escape before extracting. Props Alexander Concha.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
dac513e9e5
commit
d446bf0e42
|
@ -2,7 +2,7 @@
|
|||
|
||||
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN
|
||||
|
||||
$wp_version = '2.0.11-RC4';
|
||||
$wp_version = '2.0.11-RC5';
|
||||
$wp_db_version = 3441;
|
||||
|
||||
?>
|
||||
|
|
|
@ -431,7 +431,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.');
|
||||
|
||||
extract($actual_post);
|
||||
extract($actual_post, EXTR_SKIP);
|
||||
|
||||
if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
|
||||
return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.');
|
||||
|
@ -597,8 +597,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
||||
|
||||
$postdata = wp_get_single_post($post_ID, ARRAY_A);
|
||||
extract($postdata);
|
||||
$this->escape($postdata);
|
||||
extract($postdata, EXTR_SKIP);
|
||||
|
||||
$post_title = $content_struct['title'];
|
||||
$post_content = apply_filters( 'content_save_pre', $content_struct['description'] );
|
||||
|
|
Loading…
Reference in New Issue