diff options
-rw-r--r-- | wp-admin/index-extra.php | 4 | ||||
-rw-r--r-- | wp-includes/post.php | 2 | ||||
-rw-r--r-- | xmlrpc.php | 36 |
3 files changed, 24 insertions, 18 deletions
diff --git a/wp-admin/index-extra.php b/wp-admin/index-extra.php index 782e0a7..d5262ca 100644 --- a/wp-admin/index-extra.php +++ b/wp-admin/index-extra.php @@ -2,6 +2,8 @@ require_once('admin.php'); require_once (ABSPATH . WPINC . '/rss.php'); +@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); + switch ( $_GET['jax'] ) { case 'incominglinks' : @@ -64,4 +66,4 @@ $post = preg_replace( '|.+?:(.+)|s', '$1', $item['title'] ); break; } -?>
\ No newline at end of file +?> diff --git a/wp-includes/post.php b/wp-includes/post.php index 0241698..391bd9d 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -674,6 +674,8 @@ function wp_insert_post($postarr = array()) { do_action('publish_post', $post_ID); if ( defined('XMLRPC_REQUEST') ) do_action('xmlrpc_publish_post', $post_ID); + if ( defined('APP_REQUEST') ) + do_action('app_publish_post', $post_ID); if ( !defined('WP_IMPORTING') ) { if ( $post_pingback ) @@ -148,13 +148,18 @@ class wp_xmlrpc_server extends IXR_Server { function escape(&$array) { global $wpdb; - foreach ( (array) $array as $k => $v ) { - if (is_array($v)) { - $this->escape($array[$k]); - } else if (is_object($v)) { - //skip - } else { - $array[$k] = $wpdb->escape($v); + if(is_string($array)) { + return($wpdb->escape($array)); + } + else { + foreach ( (array) $array as $k => $v ) { + if (is_array($v)) { + $this->escape($array[$k]); + } else if (is_object($v)) { + //skip + } else { + $array[$k] = $wpdb->escape($v); + } } } } @@ -283,11 +288,9 @@ class wp_xmlrpc_server extends IXR_Server { * wp_newPage */ function wp_newPage($args) { - $this->escape($args); - - $blog_id = $args[0]; - $username = $args[1]; - $password = $args[2]; + // Items not escaped here will be escaped in newPost. + $username = $this->escape($args[1]); + $password = $this->escape($args[2]); $page = $args[3]; $publish = $args[4]; @@ -355,12 +358,11 @@ class wp_xmlrpc_server extends IXR_Server { * wp_editPage */ function wp_editPage($args) { - $this->escape($args); - + // Items not escaped here will be escaped in editPost. $blog_id = $args[0]; - $page_id = $args[1]; - $username = $args[2]; - $password = $args[3]; + $page_id = $this->escape($args[1]); + $username = $this->escape($args[2]); + $password = $this->escape($args[3]); $content = $args[4]; $publish = $args[5]; |