Skip to content
Tags

,

Adding XML-RPC Methods to WordPress

06 Nov 2008

WordPress has an extensive set of actions and filters. All of the hooks allow you add/change/remove low level features via plugins and themes. Using this technique plugins can expose new XML-RPC methods for your WordPress blog.

In the xmlrpc.php file you’ll see a few lines that looks like:

        $this->methods = apply_filters('xmlrpc_methods', $this->methods);
        $this->IXR_Server($this->methods);

This allows plugins to filter the array of XML-RPC methods before the service starts. Adding a new function involves three parts: calling add_filter(), defining a function to manipulate the method list and a function that does the actual work behind the new method. I’ll go through a simple example, one step at a time.

add_filter( 'xmlrpc_methods', 'add_new_xmlrpc_methods' );

This tells WordPress to pass the xmlrpc_methods filter data to our function add_new_xmlrpc_methods.

function add_new_xmlrpc_methods( $methods ) {
    $methods['demo.multiplyTwoNumbers'] = 'multiply_two_numbers';
    return $methods;
}

This is our add_new_xmlrpc_methods function that does the filtering work. We’re adding a new key/value pair to the methods array. The key (demo.multiplyTwoNumbers) is the method name that is exposed via XML-RPC. The value (multiply_two_numbers) is the function that will do the work when that method is invoked.

function multiply_two_numbers( $args ) {
    $first  = (int) $args[0];
    $second = (int) $args[1];

    return $first * $second;
}

The final piece is the function that is called when our new XML-RPC method is invoked. The XML-RPC service will pass all of the arguments to your function as an array. After working with the provided parameters we return some value. The XML-RPC service will figure out what data type you are returning and encode it in appropriately way so that the client can understand it. This is means you don’t have to think about any of the XML-RPC level issues, just do the work and return the data.

Multiplying two numbers isn’t particularly interesting, so use your imagination. There are additional internal blog or WordPress information you could expose. For that matter you could run some of your data against third party APIs and then return the results.

To get you started here’s the entire plugin code:

<?php
/*
Plugin Name:    New XML-RPC Methods
Plugin URI:     http://josephscott.org/archives/2008/11/adding-xml-rpc-methods-to-wordpress
Description:    Demo how to add XML-RPC methods to WordPress.
Version:        0.1
Author:         Joseph Scott
Author URI:     http://josephscott.org/
 */

add_filter( 'xmlrpc_methods', 'add_new_xmlrpc_methods' );
function add_new_xmlrpc_methods( $methods ) {
    $methods['demo.multiplyTwoNumbers'] = 'multiply_two_numbers';
    return $methods;
}

function multiply_two_numbers( $args ) {
    $first  = (int) $args[0];
    $second = (int) $args[1];

    return $first * $second;
}

If you create a plugin to add new XML-RPC methods be sure to leave a comment letting us know what you came up with.

Related posts:

  1. PHP URL Routing (PUR)
  2. WordPress Pretty Permalinks with Nginx
  3. The Easy Way To Get Recent Comments In WordPress
  4. WordPress 2.7 Released – XML-RPC and AtomPub Changes
  5. WordPress & libxml2 Episode IV: A New Plugin

From → Posts

9 Comments
  1. mike   3 Oct 2009

    great, thanks for your post! :)
    works for wordpress 2.8 :)))

    Reply
  2. Carl   15 Mar 2010

    What about authentication?

    Reply
    • Joseph Scott   15 Mar 2010

      What about authentication? Works fine. What exactly are you asking about?

      Reply
    • Wes P   7 Apr 2010

      I assume you’re talking about exposing something that shouldn’t be publicly accessible, for instance, the ability to create and edit pages (which does already exists in the WP XML RPC API, but I will use as an example.) I would take a look a xmlrpc.php, found in the wordpress root directory. It should be very helpful.

      What you need is something that looks kind of like this:

      // Taken from xmlrpc.php
      function wp_editPage($args) {

      // ... stuff cut out for brevity's sake

      $username = $this->escape($args[2]);
      $password = $this->escape($args[3]);

      // ... stuff cut out for brevity's sake

      if ( !$user = $this->login($username, $password) )
      return $this->error;

      // ... perform the rest of the method
      }

      Reply
      • Wes P   7 Apr 2010

        As a note, my above code will not work right out of the box.

        The escape and login methods are defined on the wp_xmlrpc_server object in xmlrpc.php.

        But basically, escape needs to sanitize the input to protect against potential XSS and injection attacks, and login needs to validate the input.

        Reply
      • Joseph Scott   7 Apr 2010

        Correct, if you wanted to provide a method required authentication you’d need to do that first. The escape() method for the XML-RPC class can be called statically. It looks like login() still assumes an object, so you’d have to call wp_authenticate() and set_current_user() on your own.

        Reply
  3. Mathias   15 Mar 2010

    Thanks for your explanation. Helped me a lot. :)

    Reply
  4. Ciprian   21 Jun 2010

    Thanks Joseph. This helped me a lot.. I really neede xmlrpc methods… I just did not know about this filter until now… thanks!

    Reply

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS