Make the xmlrpc user the current user. fixes #2273
git-svn-id: http://svn.automattic.com/wordpress/trunk@3430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
558711072b
commit
cb093369a1
|
@ -530,9 +530,17 @@ function kses_init_filters() {
|
||||||
function kses_init() {
|
function kses_init() {
|
||||||
global $current_user;
|
global $current_user;
|
||||||
|
|
||||||
get_currentuserinfo(); // set $current_user
|
remove_filter('pre_comment_author', 'wp_filter_kses');
|
||||||
|
remove_filter('pre_comment_content', 'wp_filter_kses');
|
||||||
|
remove_filter('content_save_pre', 'wp_filter_post_kses');
|
||||||
|
remove_filter('title_save_pre', 'wp_filter_kses');
|
||||||
|
|
||||||
|
if (! defined('XMLRPC_REQUEST') )
|
||||||
|
get_currentuserinfo();
|
||||||
|
|
||||||
if (current_user_can('unfiltered_html') == false)
|
if (current_user_can('unfiltered_html') == false)
|
||||||
kses_init_filters();
|
kses_init_filters();
|
||||||
}
|
}
|
||||||
add_action('init', 'kses_init');
|
add_action('init', 'kses_init');
|
||||||
|
add_action('set_current_user', 'kses_init');
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -3,11 +3,38 @@
|
||||||
/* These functions can be replaced via plugins. They are loaded after
|
/* These functions can be replaced via plugins. They are loaded after
|
||||||
plugins are loaded. */
|
plugins are loaded. */
|
||||||
|
|
||||||
|
if ( !function_exists('set_current_user') ) :
|
||||||
|
function set_current_user($id, $name = '') {
|
||||||
|
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
|
||||||
|
|
||||||
|
$current_user = '';
|
||||||
|
|
||||||
|
$current_user = new WP_User($id, $name);
|
||||||
|
|
||||||
|
$userdata = get_userdatabylogin($user_login);
|
||||||
|
|
||||||
|
$user_login = $userdata->user_login;
|
||||||
|
$user_level = $userdata->user_level;
|
||||||
|
$user_ID = $userdata->ID;
|
||||||
|
$user_email = $userdata->user_email;
|
||||||
|
$user_url = $userdata->user_url;
|
||||||
|
$user_pass_md5 = md5($userdata->user_pass);
|
||||||
|
$user_identity = $userdata->display_name;
|
||||||
|
|
||||||
|
do_action('set_current_user');
|
||||||
|
|
||||||
|
return $current_user;
|
||||||
|
}
|
||||||
|
endif;
|
||||||
|
|
||||||
|
|
||||||
if ( !function_exists('get_currentuserinfo') ) :
|
if ( !function_exists('get_currentuserinfo') ) :
|
||||||
function get_currentuserinfo() {
|
function get_currentuserinfo() {
|
||||||
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
|
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
|
||||||
|
|
||||||
|
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
||||||
|
return false;
|
||||||
|
|
||||||
if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ||
|
if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ||
|
||||||
!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
|
!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
|
||||||
$current_user = new WP_User(0);
|
$current_user = new WP_User(0);
|
||||||
|
|
53
xmlrpc.php
53
xmlrpc.php
|
@ -1,5 +1,10 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
define('XMLRPC_REQUEST', true);
|
||||||
|
|
||||||
|
// Some browser-embedded clients send cookies. We don't want them.
|
||||||
|
$_COOKIE = array();
|
||||||
|
|
||||||
# fix for mozBlog and other cases where '<?xml' isn't on the very first line
|
# fix for mozBlog and other cases where '<?xml' isn't on the very first line
|
||||||
$HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA);
|
$HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA);
|
||||||
|
|
||||||
|
@ -179,8 +184,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
return $this->error;
|
return $this->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = new WP_User(0, $user_login);
|
set_current_user(0, $user_login);
|
||||||
$is_admin = $user->has_cap('level_8');
|
$is_admin = current_user_can('level_8');
|
||||||
|
|
||||||
$struct = array(
|
$struct = array(
|
||||||
'isAdmin' => $is_admin,
|
'isAdmin' => $is_admin,
|
||||||
|
@ -188,7 +193,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
'blogid' => '1',
|
'blogid' => '1',
|
||||||
'blogName' => get_settings('blogname')
|
'blogName' => get_settings('blogname')
|
||||||
);
|
);
|
||||||
|
error_log(print_r($struct,1), 3, '/tmp/xmlrpc');
|
||||||
return array($struct);
|
return array($struct);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -317,8 +322,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
return $this->error;
|
return $this->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = new WP_User(0, $user_login);
|
set_current_user(0, $user_login);
|
||||||
if ( !$user->has_cap('edit_themes') ) {
|
if ( !current_user_can('edit_themes') ) {
|
||||||
return new IXR_Error(401, 'Sorry, this user can not edit the template.');
|
return new IXR_Error(401, 'Sorry, this user can not edit the template.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -352,8 +357,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
return $this->error;
|
return $this->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = new WP_User(0, $user_login);
|
set_current_user(0, $user_login);
|
||||||
if ( !$user->has_cap('edit_themes') ) {
|
if ( !current_user_can('edit_themes') ) {
|
||||||
return new IXR_Error(401, 'Sorry, this user can not edit the template.');
|
return new IXR_Error(401, 'Sorry, this user can not edit the template.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -390,9 +395,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
}
|
}
|
||||||
|
|
||||||
$cap = ($publish) ? 'publish_posts' : 'edit_posts';
|
$cap = ($publish) ? 'publish_posts' : 'edit_posts';
|
||||||
|
$user = set_current_user(0, $user_login);
|
||||||
$user = new WP_User(0, $user_login);
|
if ( !current_user_can($cap) )
|
||||||
if ( !$user->has_cap($cap) )
|
|
||||||
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
|
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
|
||||||
|
|
||||||
$post_status = ($publish) ? 'publish' : 'draft';
|
$post_status = ($publish) ? 'publish' : 'draft';
|
||||||
|
@ -445,8 +449,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
|
|
||||||
$this->escape($actual_post);
|
$this->escape($actual_post);
|
||||||
|
|
||||||
$user = new WP_User(0, $user_login);
|
set_current_user(0, $user_login);
|
||||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
if ( !current_user_can('edit_post', $post_ID) )
|
||||||
return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.');
|
return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.');
|
||||||
|
|
||||||
extract($actual_post);
|
extract($actual_post);
|
||||||
|
@ -489,8 +493,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
return new IXR_Error(404, 'Sorry, no such post.');
|
return new IXR_Error(404, 'Sorry, no such post.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = new WP_User(0, $user_login);
|
set_current_user(0, $user_login);
|
||||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
if ( !current_user_can('edit_post', $post_ID) )
|
||||||
return new IXR_Error(401, 'Sorry, you do not have the right to delete this post.');
|
return new IXR_Error(401, 'Sorry, you do not have the right to delete this post.');
|
||||||
|
|
||||||
$result = wp_delete_post($post_ID);
|
$result = wp_delete_post($post_ID);
|
||||||
|
@ -525,8 +529,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
return $this->error;
|
return $this->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = new WP_User(0, $user_login);
|
$user = set_current_user(0, $user_login);
|
||||||
if ( !$user->has_cap('publish_posts') )
|
if ( !current_user_can('publish_posts') )
|
||||||
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
|
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
|
||||||
|
|
||||||
$post_author = $user->ID;
|
$post_author = $user->ID;
|
||||||
|
@ -605,8 +609,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
return $this->error;
|
return $this->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = new WP_User(0, $user_login);
|
set_current_user(0, $user_login);
|
||||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
if ( !current_user_can('edit_post', $post_ID) )
|
||||||
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
||||||
|
|
||||||
$postdata = wp_get_single_post($post_ID, ARRAY_A);
|
$postdata = wp_get_single_post($post_ID, ARRAY_A);
|
||||||
|
@ -844,9 +848,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
if ( !$this->login_pass_ok($user_login, $user_pass) )
|
if ( !$this->login_pass_ok($user_login, $user_pass) )
|
||||||
return $this->error;
|
return $this->error;
|
||||||
|
|
||||||
$user = new WP_User(0, $user_login);
|
set_current_user(0, $user_login);
|
||||||
|
if ( !current_user_can('upload_files') ) {
|
||||||
if ( !$user->has_cap('upload_files') ) {
|
|
||||||
logIO('O', '(MW) User does not have upload_files capability');
|
logIO('O', '(MW) User does not have upload_files capability');
|
||||||
$this->error = new IXR_Error(401, 'You are not allowed to upload files to this site.');
|
$this->error = new IXR_Error(401, 'You are not allowed to upload files to this site.');
|
||||||
return $this->error;
|
return $this->error;
|
||||||
|
@ -984,8 +987,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
return $this->error;
|
return $this->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = new WP_User(0, $user_login);
|
set_current_user(0, $user_login);
|
||||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
if ( !current_user_can('edit_post', $post_ID) )
|
||||||
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
||||||
|
|
||||||
foreach($categories as $cat) {
|
foreach($categories as $cat) {
|
||||||
|
@ -1066,8 +1069,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||||
return $this->error;
|
return $this->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = new WP_User(0, $user_login);
|
set_current_user(0, $user_login);
|
||||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
if ( !current_user_can('edit_post', $post_ID) )
|
||||||
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
||||||
|
|
||||||
$postdata = wp_get_single_post($post_ID,ARRAY_A);
|
$postdata = wp_get_single_post($post_ID,ARRAY_A);
|
||||||
|
|
Loading…
Reference in New Issue