WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

editPage and newPage escaping fixes from Joseph. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@4874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-02-12 19:20:31 +00:00
parent 92cf3691ad
commit 715ea738eb
1 changed files with 19 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
xmlrpc.php
View File

@ -148,6 +148,10 @@ class wp_xmlrpc_server extends IXR_Server {
function escape(&$array) {
global $wpdb;
if(is_string($array)) {
return($wpdb->escape($array));
}
else {
foreach ( (array) $array as $k => $v ) {
if (is_array($v)) {
$this->escape($array[$k]);
@ -158,6 +162,7 @@ class wp_xmlrpc_server extends IXR_Server {
}
}
}
}
/**
* WordPress XML-RPC API
@ -283,11 +288,9 @@ class wp_xmlrpc_server extends IXR_Server {
* wp_newPage
*/
function wp_newPage($args) {
$this->escape($args);
$blog_id = $args[0];
$username = $args[1];
$password = $args[2];
// Items not escaped here will be escaped in newPost.
$username = $this->escape($args[1]);
$password = $this->escape($args[2]);
$page = $args[3];
$publish = $args[4];
@ -355,12 +358,11 @@ class wp_xmlrpc_server extends IXR_Server {
* wp_editPage
*/
function wp_editPage($args) {
$this->escape($args);
// Items not escaped here will be escaped in editPost.
$blog_id = $args[0];
$page_id = $args[1];
$username = $args[2];
$password = $args[3];
$page_id = $this->escape($args[1]);
$username = $this->escape($args[2]);
$password = $this->escape($args[3]);
$content = $args[4];
$publish = $args[5];