From d7f840a211f8198ef8e5a402220e8f4c7edaeea0 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov.ru@gmail.com>
Date: Tue, 13 Sep 2016 23:17:28 +0000
Subject: [PATCH] XML-RPC: Check the minimum number of arguments in
 `::wp_getUsersBlogs()` and `::blogger_getUsersBlogs()`.

Props kitchin for initial patch.
Fixes #29750.
Built from https://develop.svn.wordpress.org/trunk@38600


git-svn-id: http://core.svn.wordpress.org/trunk@38543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/class-wp-xmlrpc-server.php | 11 ++++++++++-
 wp-includes/version.php                |  2 +-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php
index fa776461c8..3ff4390720 100644
--- a/wp-includes/class-wp-xmlrpc-server.php
+++ b/wp-includes/class-wp-xmlrpc-server.php
@@ -596,6 +596,10 @@ class wp_xmlrpc_server extends IXR_Server {
 	 *  - 'xmlrpc' - url of xmlrpc endpoint
 	 */
 	public function wp_getUsersBlogs( $args ) {
+		if ( ! $this->minimum_args( $args, 2 ) ) {
+			return $this->error;
+		}
+
 		// If this isn't on WPMU then just use blogger_getUsersBlogs
 		if ( !is_multisite() ) {
 			array_unshift( $args, 1 );
@@ -4322,8 +4326,13 @@ class wp_xmlrpc_server extends IXR_Server {
 	 * @return array|IXR_Error
 	 */
 	public function blogger_getUsersBlogs($args) {
-		if ( is_multisite() )
+		if ( ! $this->minimum_args( $args, 3 ) ) {
+			return $this->error;
+		}
+
+		if ( is_multisite() ) {
 			return $this->_multisite_getUsersBlogs($args);
+		}
 
 		$this->escape($args);
 
diff --git a/wp-includes/version.php b/wp-includes/version.php
index ffe9e7b5ed..267515274d 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.7-alpha-38599';
+$wp_version = '4.7-alpha-38600';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.