cf3691ad
commit
715ea738eb
22
xmlrpc.php
22
xmlrpc.php
|
|
@ -148,6 +148,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
function escape(&$array) {
|
||||
global $wpdb;
|
||||
|
||||
if(is_string($array)) {
|
||||
return($wpdb->escape($array));
|
||||
}
|
||||
else {
|
||||
foreach ( (array) $array as $k => $v ) {
|
||||
if (is_array($v)) {
|
||||
$this->escape($array[$k]);
|
||||
|
|
@ -158,6 +162,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* WordPress XML-RPC API
|
||||
|
|
@ -283,11 +288,9 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
* wp_newPage
|
||||
*/
|
||||
function wp_newPage($args) {
|
||||
$this->escape($args);
|
||||
|
||||
$blog_id = $args[0];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
// Items not escaped here will be escaped in newPost.
|
||||
$username = $this->escape($args[1]);
|
||||
$password = $this->escape($args[2]);
|
||||
$page = $args[3];
|
||||
$publish = $args[4];
|
||||
|
||||
|
|
@ -355,12 +358,11 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
* wp_editPage
|
||||
*/
|
||||
function wp_editPage($args) {
|
||||
$this->escape($args);
|
||||
|
||||
// Items not escaped here will be escaped in editPost.
|
||||
$blog_id = $args[0];
|
||||
$page_id = $args[1];
|
||||
$username = $args[2];
|
||||
$password = $args[3];
|
||||
$page_id = $this->escape($args[1]);
|
||||
$username = $this->escape($args[2]);
|
||||
$password = $this->escape($args[3]);
|
||||
$content = $args[4];
|
||||
$publish = $args[5];
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue