Use user returned from auth for XML-RPC logins. Props wnorris. fixes #8941
git-svn-id: http://svn.automattic.com/wordpress/trunk@10456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
f02590c921
commit
9ef3298a6f
299
xmlrpc.php
299
xmlrpc.php
|
@ -238,6 +238,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
* @param string $user_login User's username.
|
||||
* @param string $user_pass User's password.
|
||||
* @return bool Whether authentication passed.
|
||||
* @deprecated use wp_xmlrpc_server::login
|
||||
* @see wp_xmlrpc_server::login
|
||||
*/
|
||||
function login_pass_ok($user_login, $user_pass) {
|
||||
if ( !get_option( 'enable_xmlrpc' ) ) {
|
||||
|
@ -252,6 +254,32 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Log user in.
|
||||
*
|
||||
* @since 2.8
|
||||
*
|
||||
* @param string $username User's username.
|
||||
* @param string $password User's password.
|
||||
* @return mixed WP_User object if authentication passed, false otherwise
|
||||
*/
|
||||
function login($username, $password) {
|
||||
if ( !get_option( 'enable_xmlrpc' ) ) {
|
||||
$this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this blog. An admin user can enable them at %s'), admin_url('options-writing.php') ) );
|
||||
return false;
|
||||
}
|
||||
|
||||
$user = wp_authenticate($username, $password);
|
||||
|
||||
if (is_wp_error($user)) {
|
||||
$this->error = new IXR_Error(403, __('Bad login/pass combination.'));
|
||||
return false;
|
||||
}
|
||||
|
||||
set_current_user( $user->ID );
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sanitize string or array of strings for database.
|
||||
*
|
||||
|
@ -417,13 +445,12 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$username = $args[0];
|
||||
$password = $args[1];
|
||||
|
||||
if( !$this->login_pass_ok( $username, $password ) )
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action( 'xmlrpc_call', 'wp.getUsersBlogs' );
|
||||
|
||||
$user = set_current_user( 0, $username );
|
||||
|
||||
$blogs = (array) get_blogs_of_user( $user->ID );
|
||||
$struct = array( );
|
||||
|
||||
|
@ -466,11 +493,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$username = $args[2];
|
||||
$password = $args[3];
|
||||
|
||||
if(!$this->login_pass_ok($username, $password)) {
|
||||
return($this->error);
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if( !current_user_can( 'edit_page', $page_id ) )
|
||||
return new IXR_Error( 401, __( 'Sorry, you can not edit this page.' ) );
|
||||
|
||||
|
@ -564,11 +590,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$password = $args[2];
|
||||
$num_pages = (int) $args[3];
|
||||
|
||||
if(!$this->login_pass_ok($username, $password)) {
|
||||
return($this->error);
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if( !current_user_can( 'edit_pages' ) )
|
||||
return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) );
|
||||
|
||||
|
@ -616,15 +641,13 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$page = $args[3];
|
||||
$publish = $args[4];
|
||||
|
||||
if(!$this->login_pass_ok($username, $password)) {
|
||||
return($this->error);
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action('xmlrpc_call', 'wp.newPage');
|
||||
|
||||
// Set the user context and check if they are allowed
|
||||
// to add new pages.
|
||||
$user = set_current_user(0, $username);
|
||||
// Make sure the user is allowed to add new pages.
|
||||
if(!current_user_can("publish_pages")) {
|
||||
return(new IXR_Error(401, __("Sorry, you can not add new pages.")));
|
||||
}
|
||||
|
@ -652,8 +675,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$password = $args[2];
|
||||
$page_id = (int) $args[3];
|
||||
|
||||
if(!$this->login_pass_ok($username, $password)) {
|
||||
return($this->error);
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action('xmlrpc_call', 'wp.deletePage');
|
||||
|
@ -668,8 +691,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return(new IXR_Error(404, __("Sorry, no such page.")));
|
||||
}
|
||||
|
||||
// Set the user context and make sure they can delete pages.
|
||||
set_current_user(0, $username);
|
||||
// Make sure the user can delete pages.
|
||||
if(!current_user_can("delete_page", $page_id)) {
|
||||
return(new IXR_Error(401, __("Sorry, you do not have the right to delete this page.")));
|
||||
}
|
||||
|
@ -700,8 +722,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$content = $args[4];
|
||||
$publish = $args[5];
|
||||
|
||||
if(!$this->login_pass_ok($username, $password)) {
|
||||
return($this->error);
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action('xmlrpc_call', 'wp.editPage');
|
||||
|
@ -715,8 +737,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return(new IXR_Error(404, __("Sorry, no such page.")));
|
||||
}
|
||||
|
||||
// Set the user context and make sure they are allowed to edit pages.
|
||||
set_current_user(0, $username);
|
||||
// Make sure the user is allowed to edit pages.
|
||||
if(!current_user_can("edit_page", $page_id)) {
|
||||
return(new IXR_Error(401, __("Sorry, you do not have the right to edit this page.")));
|
||||
}
|
||||
|
@ -754,11 +775,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if(!$this->login_pass_ok($username, $password)) {
|
||||
return($this->error);
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if( !current_user_can( 'edit_pages' ) )
|
||||
return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) );
|
||||
|
||||
|
@ -808,11 +828,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if(!$this->login_pass_ok($username, $password)) {
|
||||
return($this->error);
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user(0, $username);
|
||||
if(!current_user_can("edit_posts")) {
|
||||
return(new IXR_Error(401, __("Sorry, you can not edit posts on this blog.")));
|
||||
}
|
||||
|
@ -846,11 +865,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if( !$this->login_pass_ok( $username, $password ) ) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if( !current_user_can( 'edit_posts' ) ) {
|
||||
return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view tags.' ) );
|
||||
}
|
||||
|
@ -891,15 +909,13 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$password = $args[2];
|
||||
$category = $args[3];
|
||||
|
||||
if(!$this->login_pass_ok($username, $password)) {
|
||||
return($this->error);
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action('xmlrpc_call', 'wp.newCategory');
|
||||
|
||||
// Set the user context and make sure they are
|
||||
// allowed to add a category.
|
||||
set_current_user(0, $username);
|
||||
// Make sure the user is allowed to add a category.
|
||||
if(!current_user_can("manage_categories")) {
|
||||
return(new IXR_Error(401, __("Sorry, you do not have the right to add a category.")));
|
||||
}
|
||||
|
@ -951,13 +967,12 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$password = $args[2];
|
||||
$category_id = (int) $args[3];
|
||||
|
||||
if( !$this->login_pass_ok( $username, $password ) ) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action('xmlrpc_call', 'wp.deleteCategory');
|
||||
|
||||
set_current_user(0, $username);
|
||||
if( !current_user_can("manage_categories") ) {
|
||||
return new IXR_Error( 401, __( "Sorry, you do not have the right to delete a category." ) );
|
||||
}
|
||||
|
@ -982,11 +997,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$category = $args[3];
|
||||
$max_results = (int) $args[4];
|
||||
|
||||
if(!$this->login_pass_ok($username, $password)) {
|
||||
return($this->error);
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user(0, $username);
|
||||
if( !current_user_can( 'edit_posts' ) )
|
||||
return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts to this blog in order to view categories.' ) );
|
||||
|
||||
|
@ -1020,10 +1034,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$password = $args[2];
|
||||
$comment_id = (int) $args[3];
|
||||
|
||||
if ( !$this->login_pass_ok( $username, $password ) )
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if ( !current_user_can( 'moderate_comments' ) )
|
||||
return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) );
|
||||
|
||||
|
@ -1083,10 +1097,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$password = $args[2];
|
||||
$struct = $args[3];
|
||||
|
||||
if ( !$this->login_pass_ok($username, $password) )
|
||||
return($this->error);
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if ( !current_user_can( 'moderate_comments' ) )
|
||||
return new IXR_Error( 401, __( 'Sorry, you can not edit comments.' ) );
|
||||
|
||||
|
@ -1143,10 +1157,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$password = $args[2];
|
||||
$comment_ID = (int) $args[3];
|
||||
|
||||
if ( !$this->login_pass_ok( $username, $password ) )
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if ( !current_user_can( 'moderate_comments' ) )
|
||||
return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) );
|
||||
|
||||
|
@ -1175,10 +1189,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$comment_ID = (int) $args[3];
|
||||
$content_struct = $args[4];
|
||||
|
||||
if ( !$this->login_pass_ok( $username, $password ) )
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if ( !current_user_can( 'moderate_comments' ) )
|
||||
return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) );
|
||||
|
||||
|
@ -1249,7 +1263,9 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
|
||||
$allow_anon = apply_filters('xmlrpc_allow_anonymous_comments', false);
|
||||
|
||||
if ( !$this->login_pass_ok( $username, $password ) ) {
|
||||
$user = $this->login($username, $password);
|
||||
|
||||
if ( !$user ) {
|
||||
$logged_in = false;
|
||||
if ( $allow_anon && get_option('comment_registration') )
|
||||
return new IXR_Error( 403, __( 'You must be registered to comment' ) );
|
||||
|
@ -1257,7 +1273,6 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return $this->error;
|
||||
} else {
|
||||
$logged_in = true;
|
||||
set_current_user( 0, $username );
|
||||
}
|
||||
|
||||
if ( is_numeric($post) )
|
||||
|
@ -1274,7 +1289,6 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$comment['comment_post_ID'] = $post_id;
|
||||
|
||||
if ( $logged_in ) {
|
||||
$user = wp_get_current_user();
|
||||
$comment['comment_author'] = $wpdb->escape( $user->display_name );
|
||||
$comment['comment_author_email'] = $wpdb->escape( $user->user_email );
|
||||
$comment['comment_author_url'] = $wpdb->escape( $user->user_url );
|
||||
|
@ -1326,10 +1340,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if ( !$this->login_pass_ok( $username, $password ) )
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if ( !current_user_can( 'moderate_comments' ) )
|
||||
return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) );
|
||||
|
||||
|
@ -1354,11 +1368,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$password = $args[2];
|
||||
$post_id = (int) $args[3];
|
||||
|
||||
if( !$this->login_pass_ok( $username, $password ) ) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if( !current_user_can( 'edit_posts' ) ) {
|
||||
return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) );
|
||||
}
|
||||
|
@ -1389,11 +1402,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if( !$this->login_pass_ok( $username, $password ) ) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if( !current_user_can( 'edit_posts' ) ) {
|
||||
return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) );
|
||||
}
|
||||
|
@ -1418,11 +1430,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if( !$this->login_pass_ok( $username, $password ) ) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if( !current_user_can( 'edit_posts' ) ) {
|
||||
return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) );
|
||||
}
|
||||
|
@ -1447,11 +1458,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if( !$this->login_pass_ok( $username, $password ) ) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $username );
|
||||
if( !current_user_can( 'edit_pages' ) ) {
|
||||
return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) );
|
||||
}
|
||||
|
@ -1478,10 +1488,9 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$password = $args[2];
|
||||
$options = (array) $args[3];
|
||||
|
||||
if( !$this->login_pass_ok( $username, $password ) )
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
|
||||
$user = set_current_user( 0, $username );
|
||||
}
|
||||
|
||||
// If no specific options where asked for, return all of them
|
||||
if (count( $options ) == 0 ) {
|
||||
|
@ -1533,10 +1542,10 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$password = $args[2];
|
||||
$options = (array) $args[3];
|
||||
|
||||
if( !$this->login_pass_ok( $username, $password ) )
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
$user = set_current_user( 0, $username );
|
||||
if( !current_user_can( 'manage_options' ) )
|
||||
return new IXR_Error( 403, __( 'You are not allowed to update options.' ) );
|
||||
|
||||
|
@ -1576,16 +1585,15 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
|
||||
$this->escape($args);
|
||||
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action('xmlrpc_call', 'blogger.getUsersBlogs');
|
||||
|
||||
set_current_user(0, $user_login);
|
||||
$is_admin = current_user_can('manage_options');
|
||||
|
||||
$struct = array(
|
||||
|
@ -1613,27 +1621,24 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
|
||||
$this->escape($args);
|
||||
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $user_login );
|
||||
if( !current_user_can( 'edit_posts' ) )
|
||||
return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) );
|
||||
|
||||
do_action('xmlrpc_call', 'blogger.getUserInfo');
|
||||
|
||||
$user_data = get_userdatabylogin($user_login);
|
||||
|
||||
$struct = array(
|
||||
'nickname' => $user_data->nickname,
|
||||
'userid' => $user_data->ID,
|
||||
'url' => $user_data->user_url,
|
||||
'lastname' => $user_data->last_name,
|
||||
'firstname' => $user_data->first_name
|
||||
'nickname' => $user->nickname,
|
||||
'userid' => $user->ID,
|
||||
'url' => $user->user_url,
|
||||
'lastname' => $user->last_name,
|
||||
'firstname' => $user->first_name
|
||||
);
|
||||
|
||||
return $struct;
|
||||
|
@ -1652,14 +1657,13 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$post_ID = (int) $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
$username = $args[2];
|
||||
$password = $args[3];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $user_login );
|
||||
if( !current_user_can( 'edit_post', $post_ID ) )
|
||||
return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) );
|
||||
|
||||
|
@ -1696,11 +1700,11 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$blog_ID = (int) $args[1]; /* though we don't use it yet */
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
$username = $args[2];
|
||||
$password = $args[3];
|
||||
$num_posts = $args[4];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
|
@ -1708,8 +1712,6 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
|
||||
$posts_list = wp_get_recent_posts($num_posts);
|
||||
|
||||
set_current_user( 0, $user_login );
|
||||
|
||||
if (!$posts_list) {
|
||||
$this->error = new IXR_Error(500, __('Either there are no posts, or something went wrong.'));
|
||||
return $this->error;
|
||||
|
@ -1756,17 +1758,16 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$blog_ID = (int) $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
$username = $args[2];
|
||||
$password = $args[3];
|
||||
$template = $args[4]; /* could be 'main' or 'archiveIndex', but we don't use it */
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action('xmlrpc_call', 'blogger.getTemplate');
|
||||
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_themes') ) {
|
||||
return new IXR_Error(401, __('Sorry, this user can not edit the template.'));
|
||||
}
|
||||
|
@ -1798,18 +1799,17 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$blog_ID = (int) $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
$username = $args[2];
|
||||
$password = $args[3];
|
||||
$content = $args[4];
|
||||
$template = $args[5]; /* could be 'main' or 'archiveIndex', but we don't use it */
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action('xmlrpc_call', 'blogger.setTemplate');
|
||||
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_themes') ) {
|
||||
return new IXR_Error(401, __('Sorry, this user can not edit the template.'));
|
||||
}
|
||||
|
@ -1841,19 +1841,18 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$blog_ID = (int) $args[1]; /* though we don't use it yet */
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
$username = $args[2];
|
||||
$password = $args[3];
|
||||
$content = $args[4];
|
||||
$publish = $args[5];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action('xmlrpc_call', 'blogger.newPost');
|
||||
|
||||
$cap = ($publish) ? 'publish_posts' : 'edit_posts';
|
||||
$user = set_current_user(0, $user_login);
|
||||
if ( !current_user_can($cap) )
|
||||
return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.'));
|
||||
|
||||
|
@ -1897,12 +1896,12 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$post_ID = (int) $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
$username = $args[2];
|
||||
$password = $args[3];
|
||||
$content = $args[4];
|
||||
$publish = $args[5];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
|
@ -1916,7 +1915,6 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
|
||||
$this->escape($actual_post);
|
||||
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
|
||||
|
||||
|
@ -1953,11 +1951,11 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$post_ID = (int) $args[1];
|
||||
$user_login = $args[2];
|
||||
$user_pass = $args[3];
|
||||
$username = $args[2];
|
||||
$password = $args[3];
|
||||
$publish = $args[4];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
|
@ -1969,7 +1967,6 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return new IXR_Error(404, __('Sorry, no such post.'));
|
||||
}
|
||||
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.'));
|
||||
|
||||
|
@ -1998,15 +1995,14 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$blog_ID = (int) $args[0]; // we will support this in the near future
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
$content_struct = $args[3];
|
||||
$publish = $args[4];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
$user = set_current_user(0, $user_login);
|
||||
|
||||
do_action('xmlrpc_call', 'metaWeblog.newPost');
|
||||
|
||||
|
@ -2296,15 +2292,14 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$post_ID = (int) $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
$content_struct = $args[3];
|
||||
$publish = $args[4];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
$user = set_current_user(0, $user_login);
|
||||
|
||||
do_action('xmlrpc_call', 'metaWeblog.editPost');
|
||||
|
||||
|
@ -2561,14 +2556,13 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$post_ID = (int) $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $user_login );
|
||||
if( !current_user_can( 'edit_post', $post_ID ) )
|
||||
return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) );
|
||||
|
||||
|
@ -2673,11 +2667,11 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$blog_ID = (int) $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
$num_posts = (int) $args[3];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
|
@ -2689,8 +2683,6 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return array( );
|
||||
}
|
||||
|
||||
set_current_user( 0, $user_login );
|
||||
|
||||
foreach ($posts_list as $entry) {
|
||||
if( !current_user_can( 'edit_post', $entry['ID'] ) )
|
||||
continue;
|
||||
|
@ -2777,14 +2769,13 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$blog_ID = (int) $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $user_login );
|
||||
if( !current_user_can( 'edit_posts' ) )
|
||||
return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) );
|
||||
|
||||
|
@ -2825,8 +2816,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
global $wpdb;
|
||||
|
||||
$blog_ID = (int) $args[0];
|
||||
$user_login = $wpdb->escape($args[1]);
|
||||
$user_pass = $wpdb->escape($args[2]);
|
||||
$username = $wpdb->escape($args[1]);
|
||||
$password = $wpdb->escape($args[2]);
|
||||
$data = $args[3];
|
||||
|
||||
$name = sanitize_file_name( $data['name'] );
|
||||
|
@ -2835,12 +2826,12 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
|
||||
logIO('O', '(MW) Received '.strlen($bits).' bytes');
|
||||
|
||||
if ( !$this->login_pass_ok($user_login, $user_pass) )
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action('xmlrpc_call', 'metaWeblog.newMediaObject');
|
||||
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('upload_files') ) {
|
||||
logIO('O', '(MW) User does not have upload_files capability');
|
||||
$this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.'));
|
||||
|
@ -2910,11 +2901,11 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$blog_ID = (int) $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
$num_posts = (int) $args[3];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
|
@ -2927,8 +2918,6 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $user_login );
|
||||
|
||||
foreach ($posts_list as $entry) {
|
||||
if( !current_user_can( 'edit_post', $entry['ID'] ) )
|
||||
continue;
|
||||
|
@ -2967,14 +2956,13 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$blog_ID = (int) $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $user_login );
|
||||
if( !current_user_can( 'edit_posts' ) )
|
||||
return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) );
|
||||
|
||||
|
@ -3007,14 +2995,13 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$post_ID = (int) $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
set_current_user( 0, $user_login );
|
||||
if( !current_user_can( 'edit_post', $post_ID ) )
|
||||
return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) );
|
||||
|
||||
|
@ -3049,17 +3036,16 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$post_ID = (int) $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
$categories = $args[3];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action('xmlrpc_call', 'mt.setPostCategories');
|
||||
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, __('Sorry, you can not edit this post.'));
|
||||
|
||||
|
@ -3161,16 +3147,15 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
$this->escape($args);
|
||||
|
||||
$post_ID = (int) $args[0];
|
||||
$user_login = $args[1];
|
||||
$user_pass = $args[2];
|
||||
$username = $args[1];
|
||||
$password = $args[2];
|
||||
|
||||
if (!$this->login_pass_ok($user_login, $user_pass)) {
|
||||
if ( !$user = $this->login($username, $password) ) {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
do_action('xmlrpc_call', 'mt.publishPost');
|
||||
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, __('Sorry, you can not edit this post.'));
|
||||
|
||||
|
|
Loading…
Reference in New Issue