Révision 134c7813
Ajouté par Mathieu Schiano Di Schiabica il y a environ 8 ans
| drupal7/includes/xmlrpcs.inc | ||
|---|---|---|
| 264 | 264 |
*/ |
| 265 | 265 |
function xmlrpc_server_multicall($methodcalls) {
|
| 266 | 266 |
// See http://www.xmlrpc.com/discuss/msgReader$1208 |
| 267 |
// To avoid multicall expansion attacks, limit the number of duplicate method |
|
| 268 |
// calls allowed with a default of 1. Set to -1 for unlimited. |
|
| 269 |
$duplicate_method_limit = variable_get('xmlrpc_multicall_duplicate_method_limit', 1);
|
|
| 270 |
$method_count = array(); |
|
| 267 | 271 |
$return = array(); |
| 268 | 272 |
$xmlrpc_server = xmlrpc_server_get(); |
| 269 | 273 |
foreach ($methodcalls as $call) {
|
| ... | ... | |
| 273 | 277 |
$ok = FALSE; |
| 274 | 278 |
} |
| 275 | 279 |
$method = $call['methodName']; |
| 280 |
$method_count[$method] = isset($method_count[$method]) ? $method_count[$method] + 1 : 1; |
|
| 276 | 281 |
$params = $call['params']; |
| 277 | 282 |
if ($method == 'system.multicall') {
|
| 278 | 283 |
$result = xmlrpc_error(-32600, t('Recursive calls to system.multicall are forbidden.'));
|
| 279 | 284 |
} |
| 285 |
elseif ($duplicate_method_limit > 0 && $method_count[$method] > $duplicate_method_limit) {
|
|
| 286 |
$result = xmlrpc_error(-156579, t('Too many duplicate method calls in system.multicall.'));
|
|
| 287 |
} |
|
| 280 | 288 |
elseif ($ok) {
|
| 281 | 289 |
$result = xmlrpc_server_call($xmlrpc_server, $method, $params); |
| 282 | 290 |
} |
Formats disponibles : Unified diff
Update to 7.43