diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-01-02 16:00:05 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-01-02 16:00:05 +0000 |
commit | 1503e05616c295e6f980134dc341fa1a66dc9672 (patch) | |
tree | b0a7dc356affec0059670603f1cb990da7dbc026 /wp-app.php | |
parent | c65d51fec1d641efd1ec8a44c046cd54d588fe3b (diff) | |
download | wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.tar.gz wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.tar.xz wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.zip |
Merge with WP 2.3.2
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1172 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-app.php')
-rw-r--r-- | wp-app.php | 22 |
1 files changed, 18 insertions, 4 deletions
@@ -159,6 +159,10 @@ class AtomServer { function get_service() { log_app('function','get_service()'); + + if( !current_user_can( 'edit_posts' ) ) + $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); + $entries_url = attribute_escape($this->get_entries_url()); $categories_url = attribute_escape($this->get_categories_url()); $media_url = attribute_escape($this->get_attachments_url()); @@ -188,8 +192,11 @@ EOD; } function get_categories_xml() { - log_app('function','get_categories_xml()'); + + if( !current_user_can( 'edit_posts' ) ) + $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); + $home = attribute_escape(get_bloginfo_rss('home')); $categories = ""; @@ -282,8 +289,11 @@ EOD; } function get_post($postID) { - global $entry; + + if( !current_user_can( 'edit_post', $postID ) ) + $this->auth_required( __( 'Sorry, you do not have the right to access this post.' ) ); + $this->set_current_entry($postID); $output = $this->get_entry($postID); log_app('function',"get_post($postID)"); @@ -372,8 +382,9 @@ EOD; } function get_attachment($postID = NULL) { + if( !current_user_can( 'upload_files' ) ) + $this->auth_required( __( 'Sorry, you do not have the right to file uploads on this blog.' ) ); - global $entry; if (!isset($postID)) { $this->get_attachments(); } else { @@ -494,6 +505,10 @@ EOD; } $location = get_post_meta($entry['ID'], '_wp_attached_file', true); + $filetype = wp_check_filetype($location); + + if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext'])) + $this->internal_error(__('Error ocurred while accessing post metadata for file location.')); // delete file @unlink($location); @@ -795,7 +810,6 @@ EOD; </app:control> <author> <name><?php the_author()?></name> - <email><?php the_author_email()?></email> <?php if (get_the_author_url() && get_the_author_url() != 'http://') { ?> <uri><?php the_author_url()?></uri> <?php } ?> |