Index: wp-includes/class-wp-xmlrpc-server.php =================================================================== --- wp-includes/class-wp-xmlrpc-server.php (revision 20059) +++ wp-includes/class-wp-xmlrpc-server.php (working copy) @@ -1649,14 +1649,14 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'moderate_comments' ) ) - return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - do_action('xmlrpc_call', 'wp.getComment'); if ( ! $comment = get_comment($comment_id) ) return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); + if ( ! current_user_can( 'edit_comment', $comment_id ) ) + return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); + // Format page date. $comment_date = mysql2date('Ymd\TH:i:s', $comment->comment_date, false); $comment_date_gmt = mysql2date('Ymd\TH:i:s', $comment->comment_date_gmt, false); @@ -1723,9 +1723,6 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'moderate_comments' ) ) - return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) ); - do_action('xmlrpc_call', 'wp.getComments'); if ( isset($struct['status']) ) @@ -1791,14 +1788,11 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'moderate_comments' ) ) - return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - if ( ! get_comment($comment_ID) ) return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); if ( !current_user_can( 'edit_comment', $comment_ID ) ) - return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); + return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) ); do_action('xmlrpc_call', 'wp.deleteComment'); @@ -1841,14 +1835,11 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'moderate_comments' ) ) - return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - if ( ! get_comment($comment_ID) ) return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); if ( !current_user_can( 'edit_comment', $comment_ID ) ) - return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); + return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) ); do_action('xmlrpc_call', 'wp.editComment'); @@ -1994,7 +1985,7 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'moderate_comments' ) ) + if ( !current_user_can( 'publish_posts' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); do_action('xmlrpc_call', 'wp.getCommentStatusList'); @@ -2021,9 +2012,13 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'edit_posts' ) ) - return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) ); + $post = wp_get_single_post( $post_id, ARRAY_A ); + if ( empty( $post['ID'] ) ) + return new IXR_Error( 404, __( 'Invalid post ID.' ) ); + if ( !current_user_can( 'edit_post', $post_id ) ) + return new IXR_Error( 403, __( 'You are not allowed access to details of this post.' ) ); + do_action('xmlrpc_call', 'wp.getCommentCount'); $count = wp_count_comments( $post_id );