diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-02-05 15:34:44 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-02-05 15:34:44 +0000 |
commit | 7126981ee497950fa0f033e32a6a8d0c150a1a62 (patch) | |
tree | 5538391c2c9a74849dec555b8ffff648c5b171ca /xmlrpc.php | |
parent | bd36587b32db474bd99b5cfcb7e7a4315dae9ed0 (diff) | |
download | wordpress-mu-7126981ee497950fa0f033e32a6a8d0c150a1a62.tar.gz wordpress-mu-7126981ee497950fa0f033e32a6a8d0c150a1a62.tar.xz wordpress-mu-7126981ee497950fa0f033e32a6a8d0c150a1a62.zip |
Merge with WP 2.3.3
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1196 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'xmlrpc.php')
-rw-r--r-- | xmlrpc.php | 65 |
1 files changed, 39 insertions, 26 deletions
@@ -988,19 +988,28 @@ class wp_xmlrpc_server extends IXR_Server { if (!$this->login_pass_ok($user_login, $user_pass)) { return $this->error; } - - $cap = ($publish) ? 'publish_posts' : 'edit_posts'; $user = set_current_user(0, $user_login); - if ( !current_user_can($cap) ) - return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.')); - // The post_type defaults to post, but could also be page. - $post_type = "post"; - if( - !empty($content_struct["post_type"]) - && ($content_struct["post_type"] == "page") - ) { - $post_type = "page"; + $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; + $error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' ); + $post_type = 'post'; + if( !empty( $content_struct['post_type'] ) ) { + if( $content_struct['post_type'] == 'page' ) { + $cap = ( $publish ) ? 'publish_pages' : 'edit_pages'; + $error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' ); + $post_type = 'page'; + } + elseif( $content_type['post_type'] == 'post' ) { + // This is the default, no changes needed + } + else { + // No other post_type values are allowed here + return new IXR_Error( 401, __( 'Invalid post type.' ) ); + } + } + + if( !current_user_can( $cap ) ) { + return new IXR_Error( 401, $error_message ); } // Let WordPress generate the post_name (slug) unless @@ -1200,25 +1209,29 @@ class wp_xmlrpc_server extends IXR_Server { if (!$this->login_pass_ok($user_login, $user_pass)) { return $this->error; } - $user = set_current_user(0, $user_login); - // The post_type defaults to post, but could also be page. - $post_type = "post"; - if( - !empty($content_struct["post_type"]) - && ($content_struct["post_type"] == "page") - ) { - if( !current_user_can( 'edit_page', $post_ID ) ) { - return(new IXR_Error(401, __("Sorry, you do not have the right to edit this page."))); - } - - $post_type = "page"; + $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; + $error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' ); + $post_type = 'post'; + if( !empty( $content_struct['post_type'] ) ) { + if( $content_struct['post_type'] == 'page' ) { + $cap = ( $publish ) ? 'publish_pages' : 'edit_pages'; + $error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' ); + $post_type = 'page'; + } + elseif( $content_type['post_type'] == 'post' ) { + // This is the default, no changes needed + } + else { + // No other post_type values are allowed here + return new IXR_Error( 401, __( 'Invalid post type.' ) ); + } } - // Edit page caps are checked in editPage. Just check post here. - if ( ( 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) ) - return new IXR_Error(401, __('Sorry, you can not edit this post.')); + if( !current_user_can( $cap ) ) { + return new IXR_Error( 401, $error_message ); + } $postdata = wp_get_single_post($post_ID, ARRAY_A); |