A strong suggestion that you upgrade your xmlrpc.php files.
Grab it from here: Link
There's a bit of a security issue as well as the outstanding blog_id issues.
if you just want to resolve the security issue, take a look at line 541 and compare it with what you have currently.
Thanks,
-drmike
doc, what was the blog_id issue(s)?
thanks, i'll check track from now on.
i dont know if this is how the guy hacked my site. i know that he joined as a user, tried a couple of things and finally got access to my DB. i even got he site back u for about 20 minuutes and was updating ... and he hacked me again. ugh.
Thanks for the update, Dr Mike.
Donncha put in my fix for the blog_id problem at rev 991. Are you still having problem with that? It seems to work fine on my site.
Question. I just spotted this on trac:
http://trac.mu.wordpress.org/changeset/994/
talking specifically about the xml-rpc.php file. Anyone update to this file on its own yet?
Not sure what you;re asking there but that's the version I'm pointing to up above. I just went ahead and pointed to the browser version instead of the ticket version. Currently the files are the same.
thanks for the clarification
manuelsechi
Member
Posted 16 years ago #
is it possible to download the file insthead to copy and paste the code?
thanx
Yes. Link
Just for reference, you'll usually find that link as the bottom of any code page within the trac system.
Please note that that is a live link and your browser will ask you what to do with the file. (ie save it to your desktop)
Removed stickyness since 1.2.2 got released.
tchussey
Member
Posted 16 years ago #
I don't know if I did this backwards, but I'm running 1.2.2 (well it says 1.2.1 ... but since I downloaded 1.2.2) ... I downloaded the xmlrpc from above ... I can now get my username authenticated, but I can't get the blogs added in LiveWriter. I'm prompted for the URL of XMLRPC, specific or general I get the can't get blog_id error.
Is there anything else I can try?
I should also mention that I've modified MU so the blogs can be set to registered users only.