Bug affecting XMLRPC
There is some dispute as to who owns the bug. Some feel the developers behind PHP should address it while others feel that the libxml developers should resolve it. I’m not really interested in getting into that argument.
The low-down on the bug is that libxml 2.7.X has been rolled out into major linux distros like Cent-OS 5, Fedora 9 & Red Hat. (The only 2 current distros that I was able to find that have not gone past libxml 2.6.32 are Debian Etch and Ubuntu.) Although I did not research it, earlier versions of the distros like Cent-OS 4 & Fedora 8 probably have not rolled in libxml 2.7.X. When the current stable version of PHP 5 is compiled with libxml 2.7.X, the < and > signs get stripped out of html posted via XMLRPC. For example
normally would get translated to
with the bug it gets translated to
If you are on a shared host, there probably is not a great deal you are going to be able to do about this other than weather the storm, so to speak. Most likely at some point you will encounter this bug if your shared host is on one of the OS’s mentioned above. At the same time, the shared host ISPs will be under some pressure to find a solution because the bug affects all version of both WP & WPMU that support posting to a blog via XMLRPC.
If you are on a VPS, you can check your current libxml version by creating a php file on your website containing
<?php phpinfo(); ?>
and then load the php file in your web browser. Once loaded you can scroll down to a block that is titled libxml. Your libxml version is listed there. Versions up to 2.6.32 have tested ok for the html parsing. If your version is less than that then the best course of action over the next couple months is to NOT rebuild PHP.
There is a patch available. I haven’t tried the patch and cannot vouch for it. On a manged VPS you may encounter difficulty in applying the patch (depending on the degree of control the VPS maintains on sources).
I researched this bug as a result of one of our clients having PHP recompiled on their Cent-OS 5 VPS in the last few weeks. If you are looking to set up a VPS in the next couple months, I would recommend that you steer clear of Cent-OS 5 VPS’s.