Changeset 1077

Show
Ignore:
Timestamp:
10/15/07 17:12:03 (1 year ago)
Author:
donncha
Message:

Disable xmlrpc posting by default

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/index-install.php

    r1070 r1077  
    369369        $wpdb->query( "INSERT INTO ".$wpdb->sitemeta." (meta_id, site_id, meta_key, meta_value) VALUES (NULL, 1, 'admin_user_id', '1')" ); 
    370370        $wpdb->query( "INSERT INTO ".$wpdb->sitemeta." (meta_id, site_id, meta_key, meta_value) VALUES (NULL, 1, 'registration', 'none')" ); 
     371        $wpdb->query( "INSERT INTO ".$wpdb->sitemeta." (meta_id, site_id, meta_key, meta_value) VALUES (NULL, 1, 'xmlrpc_active', 'no')" ); 
    371372        $wpdb->query( "INSERT INTO ".$wpdb->site." ( id, domain, path ) VALUES ( NULL, '$domain', '$base' )" ); 
    372373        $wpdb->query( "INSERT INTO " . $wpdb->sitecategories . " ( cat_ID, cat_name, category_nicename, last_updated ) VALUES (1, 'Uncategorized', 'uncategorized', NOW())" ); 

  • trunk/wp-admin/wpmu-edit.php

    r1067 r1077  
    2626                update_site_option( "illegal_names", $names ); 
    2727                update_site_option( "registration", $wpdb->escape( $_POST[ 'registration' ] ) ); 
     28                update_site_option( "xmlrpc_active", $wpdb->escape( $_POST[ 'xmlrpc_active' ] ) ); 
    2829                update_site_option( "registrationnotification", $wpdb->escape( $_POST[ 'registrationnotification' ] ) ); 
    2930                if( $_POST[ 'limited_email_domains' ] != '' ) { 

  • trunk/wp-admin/wpmu-options.php

    r1067 r1077  
    5656                <input name="registrationnotification" type="radio" id="registrationnotification2" value='no' <?php echo get_site_option('registrationnotification') == 'no' ? 'checked' : ''; ?> /> No<br /> 
    5757                <?php _e('Send the site admin an email notification every time someone registers a blog or user account.') ?></td>  
     58                </tr>  
     59                <tr valign="top">  
     60                <th scope="row"><?php _e('Enable posting by XMLRPC') ?></th>  
     61                <?php 
     62                if( !get_site_option('xmlrpc_active') ) 
     63                        update_site_option( 'xmlrpc_active', 'no' ); 
     64                ?> 
     65                <td><input name="xmlrpc_active" type="radio" id="xmlrpc_active1" value='yes' <?php echo get_site_option('xmlrpc_active') == 'yes' ? 'checked' : ''; ?> /> Yes<br /> 
     66                <input name="xmlrpc_active" type="radio" id="xmlrpc_active2" value='no' <?php echo get_site_option('xmlrpc_active') == 'no' ? 'checked' : ''; ?> /> No<br /> 
     67                <?php _e('This is an advanced technique for making posts to blogs. It is used by <a href="http://codex.wordpress.org/Weblog_Client">blog clients</a> like Ecto, Flock and Microsoft Live Writer and by Flickr to post pictures to blogs. Unfortunately it is also extensively used by spammers. <em>Disabled by Default</em>') ?></td>  
    5868                </tr>  
    5969                <tr valign="top">  

  • trunk/wp-includes/wpmu-functions.php

    r1076 r1077  
    19241924} 
    19251925add_filter( 'allowed_redirect_hosts', 'redirect_this_site' ); 
     1926 
     1927function is_xmlrpc_active() { 
     1928        global $HTTP_RAW_POST_DATA; 
     1929        if ($HTTP_RAW_POST_DATA) 
     1930                $data = $HTTP_RAW_POST_DATA; 
     1931 
     1932        // kill everything but pingbacks if xmlrpc is disabled 
     1933        if( defined( 'XMLRPC_REQUEST' ) && strpos( $data, '<methodName>pingback.ping</methodName>' ) === false && get_site_option( 'xmlrpc_active' ) != 'yes' ) 
     1934                die(); 
     1935} 
     1936add_action( 'init', 'is_xmlrpc_active' ); 
    19261937?>