diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-01-02 16:00:05 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-01-02 16:00:05 +0000 |
| commit | 1503e05616c295e6f980134dc341fa1a66dc9672 (patch) | |
| tree | b0a7dc356affec0059670603f1cb990da7dbc026 /xmlrpc.php | |
| parent | c65d51fec1d641efd1ec8a44c046cd54d588fe3b (diff) | |
| download | wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.tar.gz wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.tar.xz wordpress-mu-1503e05616c295e6f980134dc341fa1a66dc9672.zip | |
Merge with WP 2.3.2
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1172 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'xmlrpc.php')
| -rw-r--r-- | xmlrpc.php | 211 |
1 files changed, 147 insertions, 64 deletions
@@ -187,6 +187,12 @@ class wp_xmlrpc_server extends IXR_Server { return($this->error); } + set_current_user( 0, $username ); + if( !current_user_can( 'edit_page', $page_id ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit this page.' ) ); + + do_action('xmlrpc_call', 'wp.getPage'); + // Lookup page info. $page = get_page($page_id); @@ -268,6 +274,12 @@ class wp_xmlrpc_server extends IXR_Server { return($this->error); } + set_current_user( 0, $username ); + if( !current_user_can( 'edit_pages' ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); + + do_action('xmlrpc_call', 'wp.getPages'); + // Lookup info on pages. $pages = get_pages(); $num_pages = count($pages); @@ -426,6 +438,12 @@ class wp_xmlrpc_server extends IXR_Server { return($this->error); } + set_current_user( 0, $username ); + if( !current_user_can( 'edit_pages' ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); + + do_action('xmlrpc_call', 'wp.getPageList'); + // Get list of pages ids and titles $page_list = $wpdb->get_results(" SELECT ID page_id, @@ -459,7 +477,6 @@ class wp_xmlrpc_server extends IXR_Server { * wp_getAuthors */ function wp_getAuthors($args) { - global $wpdb; $this->escape($args); @@ -471,7 +488,23 @@ class wp_xmlrpc_server extends IXR_Server { return($this->error); } - return(get_users_of_blog()); + set_current_user(0, $username); + if(!current_user_can("edit_posts")) { + return(new IXR_Error(401, __("Sorry, you can not edit posts on this blog."))); + } + + do_action('xmlrpc_call', 'wp.getAuthors'); + + $authors = array(); + foreach( (array) get_users_of_blog() as $row ) { + $authors[] = array( + "user_id" => $row->user_id, + "user_login" => $row->user_login, + "display_name" => $row->display_name + ); + } + + return($authors); } /** @@ -493,7 +526,7 @@ class wp_xmlrpc_server extends IXR_Server { // Set the user context and make sure they are // allowed to add a category. set_current_user(0, $username); - if(!current_user_can("manage_categories", $page_id)) { + if(!current_user_can("manage_categories")) { return(new IXR_Error(401, __("Sorry, you do not have the right to add a category."))); } @@ -547,6 +580,12 @@ class wp_xmlrpc_server extends IXR_Server { return($this->error); } + set_current_user(0, $username); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you must be able to publish to this blog in order to view categories.' ) ); + + do_action('xmlrpc_call', 'wp.suggestCategories'); + $args = array('get' => 'all', 'number' => $max_results, 'name__like' => $category); $category_suggestions = get_categories($args); @@ -610,13 +649,18 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) ); + + do_action('xmlrpc_call', 'blogger.getUserInfo'); + $user_data = get_userdatabylogin($user_login); $struct = array( 'nickname' => $user_data->nickname, 'userid' => $user_data->ID, 'url' => $user_data->user_url, - 'email' => $user_data->user_email, 'lastname' => $user_data->last_name, 'firstname' => $user_data->first_name ); @@ -638,7 +682,12 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - $user_data = get_userdatabylogin($user_login); + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_post', $post_ID ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); + + do_action('xmlrpc_call', 'blogger.getPost'); + $post_data = wp_get_single_post($post_ID, ARRAY_A); $categories = implode(',', wp_get_post_categories($post_ID)); @@ -676,12 +725,16 @@ class wp_xmlrpc_server extends IXR_Server { $posts_list = wp_get_recent_posts($num_posts); + set_current_user( 0, $user_login ); + if (!$posts_list) { $this->error = new IXR_Error(500, __('Either there are no posts, or something went wrong.')); return $this->error; } foreach ($posts_list as $entry) { + if( !current_user_can( 'edit_post', $entry['ID'] ) ) + continue; $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); $categories = implode(',', wp_get_post_categories($entry['ID'])); @@ -1341,78 +1394,83 @@ class wp_xmlrpc_server extends IXR_Server { /* metaweblog.getPost ...returns a post */ function mw_getPost($args) { - global $wpdb; + global $wpdb; $this->escape($args); - $post_ID = (int) $args[0]; - $user_login = $args[1]; - $user_pass = $args[2]; + $post_ID = (int) $args[0]; + $user_login = $args[1]; + $user_pass = $args[2]; - if (!$this->login_pass_ok($user_login, $user_pass)) { - return $this->error; - } + if (!$this->login_pass_ok($user_login, $user_pass)) { + return $this->error; + } - $postdata = wp_get_single_post($post_ID, ARRAY_A); + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_post', $post_ID ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); - if ($postdata['post_date'] != '') { + do_action('xmlrpc_call', 'metaWeblog.getPost'); - $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); - $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); + $postdata = wp_get_single_post($post_ID, ARRAY_A); - $categories = array(); - $catids = wp_get_post_categories($post_ID); - foreach($catids as $catid) { - $categories[] = get_cat_name($catid); - } + if ($postdata['post_date'] != '') { + $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); + $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); - $tagnames = array(); - $tags = wp_get_post_tags( $post_ID ); - if ( !empty( $tags ) ) { - foreach ( $tags as $tag ) { - $tagnames[] = $tag->name; + $categories = array(); + $catids = wp_get_post_categories($post_ID); + foreach($catids as $catid) { + $categories[] = get_cat_name($catid); + } + + $tagnames = array(); + $tags = wp_get_post_tags( $post_ID ); + if ( !empty( $tags ) ) { + foreach ( $tags as $tag ) { + $tagnames[] = $tag->name; + } + $tagnames = implode( ', ', $tagnames ); + } else { + $tagnames = ''; } - $tagnames = implode( ', ', $tagnames ); - } else { - $tagnames = ''; - } - $post = get_extended($postdata['post_content']); - $link = post_permalink($postdata['ID']); + $post = get_extended($postdata['post_content']); + $link = post_permalink($postdata['ID']); - // Get the author info. - $author = get_userdata($postdata['post_author']); + // Get the author info. + $author = get_userdata($postdata['post_author']); - $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; - $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; + $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; + $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; - $resp = array( - 'dateCreated' => new IXR_Date($post_date), - 'userid' => $postdata['post_author'], - 'postid' => $postdata['ID'], - 'description' => $post['main'], - 'title' => $postdata['post_title'], - 'link' => $link, - 'permaLink' => $link, -// commented out because no other tool seems to use this -// 'content' => $entry['post_content'], - 'categories' => $categories, - 'mt_excerpt' => $postdata['post_excerpt'], - 'mt_text_more' => $post['extended'], - 'mt_allow_comments' => $allow_comments, - 'mt_allow_pings' => $allow_pings, - 'mt_keywords' => $tagnames, - 'wp_slug' => $postdata['post_name'], - 'wp_password' => $postdata['post_password'], - 'wp_author_id' => $author->ID, - 'wp_author_display_name' => $author->display_name, - 'date_created_gmt' => new IXR_Date($post_date_gmt) - ); - - return $resp; - } else { - return new IXR_Error(404, __('Sorry, no such post.')); - } + $resp = array( + 'dateCreated' => new IXR_Date($post_date), + 'userid' => $postdata['post_author'], + 'postid' => $postdata['ID'], + 'description' => $post['main'], + 'title' => $postdata['post_title'], + 'link' => $link, + 'permaLink' => $link, + // commented out because no other tool seems to use this + // 'content' => $entry['post_content'], + 'categories' => $categories, + 'mt_excerpt' => $postdata['post_excerpt'], + 'mt_text_more' => $post['extended'], + 'mt_allow_comments' => $allow_comments, + 'mt_allow_pings' => $allow_pings, + 'mt_keywords' => $tagnames, + 'wp_slug' => $postdata['post_name'], + 'wp_password' => $postdata['post_password'], + 'wp_author_id' => $author->ID, + 'wp_author_display_name' => $author->display_name, + 'date_created_gmt' => new IXR_Date($post_date_gmt) + ); + + return $resp; + } else { + return new IXR_Error(404, __('Sorry, no such post.')); + } } @@ -1437,7 +1495,11 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + set_current_user( 0, $user_login ); + foreach ($posts_list as $entry) { + if( !current_user_can( 'edit_post', $entry['ID'] ) ) + continue; $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); $post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt']); @@ -1517,6 +1579,12 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); + + do_action('xmlrpc_call', 'metaWeblog.getCategories'); + $categories_struct = array(); if ( $cats = get_categories('get=all') ) { @@ -1636,7 +1704,11 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + set_current_user( 0, $user_login ); + foreach ($posts_list as $entry) { + if( !current_user_can( 'edit_post', $entry['ID'] ) ) + continue; $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); $post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt']); @@ -1675,9 +1747,14 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); + + do_action('xmlrpc_call', 'mt.getCategoryList'); + $categories_struct = array(); - // FIXME: can we avoid using direct SQL there? if ( $cats = get_categories('hide_empty=0&hierarchical=0') ) { foreach ($cats as $cat) { $struct['categoryId'] = $cat->term_id; @@ -1704,6 +1781,12 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + set_current_user( 0, $user_login ); + if( !current_user_can( 'edit_post', $post_ID ) ) + return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); + + do_action('xmlrpc_call', 'mt.getPostCategories'); + $categories = array(); $catids = wp_get_post_categories(intval($post_ID)); // first listed category will be the primary category |