* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* @package IXR
- * @since 1.5
+ * @since 1.5.0
*
* @copyright Incutio Ltd 2010 (http://www.incutio.com)
* @version 1.7.4 7th September 2010
* IXR_Value
*
* @package IXR
- * @since 1.5
+ * @since 1.5.0
*/
class IXR_Value {
var $data;
* IXR_MESSAGE
*
* @package IXR
- * @since 1.5
+ * @since 1.5.0
*
*/
class IXR_Message
{
// first remove the XML declaration
// merged from WP #10698 - this method avoids the RAM usage of preg_replace on very large messages
- $header = preg_replace( '/<\?xml.*?\?'.'>/', '', substr($this->message, 0, 100), 1);
- $this->message = substr_replace($this->message, $header, 0, 100);
- if (trim($this->message) == '') {
+ $header = preg_replace( '/<\?xml.*?\?'.'>/s', '', substr( $this->message, 0, 100 ), 1 );
+ $this->message = trim( substr_replace( $this->message, $header, 0, 100 ) );
+ if ( '' == $this->message ) {
return false;
}
+
+ // Then remove the DOCTYPE
+ $header = preg_replace( '/^<!DOCTYPE[^>]*+>/i', '', substr( $this->message, 0, 200 ), 1 );
+ $this->message = trim( substr_replace( $this->message, $header, 0, 200 ) );
+ if ( '' == $this->message ) {
+ return false;
+ }
+
+ // Check that the root tag is valid
+ $root_tag = substr( $this->message, 0, strcspn( substr( $this->message, 0, 20 ), "> \t\r\n" ) );
+ if ( '<!DOCTYPE' === strtoupper( $root_tag ) ) {
+ return false;
+ }
+ if ( ! in_array( $root_tag, array( '<methodCall', '<methodResponse', '<fault' ) ) ) {
+ return false;
+ }
+
+ // Bail if there are too many elements to parse
+ $element_limit = 30000;
+ if ( function_exists( 'apply_filters' ) ) {
+ $element_limit = apply_filters( 'xmlrpc_element_limit', $element_limit );
+ }
+ if ( $element_limit && 2 * $element_limit < substr_count( $this->message, '<' ) ) {
+ return false;
+ }
+
$this->_parser = xml_parser_create();
// Set XML parser to take the case of tags in to account
xml_parser_set_option($this->_parser, XML_OPTION_CASE_FOLDING, false);
$this->_arraystructs[count($this->_arraystructs)-1][] = $value;
}
} else {
- // Just add as a paramater
+ // Just add as a parameter
$this->params[] = $value;
}
}
* IXR_Server
*
* @package IXR
- * @since 1.5
+ * @since 1.5.0
*/
class IXR_Server
{
// Perform the callback and send the response
if (count($args) == 1) {
- // If only one paramater just send that instead of the whole array
+ // If only one parameter just send that instead of the whole array
$args = $args[0];
}
* IXR_Request
*
* @package IXR
- * @since 1.5
+ * @since 1.5.0
*/
class IXR_Request
{
* IXR_Client
*
* @package IXR
- * @since 1.5
+ * @since 1.5.0
*
*/
class IXR_Client
if (!$this->path) {
$this->path = '/';
}
+
+ if ( ! empty( $bits['query'] ) ) {
+ $this->path .= '?' . $bits['query'];
+ }
} else {
$this->server = $server;
$this->path = $path;
* IXR_Error
*
* @package IXR
- * @since 1.5
+ * @since 1.5.0
*/
class IXR_Error
{
* IXR_Date
*
* @package IXR
- * @since 1.5
+ * @since 1.5.0
*/
class IXR_Date {
var $year;
* IXR_Base64
*
* @package IXR
- * @since 1.5
+ * @since 1.5.0
*/
class IXR_Base64
{
* IXR_IntrospectionServer
*
* @package IXR
- * @since 1.5
+ * @since 1.5.0
*/
class IXR_IntrospectionServer extends IXR_Server
{
* IXR_ClientMulticall
*
* @package IXR
- * @since 1.5
+ * @since 1.5.0
*/
class IXR_ClientMulticall extends IXR_Client
{