The MU forums have moved to WordPress.org

Please upgrade your xmlrpc.php files (13 posts)

  1. drmike
    Member
    Posted 15 years ago #

    A strong suggestion that you upgrade your xmlrpc.php files.

    Grab it from here: Link

    There's a bit of a security issue as well as the outstanding blog_id issues.

    if you just want to resolve the security issue, take a look at line 541 and compare it with what you have currently.

    Thanks,
    -drmike

  2. suleiman
    Member
    Posted 15 years ago #

    doc, what was the blog_id issue(s)?

  3. drmike
    Member
    Posted 15 years ago #

  4. suleiman
    Member
    Posted 15 years ago #

    thanks, i'll check track from now on.

  5. demonicume
    Member
    Posted 15 years ago #

    i dont know if this is how the guy hacked my site. i know that he joined as a user, tried a couple of things and finally got access to my DB. i even got he site back u for about 20 minuutes and was updating ... and he hacked me again. ugh.

  6. kingler
    Member
    Posted 15 years ago #

    Thanks for the update, Dr Mike.

    Donncha put in my fix for the blog_id problem at rev 991. Are you still having problem with that? It seems to work fine on my site.

  7. suleiman
    Member
    Posted 15 years ago #

    Question. I just spotted this on trac:

    http://trac.mu.wordpress.org/changeset/994/

    talking specifically about the xml-rpc.php file. Anyone update to this file on its own yet?

  8. drmike
    Member
    Posted 15 years ago #

    Not sure what you;re asking there but that's the version I'm pointing to up above. I just went ahead and pointed to the browser version instead of the ticket version. Currently the files are the same.

  9. suleiman
    Member
    Posted 15 years ago #

    thanks for the clarification

  10. manuelsechi
    Member
    Posted 15 years ago #

    is it possible to download the file insthead to copy and paste the code?

    thanx

  11. drmike
    Member
    Posted 15 years ago #

    Yes. Link

    Just for reference, you'll usually find that link as the bottom of any code page within the trac system.

    Please note that that is a live link and your browser will ask you what to do with the file. (ie save it to your desktop)

  12. drmike
    Member
    Posted 15 years ago #

    Removed stickyness since 1.2.2 got released.

  13. tchussey
    Member
    Posted 15 years ago #

    I don't know if I did this backwards, but I'm running 1.2.2 (well it says 1.2.1 ... but since I downloaded 1.2.2) ... I downloaded the xmlrpc from above ... I can now get my username authenticated, but I can't get the blogs added in LiveWriter. I'm prompted for the URL of XMLRPC, specific or general I get the can't get blog_id error.

    Is there anything else I can try?

    I should also mention that I've modified MU so the blogs can be set to registered users only.

About this Topic