WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
file_get_contents( 'php://input' ) and XML-RPC not working [fix] (1 post)

  1. Jacotheron
    Member
    Posted 1 year ago #

    Hi All

    After being contacted from the author of the following thread http://wordpress.org/support/topic/cant-publish-my-article-from-word-2013-after-installing-better-wp-security (as he was trying to use the Post Office plugin, written by me, to do the same), I looked at the source of this plugin and found the issue.

    Technical Details:

    • The 'php://input' resource may only be read once (PHP Manual, see the Note under php://input)
    • XML-RPC's problem comes in as this resource is read as about the first thing it does. After a little bit of data preparation, the xmlrpc.php loads the rest of WP as well as all plugins
    • Better WP Security initiates, and tries to read the same resource again, even though it is now empty, as it was read (there was no testing to see if it may already have been read, also no testing if it is needed to read) - Better WP Security uses it to process requests for InfiniteWP

    Technical Information on the Fix:
    Firstly determine if it really is needed to read the resource (standard practice seems to be check if the $HTTP_RAW_POST_DATA global is not set/empty if it is, then read the 'php://input' resource into it, otherwise it may already be read or all the needed information is in it).

    The Fix:

    1. Locate Line 16 of wp-better-security/inc/secure.php (content currently is $HTTP_RAW_POST_DATA = file_get_contents( 'php://input' );)
    2. Replace this line with: if ( !isset( $HTTP_RAW_POST_DATA ) ) { $HTTP_RAW_POST_DATA = file_get_contents( 'php://input' ); }

    I hope that the Plugin Author will add this (or a better fix) to a future version of the plugin so that Plugins/functionality like xml-rpc does not break and require modifying plugin files.

    I also hope that I was able to help someone by posting this here.

    Regards
    Jacotheron

    http://wordpress.org/extend/plugins/better-wp-security/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic