Make the xmlrpc user the current user. fixes #2273

git-svn-id: http://svn.automattic.com/wordpress/trunk@3430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-01-13 19:19:09 +00:00
parent 558711072b
commit cb093369a1
3 changed files with 65 additions and 27 deletions

View File

@ -530,9 +530,17 @@ function kses_init_filters() {
function kses_init() { function kses_init() {
global $current_user; global $current_user;
get_currentuserinfo(); // set $current_user remove_filter('pre_comment_author', 'wp_filter_kses');
remove_filter('pre_comment_content', 'wp_filter_kses');
remove_filter('content_save_pre', 'wp_filter_post_kses');
remove_filter('title_save_pre', 'wp_filter_kses');
if (! defined('XMLRPC_REQUEST') )
get_currentuserinfo();
if (current_user_can('unfiltered_html') == false) if (current_user_can('unfiltered_html') == false)
kses_init_filters(); kses_init_filters();
} }
add_action('init', 'kses_init'); add_action('init', 'kses_init');
add_action('set_current_user', 'kses_init');
?> ?>

View File

@ -3,11 +3,38 @@
/* These functions can be replaced via plugins. They are loaded after /* These functions can be replaced via plugins. They are loaded after
plugins are loaded. */ plugins are loaded. */
if ( !function_exists('set_current_user') ) :
function set_current_user($id, $name = '') {
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
$current_user = '';
$current_user = new WP_User($id, $name);
$userdata = get_userdatabylogin($user_login);
$user_login = $userdata->user_login;
$user_level = $userdata->user_level;
$user_ID = $userdata->ID;
$user_email = $userdata->user_email;
$user_url = $userdata->user_url;
$user_pass_md5 = md5($userdata->user_pass);
$user_identity = $userdata->display_name;
do_action('set_current_user');
return $current_user;
}
endif;
if ( !function_exists('get_currentuserinfo') ) : if ( !function_exists('get_currentuserinfo') ) :
function get_currentuserinfo() { function get_currentuserinfo() {
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user; global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
return false;
if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) || if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ||
!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) { !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
$current_user = new WP_User(0); $current_user = new WP_User(0);

View File

@ -1,5 +1,10 @@
<?php <?php
define('XMLRPC_REQUEST', true);
// Some browser-embedded clients send cookies. We don't want them.
$_COOKIE = array();
# fix for mozBlog and other cases where '<?xml' isn't on the very first line # fix for mozBlog and other cases where '<?xml' isn't on the very first line
$HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA); $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA);
@ -179,8 +184,8 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->error; return $this->error;
} }
$user = new WP_User(0, $user_login); set_current_user(0, $user_login);
$is_admin = $user->has_cap('level_8'); $is_admin = current_user_can('level_8');
$struct = array( $struct = array(
'isAdmin' => $is_admin, 'isAdmin' => $is_admin,
@ -188,7 +193,7 @@ class wp_xmlrpc_server extends IXR_Server {
'blogid' => '1', 'blogid' => '1',
'blogName' => get_settings('blogname') 'blogName' => get_settings('blogname')
); );
error_log(print_r($struct,1), 3, '/tmp/xmlrpc');
return array($struct); return array($struct);
} }
@ -317,8 +322,8 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->error; return $this->error;
} }
$user = new WP_User(0, $user_login); set_current_user(0, $user_login);
if ( !$user->has_cap('edit_themes') ) { if ( !current_user_can('edit_themes') ) {
return new IXR_Error(401, 'Sorry, this user can not edit the template.'); return new IXR_Error(401, 'Sorry, this user can not edit the template.');
} }
@ -352,8 +357,8 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->error; return $this->error;
} }
$user = new WP_User(0, $user_login); set_current_user(0, $user_login);
if ( !$user->has_cap('edit_themes') ) { if ( !current_user_can('edit_themes') ) {
return new IXR_Error(401, 'Sorry, this user can not edit the template.'); return new IXR_Error(401, 'Sorry, this user can not edit the template.');
} }
@ -390,9 +395,8 @@ class wp_xmlrpc_server extends IXR_Server {
} }
$cap = ($publish) ? 'publish_posts' : 'edit_posts'; $cap = ($publish) ? 'publish_posts' : 'edit_posts';
$user = set_current_user(0, $user_login);
$user = new WP_User(0, $user_login); if ( !current_user_can($cap) )
if ( !$user->has_cap($cap) )
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.'); return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
$post_status = ($publish) ? 'publish' : 'draft'; $post_status = ($publish) ? 'publish' : 'draft';
@ -445,8 +449,8 @@ class wp_xmlrpc_server extends IXR_Server {
$this->escape($actual_post); $this->escape($actual_post);
$user = new WP_User(0, $user_login); set_current_user(0, $user_login);
if ( !$user->has_cap('edit_post', $post_ID) ) if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.'); return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.');
extract($actual_post); extract($actual_post);
@ -489,8 +493,8 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error(404, 'Sorry, no such post.'); return new IXR_Error(404, 'Sorry, no such post.');
} }
$user = new WP_User(0, $user_login); set_current_user(0, $user_login);
if ( !$user->has_cap('edit_post', $post_ID) ) if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you do not have the right to delete this post.'); return new IXR_Error(401, 'Sorry, you do not have the right to delete this post.');
$result = wp_delete_post($post_ID); $result = wp_delete_post($post_ID);
@ -525,8 +529,8 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->error; return $this->error;
} }
$user = new WP_User(0, $user_login); $user = set_current_user(0, $user_login);
if ( !$user->has_cap('publish_posts') ) if ( !current_user_can('publish_posts') )
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.'); return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
$post_author = $user->ID; $post_author = $user->ID;
@ -605,8 +609,8 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->error; return $this->error;
} }
$user = new WP_User(0, $user_login); set_current_user(0, $user_login);
if ( !$user->has_cap('edit_post', $post_ID) ) if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you can not edit this post.'); return new IXR_Error(401, 'Sorry, you can not edit this post.');
$postdata = wp_get_single_post($post_ID, ARRAY_A); $postdata = wp_get_single_post($post_ID, ARRAY_A);
@ -844,9 +848,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( !$this->login_pass_ok($user_login, $user_pass) ) if ( !$this->login_pass_ok($user_login, $user_pass) )
return $this->error; return $this->error;
$user = new WP_User(0, $user_login); set_current_user(0, $user_login);
if ( !current_user_can('upload_files') ) {
if ( !$user->has_cap('upload_files') ) {
logIO('O', '(MW) User does not have upload_files capability'); logIO('O', '(MW) User does not have upload_files capability');
$this->error = new IXR_Error(401, 'You are not allowed to upload files to this site.'); $this->error = new IXR_Error(401, 'You are not allowed to upload files to this site.');
return $this->error; return $this->error;
@ -984,8 +987,8 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->error; return $this->error;
} }
$user = new WP_User(0, $user_login); set_current_user(0, $user_login);
if ( !$user->has_cap('edit_post', $post_ID) ) if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you can not edit this post.'); return new IXR_Error(401, 'Sorry, you can not edit this post.');
foreach($categories as $cat) { foreach($categories as $cat) {
@ -1066,8 +1069,8 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->error; return $this->error;
} }
$user = new WP_User(0, $user_login); set_current_user(0, $user_login);
if ( !$user->has_cap('edit_post', $post_ID) ) if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you can not edit this post.'); return new IXR_Error(401, 'Sorry, you can not edit this post.');
$postdata = wp_get_single_post($post_ID,ARRAY_A); $postdata = wp_get_single_post($post_ID,ARRAY_A);