diff options
Diffstat (limited to 'includes/xmlrpcs.inc')
-rw-r--r-- | includes/xmlrpcs.inc | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/includes/xmlrpcs.inc b/includes/xmlrpcs.inc index c334de159..8655c05b0 100644 --- a/includes/xmlrpcs.inc +++ b/includes/xmlrpcs.inc @@ -264,10 +264,6 @@ function xmlrpc_server_call($xmlrpc_server, $methodname, $args) { */ function xmlrpc_server_multicall($methodcalls) { // See http://www.xmlrpc.com/discuss/msgReader$1208 - // To avoid multicall expansion attacks, limit the number of duplicate method - // calls allowed with a default of 1. Set to -1 for unlimited. - $duplicate_method_limit = variable_get('xmlrpc_multicall_duplicate_method_limit', 1); - $method_count = array(); $return = array(); $xmlrpc_server = xmlrpc_server_get(); foreach ($methodcalls as $call) { @@ -277,14 +273,10 @@ function xmlrpc_server_multicall($methodcalls) { $ok = FALSE; } $method = $call['methodName']; - $method_count[$method] = isset($method_count[$method]) ? $method_count[$method] + 1 : 1; $params = $call['params']; if ($method == 'system.multicall') { $result = xmlrpc_error(-32600, t('Recursive calls to system.multicall are forbidden.')); } - elseif ($duplicate_method_limit > 0 && $method_count[$method] > $duplicate_method_limit) { - $result = xmlrpc_error(-156579, t('Too many duplicate method calls in system.multicall.')); - } elseif ($ok) { $result = xmlrpc_server_call($xmlrpc_server, $method, $params); } |