WordPress.org

Ready to get started?Download WordPress

Forums

send xmlrpc post request via http with tcl client (9 posts)

  1. tonybaldwin
    Member
    Posted 4 years ago #

    The Codex page for xmlrpc doesn't give information on how to send a post request (has everything else, like editing categories, to adding media...but no post request...hello!).
    I'd really like to see a sample xml post request, more than anything.

    Trying to do that in Xpostulate (tcl/tk blog client), like this:

    proc wppost {} {
    
    set content [.txt.txt get 1.0 end]
    set escaped [string map {
    	"<" "<"
    	">" ">"
    	\"  "\""
    	} $content]
    .txt.txt delete 1.0 end
    .txt.txt insert insert $escaped
    
    set ptext [.txt.txt get 1.0 {end -1c}]
    set time [clock format [clock seconds] -format %G%m%dT%T]
    
    global mypost
    set mypost "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
    <methodName>metaWeblog.newPost</methodName>
    <params>
    <param><value><string>MyBlog</string></value></param>
    <param><value>$::wpname</value></param>
    <param><value><string>$::wppswd</string></value></param>
    <param><struct>
    <member><name>categories</name><value><array><data><value>$::cats</value></data></array></value></member>
    <member><name>description</name><value>$ptext</value></member>
    <member><name>title</name><value>$::subject</value></member>
    <member><name>dateCreated</name><value><dateTime.iso8601>$time</ dateTime.iso8601></value></member>
    </struct>
    </param>
    <param>
     <value>
      <boolean>1</boolean>
     </value>
    </param>
    </params>
    </methodCall>"
    
    set plength [string length $ptext]
    
    set dopost [http::geturl http://$::wpname.wordpress.com/xmlrpc.php -query $::mypost -type "text/xml" ]
    set wpstat [http::status $dopost]
    set wpresponse [http::data $dopost]
    
    toplevel .rsp
    wm title .rsp "Post Status"
    
    frame .rsp.btns
    grid [tk::label .rsp.btns.lbl -text "WP says: $wpstat\nPost length: $plength"]
    grid [tk::button .rsp.btns.view -text "View Journal" -command {
        set wpu "http://$::wpname.wordpress.com"
        exec $::brow $wpu &
    }]\
    [tk::button .rsp.btns.ok -text "DONE" -command {destroy .rsp}]
    
    frame .rsp.txt
    text .rsp.txt.t -width 80 -height 20
    .rsp.txt.t insert end $wpresponse
    
    pack .rsp.btns -in .rsp -side top -fill x
    pack .rsp.txt.t -in .rsp.txt -side top -fill x
    pack .rsp.txt -in .rsp -side top -fill x
    
    }

    Getting this response:

    <?xml version="1.0"?>
    <methodResponse>
      <fault>
        <value>
          <struct>
            <member>
              <name>faultCode</name>
              <value><int>-32700</int></value>
            </member>
            <member>
              <name>faultString</name>
              <value><string>parse error. not well formed</string></value>
            </member>
          </struct>
        </value>
      </fault>
    </methodResponse>

    I am successfully posting to livejournal, dreamwidth, and other Lj clones using the xmlrpc method, but not finding good documentation on the difference between an LJ post and a WP post.
    Clearly, some LJ props (current_mood, current_music) are not relevant, etc.
    The above xml attempt is based on info from http://msdn.microsoft.com/en-us/library/aa905673.aspx
    My LJ+clones procs create different xml, because there are different relevant variables, but otherwise, the procs are basically the same, and functioning for those blogging services.
    Any idea where my xml is malformed? (I've read over it, and it looks right to me)
    Am I missing a relevant or required variable?
    Any ideas?

    thanks
    tony

  2. Inspired2Write
    Member
    Posted 4 years ago #

    Not trying to discourage you from what you want to accomplish, but the xml rpc file is a potential security issue with WP. If you look at some of the other posts here in the forum, it's been identified as a potential door for some sites that had been hacked, and the recommendation is to disable the capability, rename, or delete the file.

  3. Joseph Scott
    Member
    Posted 4 years ago #

    @ Inspired2Write -

    The XML-RPC services are disabled by default on new installs of WordPress. That said, there are no known holes in the XML-RPC services. If you have any details to the contrary please email security@wordpress.org with that information (WP version, hosting service, WP theme in use, active WP plugins and exact details on how to reproduce the problem).

    @ tonybaldwin -

    Have you looked at the raw XML that was sent via HTTP from your app to confirm it looked the way you expected it to? Also I'd be surprised if there isn't an XML-RPC library TCL already, that would make things like this a lot easier.

  4. Inspired2Write
    Member
    Posted 4 years ago #

    The XML-RPC services are disabled by default on new installs of WordPress. That said, there are no known holes in the XML-RPC services.

    This is the source, which addressed some potential concerns in regards to the xml-rpc file:
    http://wordpress.org/support/topic/385477
    As an added precaution I deleted mine since I don't need it, and due to some activity shown in my log files.

  5. Rev. Voodoo
    Volunteer Moderator
    Posted 4 years ago #

    I'm not sure it's an xml-rpc issue, so much as a hosting weakness there

  6. Inspired2Write
    Member
    Posted 4 years ago #

    I'm not sure it's an xml-rpc issue, so much as a hosting weakness there

    I agree with what you're saying, but I'm not with that host and I've seen some suspicious attempts from my log files, pertaining to that file. Of course, that can happen pertaining to any file, but I figured it was best to be on the cautious side since I didn't need it.

    Also, just read this thread:
    http://wordpress.org/support/topic/386977?replies=3
    May have been a theme issue, but it appears it may have involved the xml file?

  7. Joseph Scott
    Member
    Posted 4 years ago #

    @ Inspired2Write -

    Bots will always try to attack your sites, don't be surprised if you see this. As I said previously, there are no known XML-RPC holes. If you have solid information to the contrary please contact security@wordpress.org.

  8. Inspired2Write
    Member
    Posted 4 years ago #

    Hi Josephscott,

    No, I don't have specific info regarding it - just being on guard and cautious. And yes, bots are always trying to attack, which as you say isn't a surprise. It's good to hear there aren't any issues with the xml-rpc. :)

  9. che1i0s
    Member
    Posted 4 years ago #

    TONY: You have a trivial XML error. You need to insert <methodCall> before the <methodName>..</methodName>

    set mypost "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
    <methodCall>
    <methodName>metaWeblog.newPost</methodName>
    <params>

    and so on.

    Take care. che1i0s on blogspot.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags