editPage and newPage escaping fixes from Joseph.

git-svn-id: http://svn.automattic.com/wordpress/trunk@4874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-02-12 19:20:31 +00:00 · 2007-02-12 19:20:31 +00:00 · 715ea738eb
parent 92cf3691ad
commit 715ea738eb
1 changed files with 19 additions and 17 deletions
--- a/xmlrpc.php
+++ b/xmlrpc.php
@ -148,13 +148,18 @@ class wp_xmlrpc_server extends IXR_Server {
 	function escape(&$array) {
 		global $wpdb;

-		foreach ( (array) $array as $k => $v ) {
-			if (is_array($v)) {
-				$this->escape($array[$k]);
-			} else if (is_object($v)) {
-				//skip
-			} else {
-				$array[$k] = $wpdb->escape($v);
+		if(is_string($array)) {
+			return($wpdb->escape($array));
+		}
+		else {
+			foreach ( (array) $array as $k => $v ) {
+				if (is_array($v)) {
+					$this->escape($array[$k]);
+				} else if (is_object($v)) {
+					//skip
+				} else {
+					$array[$k] = $wpdb->escape($v);
+				}
 			}
 		}
 	}
@ -283,11 +288,9 @@ class wp_xmlrpc_server extends IXR_Server {
 	 * wp_newPage
 	 */
 	function wp_newPage($args) {
-		$this->escape($args);
-
-		$blog_id	= $args[0];
-		$username	= $args[1];
-		$password	= $args[2];
+		// Items not escaped here will be escaped in newPost.
+		$username	= $this->escape($args[1]);
+		$password	= $this->escape($args[2]);
 		$page		= $args[3];
 		$publish	= $args[4];

@ -355,12 +358,11 @@ class wp_xmlrpc_server extends IXR_Server {
 	 * wp_editPage
 	 */
 	function wp_editPage($args) {
-		$this->escape($args);
-
+		// Items not escaped here will be escaped in editPost.
 		$blog_id	= $args[0];
-		$page_id	= $args[1];
-		$username	= $args[2];
-		$password	= $args[3];
+		$page_id	= $this->escape($args[1]);
+		$username	= $this->escape($args[2]);
+		$password	= $this->escape($args[3]);
 		$content	= $args[4];
 		$publish	= $args[5];