diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-06-13 17:21:00 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-06-13 17:21:00 +0000 |
| commit | 12de05107e4c8b006bde6ee8916f34eb476d08da (patch) | |
| tree | 123ee54ecd1f3f777373b7df54a4604012d43640 /xmlrpc.php | |
| parent | e51c7a9ca4bfdb45fa3ec7334bd33871e78c68b1 (diff) | |
| download | wordpress-mu-12de05107e4c8b006bde6ee8916f34eb476d08da.tar.gz wordpress-mu-12de05107e4c8b006bde6ee8916f34eb476d08da.tar.xz wordpress-mu-12de05107e4c8b006bde6ee8916f34eb476d08da.zip | |
WP Merge with revision 8075
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1328 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'xmlrpc.php')
| -rw-r--r-- | xmlrpc.php | 189 |
1 files changed, 164 insertions, 25 deletions
@@ -1,5 +1,16 @@ <?php - +/** + * XML-RPC protocol support for WordPress + * + * @license GPL v2 <./license.txt> + * @package WordPress + */ + +/** + * Whether this is a XMLRPC Request + * + * @var bool + */ define('XMLRPC_REQUEST', true); // Some browser-embedded clients send cookies. We don't want them. @@ -11,11 +22,12 @@ if ( !isset( $HTTP_RAW_POST_DATA ) ) { $HTTP_RAW_POST_DATA = file_get_contents( 'php://input' ); } -# fix for mozBlog and other cases where '<?xml' isn't on the very first line +// fix for mozBlog and other cases where '<?xml' isn't on the very first line if ( isset($HTTP_RAW_POST_DATA) ) $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA); -include('./wp-config.php'); +/** Include the bootstrap for setting up WordPress environment */ +include('./wp-load.php'); if ( isset( $_GET['rsd'] ) ) { // http://archipelago.phrasewise.com/rsd header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true); @@ -45,10 +57,32 @@ include_once(ABSPATH . WPINC . '/class-IXR.php'); // Turn off all warnings and errors. // error_reporting(0); -$post_default_title = ""; // posts submitted via the xmlrpc interface get that title - +/** + * Posts submitted via the xmlrpc interface get that title + * @name post_default_title + * @var string + */ +$post_default_title = ""; + +/** + * Whether to enable XMLRPC Logging. + * + * @name xmlrpc_logging + * @var int|bool + */ $xmlrpc_logging = 0; +/** + * logIO() - Writes logging info to a file. + * + * @uses $xmlrpc_logging + * @package WordPress + * @subpackage Logging + * + * @param string $io Whether input or output + * @param string $msg Information describing logging reason. + * @return bool Always return true + */ function logIO($io,$msg) { global $xmlrpc_logging; if ($xmlrpc_logging) { @@ -59,21 +93,24 @@ function logIO($io,$msg) { fclose($fp); } return true; - } - -function starify($string) { - $i = strlen($string); - return str_repeat('*', $i); } if ( isset($HTTP_RAW_POST_DATA) ) - logIO("I", $HTTP_RAW_POST_DATA); - + logIO("I", $HTTP_RAW_POST_DATA); + +/** + * @internal + * Left undocumented to work on later. If you want to finish, then please do so. + * + * @package WordPress + * @subpackage Publishing + */ class wp_xmlrpc_server extends IXR_Server { function wp_xmlrpc_server() { $this->methods = array( // WordPress API + 'wp.getUsersBlogs' => 'this:wp_getUsersBlogs', 'wp.getPage' => 'this:wp_getPage', 'wp.getPages' => 'this:wp_getPages', 'wp.newPage' => 'this:wp_newPage', @@ -89,6 +126,7 @@ class wp_xmlrpc_server extends IXR_Server { 'wp.getCommentCount' => 'this:wp_getCommentCount', 'wp.getPostStatusList' => 'this:wp_getPostStatusList', 'wp.getPageStatusList' => 'this:wp_getPageStatusList', + 'wp.getPageTemplates' => 'this:wp_getPageTemplates', // Blogger API 'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs', @@ -219,6 +257,53 @@ class wp_xmlrpc_server extends IXR_Server { /** * WordPress XML-RPC API + * wp_getUsersBlogs + */ + function wp_getUsersBlogs( $args ) { + // If this isn't on WPMU then just use blogger_getUsersBlogs + if( !function_exists( 'is_site_admin' ) ) { + array_unshift( $args, 1 ); + return $this->blogger_getUsersBlogs( $args ); + } + + $this->escape( $args ); + + $username = $args[0]; + $password = $args[1]; + + if( !$this->login_pass_ok( $username, $password ) ) + return $this->error; + + do_action( 'xmlrpc_call', 'wp.getUsersBlogs' ); + + $user = set_current_user( 0, $username ); + + $blogs = (array) get_blogs_of_user( $user->ID ); + $struct = array( ); + + foreach( $blogs as $blog ) { + // Don't include blogs that aren't hosted at this site + if( $blog->site_id != 1 ) + continue; + + $blog_id = $blog->userblog_id; + switch_to_blog($blog_id); + $is_admin = current_user_can('level_8'); + + $struct[] = array( + 'isAdmin' => $is_admin, + 'url' => get_option( 'home' ) . '/', + 'blogid' => $blog_id, + 'blogName' => get_option( 'blogname' ), + 'xmlrpc' => get_option( 'home' ) . '/xmlrpc.php' + ); + } + + return $struct; + } + + /** + * WordPress XML-RPC API * wp_getPage */ function wp_getPage($args) { @@ -272,6 +357,10 @@ class wp_xmlrpc_server extends IXR_Server { // Get the author info. $author = get_userdata($page->post_author); + $page_template = get_post_meta( $page->ID, '_wp_page_template', true ); + if( empty( $page_template ) ) + $page_template = 'default'; + $page_struct = array( "dateCreated" => new IXR_Date($page_date), "userid" => $page->post_author, @@ -295,7 +384,8 @@ class wp_xmlrpc_server extends IXR_Server { "wp_author_id" => $author->ID, "wp_author_display_name" => $author->display_name, "date_created_gmt" => new IXR_Date($page_date_gmt), - "custom_fields" => $this->get_custom_fields($page_id) + "custom_fields" => $this->get_custom_fields($page_id), + "wp_page_template" => $page_template ); return($page_struct); @@ -697,7 +787,13 @@ class wp_xmlrpc_server extends IXR_Server { do_action('xmlrpc_call', 'wp.getCommentCount'); - return get_comment_count( $post_id ); + $count = wp_count_comments( $post_id ); + return array( + "approved" => $count->approved, + "awaiting_moderation" => $count->moderated, + "spam" => $count->spam, + "total_comments" => $count->total_comments + ); } @@ -744,6 +840,28 @@ class wp_xmlrpc_server extends IXR_Server { return get_page_statuses( ); } + function wp_getPageTemplates( $args ) { + $this->escape( $args ); + + $blog_id = (int) $args[0]; + $username = $args[1]; + $password = $args[2]; + + if( !$this->login_pass_ok( $username, $password ) ) { + return new IXR_Error( 403, __( 'Bad login/pass combination.' ) ); + } + + set_current_user( 0, $username ); + if( !current_user_can( 'edit_pages' ) ) { + return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); + } + + $templates = get_page_templates( ); + $templates['Default'] = 'default'; + + return $templates; + } + /* Blogger API functions * specs on http://plant.blogger.com/api and http://groups.yahoo.com/group/bloggerDev/ @@ -1148,11 +1266,14 @@ class wp_xmlrpc_server extends IXR_Server { $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; $error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' ); $post_type = 'post'; + $page_template = ''; if( !empty( $content_struct['post_type'] ) ) { if( $content_struct['post_type'] == 'page' ) { $cap = ( $publish ) ? 'publish_pages' : 'edit_pages'; $error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' ); $post_type = 'page'; + if( !empty( $content_struct['wp_page_template'] ) ) + $page_template = $content_struct['wp_page_template']; } elseif( $content_struct['post_type'] == 'post' ) { // This is the default, no changes needed @@ -1309,7 +1430,7 @@ class wp_xmlrpc_server extends IXR_Server { } if ($post_more) { - $post_content = $post_content . "\n<!--more-->\n" . $post_more; + $post_content = $post_content . "<!--more-->" . $post_more; } $to_ping = $content_struct['mt_tb_ping_urls']; @@ -1341,9 +1462,9 @@ class wp_xmlrpc_server extends IXR_Server { } // We've got all the data -- post it: - $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping', 'post_type', 'post_name', 'post_password', 'post_parent', 'menu_order', 'tags_input'); + $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping', 'post_type', 'post_name', 'post_password', 'post_parent', 'menu_order', 'tags_input', 'page_template'); - $post_ID = wp_insert_post($postdata); + $post_ID = wp_insert_post($postdata, true); if ( is_wp_error( $post_ID ) ) return new IXR_Error(500, $post_ID->get_error_message()); @@ -1355,6 +1476,12 @@ class wp_xmlrpc_server extends IXR_Server { $this->set_custom_fields($post_ID, $content_struct['custom_fields']); } + // Handle enclosures + $enclosure = $content_struct['enclosure']; + if( is_array( $enclosure ) && isset( $enclosure['url'] ) && isset( $enclosure['length'] ) && isset( $enclosure['type'] ) ) { + add_post_meta( $post_ID, 'enclosure', $enclosure['url'] . "\n" . $enclosure['length'] . "\n" . $enclosure['type'] ); + } + $this->attach_uploads( $post_ID, $post_content ); logIO('O', "Posted ! ID: $post_ID"); @@ -1370,7 +1497,7 @@ class wp_xmlrpc_server extends IXR_Server { if( is_array( $attachments ) ) { foreach( $attachments as $file ) { if( strpos( $post_content, $file->guid ) !== false ) { - $wpdb->query( "UPDATE {$wpdb->posts} SET post_parent = '$post_ID' WHERE ID = '{$file->ID}'" ); + $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) ); } } } @@ -1397,11 +1524,14 @@ class wp_xmlrpc_server extends IXR_Server { $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; $error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' ); $post_type = 'post'; + $page_template = ''; if( !empty( $content_struct['post_type'] ) ) { if( $content_struct['post_type'] == 'page' ) { $cap = ( $publish ) ? 'publish_pages' : 'edit_pages'; $error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' ); $post_type = 'page'; + if( !empty( $content_struct['wp_page_template'] ) ) + $page_template = $content_struct['wp_page_template']; } elseif( $content_struct['post_type'] == 'post' ) { // This is the default, no changes needed @@ -1578,7 +1708,7 @@ class wp_xmlrpc_server extends IXR_Server { } if ($post_more) { - $post_content = $post_content . "\n<!--more-->\n" . $post_more; + $post_content = $post_content . "<!--more-->" . $post_more; } $to_ping = $content_struct['mt_tb_ping_urls']; @@ -1600,9 +1730,12 @@ class wp_xmlrpc_server extends IXR_Server { } // We've got all the data -- post it: - $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt', 'to_ping', 'post_name', 'post_password', 'post_parent', 'menu_order', 'post_author', 'tags_input'); + $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt', 'to_ping', 'post_name', 'post_password', 'post_parent', 'menu_order', 'post_author', 'tags_input', 'page_template'); + + $result = wp_update_post($newpost, true); + if ( is_wp_error( $result ) ) + return new IXR_Error(500, $result->get_error_message()); - $result = wp_update_post($newpost); if (!$result) { return new IXR_Error(500, __('Sorry, your entry could not be edited. Something wrong happened.')); } @@ -1611,6 +1744,12 @@ class wp_xmlrpc_server extends IXR_Server { $this->set_custom_fields($post_ID, $content_struct['custom_fields']); } + // Handle enclosures + $enclosure = $content_struct['enclosure']; + if( is_array( $enclosure ) && isset( $enclosure['url'] ) && isset( $enclosure['length'] ) && isset( $enclosure['type'] ) ) { + add_post_meta( $post_ID, 'enclosure', $enclosure['url'] . "\n" . $enclosure['length'] . "\n" . $enclosure['type'] ); + } + $this->attach_uploads( $ID, $post_content ); logIO('O',"(MW) Edited ! ID: $post_ID"); @@ -2111,7 +2250,7 @@ class wp_xmlrpc_server extends IXR_Server { return new IXR_Error(404, __('Sorry, no such post.')); } - $comments = $wpdb->get_results("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = $post_ID"); + $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); if (!$comments) { return array(); @@ -2224,7 +2363,7 @@ class wp_xmlrpc_server extends IXR_Server { } elseif (is_string($urltest['fragment'])) { // ...or a string #title, a little more complicated $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); - $sql = "SELECT ID FROM $wpdb->posts WHERE post_title RLIKE '$title'"; + $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title); if (! ($post_ID = $wpdb->get_var($sql)) ) { // returning unknown error '0' is better than die()ing return new IXR_Error(0, ''); @@ -2253,7 +2392,7 @@ class wp_xmlrpc_server extends IXR_Server { return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); // Let's check that the remote site didn't already pingback this entry - $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_ID' AND comment_author_url = '$pagelinkedfrom'"); + $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) ); if ( $wpdb->num_rows ) // We already have a Pingback from this URL return new IXR_Error(48, __('The pingback has already been registered.')); @@ -2362,7 +2501,7 @@ class wp_xmlrpc_server extends IXR_Server { return new IXR_Error(32, __('The specified target URL does not exist.')); } - $comments = $wpdb->get_results("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = $post_ID"); + $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); if (!$comments) { return array(); |