From 2a35e075d7afa51bce7789b21c379807df90df3e Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Mon, 29 Jun 2015 02:07:23 +0000 Subject: [PATCH] XML-RPC: Only escape what we need to in `wp.editPage`, this allows for passwords with the special characters `"'` to work in a request. Props redsweater for initial Patch. Fixes #32703 Built from https://develop.svn.wordpress.org/trunk@32993 git-svn-id: http://core.svn.wordpress.org/trunk@32964 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-xmlrpc-server.php | 14 +++++++++----- wp-includes/version.php | 2 +- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php index 2571a3510b..4a68aaae5a 100644 --- a/wp-includes/class-wp-xmlrpc-server.php +++ b/wp-includes/class-wp-xmlrpc-server.php @@ -2747,15 +2747,19 @@ class wp_xmlrpc_server extends IXR_Server { * @return array|IXR_Error */ public function wp_editPage( $args ) { - // Items not escaped here will be escaped in editPost. - $page_id = (int) $this->escape($args[1]); - $username = $this->escape($args[2]); - $password = $this->escape($args[3]); + // Items will be escaped in mw_editPost. + $page_id = (int) $args[1]; + $username = $args[2]; + $password = $args[3]; $content = $args[4]; $publish = $args[5]; - if ( !$user = $this->login($username, $password) ) + $escaped_username = $this->escape( $username ); + $escaped_password = $this->escape( $password ); + + if ( !$user = $this->login( $escaped_username, $escaped_password ) ) { return $this->error; + } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editPage' ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 809f50888b..c8dc777b87 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.3-alpha-32992'; +$wp_version = '4.3-alpha-32993'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.