From 0e84d59de5da29ef1de11b8f5289935f2454dfa3 Mon Sep 17 00:00:00 2001
From: Scott Taylor <scott.c.taylor@mac.com>
Date: Sun, 11 Jan 2015 22:31:22 +0000
Subject: [PATCH] In `wp_xmlrpc_server`, only allow `__call()` to run against
 `->_multisite_getUsersBlogs()`.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31149


git-svn-id: http://core.svn.wordpress.org/trunk@31130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/class-wp-xmlrpc-server.php | 5 ++++-
 wp-includes/version.php                | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php
index 31ac095efb..30512b86b7 100644
--- a/wp-includes/class-wp-xmlrpc-server.php
+++ b/wp-includes/class-wp-xmlrpc-server.php
@@ -161,7 +161,10 @@ class wp_xmlrpc_server extends IXR_Server {
 	 * @return mixed|bool Return value of the callback, false otherwise.
 	 */
 	public function __call( $name, $arguments ) {
-		return call_user_func_array( array( $this, $name ), $arguments );
+		if ( '_multisite_getUsersBlogs' === $name ) {
+			return call_user_func_array( array( $this, $name ), $arguments );
+		}
+		return false;
 	}
 
 	public function serve_request() {
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 8de4ca0146..cbceb0090b 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.2-alpha-31148';
+$wp_version = '4.2-alpha-31149';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.