Ticket #5666 (closed defect: fixed)

Opened 6 months ago

Last modified 3 months ago

faultString in xmlrpc responses is not properly escaped

Reported by: josephscott Assigned to: josephscott
Priority: normal Milestone: 2.5.1
Component: XML-RPC Version: 2.3.2
Severity: normal Keywords: has-patch
Cc: josephscott

Description

The xmlrpc spec indicates that < and & be encoded as &lt; and &amp; in strings. When an error is returned from an xmlrpc call the IXR class doesn't attempt to encode these as it does with regular string values.

I'm inclined to have IXR make use of htmlspecialchars() for this as it does for regular string values.

Attachments

class-IXR.php.diff (449 bytes) - added by josephscott on 04/03/08 21:27:12.

Change History

04/03/08 21:27:12 changed by josephscott

  • attachment class-IXR.php.diff added.

04/03/08 21:28:17 changed by josephscott

  • keywords changed from needs-patch to has-patch.

Provide patch to the XML-RPC library (IXR) for escaping error text.

04/07/08 18:30:52 changed by ryan

  • status changed from new to closed.
  • resolution set to fixed.

(In [7615]) Escape faultString in IXR. Props josephscott. fixes #5666 for trunk

04/07/08 18:32:18 changed by ryan

(In [7616]) Escape faultString in IXR. Props josephscott. fixes #5666 for 2.5

04/07/08 18:33:31 changed by ryan

  • milestone changed from 2.6 to 2.5.1.