escape before extracting. Props Alexander Concha.

git-svn-id: http://svn.automattic.com/wordpress/branches/2.2@5722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-06-18 00:19:15 +00:00
parent fa3bd8e93e
commit 43f26d2927
1 changed files with 2 additions and 2 deletions

View File

@ -849,7 +849,7 @@ class wp_xmlrpc_server extends IXR_Server {
if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
extract($actual_post);
extract($actual_post, EXTR_SKIP);
if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.'));
@ -1127,8 +1127,8 @@ class wp_xmlrpc_server extends IXR_Server {
return(new IXR_Error(404, __("Invalid post id.")));
}
extract($postdata);
$this->escape($postdata);
extract($postdata, EXTR_SKIP);
// Let WordPress manage slug if none was provided.
$post_name = "";