WordPress has an extensive set of actions and filters. All of the hooks allow you add/change/remove low level features via plugins and themes. Using this technique plugins can expose new XML-RPC methods for your WordPress blog.
In the xmlrpc.php file you’ll see a few lines that looks like:
[sourcecode language=”php”]
$this->methods = apply_filters(‘xmlrpc_methods’, $this->methods);
$this->IXR_Server($this->methods);
[/sourcecode]
This allows plugins to filter the array of XML-RPC methods before the service starts. Adding a new function involves three parts: calling add_filter(), defining a function to manipulate the method list and a function that does the actual work behind the new method. I’ll go through a simple example, one step at a time.
[sourcecode language=”php”]
add_filter( ‘xmlrpc_methods’, ‘add_new_xmlrpc_methods’ );
[/sourcecode]
This tells WordPress to pass the xmlrpc_methods filter data to our function add_new_xmlrpc_methods.
[sourcecode language=”php”]
function add_new_xmlrpc_methods( $methods ) {
$methods[‘demo.multiplyTwoNumbers’] = ‘multiply_two_numbers’;
return $methods;
}
[/sourcecode]
This is our add_new_xmlrpc_methods function that does the filtering work. We’re adding a new key/value pair to the methods array. The key (demo.multiplyTwoNumbers) is the method name that is exposed via XML-RPC. The value (multiply_two_numbers) is the function that will do the work when that method is invoked.
[sourcecode language=”php”]
function multiply_two_numbers( $args ) {
$first = (int) $args[0];
$second = (int) $args[1];
return $first * $second;
}
[/sourcecode]
The final piece is the function that is called when our new XML-RPC method is invoked. The XML-RPC service will pass all of the arguments to your function as an array. After working with the provided parameters we return some value. The XML-RPC service will figure out what data type you are returning and encode it in appropriately way so that the client can understand it. This is means you don’t have to think about any of the XML-RPC level issues, just do the work and return the data.
Multiplying two numbers isn’t particularly interesting, so use your imagination. There are additional internal blog or WordPress information you could expose. For that matter you could run some of your data against third party APIs and then return the results.
To get you started here’s the entire plugin code:
[sourcecode language=”php”]
<?php
/*
Plugin Name: New XML-RPC Methods
Plugin URI: http://josephscott.org/archives/2008/11/adding-xml-rpc-methods-to-wordpress
Description: Demo how to add XML-RPC methods to WordPress.
Version: 0.1
Author: Joseph Scott
Author URI: http://josephscott.org/
*/
add_filter( ‘xmlrpc_methods’, ‘add_new_xmlrpc_methods’ );
function add_new_xmlrpc_methods( $methods ) {
$methods[‘demo.multiplyTwoNumbers’] = ‘multiply_two_numbers’;
return $methods;
}
function multiply_two_numbers( $args ) {
$first = (int) $args[0];
$second = (int) $args[1];
return $first * $second;
}
[/sourcecode]
If you create a plugin to add new XML-RPC methods be sure to leave a comment letting us know what you came up with.
23 replies on “Adding XML-RPC Methods to WordPress”
great, thanks for your post! 🙂
works for wordpress 2.8 :)))
What about authentication?
What about authentication? Works fine. What exactly are you asking about?
Thanks for your explanation. Helped me a lot. 🙂
I assume you’re talking about exposing something that shouldn’t be publicly accessible, for instance, the ability to create and edit pages (which does already exists in the WP XML RPC API, but I will use as an example.) I would take a look a xmlrpc.php, found in the wordpress root directory. It should be very helpful.
What you need is something that looks kind of like this:
// Taken from xmlrpc.php
function wp_editPage($args) {
// ... stuff cut out for brevity's sake
$username = $this->escape($args[2]);
$password = $this->escape($args[3]);
// ... stuff cut out for brevity's sake
if ( !$user = $this->login($username, $password) )
return $this->error;
// ... perform the rest of the method
}
As a note, my above code will not work right out of the box.
The escape and login methods are defined on the wp_xmlrpc_server object in xmlrpc.php.
But basically, escape needs to sanitize the input to protect against potential XSS and injection attacks, and login needs to validate the input.
Correct, if you wanted to provide a method required authentication you’d need to do that first. The escape() method for the XML-RPC class can be called statically. It looks like login() still assumes an object, so you’d have to call wp_authenticate() and set_current_user() on your own.
Thanks Joseph. This helped me a lot.. I really neede xmlrpc methods… I just did not know about this filter until now… thanks!
Glad it helped.
It is too bad that there isn’t a way to get the instance of the wp_xmlrpc_server so that we could call $wp_xmlrpc_server->login().
You should still be able to make use of the login method though. Creating another instance of wp_xmlrpc_server is one way. Though if you look at the code the only thing it does is check if XML-RPC is enabled, call wp_authenticate() and wp_set_current_user().
Thanks for this post. It looks like a good start for what I need.
One question for a start – do you know on some plugins that actually add XMLRPC methods to wordpress ? Working based on existing plug-ins will probably make my work much better.
Regards,
Shushu
I can’t think of one off the top of my head, but the example at the bottom of the post is a full plugin that you can use to start with.
Can a XML-RPC plugin manipulate the blog post content upon publish? For instance, cleaning up posts created with Word 2007/2010.
If you are looking to trigger an action when a post is published they you want to look at actions and filters. If you just want to edit a post the XML-RPC metaWeblog.editPost method will do that.
[…] 于是找到以下几篇文章,打算做个小插件, 实现通过XML-RPC设置custom_fields的功能, 不过想起来就觉得工程浩大… Extended API WordPress Plugin Custom XML-RPC Methods in WordPress Get all posts’ IDs from WordPress blog via xmlrpc request Adding XML-RPC Methods to WordPress […]
I used this to add a function which allows you to post comments via mobile. It will need a signed in User, in my case an admin. But you can still post under the name and e-mailaddress the user provides. So the filter: xmlrpc_allow_anonymous_comments remains false and it will nog be open to spammers.
Thanks for this!
Thnx buddy,
It worked great! The current XML RPC API doesn’t allow us to post with a custom post type. [which is kinda #$*@^& stuff. – :P] I searched the net & didnt find any workable solution for me. finally I created a plugin & added my method just to update any post to a given custom_post_type.
/**
* Method to change the Post Type from default to any given Custom Post Type.
*
* @since 3.2.1
* @param array $args Method Parameters – 0 = postId 1 = custom_post_name.
* @return bool
*/
function updatePostType($args) {
if(set_post_type($args[0], $args[1])) {
return true;
} else {
return false;
}
}
I just changed your method name “multiply_two_numbers” with my one 🙂 [“updatePostType”]
I think one of the current Google Summer of Code projects for WordPress is working to add custom post type support for XML-RPC methods.
Great article. Thanks for the post.
I tried to consume the demo.multiplyTwoNumbers xmlrpc method from another application, but it tells me that multiply_two_numbers doesn’t exist.
I have the filter and method within a class. Does it matter?
Any help is appreciated, thanks
Luciana
Are you using the full plugin example? First thing I recommend checking when something doesn’t work as expected is to look at the error logs.
Thanks for your reply. I got it to work. I was calling the filter method from a class using add_filter( ‘xmlrpc_methods’, array(this,’add_new_xmlrpc_methods’ )); This was causing an issue. Not sure why…
Hello
your article is very interesting, but i haven’t got a complete understanding of the hooks and filters however i’m quite curious and i’m wondering if the technique you explain above could be used to modify the xmlrpc behaviour for post_attachments as described here: http://stackoverflow.com/questions/7607473/how-to-create-new-post-with-photo-attached-in-wordpress-using-xmlrpc/8686869#8686869
the solution works, but requires to edit core files, which i’m reluctant to do…
any advices on this would be great
thanks