# This patch file was generated by NetBeans IDE # Following Index: paths are relative to: C:\xampp\htdocs\wordtrunk\wp-includes # This patch can be applied using context Tools: Patch action on respective folder. # It uses platform neutral UTF-8 encoding and \n newlines. # Above lines and this line are ignored by the patching process. Index: class-wp-xmlrpc-server.php --- class-wp-xmlrpc-server.php Base (BASE) +++ class-wp-xmlrpc-server.php Locally Modified (Based On LOCAL) @@ -998,14 +998,14 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'moderate_comments' ) ) - return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - do_action('xmlrpc_call', 'wp.getComment'); if ( ! $comment = get_comment($comment_id) ) return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); + if ( !current_user_can( 'edit_comment', $comment_id ) ) + return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); + // Format page date. $comment_date = mysql2date('Ymd\TH:i:s', $comment->comment_date, false); $comment_date_gmt = mysql2date('Ymd\TH:i:s', $comment->comment_date_gmt, false); @@ -1072,9 +1072,6 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'moderate_comments' ) ) - return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) ); - do_action('xmlrpc_call', 'wp.getComments'); if ( isset($struct['status']) ) @@ -1140,14 +1137,11 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'moderate_comments' ) ) - return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - if ( ! get_comment($comment_ID) ) return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); if ( !current_user_can( 'edit_comment', $comment_ID ) ) - return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); + return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) ); do_action('xmlrpc_call', 'wp.deleteComment'); @@ -1190,14 +1184,11 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'moderate_comments' ) ) - return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - if ( ! get_comment($comment_ID) ) return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); if ( !current_user_can( 'edit_comment', $comment_ID ) ) - return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); + return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) ); do_action('xmlrpc_call', 'wp.editComment'); @@ -1343,7 +1334,7 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'moderate_comments' ) ) + if ( !current_user_can( 'publish_posts' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); do_action('xmlrpc_call', 'wp.getCommentStatusList'); @@ -1370,9 +1361,13 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - if ( !current_user_can( 'edit_posts' ) ) - return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) ); + $post = wp_get_single_post( $post_id, ARRAY_A ); + if ( empty( $post['ID'] ) ) + return new IXR_Error( 404, __( 'Invalid post ID.' ) ); + if ( !current_user_can( 'edit_posts', $post_id ) ) + return new IXR_Error( 403, __( 'You are not allowed access to details of this post.' ) ); + do_action('xmlrpc_call', 'wp.getCommentCount'); $count = wp_count_comments( $post_id );