diff options
Diffstat (limited to 'xmlrpc.php')
-rw-r--r-- | xmlrpc.php | 51 |
1 files changed, 39 insertions, 12 deletions
@@ -149,7 +149,7 @@ class wp_xmlrpc_server extends IXR_Server { function escape(&$array) { global $wpdb; - if(is_string($array)) { + if(!is_array($array)) { return($wpdb->escape($array)); } else { @@ -594,7 +594,7 @@ class wp_xmlrpc_server extends IXR_Server { ); } - return $struct; + return array($struct); } @@ -1110,7 +1110,7 @@ class wp_xmlrpc_server extends IXR_Server { } // Only set a post parent if one was given. - if(!empty($content_struct["wp_page_parent_id"])) { + if(isset($content_struct["wp_page_parent_id"])) { $post_parent = $content_struct["wp_page_parent_id"]; } @@ -1176,11 +1176,11 @@ class wp_xmlrpc_server extends IXR_Server { $to_ping = $content_struct['mt_tb_ping_urls']; if ( is_array($to_ping) ) $to_ping = implode(' ', $to_ping); - - $comment_status = (!isset($content_struct['mt_allow_comments'])) ? - get_option('default_comment_status') - : $content_struct['mt_allow_comments']; + if(isset($content_struct["mt_allow_comments"])) { + $comment_status = $content_struct["mt_allow_comments"]; + } + // Do some timestamp voodoo $dateCreatedd = $content_struct['dateCreated']; if (!empty($dateCreatedd)) { @@ -1397,6 +1397,25 @@ class wp_xmlrpc_server extends IXR_Server { $overwrite = false; if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) { $overwrite = true; + + // If the file isn't writable then error out now. + if(!is_writable($data["name"])) { + return(new IXR_Error(500, "File is not writable, over write failed.")); + } + + // We now know the file is good so don't use the sanitized name. + $name = $data["name"]; + + // Get postmeta info on the object. + $old_meta = $wpdb->get_row(" + SELECT * + FROM {$wpdb->postmeta} + WHERE meta_key = '_wp_attached_file' + AND meta_value = '{$name}' + "); + + // Get post info on the object. + $old_post = get_post($old_meta->post_id); } logIO('O', '(MW) Received '.strlen($bits).' bytes'); @@ -1431,13 +1450,21 @@ class wp_xmlrpc_server extends IXR_Server { 'guid' => $upload[ 'url' ] ); - // Only make a database entry if this is a new file. - if(!$overwrite) { - // Save the data - $id = wp_insert_attachment( $attachment, $upload[ 'file' ], $post_id ); - wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $upload['file'] ) ); + // If we are over writing then set the correct post_id and URL + // instead of getting new ones. + if($overwrite) { + $post_id = $old_meta->post_id; + $attachment["post_parent"] = $old_meta->post_id; + $attachment["ID"] = $old_meta->post_id; + + $upload["url"] = $old_post->guid; + $attachment["guid"] = $old_post->guid; } + // Save the data + $id = wp_insert_attachment( $attachment, $upload[ 'file' ], $post_id ); + wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $upload['file'] ) ); + return apply_filters( 'wp_handle_upload', array( 'file' => $upload[ 'file' ], 'url' => $upload[ 'url' ], 'type' => $type ) ); } |