xmlrpc.php – wp_newComment – bug?

  • haddorp

    (@haddorp)


    15 years ago

    I’m not sure if this is a bug. However let me explain what I’ve found…

    The intention is submitting an anonymous comment using the method wp_newComment. The method is checking if a user is logged in and if a registration is required for submitting comments.

    Everything works fine except that it is not possible to call wp_newComment without providing username/password. Otherwise an error will occur in

    $user = $this->login($username, $password);

    If $user will be null in the next line an anonymous comment will be posted. But this doesn’t help b/c $user = $this->login quits with an error.

    Is there a way for calling wp_newComment without providing username/password? How can you achieve an anonymous comment using the xmlrpc interface?

    For me it looks more as a design fault than as a real bug.

    Thanks, JC

Viewing 6 replies - 1 through 6 (of 6 total)
  • Joseph Scott

    (@josephscott)

    This is the chunk of code from wp_newComment that you need to look at:

    $allow_anon = apply_filters('xmlrpc_allow_anonymous_comments', false);

        $user = $this->login($username, $password);

        if ( !$user ) {
            $logged_in = false;
            if ( $allow_anon && get_option('comment_registration') )
                return new IXR_Error( 403, __( 'You must be registered to commen
t' ) );
            else if ( !$allow_anon )
                return $this->error;
        } else {
            $logged_in = true;
        }

    The short version of what this means is that anonymous comments are turned off by default in the XML-RPC API. We didn’t think it was wise to provide one more avenue for spammers unless the WordPress site admin specifically wanted to. In order to turn them on you’ll need to add a filter on xmlrpc_allow_anonymous_comments to return TRUE.

    Thread Starter haddorp

    (@haddorp)

    Thanks for your reply! I know I have to set xmlrpc_allow_anonymous_comments = true

    However this doesn’t help as $this->login causes an exception if providing no/wrong login credentials. I don’t need a login if I want to post an anonymous comment.

    So, the question might be how can I achieve that the if statement evaluates as true?

    I would say that $this->login must not be called if $username is empty. In this case anonymous comments will be either accepted or a 403 will be returned; depending on xmlrpc_allow_anonymous_comments.

    Joseph Scott

    (@josephscott)

    What kind of error are you getting? I tried it with a comment that looked like:

    { 'blog_id', '', '', 86, { author: 'Joseph Scott', author_email: 'joseph@example.com', content: 'test this thing! 1' }

    With anonymous comments turned on and it worked fine.

    Thread Starter haddorp

    (@haddorp)

    I get a 403 with message ‘<value><string>Bad login/pass combination.</string>’. Please find my request XML below.

    <methodCall>
  <methodName>wp.newComment</methodName>
  <params>
    <param>
      <value><int>1</int></value>
      <value><string></string></value>
      <value><string></string></value>
      <value><int>17</int></value>
      <value>
      <struct>
        <member>
          <name>content</name>
          <value><string>test this thing! 1</string></value>
        </member>
        <member>
          <name>author</name>
          <value><string>Joseph Scott</string></value>
        </member>
        <member>
          <name>author_email</name>
          <value><string>joseph@example.com</string></value>
        </member>
      </struct>
      </value>
    </param>
  </params>
</methodCall>
    Joseph Scott

    (@josephscott)

    Looks like your code is generating an invalid XML-RPC request. Let me correct that, it’s a valid XML-RPC request, but it doesn’t match the method signature for wp.newComment. You are sending everything as one parameter. Mine looked like:

    <?xml version="1.0"?>
<methodCall>
	<methodName>wp.newComment</methodName>
	<params>
		<param>
			<value><string>blog_id</string></value>
			</param>
		<param>
			<value><string></string></value>
			</param>
		<param>
			<value><string></string></value>
			</param>
		<param>
			<value><int>86</int></value>
			</param>
		<param>
			<value>
			<struct>
			<member>
			<name>author</name>
			<value><string>Joseph Scott</string></value>
			</member>
			<member>
			<name>author_email</name>
			<value><string>joseph@example.com</string></value>
			</member>
			<member>
			<name>content</name>
			<value><string>test this thing! 1</string></value>
			</member>
			</struct>
			</value>
			</param>
		</params>
	</methodCall>

    I highly recommend using an existing XML-RPC library for making and processing requests.

    I can recommend the PEAR XML RPC2 Client / Server suite.
    https://pear.php.net/package/XML_RPC2/

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘xmlrpc.php – wp_newComment – bug?’ is closed to new replies.