Fixing markup in cross posts to wordpress using metaWeblog, xml-rpc, & xpost plugin

I’m experimenting with cross posting from one wordpress blog to another using the metaWeblog API and XML-RPC. This led me to the xpost plugin by Jan Gossman.

Easy enough to test. I set up two blogs, activated xpost on one of them and posted to the other.

The plugin works as promised. You can selectively post to multiple blogs and assign categories. Tags and standard properties are preserved. Most impressively, the relationship between source and target blogs is maintained. Changes in the source are updated in the targets.

However markup in the cross posts is broken because single and double quotes are escaped with a backslash. For example, link tags become <a href=\"....

From what I can find this is a known issue intentionally introduced within the WordPress’ XML-RPC implementation as brute force protection against a SQL injection vulnerability.

I don’t want to expose myself to this vulnerability. Nor do I want to hack a wordpress build.

It occurred to me one way to get past this issue is to strip those backslashes at the presentation level within the theme of the blog to which I want to crosspost. I don’t see any reason to render backslashes within posts.

So, with guidance from the WordPress codex, I modified the single and index templates…

Replacing:

<?php the_content(); ?>

With:

<?php
$content = get_the_content();
$content = apply_filters('the_content', $content);
$content = str_replace(']]>', ']]>', $content);
$content = str_replace('\\','',$content); /* This strips escapes inserted through XML-RPC */
print $content ?>

I think this will work for me. I’m glad to be proven wrong. Am I missing something?

This entry was posted in software development and tagged , , , , , , , , by Ken Judy. Bookmark the permalink.

About Ken Judy

I am an executive manager, software developer, father and husband trying to do more good than harm. I am an agile practitioner. I say this fully aware I say nothing. Sold as a tool to solve problems, agile is more a set of principles that encourage us to confront problems. Broad adoption of the jargon has not resulted in wide embrace of these principles. I strive to create material and human good by respecting co-workers, telling truth to employers, improving my skills, and caring for the people affected by the software I help build.

One thought on “Fixing markup in cross posts to wordpress using metaWeblog, xml-rpc, & xpost plugin

  1. This is all it took to turn the above code into a plugin hooked into “the_content”

    < ?php /* Plugin Name: Strip Backlslashes from Post Content Plugin URI: Description: Compensates for breaking behavior in XML-RPC. Version: The Plugin's Version Number, e.g.: 1.0 Author: Ken Judy */ add_filter("the_content", "stripBackslashesFromContent"); function stripBackslashesFromContent($content) { $content = str_replace('\','',$content); /* This strips escapes inserted through XML-RPC */ return $content; } ?>

Comments are closed.