Changeset 84084 in spip-zone


Ignore:
Timestamp:
Aug 8, 2014, 10:22:44 AM (5 years ago)
Author:
brunobergot@…
Message:

Version 0.4.4 : report de https://core.trac.wordpress.org/changeset/29404 cf https://wordpress.org/news/2014/08/wordpress-3-9-2/

Location:
_plugins_/xmlrpc/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • _plugins_/xmlrpc/trunk/lib/ixr/ixr_library.php

    r71894 r84084  
    205205        // first remove the XML declaration
    206206        // merged from WP #10698 - this method avoids the RAM usage of preg_replace on very large messages
    207         $header = preg_replace( '/<\?xml.*?\?'.'>/', '', substr($this->message, 0, 100), 1);
    208         $this->message = substr_replace($this->message, $header, 0, 100);
    209         if (trim($this->message) == '') {
     207        $header = preg_replace( '/<\?xml.*?\?'.'>/s', '', substr( $this->message, 0, 100 ), 1 );
     208        $this->message = trim( substr_replace( $this->message, $header, 0, 100 ) );
     209        if ( '' == $this->message ) {
    210210            return false;
    211211        }
     212
     213        // Then remove the DOCTYPE
     214        $header = preg_replace( '/^<!DOCTYPE[^>]*+>/i', '', substr( $this->message, 0, 200 ), 1 );
     215        $this->message = trim( substr_replace( $this->message, $header, 0, 200 ) );
     216        if ( '' == $this->message ) {
     217            return false;
     218        }
     219
     220        // Check that the root tag is valid
     221        $root_tag = substr( $this->message, 0, strcspn( substr( $this->message, 0, 20 ), "> \t\r\n" ) );
     222        if ( '<!DOCTYPE' === strtoupper( $root_tag ) ) {
     223            return false;
     224        }
     225        if ( ! in_array( $root_tag, array( '<methodCall', '<methodResponse', '<fault' ) ) ) {
     226            return false;
     227        }
     228
     229        // Bail if there are too many elements to parse
     230        $element_limit = 30000;
     231        if ( function_exists( 'apply_filters' ) ) {
     232            $element_limit = apply_filters( 'xmlrpc_element_limit', $element_limit );
     233        }
     234        if ( $element_limit && 2 * $element_limit < substr_count( $this->message, '<' ) ) {
     235            return false;
     236        }
     237
    212238        $this->_parser = xml_parser_create();
    213239        // Set XML parser to take the case of tags in to account
  • _plugins_/xmlrpc/trunk/paquet.xml

    r83389 r84084  
    22        prefix="xmlrpc"
    33        categorie="outil"
    4         version="0.4.3"
     4        version="0.4.4"
    55        etat="test"
    66        compatibilite="[2.0.10;3.0.*]"
Note: See TracChangeset for help on using the changeset viewer.