From 6f37c963de5dc6e482440c0f5ce95949df06391a Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Tue, 13 Sep 2016 23:16:15 +0000
Subject: [PATCH] XML-RPC: Check the minimum number of arguments in
 `::wp_getUsersBlogs()` and `::blogger_getUsersBlogs()`.

Props kitchin for initial patch.
Fixes #29750.

git-svn-id: https://develop.svn.wordpress.org/trunk@38600 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/class-wp-xmlrpc-server.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/wp-includes/class-wp-xmlrpc-server.php b/src/wp-includes/class-wp-xmlrpc-server.php
index fa776461c8..3ff4390720 100644
--- a/src/wp-includes/class-wp-xmlrpc-server.php
+++ b/src/wp-includes/class-wp-xmlrpc-server.php
@@ -596,6 +596,10 @@ class wp_xmlrpc_server extends IXR_Server {
 	 *  - 'xmlrpc' - url of xmlrpc endpoint
 	 */
 	public function wp_getUsersBlogs( $args ) {
+		if ( ! $this->minimum_args( $args, 2 ) ) {
+			return $this->error;
+		}
+
 		// If this isn't on WPMU then just use blogger_getUsersBlogs
 		if ( !is_multisite() ) {
 			array_unshift( $args, 1 );
@@ -4322,8 +4326,13 @@ class wp_xmlrpc_server extends IXR_Server {
 	 * @return array|IXR_Error
 	 */
 	public function blogger_getUsersBlogs($args) {
-		if ( is_multisite() )
+		if ( ! $this->minimum_args( $args, 3 ) ) {
+			return $this->error;
+		}
+
+		if ( is_multisite() ) {
 			return $this->_multisite_getUsersBlogs($args);
+		}
 
 		$this->escape($args);