Using xmlrpc.php

  • Resolved psdmartinb

    (@psdmartinb)


    7 years, 11 months ago

    Hello,

    We have a new Vendor that has a product that we’d like to integrate into our WordPress environment. This Vendor uses xmlrpc.php to post to WordPress.

    CAS Maestro doesn’t allow a non-cas user to make requests to this file. The request is redirected to the CAS server.

    Is it possible by modifying the source code to exclude this file from CAS?

    I’m looking at this line of code as a possible work around

    add_filter('authenticate', array(&$this, 'validate_login'), 30, 3);

Viewing 1 replies (of 1 total)
  • Thread Starter psdmartinb

    (@psdmartinb)

    I have come up with a solution.

    I added this inside the validate_login function, before phpCAS::forceAuthentication(); line

    
if($_SERVER["REQUEST_URI"] == "/xmlrpc.php"){
	$user = wp_authenticate_username_password(NULL, $username, $password);
	return $this->validate_noncas_login($user, $username, $password);
}

    I’ve tested this to work correctly with authentication. Incorrect logins are blocked, while good logins work as expected.

    Hope this helps somebody in the future! I’ll see if I can make a pull request with this as an option to enable/disable xmlrpc.

Viewing 1 replies (of 1 total)
  • The topic ‘Using xmlrpc.php’ is closed to new replies.

Tags