Ticket #8941: xmlrpc.diff
| File xmlrpc.diff, 24.3 KB (added by wnorris, 3 years ago) |
|---|
-
xmlrpc.php
238 238 * @param string $user_login User's username. 239 239 * @param string $user_pass User's password. 240 240 * @return bool Whether authentication passed. 241 * @deprecated use wp_xmlrpc_server::login 242 * @see wp_xmlrpc_server::login 241 243 */ 242 244 function login_pass_ok($user_login, $user_pass) { 243 245 if ( !get_option( 'enable_xmlrpc' ) ) { … … 253 255 } 254 256 255 257 /** 258 * Log user in. 259 * 260 * @since 2.8 261 * 262 * @param string $username User's username. 263 * @param string $password User's password. 264 * @return mixed WP_User object if authentication passed, false otherwise 265 */ 266 function login($username, $password) { 267 if ( !get_option( 'enable_xmlrpc' ) ) { 268 $this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this blog. An admin user can enable them at %s'), admin_url('options-writing.php') ) ); 269 return false; 270 } 271 272 $user = wp_authenticate($username, $password); 273 274 if (is_wp_error($user)) { 275 $this->error = new IXR_Error(403, __('Bad login/pass combination.')); 276 return false; 277 } 278 279 set_current_user( $user->ID ); 280 return $user; 281 } 282 283 /** 256 284 * Sanitize string or array of strings for database. 257 285 * 258 286 * @since 1.5.2 … … 417 445 $username = $args[0]; 418 446 $password = $args[1]; 419 447 420 if ( !$this->login_pass_ok( $username, $password ) )448 if ( !$user = $this->login($username, $password) ) { 421 449 return $this->error; 450 } 422 451 423 452 do_action( 'xmlrpc_call', 'wp.getUsersBlogs' ); 424 453 425 $user = set_current_user( 0, $username );426 427 454 $blogs = (array) get_blogs_of_user( $user->ID ); 428 455 $struct = array( ); 429 456 … … 466 493 $username = $args[2]; 467 494 $password = $args[3]; 468 495 469 if (!$this->login_pass_ok($username, $password)) {470 return ($this->error);496 if ( !$user = $this->login($username, $password) ) { 497 return $this->error; 471 498 } 472 499 473 set_current_user( 0, $username );474 500 if( !current_user_can( 'edit_page', $page_id ) ) 475 501 return new IXR_Error( 401, __( 'Sorry, you can not edit this page.' ) ); 476 502 … … 564 590 $password = $args[2]; 565 591 $num_pages = (int) $args[3]; 566 592 567 if (!$this->login_pass_ok($username, $password)) {568 return ($this->error);593 if ( !$user = $this->login($username, $password) ) { 594 return $this->error; 569 595 } 570 596 571 set_current_user( 0, $username );572 597 if( !current_user_can( 'edit_pages' ) ) 573 598 return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); 574 599 … … 616 641 $page = $args[3]; 617 642 $publish = $args[4]; 618 643 619 if (!$this->login_pass_ok($username, $password)) {620 return ($this->error);644 if ( !$user = $this->login($username, $password) ) { 645 return $this->error; 621 646 } 622 647 623 648 do_action('xmlrpc_call', 'wp.newPage'); 624 649 625 // Set the user context and check if they are allowed 626 // to add new pages. 627 $user = set_current_user(0, $username); 650 // Make sure the user is allowed to add new pages. 628 651 if(!current_user_can("publish_pages")) { 629 652 return(new IXR_Error(401, __("Sorry, you can not add new pages."))); 630 653 } … … 652 675 $password = $args[2]; 653 676 $page_id = (int) $args[3]; 654 677 655 if (!$this->login_pass_ok($username, $password)) {656 return ($this->error);678 if ( !$user = $this->login($username, $password) ) { 679 return $this->error; 657 680 } 658 681 659 682 do_action('xmlrpc_call', 'wp.deletePage'); … … 668 691 return(new IXR_Error(404, __("Sorry, no such page."))); 669 692 } 670 693 671 // Set the user context and make sure they can delete pages. 672 set_current_user(0, $username); 694 // Make sure the user can delete pages. 673 695 if(!current_user_can("delete_page", $page_id)) { 674 696 return(new IXR_Error(401, __("Sorry, you do not have the right to delete this page."))); 675 697 } … … 700 722 $content = $args[4]; 701 723 $publish = $args[5]; 702 724 703 if (!$this->login_pass_ok($username, $password)) {704 return ($this->error);725 if ( !$user = $this->login($username, $password) ) { 726 return $this->error; 705 727 } 706 728 707 729 do_action('xmlrpc_call', 'wp.editPage'); … … 715 737 return(new IXR_Error(404, __("Sorry, no such page."))); 716 738 } 717 739 718 // Set the user context and make sure they are allowed to edit pages. 719 set_current_user(0, $username); 740 // Make sure the user is allowed to edit pages. 720 741 if(!current_user_can("edit_page", $page_id)) { 721 742 return(new IXR_Error(401, __("Sorry, you do not have the right to edit this page."))); 722 743 } … … 754 775 $username = $args[1]; 755 776 $password = $args[2]; 756 777 757 if (!$this->login_pass_ok($username, $password)) {758 return ($this->error);778 if ( !$user = $this->login($username, $password) ) { 779 return $this->error; 759 780 } 760 781 761 set_current_user( 0, $username );762 782 if( !current_user_can( 'edit_pages' ) ) 763 783 return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); 764 784 … … 808 828 $username = $args[1]; 809 829 $password = $args[2]; 810 830 811 if (!$this->login_pass_ok($username, $password)) {812 return ($this->error);831 if ( !$user = $this->login($username, $password) ) { 832 return $this->error; 813 833 } 814 834 815 set_current_user(0, $username);816 835 if(!current_user_can("edit_posts")) { 817 836 return(new IXR_Error(401, __("Sorry, you can not edit posts on this blog."))); 818 837 } … … 846 865 $username = $args[1]; 847 866 $password = $args[2]; 848 867 849 if ( !$this->login_pass_ok( $username, $password) ) {868 if ( !$user = $this->login($username, $password) ) { 850 869 return $this->error; 851 870 } 852 871 853 set_current_user( 0, $username );854 872 if( !current_user_can( 'edit_posts' ) ) { 855 873 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view tags.' ) ); 856 874 } … … 891 909 $password = $args[2]; 892 910 $category = $args[3]; 893 911 894 if (!$this->login_pass_ok($username, $password)) {895 return ($this->error);912 if ( !$user = $this->login($username, $password) ) { 913 return $this->error; 896 914 } 897 915 898 916 do_action('xmlrpc_call', 'wp.newCategory'); 899 917 900 // Set the user context and make sure they are 901 // allowed to add a category. 902 set_current_user(0, $username); 918 // Make sure the user is allowed to add a category. 903 919 if(!current_user_can("manage_categories")) { 904 920 return(new IXR_Error(401, __("Sorry, you do not have the right to add a category."))); 905 921 } … … 951 967 $password = $args[2]; 952 968 $category_id = (int) $args[3]; 953 969 954 if ( !$this->login_pass_ok( $username, $password) ) {970 if ( !$user = $this->login($username, $password) ) { 955 971 return $this->error; 956 972 } 957 973 958 974 do_action('xmlrpc_call', 'wp.deleteCategory'); 959 975 960 set_current_user(0, $username);961 976 if( !current_user_can("manage_categories") ) { 962 977 return new IXR_Error( 401, __( "Sorry, you do not have the right to delete a category." ) ); 963 978 } … … 982 997 $category = $args[3]; 983 998 $max_results = (int) $args[4]; 984 999 985 if (!$this->login_pass_ok($username, $password)) {986 return ($this->error);1000 if ( !$user = $this->login($username, $password) ) { 1001 return $this->error; 987 1002 } 988 1003 989 set_current_user(0, $username);990 1004 if( !current_user_can( 'edit_posts' ) ) 991 1005 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts to this blog in order to view categories.' ) ); 992 1006 … … 1020 1034 $password = $args[2]; 1021 1035 $comment_id = (int) $args[3]; 1022 1036 1023 if ( !$ this->login_pass_ok( $username, $password ) )1037 if ( !$user = $this->login($username, $password) ) { 1024 1038 return $this->error; 1039 } 1025 1040 1026 set_current_user( 0, $username );1027 1041 if ( !current_user_can( 'moderate_comments' ) ) 1028 1042 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) ); 1029 1043 … … 1083 1097 $password = $args[2]; 1084 1098 $struct = $args[3]; 1085 1099 1086 if ( !$this->login_pass_ok($username, $password) ) 1087 return($this->error); 1100 if ( !$user = $this->login($username, $password) ) { 1101 return $this->error; 1102 } 1088 1103 1089 set_current_user( 0, $username );1090 1104 if ( !current_user_can( 'moderate_comments' ) ) 1091 1105 return new IXR_Error( 401, __( 'Sorry, you can not edit comments.' ) ); 1092 1106 … … 1143 1157 $password = $args[2]; 1144 1158 $comment_ID = (int) $args[3]; 1145 1159 1146 if ( !$ this->login_pass_ok( $username, $password ) )1160 if ( !$user = $this->login($username, $password) ) { 1147 1161 return $this->error; 1162 } 1148 1163 1149 set_current_user( 0, $username );1150 1164 if ( !current_user_can( 'moderate_comments' ) ) 1151 1165 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) ); 1152 1166 … … 1175 1189 $comment_ID = (int) $args[3]; 1176 1190 $content_struct = $args[4]; 1177 1191 1178 if ( !$ this->login_pass_ok( $username, $password ) )1192 if ( !$user = $this->login($username, $password) ) { 1179 1193 return $this->error; 1194 } 1180 1195 1181 set_current_user( 0, $username );1182 1196 if ( !current_user_can( 'moderate_comments' ) ) 1183 1197 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) ); 1184 1198 … … 1249 1263 1250 1264 $allow_anon = apply_filters('xmlrpc_allow_anonymous_comments', false); 1251 1265 1252 if ( !$this->login_pass_ok( $username, $password ) ) { 1266 $user = $this->login($username, $password); 1267 1268 if ( !$user ) { 1253 1269 $logged_in = false; 1254 1270 if ( $allow_anon && get_option('comment_registration') ) 1255 1271 return new IXR_Error( 403, __( 'You must be registered to comment' ) ); … … 1257 1273 return $this->error; 1258 1274 } else { 1259 1275 $logged_in = true; 1260 set_current_user( 0, $username );1261 1276 } 1262 1277 1263 1278 if ( is_numeric($post) ) … … 1274 1289 $comment['comment_post_ID'] = $post_id; 1275 1290 1276 1291 if ( $logged_in ) { 1277 $user = wp_get_current_user();1278 1292 $comment['comment_author'] = $wpdb->escape( $user->display_name ); 1279 1293 $comment['comment_author_email'] = $wpdb->escape( $user->user_email ); 1280 1294 $comment['comment_author_url'] = $wpdb->escape( $user->user_url ); … … 1326 1340 $username = $args[1]; 1327 1341 $password = $args[2]; 1328 1342 1329 if ( !$ this->login_pass_ok( $username, $password ) )1343 if ( !$user = $this->login($username, $password) ) { 1330 1344 return $this->error; 1345 } 1331 1346 1332 set_current_user( 0, $username );1333 1347 if ( !current_user_can( 'moderate_comments' ) ) 1334 1348 return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); 1335 1349 … … 1354 1368 $password = $args[2]; 1355 1369 $post_id = (int) $args[3]; 1356 1370 1357 if ( !$this->login_pass_ok( $username, $password) ) {1371 if ( !$user = $this->login($username, $password) ) { 1358 1372 return $this->error; 1359 1373 } 1360 1374 1361 set_current_user( 0, $username );1362 1375 if( !current_user_can( 'edit_posts' ) ) { 1363 1376 return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) ); 1364 1377 } … … 1389 1402 $username = $args[1]; 1390 1403 $password = $args[2]; 1391 1404 1392 if ( !$this->login_pass_ok( $username, $password) ) {1405 if ( !$user = $this->login($username, $password) ) { 1393 1406 return $this->error; 1394 1407 } 1395 1408 1396 set_current_user( 0, $username );1397 1409 if( !current_user_can( 'edit_posts' ) ) { 1398 1410 return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); 1399 1411 } … … 1418 1430 $username = $args[1]; 1419 1431 $password = $args[2]; 1420 1432 1421 if ( !$this->login_pass_ok( $username, $password) ) {1433 if ( !$user = $this->login($username, $password) ) { 1422 1434 return $this->error; 1423 1435 } 1424 1436 1425 set_current_user( 0, $username );1426 1437 if( !current_user_can( 'edit_posts' ) ) { 1427 1438 return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); 1428 1439 } … … 1447 1458 $username = $args[1]; 1448 1459 $password = $args[2]; 1449 1460 1450 if ( !$this->login_pass_ok( $username, $password) ) {1461 if ( !$user = $this->login($username, $password) ) { 1451 1462 return $this->error; 1452 1463 } 1453 1464 1454 set_current_user( 0, $username );1455 1465 if( !current_user_can( 'edit_pages' ) ) { 1456 1466 return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); 1457 1467 } … … 1478 1488 $password = $args[2]; 1479 1489 $options = (array) $args[3]; 1480 1490 1481 if ( !$this->login_pass_ok( $username, $password ) )1491 if ( !$user = $this->login($username, $password) ) { 1482 1492 return $this->error; 1493 } 1483 1494 1484 $user = set_current_user( 0, $username );1485 1486 1495 // If no specific options where asked for, return all of them 1487 1496 if (count( $options ) == 0 ) { 1488 1497 $options = array_keys($this->blog_options); … … 1533 1542 $password = $args[2]; 1534 1543 $options = (array) $args[3]; 1535 1544 1536 if ( !$this->login_pass_ok( $username, $password ) )1545 if ( !$user = $this->login($username, $password) ) { 1537 1546 return $this->error; 1547 } 1538 1548 1539 $user = set_current_user( 0, $username );1540 1549 if( !current_user_can( 'manage_options' ) ) 1541 1550 return new IXR_Error( 403, __( 'You are not allowed to update options.' ) ); 1542 1551 … … 1576 1585 1577 1586 $this->escape($args); 1578 1587 1579 $user _login= $args[1];1580 $ user_pass= $args[2];1588 $username = $args[1]; 1589 $password = $args[2]; 1581 1590 1582 if ( !$this->login_pass_ok($user_login, $user_pass)) {1591 if ( !$user = $this->login($username, $password) ) { 1583 1592 return $this->error; 1584 1593 } 1585 1594 1586 1595 do_action('xmlrpc_call', 'blogger.getUsersBlogs'); 1587 1596 1588 set_current_user(0, $user_login);1589 1597 $is_admin = current_user_can('manage_options'); 1590 1598 1591 1599 $struct = array( … … 1613 1621 1614 1622 $this->escape($args); 1615 1623 1616 $user _login= $args[1];1617 $ user_pass= $args[2];1624 $username = $args[1]; 1625 $password = $args[2]; 1618 1626 1619 if ( !$this->login_pass_ok($user_login, $user_pass)) {1627 if ( !$user = $this->login($username, $password) ) { 1620 1628 return $this->error; 1621 1629 } 1622 1630 1623 set_current_user( 0, $user_login );1624 1631 if( !current_user_can( 'edit_posts' ) ) 1625 1632 return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) ); 1626 1633 1627 1634 do_action('xmlrpc_call', 'blogger.getUserInfo'); 1628 1635 1629 $user_data = get_userdatabylogin($user_login);1630 1631 1636 $struct = array( 1632 'nickname' => $user _data->nickname,1633 'userid' => $user _data->ID,1634 'url' => $user _data->user_url,1635 'lastname' => $user _data->last_name,1636 'firstname' => $user _data->first_name1637 'nickname' => $user->nickname, 1638 'userid' => $user->ID, 1639 'url' => $user->user_url, 1640 'lastname' => $user->last_name, 1641 'firstname' => $user->first_name 1637 1642 ); 1638 1643 1639 1644 return $struct; … … 1652 1657 $this->escape($args); 1653 1658 1654 1659 $post_ID = (int) $args[1]; 1655 $user _login= $args[2];1656 $ user_pass= $args[3];1660 $username = $args[2]; 1661 $password = $args[3]; 1657 1662 1658 if ( !$this->login_pass_ok($user_login, $user_pass)) {1663 if ( !$user = $this->login($username, $password) ) { 1659 1664 return $this->error; 1660 1665 } 1661 1666 1662 set_current_user( 0, $user_login );1663 1667 if( !current_user_can( 'edit_post', $post_ID ) ) 1664 1668 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 1665 1669 … … 1696 1700 $this->escape($args); 1697 1701 1698 1702 $blog_ID = (int) $args[1]; /* though we don't use it yet */ 1699 $user _login= $args[2];1700 $ user_pass= $args[3];1703 $username = $args[2]; 1704 $password = $args[3]; 1701 1705 $num_posts = $args[4]; 1702 1706 1703 if ( !$this->login_pass_ok($user_login, $user_pass)) {1707 if ( !$user = $this->login($username, $password) ) { 1704 1708 return $this->error; 1705 1709 } 1706 1710 … … 1708 1712 1709 1713 $posts_list = wp_get_recent_posts($num_posts); 1710 1714 1711 set_current_user( 0, $user_login );1712 1713 1715 if (!$posts_list) { 1714 1716 $this->error = new IXR_Error(500, __('Either there are no posts, or something went wrong.')); 1715 1717 return $this->error; … … 1756 1758 $this->escape($args); 1757 1759 1758 1760 $blog_ID = (int) $args[1]; 1759 $user _login= $args[2];1760 $ user_pass= $args[3];1761 $username = $args[2]; 1762 $password = $args[3]; 1761 1763 $template = $args[4]; /* could be 'main' or 'archiveIndex', but we don't use it */ 1762 1764 1763 if ( !$this->login_pass_ok($user_login, $user_pass)) {1765 if ( !$user = $this->login($username, $password) ) { 1764 1766 return $this->error; 1765 1767 } 1766 1768 1767 1769 do_action('xmlrpc_call', 'blogger.getTemplate'); 1768 1770 1769 set_current_user(0, $user_login);1770 1771 if ( !current_user_can('edit_themes') ) { 1771 1772 return new IXR_Error(401, __('Sorry, this user can not edit the template.')); 1772 1773 } … … 1798 1799 $this->escape($args); 1799 1800 1800 1801 $blog_ID = (int) $args[1]; 1801 $user _login= $args[2];1802 $ user_pass= $args[3];1802 $username = $args[2]; 1803 $password = $args[3]; 1803 1804 $content = $args[4]; 1804 1805 $template = $args[5]; /* could be 'main' or 'archiveIndex', but we don't use it */ 1805 1806 1806 if ( !$this->login_pass_ok($user_login, $user_pass)) {1807 if ( !$user = $this->login($username, $password) ) { 1807 1808 return $this->error; 1808 1809 } 1809 1810 1810 1811 do_action('xmlrpc_call', 'blogger.setTemplate'); 1811 1812 1812 set_current_user(0, $user_login);1813 1813 if ( !current_user_can('edit_themes') ) { 1814 1814 return new IXR_Error(401, __('Sorry, this user can not edit the template.')); 1815 1815 } … … 1841 1841 $this->escape($args); 1842 1842 1843 1843 $blog_ID = (int) $args[1]; /* though we don't use it yet */ 1844 $user _login= $args[2];1845 $ user_pass= $args[3];1844 $username = $args[2]; 1845 $password = $args[3]; 1846 1846 $content = $args[4]; 1847 1847 $publish = $args[5]; 1848 1848 1849 if ( !$this->login_pass_ok($user_login, $user_pass)) {1849 if ( !$user = $this->login($username, $password) ) { 1850 1850 return $this->error; 1851 1851 } 1852 1852 1853 1853 do_action('xmlrpc_call', 'blogger.newPost'); 1854 1854 1855 1855 $cap = ($publish) ? 'publish_posts' : 'edit_posts'; 1856 $user = set_current_user(0, $user_login);1857 1856 if ( !current_user_can($cap) ) 1858 1857 return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.')); 1859 1858 … … 1897 1896 $this->escape($args); 1898 1897 1899 1898 $post_ID = (int) $args[1]; 1900 $user _login= $args[2];1901 $ user_pass= $args[3];1899 $username = $args[2]; 1900 $password = $args[3]; 1902 1901 $content = $args[4]; 1903 1902 $publish = $args[5]; 1904 1903 1905 if ( !$this->login_pass_ok($user_login, $user_pass)) {1904 if ( !$user = $this->login($username, $password) ) { 1906 1905 return $this->error; 1907 1906 } 1908 1907 … … 1916 1915 1917 1916 $this->escape($actual_post); 1918 1917 1919 set_current_user(0, $user_login);1920 1918 if ( !current_user_can('edit_post', $post_ID) ) 1921 1919 return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); 1922 1920 … … 1953 1951 $this->escape($args); 1954 1952 1955 1953 $post_ID = (int) $args[1]; 1956 $user _login= $args[2];1957 $ user_pass= $args[3];1954 $username = $args[2]; 1955 $password = $args[3]; 1958 1956 $publish = $args[4]; 1959 1957 1960 if ( !$this->login_pass_ok($user_login, $user_pass)) {1958 if ( !$user = $this->login($username, $password) ) { 1961 1959 return $this->error; 1962 1960 } 1963 1961 … … 1969 1967 return new IXR_Error(404, __('Sorry, no such post.')); 1970 1968 } 1971 1969 1972 set_current_user(0, $user_login);1973 1970 if ( !current_user_can('edit_post', $post_ID) ) 1974 1971 return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.')); 1975 1972 … … 1998 1995 $this->escape($args); 1999 1996 2000 1997 $blog_ID = (int) $args[0]; // we will support this in the near future 2001 $user _login= $args[1];2002 $ user_pass= $args[2];1998 $username = $args[1]; 1999 $password = $args[2]; 2003 2000 $content_struct = $args[3]; 2004 2001 $publish = $args[4]; 2005 2002 2006 if ( !$this->login_pass_ok($user_login, $user_pass)) {2003 if ( !$user = $this->login($username, $password) ) { 2007 2004 return $this->error; 2008 2005 } 2009 $user = set_current_user(0, $user_login);2010 2006 2011 2007 do_action('xmlrpc_call', 'metaWeblog.newPost'); 2012 2008 … … 2278 2274 $this->escape($args); 2279 2275 2280 2276 $post_ID = (int) $args[0]; 2281 $user _login= $args[1];2282 $ user_pass= $args[2];2277 $username = $args[1]; 2278 $password = $args[2]; 2283 2279 $content_struct = $args[3]; 2284 2280 $publish = $args[4]; 2285 2281 2286 if ( !$this->login_pass_ok($user_login, $user_pass)) {2282 if ( !$user = $this->login($username, $password) ) { 2287 2283 return $this->error; 2288 2284 } 2289 $user = set_current_user(0, $user_login);2290 2285 2291 2286 do_action('xmlrpc_call', 'metaWeblog.editPost'); 2292 2287 … … 2546 2541 $this->escape($args); 2547 2542 2548 2543 $post_ID = (int) $args[0]; 2549 $user _login= $args[1];2550 $ user_pass= $args[2];2544 $username = $args[1]; 2545 $password = $args[2]; 2551 2546 2552 if ( !$this->login_pass_ok($user_login, $user_pass)) {2547 if ( !$user = $this->login($username, $password) ) { 2553 2548 return $this->error; 2554 2549 } 2555 2550 2556 set_current_user( 0, $user_login );2557 2551 if( !current_user_can( 'edit_post', $post_ID ) ) 2558 2552 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 2559 2553 … … 2658 2652 $this->escape($args); 2659 2653 2660 2654 $blog_ID = (int) $args[0]; 2661 $user _login= $args[1];2662 $ user_pass= $args[2];2655 $username = $args[1]; 2656 $password = $args[2]; 2663 2657 $num_posts = (int) $args[3]; 2664 2658 2665 if ( !$this->login_pass_ok($user_login, $user_pass)) {2659 if ( !$user = $this->login($username, $password) ) { 2666 2660 return $this->error; 2667 2661 } 2668 2662 … … 2674 2668 return array( ); 2675 2669 } 2676 2670 2677 set_current_user( 0, $user_login );2678 2679 2671 foreach ($posts_list as $entry) { 2680 2672 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 2681 2673 continue; … … 2762 2754 $this->escape($args); 2763 2755 2764 2756 $blog_ID = (int) $args[0]; 2765 $user _login= $args[1];2766 $ user_pass= $args[2];2757 $username = $args[1]; 2758 $password = $args[2]; 2767 2759 2768 if ( !$this->login_pass_ok($user_login, $user_pass)) {2760 if ( !$user = $this->login($username, $password) ) { 2769 2761 return $this->error; 2770 2762 } 2771 2763 2772 set_current_user( 0, $user_login );2773 2764 if( !current_user_can( 'edit_posts' ) ) 2774 2765 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); 2775 2766 … … 2810 2801 global $wpdb; 2811 2802 2812 2803 $blog_ID = (int) $args[0]; 2813 $user _login= $wpdb->escape($args[1]);2814 $ user_pass= $wpdb->escape($args[2]);2804 $username = $wpdb->escape($args[1]); 2805 $password = $wpdb->escape($args[2]); 2815 2806 $data = $args[3]; 2816 2807 2817 2808 $name = sanitize_file_name( $data['name'] ); … … 2820 2811 2821 2812 logIO('O', '(MW) Received '.strlen($bits).' bytes'); 2822 2813 2823 if ( !$ this->login_pass_ok($user_login, $user_pass) )2814 if ( !$user = $this->login($username, $password) ) { 2824 2815 return $this->error; 2816 } 2825 2817 2826 2818 do_action('xmlrpc_call', 'metaWeblog.newMediaObject'); 2827 2819 2828 set_current_user(0, $user_login);2829 2820 if ( !current_user_can('upload_files') ) { 2830 2821 logIO('O', '(MW) User does not have upload_files capability'); 2831 2822 $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.')); … … 2895 2886 $this->escape($args); 2896 2887 2897 2888 $blog_ID = (int) $args[0]; 2898 $user _login= $args[1];2899 $ user_pass= $args[2];2889 $username = $args[1]; 2890 $password = $args[2]; 2900 2891 $num_posts = (int) $args[3]; 2901 2892 2902 if ( !$this->login_pass_ok($user_login, $user_pass)) {2893 if ( !$user = $this->login($username, $password) ) { 2903 2894 return $this->error; 2904 2895 } 2905 2896 … … 2912 2903 return $this->error; 2913 2904 } 2914 2905 2915 set_current_user( 0, $user_login );2916 2917 2906 foreach ($posts_list as $entry) { 2918 2907 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 2919 2908 continue; … … 2952 2941 $this->escape($args); 2953 2942 2954 2943 $blog_ID = (int) $args[0]; 2955 $user _login= $args[1];2956 $ user_pass= $args[2];2944 $username = $args[1]; 2945 $password = $args[2]; 2957 2946 2958 if ( !$this->login_pass_ok($user_login, $user_pass)) {2947 if ( !$user = $this->login($username, $password) ) { 2959 2948 return $this->error; 2960 2949 } 2961 2950 2962 set_current_user( 0, $user_login );2963 2951 if( !current_user_can( 'edit_posts' ) ) 2964 2952 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); 2965 2953 … … 2992 2980 $this->escape($args); 2993 2981 2994 2982 $post_ID = (int) $args[0]; 2995 $user _login= $args[1];2996 $ user_pass= $args[2];2983 $username = $args[1]; 2984 $password = $args[2]; 2997 2985 2998 if ( !$this->login_pass_ok($user_login, $user_pass)) {2986 if ( !$user = $this->login($username, $password) ) { 2999 2987 return $this->error; 3000 2988 } 3001 2989 3002 set_current_user( 0, $user_login );3003 2990 if( !current_user_can( 'edit_post', $post_ID ) ) 3004 2991 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 3005 2992 … … 3034 3021 $this->escape($args); 3035 3022 3036 3023 $post_ID = (int) $args[0]; 3037 $user _login= $args[1];3038 $ user_pass= $args[2];3024 $username = $args[1]; 3025 $password = $args[2]; 3039 3026 $categories = $args[3]; 3040 3027 3041 if ( !$this->login_pass_ok($user_login, $user_pass)) {3028 if ( !$user = $this->login($username, $password) ) { 3042 3029 return $this->error; 3043 3030 } 3044 3031 3045 3032 do_action('xmlrpc_call', 'mt.setPostCategories'); 3046 3033 3047 set_current_user(0, $user_login);3048 3034 if ( !current_user_can('edit_post', $post_ID) ) 3049 3035 return new IXR_Error(401, __('Sorry, you can not edit this post.')); 3050 3036 … … 3146 3132 $this->escape($args); 3147 3133 3148 3134 $post_ID = (int) $args[0]; 3149 $user _login= $args[1];3150 $ user_pass= $args[2];3135 $username = $args[1]; 3136 $password = $args[2]; 3151 3137 3152 if ( !$this->login_pass_ok($user_login, $user_pass)) {3138 if ( !$user = $this->login($username, $password) ) { 3153 3139 return $this->error; 3154 3140 } 3155 3141 3156 3142 do_action('xmlrpc_call', 'mt.publishPost'); 3157 3143 3158 set_current_user(0, $user_login);3159 3144 if ( !current_user_can('edit_post', $post_ID) ) 3160 3145 return new IXR_Error(401, __('Sorry, you can not edit this post.')); 3161 3146
