diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-02-13 12:09:06 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-02-13 12:09:06 +0000 |
commit | a52c988555ca239f44ac8aa779068e1d2f9a446e (patch) | |
tree | ac18f614ffa2dc55eb4131b6d0aa9965131e96d5 /xmlrpc.php | |
parent | 89971da62cd480824941e9c59cb9b9af00851536 (diff) | |
download | wordpress-mu-a52c988555ca239f44ac8aa779068e1d2f9a446e.tar.gz wordpress-mu-a52c988555ca239f44ac8aa779068e1d2f9a446e.tar.xz wordpress-mu-a52c988555ca239f44ac8aa779068e1d2f9a446e.zip |
WP Merge to rev 4874
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@883 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'xmlrpc.php')
-rw-r--r-- | xmlrpc.php | 36 |
1 files changed, 19 insertions, 17 deletions
@@ -148,13 +148,18 @@ class wp_xmlrpc_server extends IXR_Server { function escape(&$array) { global $wpdb; - foreach ( (array) $array as $k => $v ) { - if (is_array($v)) { - $this->escape($array[$k]); - } else if (is_object($v)) { - //skip - } else { - $array[$k] = $wpdb->escape($v); + if(is_string($array)) { + return($wpdb->escape($array)); + } + else { + foreach ( (array) $array as $k => $v ) { + if (is_array($v)) { + $this->escape($array[$k]); + } else if (is_object($v)) { + //skip + } else { + $array[$k] = $wpdb->escape($v); + } } } } @@ -283,11 +288,9 @@ class wp_xmlrpc_server extends IXR_Server { * wp_newPage */ function wp_newPage($args) { - $this->escape($args); - - $blog_id = $args[0]; - $username = $args[1]; - $password = $args[2]; + // Items not escaped here will be escaped in newPost. + $username = $this->escape($args[1]); + $password = $this->escape($args[2]); $page = $args[3]; $publish = $args[4]; @@ -355,12 +358,11 @@ class wp_xmlrpc_server extends IXR_Server { * wp_editPage */ function wp_editPage($args) { - $this->escape($args); - + // Items not escaped here will be escaped in editPost. $blog_id = $args[0]; - $page_id = $args[1]; - $username = $args[2]; - $password = $args[3]; + $page_id = $this->escape($args[1]); + $username = $this->escape($args[2]); + $password = $this->escape($args[3]); $content = $args[4]; $publish = $args[5]; |