skreutzer
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: XML-RPC: Escape XHTML special charactersI found out that the XML-RPC output is XML encoded twice: once as data in the WordPress database and a second time by
IXR_Value->getXml()in$/wp-includes/class-IXR.php. It seems feasible to un-escape text nodes one time, so the actual database content/form input is retrieved.- This reply was modified 9 years, 6 months ago by skreutzer.
Forum: Plugins
In reply to: [WooCommerce] WooCommerce REST-API file uploadThank you very much!
Forum: Plugins
In reply to: [WooCommerce] WooCommerce REST-API file uploadThank you for your prompt response! As far as WooCommerce is concerned, what’s the preferred way to automate such file uploads, via WordPress XML-RPC API or even a custom SFTP client implementation?
Forum: Plugins
In reply to: [Secure XML-RPC] Confusion about calculating the Authorization headerSo what’s the better solution then? The plugin is quite useless if the
Authorizationheader isn’t available to PHP because of server configuration…Forum: Plugins
In reply to: [Secure XML-RPC] Confusion about calculating the Authorization headerHave you tried what I suggested here as addition to the “Installation” chapter of the readme file (adjusting
httpd.confor local.htaccess)?Forum: Plugins
In reply to: [Secure XML-RPC] Confusion about calculating the Authorization header@benjib0t, it seems your code example is missing the closing
"at the version attribute in'<?xml version="1.0?>'.Forum: Plugins
In reply to: [Secure XML-RPC] Confusion about calculating the Authorization headerI don’t think that
hash()does Base64 encoding, because$raw_output = falseresults in a hex string only (0-9, a-f/A-F), while Base64 uses much more characters (A-Z, a-z, 0-9, +, /, =) to represent values.Forum: Plugins
In reply to: [Secure XML-RPC] Confusion about calculating the Authorization headerYes, only the Base64 encoding is missing when calculating the hash for authentication on the server side – I filed a pull request for it, but one could also fix this manually by calling the
base64_encode()function of PHP. The other option is (which should work with the current 0.1.0 version of the plugin), if you hash with sha256 on client side only, omitting at leastb64.b64encode()/b64.standard_b64encodein your Python script. Please note that Base64 encoding doesn’t add anything to security, it’s there to have a uniform way for data handling, maybe to prevent that the HTTP header gets malformed. Prompting for the password, not storing it anywhere, doesn’t help in any way, since the Secure XML-RPC plugin fixes the problem that the password gets transmitted over the network in plain text. If the password (or private key) gets or doesn’t get stored locally, is a question completely unrelated to Secure XML-RPC.