4 files changed, 23 insertions, 0 deletions

diff --git a/index-install.php b/index-install.php
index c8fa6ff..ade51ce 100644
--- a/index-install.php
+++ b/index-install.php
@@ -368,6 +368,7 @@ function step3() {
 	$wpdb->query( "INSERT INTO ".$wpdb->sitemeta." (meta_id, site_id, meta_key, meta_value) VALUES (NULL, 1, 'admin_email', '".$email."')" );
 	$wpdb->query( "INSERT INTO ".$wpdb->sitemeta." (meta_id, site_id, meta_key, meta_value) VALUES (NULL, 1, 'admin_user_id', '1')" );
 	$wpdb->query( "INSERT INTO ".$wpdb->sitemeta." (meta_id, site_id, meta_key, meta_value) VALUES (NULL, 1, 'registration', 'none')" );
+	$wpdb->query( "INSERT INTO ".$wpdb->sitemeta." (meta_id, site_id, meta_key, meta_value) VALUES (NULL, 1, 'xmlrpc_active', 'no')" );
 	$wpdb->query( "INSERT INTO ".$wpdb->site." ( id, domain, path ) VALUES ( NULL, '$domain', '$base' )" );
 	$wpdb->query( "INSERT INTO " . $wpdb->sitecategories . " ( cat_ID, cat_name, category_nicename, last_updated ) VALUES (1, 'Uncategorized', 'uncategorized', NOW())" );
 	$wpdb->query( "INSERT INTO " . $wpdb->sitecategories . " ( cat_ID, cat_name, category_nicename, last_updated ) VALUES (2, 'Blogroll', 'blogroll', NOW())" );
diff --git a/wp-admin/wpmu-edit.php b/wp-admin/wpmu-edit.php
index 5665924..9befdff 100644
--- a/wp-admin/wpmu-edit.php
+++ b/wp-admin/wpmu-edit.php
@@ -25,6 +25,7 @@ switch( $_REQUEST[ 'action' ] ) {
 		}
 		update_site_option( "illegal_names", $names );
 		update_site_option( "registration", $wpdb->escape( $_POST[ 'registration' ] ) );
+		update_site_option( "xmlrpc_active", $wpdb->escape( $_POST[ 'xmlrpc_active' ] ) );
 		update_site_option( "registrationnotification", $wpdb->escape( $_POST[ 'registrationnotification' ] ) );
 		if( $_POST[ 'limited_email_domains' ] != '' ) {
 			update_site_option( "limited_email_domains", split( ' ', $_POST[ 'limited_email_domains' ] ) );
diff --git a/wp-admin/wpmu-options.php b/wp-admin/wpmu-options.php
index 8361389..98114a8 100644
--- a/wp-admin/wpmu-options.php
+++ b/wp-admin/wpmu-options.php
@@ -57,6 +57,16 @@ if (isset($_GET['updated'])) {
 		<?php _e('Send the site admin an email notification every time someone registers a blog or user account.') ?></td> 
 		</tr> 
 		<tr valign="top"> 
+		<th scope="row"><?php _e('Enable posting by XMLRPC') ?></th> 
+		<?php
+		if( !get_site_option('xmlrpc_active') )
+			update_site_option( 'xmlrpc_active', 'no' );
+		?>
+		<td><input name="xmlrpc_active" type="radio" id="xmlrpc_active1" value='yes' <?php echo get_site_option('xmlrpc_active') == 'yes' ? 'checked' : ''; ?> /> Yes<br />
+		<input name="xmlrpc_active" type="radio" id="xmlrpc_active2" value='no' <?php echo get_site_option('xmlrpc_active') == 'no' ? 'checked' : ''; ?> /> No<br />
+		<?php _e('This is an advanced technique for making posts to blogs. It is used by <a href="http://codex.wordpress.org/Weblog_Client">blog clients</a> like Ecto, Flock and Microsoft Live Writer and by Flickr to post pictures to blogs. Unfortunately it is also extensively used by spammers. <em>Disabled by Default</em>') ?></td> 
+		</tr> 
+		<tr valign="top"> 
 		<th scope="row"><?php _e('Welcome Email:') ?></th> 
 		<td><textarea name="welcome_email" id="welcome_email" rows='5' cols='45' style="width: 95%"><?php echo stripslashes( get_site_option('welcome_email') ) ?></textarea>
 		<br />
diff --git a/wp-includes/wpmu-functions.php b/wp-includes/wpmu-functions.php
index 7950ef5..e31d86e 100644
--- a/wp-includes/wpmu-functions.php
+++ b/wp-includes/wpmu-functions.php
@@ -1923,4 +1923,15 @@ function redirect_this_site( $hosts ) {
 	return array( $current_site->domain );
 }
 add_filter( 'allowed_redirect_hosts', 'redirect_this_site' );
+
+function is_xmlrpc_active() {
+	global $HTTP_RAW_POST_DATA;
+	if ($HTTP_RAW_POST_DATA)
+		$data = $HTTP_RAW_POST_DATA;
+
+	// kill everything but pingbacks if xmlrpc is disabled
+	if( defined( 'XMLRPC_REQUEST' ) && strpos( $data, '<methodName>pingback.ping</methodName>' ) === false && get_site_option( 'xmlrpc_active' ) != 'yes' )
+		die();
+}
+add_action( 'init', 'is_xmlrpc_active' );
 ?>