From 4b94efd93bde20fb142a244c611ebd28d32034a1 Mon Sep 17 00:00:00 2001 From: Scott Taylor Date: Thu, 15 May 2014 03:25:15 +0000 Subject: [PATCH] Eliminate use of `extract()` in `wp_xmlrpc_server::blogger_editPost()`. See #22400. Built from https://develop.svn.wordpress.org/trunk@28412 git-svn-id: http://core.svn.wordpress.org/trunk@28239 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-xmlrpc-server.php | 43 ++++++++++++++------------ 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php index 0f617dbf99..3ab6938fa8 100644 --- a/wp-includes/class-wp-xmlrpc-server.php +++ b/wp-includes/class-wp-xmlrpc-server.php @@ -4209,7 +4209,7 @@ class wp_xmlrpc_server extends IXR_Server { * @param array $args Method parameters. * @return bool true when done. */ - function blogger_editPost($args) { + function blogger_editPost( $args ) { $this->escape($args); @@ -4219,39 +4219,42 @@ class wp_xmlrpc_server extends IXR_Server { $content = $args[4]; $publish = $args[5]; - if ( !$user = $this->login($username, $password) ) + if ( ! $user = $this->login( $username, $password ) ) { return $this->error; + } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.editPost' ); - $actual_post = get_post($post_ID,ARRAY_A); + $actual_post = get_post( $post_ID, ARRAY_A ); - if ( !$actual_post || $actual_post['post_type'] != 'post' ) - return new IXR_Error(404, __('Sorry, no such post.')); + if ( ! $actual_post || $actual_post['post_type'] != 'post' ) { + return new IXR_Error( 404, __( 'Sorry, no such post.' ) ); + } $this->escape($actual_post); - if ( !current_user_can('edit_post', $post_ID) ) + if ( ! current_user_can( 'edit_post', $post_ID ) ) { return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); + } + if ( 'publish' == $actual_post['post_status'] && ! current_user_can( 'publish_posts' ) ) { + return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this post.' ) ); + } - extract($actual_post, EXTR_SKIP); + $postdata = array(); + $postdata['ID'] = $actual_post['ID']; + $postdata['post_content'] = xmlrpc_removepostdata( $content ); + $postdata['post_title'] = xmlrpc_getposttitle( $content ); + $postdata['post_category'] = xmlrpc_getpostcategory( $content ); + $postdata['post_status'] = $actual_post['post_status']; + $postdata['post_excerpt'] = $actual_post['post_excerpt']; - if ( ('publish' == $post_status) && !current_user_can('publish_posts') ) - return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); + $result = wp_update_post( $postdata ); - $post_title = xmlrpc_getposttitle($content); - $post_category = xmlrpc_getpostcategory($content); - $post_content = xmlrpc_removepostdata($content); - - $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt'); - - $result = wp_update_post($postdata); - - if ( !$result ) + if ( ! $result ) { return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be edited.')); - - $this->attach_uploads( $ID, $post_content ); + } + $this->attach_uploads( $actual_post['ID'], $postdata['post_content'] ); /** * Fires after a post has been successfully updated via the XML-RPC Blogger API.