escape before extracting. Props Alexander Concha.
git-svn-id: http://svn.automattic.com/wordpress/trunk@5721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
3ca7762517
commit
c09f6ffbdb
|
@ -845,7 +845,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
if ( !current_user_can('edit_post', $post_ID) )
|
if ( !current_user_can('edit_post', $post_ID) )
|
||||||
return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
|
return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
|
||||||
|
|
||||||
extract($actual_post);
|
extract($actual_post, EXTR_SKIP);
|
||||||
|
|
||||||
if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
|
if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
|
||||||
return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.'));
|
return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.'));
|
||||||
|
@ -1121,8 +1121,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
return(new IXR_Error(404, __("Invalid post id.")));
|
return(new IXR_Error(404, __("Invalid post id.")));
|
||||||
}
|
}
|
||||||
|
|
||||||
extract($postdata);
|
|
||||||
$this->escape($postdata);
|
$this->escape($postdata);
|
||||||
|
extract($postdata, EXTR_SKIP);
|
||||||
|
|
||||||
// Let WordPress manage slug if none was provided.
|
// Let WordPress manage slug if none was provided.
|
||||||
$post_name = "";
|
$post_name = "";
|
||||||
|
|
Loading…
Reference in New Issue