From 504eb9aa0d02de275e28967c52588ef8b07e8431 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <wp@andrewnacin.com>
Date: Tue, 30 Dec 2014 20:41:23 +0000
Subject: [PATCH] XML-RPC: Send 405 Method Not Allowed for GET requests.

props maxcutler.
fixes #20986.

Built from https://develop.svn.wordpress.org/trunk@31004


git-svn-id: http://core.svn.wordpress.org/trunk@30985 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/class-IXR.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/wp-includes/class-IXR.php b/wp-includes/class-IXR.php
index 91b65e96bf..5930f562e4 100644
--- a/wp-includes/class-IXR.php
+++ b/wp-includes/class-IXR.php
@@ -402,7 +402,11 @@ class IXR_Server
     {
         if (!$data) {
             if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] !== 'POST') {
-            	header('Content-Type: text/plain'); // merged from WP #9093
+                if ( function_exists( 'status_header' ) ) {
+                    status_header( 405 ); // WP #20986
+                    header( 'Allow: POST' );
+                }
+                header('Content-Type: text/plain'); // merged from WP #9093
                 die('XML-RPC server accepts POST requests only.');
             }