From c09f6ffbdb978cd6d2fb05f03e9a85ea332b1d99 Mon Sep 17 00:00:00 2001 From: ryan Date: Mon, 18 Jun 2007 00:18:18 +0000 Subject: [PATCH] escape before extracting. Props Alexander Concha. git-svn-id: http://svn.automattic.com/wordpress/trunk@5721 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- xmlrpc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xmlrpc.php b/xmlrpc.php index ad30a7c01d..51dfc64139 100644 --- a/xmlrpc.php +++ b/xmlrpc.php @@ -845,7 +845,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can('edit_post', $post_ID) ) return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); - extract($actual_post); + extract($actual_post, EXTR_SKIP); if ( ('publish' == $post_status) && !current_user_can('publish_posts') ) return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); @@ -1121,8 +1121,8 @@ class wp_xmlrpc_server extends IXR_Server { return(new IXR_Error(404, __("Invalid post id."))); } - extract($postdata); $this->escape($postdata); + extract($postdata, EXTR_SKIP); // Let WordPress manage slug if none was provided. $post_name = "";