Révision 134c7813
Ajouté par Mathieu Schiano Di Schiabica il y a environ 8 ans
drupal7/includes/xmlrpcs.inc | ||
---|---|---|
264 | 264 |
*/ |
265 | 265 |
function xmlrpc_server_multicall($methodcalls) { |
266 | 266 |
// See http://www.xmlrpc.com/discuss/msgReader$1208 |
267 |
// To avoid multicall expansion attacks, limit the number of duplicate method |
|
268 |
// calls allowed with a default of 1. Set to -1 for unlimited. |
|
269 |
$duplicate_method_limit = variable_get('xmlrpc_multicall_duplicate_method_limit', 1); |
|
270 |
$method_count = array(); |
|
267 | 271 |
$return = array(); |
268 | 272 |
$xmlrpc_server = xmlrpc_server_get(); |
269 | 273 |
foreach ($methodcalls as $call) { |
... | ... | |
273 | 277 |
$ok = FALSE; |
274 | 278 |
} |
275 | 279 |
$method = $call['methodName']; |
280 |
$method_count[$method] = isset($method_count[$method]) ? $method_count[$method] + 1 : 1; |
|
276 | 281 |
$params = $call['params']; |
277 | 282 |
if ($method == 'system.multicall') { |
278 | 283 |
$result = xmlrpc_error(-32600, t('Recursive calls to system.multicall are forbidden.')); |
279 | 284 |
} |
285 |
elseif ($duplicate_method_limit > 0 && $method_count[$method] > $duplicate_method_limit) { |
|
286 |
$result = xmlrpc_error(-156579, t('Too many duplicate method calls in system.multicall.')); |
|
287 |
} |
|
280 | 288 |
elseif ($ok) { |
281 | 289 |
$result = xmlrpc_server_call($xmlrpc_server, $method, $params); |
282 | 290 |
} |
Formats disponibles : Unified diff
Update to 7.43