Make WordPress Core

Opened 16 years ago

Closed 16 years ago

Last modified 16 years ago

#5666 closed defect (bug) (fixed)

faultString in xmlrpc responses is not properly escaped

Reported by: josephscott's profile josephscott Owned by: josephscott's profile josephscott
Milestone: 2.5.1 Priority: normal
Severity: normal Version: 2.3.2
Component: XML-RPC Keywords: has-patch
Focuses: Cc:

Description

The xmlrpc spec indicates that < and & be encoded as &lt; and &amp; in strings. When an error is returned from an xmlrpc call the IXR class doesn't attempt to encode these as it does with regular string values.

I'm inclined to have IXR make use of htmlspecialchars() for this as it does for regular string values.

Attachments (1)

class-IXR.php.diff (449 bytes) - added by josephscott 16 years ago.

Download all attachments as: .zip

Change History (5)

#1 @josephscott
16 years ago

  • Keywords has-patch added; needs-patch removed

Provide patch to the XML-RPC library (IXR) for escaping error text.

#2 @ryan
16 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [7615]) Escape faultString in IXR. Props josephscott. fixes #5666 for trunk

#3 @ryan
16 years ago

(In [7616]) Escape faultString in IXR. Props josephscott. fixes #5666 for 2.5

#4 @ryan
16 years ago

  • Milestone changed from 2.6 to 2.5.1
Note: See TracTickets for help on using tickets.