Index: wp-includes/class-wp-xmlrpc-server.php =================================================================== --- wp-includes/class-wp-xmlrpc-server.php (revision 19821) +++ wp-includes/class-wp-xmlrpc-server.php (working copy) @@ -64,6 +64,7 @@ 'wp.getMediaItem' => 'this:wp_getMediaItem', 'wp.getMediaLibrary' => 'this:wp_getMediaLibrary', 'wp.getPostFormats' => 'this:wp_getPostFormats', + 'wp.newPost' => 'this:wp_newPost', // Blogger API 'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs', @@ -1711,6 +1712,254 @@ return $formats; } + /** + * Create a new post + * + * Wraps the functionality of wp_insert_post + * + * The 'content_struct' argument the arguments of wp_insert_post with additional the following: + * - sticky + * - custom_fields + * - terms - array of taxonomy_name => array_of_term_ids + * - terms_names - array of taxonomy_name => array_of_term_names + * - post_format + * - enclosure + * + * @since 3.4 + * + * @param array $args Method parameters. Contains: + * - blog_id + * - username + * - password + * - content_struct + * @return int + */ + function wp_newPost( $args ) { + $this->escape( $args ); + + $blog_id = (int) $args[0]; // we will support this in the near future + $username = $args[1]; + $password = $args[2]; + $content_struct = $args[3]; + + if ( ! $user = $this->login($username, $password) ) + return $this->error; + + do_action( 'xmlrpc_call', 'wp.newPost' ); + + $defaults = array( 'post_status' => 'draft', 'post_type' => 'post', 'post_author' => 0, + 'post_password' => '', 'post_excerpt' => '', 'post_content' => '', 'post_title' => '', 'sticky' => 0 ); + + $post_data = wp_parse_args( $content_struct, $defaults ); + + $post_type = get_post_type_object( $post_data['post_type'] ); + if( ! ( (bool)$post_type ) ) + return new IXR_Error( 403, __( 'Invalid post type' ) ); + + if( ! current_user_can( $post_type->cap->edit_posts ) ) + return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) ); + + switch ( $post_data['post_status'] ) { + case 'draft': + case 'pending': + break; + case 'private': + if( ! current_user_can( $post_type->cap->publish_posts ) ) + return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type' )); + break; + case 'publish': + case 'future': + if( ! current_user_can( $post_type->cap->publish_posts ) ) + return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type' )); + break; + default: + $post_data['post_status'] = 'draft'; + break; + } + + if ( ! empty( $post_data['post_password'] ) && ! current_user_can( $post_type->cap->publish_posts ) ) + return new IXR_Error( 401, __( 'Sorry, you are not allowed to create password protected posts in this post type' ) ); + + + $post_data['post_author'] = absint( $post_data['post_author'] ); + if( ! empty( $post_data['post_author'] ) && $post_data['post_author'] != $user->ID ) { + if( ! current_user_can( $post_type->cap->edit_others_posts ) ) + return new IXR_Error( 401, __( 'You are not allowed to create posts as this user.' ) ); + + $author = get_userdata( $post_data['post_author'] ); + + if( ! $author ) + return new IXR_Error( 404, __( 'Invalid author ID.' ) ); + } + else { + $post_data['post_author'] = $user->ID; + } + + if( isset( $post_data['comment_status'] ) ) + if( ! post_type_supports( $post_data['post_type'], 'comments' ) || ( $post_data['comment_status'] != 'open' && $post_data['comment_status'] != 'closed' ) ) + unset( $post_data['comment_status'] ); + + if( isset( $post_data['ping_status'] ) ) + if( ! post_type_supports( $post_data['post_type'], 'trackbacks' ) || ( $post_data['ping_status'] != 'open' && $post_data['ping_status'] != 'closed' ) ) + unset( $post_data['ping_status'] ); + + // Do some timestamp voodoo + if ( ! empty( $post_data['post_date_gmt'] ) ) + $dateCreated = str_replace( 'Z', '', $post_data['post_date_gmt']->getIso() ) . 'Z'; // We know this is supposed to be GMT, so we're going to slap that Z on there by force + elseif ( ! empty( $post_data['post_date']) ) + $dateCreated = $post_data['post_date']->getIso(); + + if ( ! empty( $dateCreated ) ) { + $post_data['post_date'] = get_date_from_gmt( iso8601_to_datetime( $dateCreated ) ); + $post_data['post_date_gmt'] = iso8601_to_datetime( $dateCreated, 'GMT' ); + } + + $post_ID = $post_data['ID'] = get_default_post_to_edit( $post_data['post_type'], true )->ID; + + $sticky = $post_data['sticky'] ? true : false; + + if( $post_data['post_type'] == 'post' && $sticky == true ) { + if( ! current_user_can( $post_type->cap->edit_others_posts ) ) + return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) ); + + if( $post_data['post_status'] != 'publish' ) + return new IXR_Error( 401, __( 'Only published posts can be made sticky.' )); + + stick_post( $post_ID ); + } + + if( isset ( $post_data['custom_fields'] ) && post_type_supports( $post_data['post_type'], 'custom-fields' ) ) { + $this->set_custom_fields( $post_ID, $post_data['custom_fields'] ); + } + + if( isset( $post_data['terms'] ) || isset( $post_data['terms_names'] ) ) { + $post_type_taxonomies = get_object_taxonomies( $post_data['post_type'], 'objects' ); + + // accumulate term IDs from terms and terms_names + $terms = array(); + + // first validate the terms specified by ID + if( isset( $post_data['terms'] ) && is_array( $post_data['terms'] ) ) { + $taxonomies = array_keys( $post_data['terms'] ); + + // validating term ids + foreach ( $taxonomies as $taxonomy ) { + if ( ! array_key_exists( $taxonomy , $post_type_taxonomies ) ) + return new IXR_Error( 401, __( 'Sorry, one of the given taxonomy is not supported by the post type.' ) ); + + if( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->assign_terms ) ) + return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies' ) ); + + $term_ids = $post_data['terms'][$taxonomy]; + foreach ( $term_ids as $term_id ) { + $term = get_term_by( 'id', $term_id, $taxonomy ); + + if ( ! $term ) + return new IXR_Error( 403, __( 'Invalid term ID' ) ); + + $terms[$taxonomy][] = (int)$term_id; + } + } + } + + // now validate terms specified by name + if ( isset( $post_data['terms_names'] ) && is_array( $post_data['terms_names'] ) ) { + $taxonomies = array_keys( $post_data['terms_names'] ); + + foreach ( $taxonomies as $taxonomy ) { + if ( ! array_key_exists( $taxonomy , $post_type_taxonomies ) ) + return new IXR_Error( 401, __( 'Sorry, one of the given taxonomy is not supported by the post type.' ) ); + + if( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->assign_terms ) ) + return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) ); + + // for hierarchical taxonomies, we can't assign a term when multiple terms in the hierarchy share the same name + $ambiguous_terms = array(); + if( is_taxonomy_hierarchical( $taxonomy ) ) { + $tax_term_names = get_terms( $taxonomy, array( 'fields' => 'names', 'hide_empty' => false ) ); + + // count the number of terms with the same name + $tax_term_names_count = array_count_values( $tax_term_names ); + + // filter out non-ambiguous term names + $ambiguous_tax_term_counts = array_filter( $tax_term_names_count, function($count){ + return $count > 1; + } ); + + $ambiguous_terms = array_keys( $ambiguous_tax_term_counts ); + } + + $term_names = $post_data['terms_names'][$taxonomy]; + foreach ( $term_names as $term_name ) { + if ( in_array( $term_name, $ambiguous_terms ) ) + return new IXR_Error( 401, __( 'Ambiguous term name used in a hierarhical taxonomy. Please use term ID instead.' ) ); + + $term = get_term_by( 'name', $term_name, $taxonomy ); + + if ( ! $term ) { + // term doesn't exist, so check that the user is allowed to create new terms + if( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->edit_terms ) ) + return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a term to one of the given taxonomies.' ) ); + + // create the new term + $term_info = wp_insert_term( $term_name, $taxonomy ); + if ( is_wp_error( $term_info ) ) + return new IXR_Error( 500, $term_info->get_error_message() ); + + $terms[$taxonomy][] = (int)$term_info['term_id']; + } + else { + $terms[$taxonomy][] = (int)$term->term_id; + } + } + } + } + + // wp_insert_post expects 'post_category' and 'tags_input', and all other taxes in 'tax_input' + $post_data['tax_input'] = array(); + foreach ( $terms as $taxonomy => $term_ids ) { + switch ( $taxonomy ) { + case 'category': + $post_data['post_category'] = $term_ids; + break; + case 'post_tag': + $post_data['tags_input'] = $term_ids; + break; + default: + $post_data['tax_input'][$taxonomy] = $term_ids; + break; + } + } + + unset( $post_data['terms'] ); + unset( $post_data['terms_names'] ); + } + + if( isset( $post_data['post_format'] ) ) { + $format = set_post_format( $post_ID, $post_data['post_format'] ); + + if ( is_wp_error( $format ) ) + return new IXR_Error( 500, $format->get_error_message() ); + + unset( $post_data['post_format'] ); + } + + // Handle enclosures + $enclosure = isset( $post_data['enclosure'] ) ? $post_data['enclosure'] : null; + $this->add_enclosure_if_new( $post_ID, $enclosure ); + + $this->attach_uploads( $post_ID, $post_data['post_content'] ); + + $post_ID = wp_insert_post( $post_data, true ); + if ( is_wp_error( $post_ID ) ) + return new IXR_Error( 500, $post_ID->get_error_message() ); + + if ( ! $post_ID ) + return new IXR_Error( 401, __( 'Sorry, your entry could not be posted. Something wrong happened.' ) ); + + return strval( $post_ID ); + } + /* Blogger API functions. * specs on http://plant.blogger.com/api and http://groups.yahoo.com/group/bloggerDev/ */