Same name and namespace in other branches
  1. 4.6.x includes/xmlrpcs.inc \xmlrpc_server_multicall()
  2. 4.7.x includes/xmlrpcs.inc \xmlrpc_server_multicall()
  3. 5.x includes/xmlrpcs.inc \xmlrpc_server_multicall()
  4. 7.x includes/xmlrpcs.inc \xmlrpc_server_multicall()
1 string reference to 'xmlrpc_server_multicall'
xmlrpc_server in includes/xmlrpcs.inc
The main entry point for XML-RPC requests.

File

includes/xmlrpcs.inc, line 214

Code

function xmlrpc_server_multicall($methodcalls) {

  // See http://www.xmlrpc.com/discuss/msgReader$1208
  // To avoid multicall expansion attacks, limit the number of duplicate method
  // calls allowed with a default of 1. Set to -1 for unlimited.
  $duplicate_method_limit = variable_get('xmlrpc_multicall_duplicate_method_limit', 1);
  $method_count = array();
  $return = array();
  $xmlrpc_server = xmlrpc_server_get();
  foreach ($methodcalls as $call) {
    $ok = TRUE;
    if (!isset($call['methodName']) || !isset($call['params'])) {
      $result = xmlrpc_error(3, t('Invalid syntax for system.multicall.'));
      $ok = FALSE;
    }
    $method = $call['methodName'];
    $method_count[$method] = isset($method_count[$method]) ? $method_count[$method] + 1 : 1;
    $params = $call['params'];
    if ($method == 'system.multicall') {
      $result = xmlrpc_error(-32600, t('Recursive calls to system.multicall are forbidden.'));
    }
    elseif ($duplicate_method_limit > 0 && $method_count[$method] > $duplicate_method_limit) {
      $result = xmlrpc_error(-156579, t('Too many duplicate method calls in system.multicall.'));
    }
    elseif ($ok) {
      $result = xmlrpc_server_call($xmlrpc_server, $method, $params);
    }
    if (is_object($result) && !empty($result->is_error)) {
      $return[] = array(
        'faultCode' => $result->code,
        'faultString' => $result->message,
      );
    }
    else {
      $return[] = $result;
    }
  }
  return $return;
}