Index: xmlrpc.php =================================================================== --- xmlrpc.php (revision 3429) +++ xmlrpc.php (working copy) @@ -1,5 +1,10 @@ error; } - $user = new WP_User(0, $user_login); +// $user = new WP_User(0, $user_login); + $user = set_current_user(0, $user_login); $is_admin = $user->has_cap('level_8'); $struct = array( @@ -188,7 +194,7 @@ 'blogid' => '1', 'blogName' => get_settings('blogname') ); - +error_log(print_r($struct,1), 3, '/tmp/xmlrpc'); return array($struct); } @@ -317,7 +323,8 @@ return $this->error; } - $user = new WP_User(0, $user_login); +// $user = new WP_User(0, $user_login); + $user = set_current_user(0, $user_login); if ( !$user->has_cap('edit_themes') ) { return new IXR_Error(401, 'Sorry, this user can not edit the template.'); } @@ -352,7 +359,8 @@ return $this->error; } - $user = new WP_User(0, $user_login); +// $user = new WP_User(0, $user_login); + $user = set_current_user(0, $user_login); if ( !$user->has_cap('edit_themes') ) { return new IXR_Error(401, 'Sorry, this user can not edit the template.'); } @@ -391,7 +399,8 @@ $cap = ($publish) ? 'publish_posts' : 'edit_posts'; - $user = new WP_User(0, $user_login); +// $user = new WP_User(0, $user_login); + $user = set_current_user(0, $user_login); if ( !$user->has_cap($cap) ) return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.'); @@ -445,7 +454,8 @@ $this->escape($actual_post); - $user = new WP_User(0, $user_login); +// $user = new WP_User(0, $user_login); + $user = set_current_user(0, $user_login); if ( !$user->has_cap('edit_post', $post_ID) ) return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.'); @@ -489,7 +499,8 @@ return new IXR_Error(404, 'Sorry, no such post.'); } - $user = new WP_User(0, $user_login); +// $user = new WP_User(0, $user_login); + $user = set_current_user(0, $user_login); if ( !$user->has_cap('edit_post', $post_ID) ) return new IXR_Error(401, 'Sorry, you do not have the right to delete this post.'); @@ -525,7 +536,8 @@ return $this->error; } - $user = new WP_User(0, $user_login); +// $user = new WP_User(0, $user_login); + $user = set_current_user(0, $user_login); if ( !$user->has_cap('publish_posts') ) return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.'); @@ -605,7 +617,8 @@ return $this->error; } - $user = new WP_User(0, $user_login); +// $user = new WP_User(0, $user_login); + $user = set_current_user(0, $user_login); if ( !$user->has_cap('edit_post', $post_ID) ) return new IXR_Error(401, 'Sorry, you can not edit this post.'); @@ -844,7 +857,8 @@ if ( !$this->login_pass_ok($user_login, $user_pass) ) return $this->error; - $user = new WP_User(0, $user_login); +// $user = new WP_User(0, $user_login); + $user = set_current_user(0, $user_login); if ( !$user->has_cap('upload_files') ) { logIO('O', '(MW) User does not have upload_files capability'); @@ -984,7 +998,8 @@ return $this->error; } - $user = new WP_User(0, $user_login); +// $user = new WP_User(0, $user_login); + $user = set_current_user(0, $user_login); if ( !$user->has_cap('edit_post', $post_ID) ) return new IXR_Error(401, 'Sorry, you can not edit this post.'); @@ -1066,7 +1081,8 @@ return $this->error; } - $user = new WP_User(0, $user_login); +// $user = new WP_User(0, $user_login); + $user = set_current_user(0, $user_login); if ( !$user->has_cap('edit_post', $post_ID) ) return new IXR_Error(401, 'Sorry, you can not edit this post.'); @@ -1282,4 +1298,4 @@ $wp_xmlrpc_server = new wp_xmlrpc_server(); -?> \ No newline at end of file +?> Index: wp-includes/kses.php =================================================================== --- wp-includes/kses.php (revision 3429) +++ wp-includes/kses.php (working copy) @@ -530,9 +530,17 @@ function kses_init() { global $current_user; - get_currentuserinfo(); // set $current_user + remove_filter('pre_comment_author', 'wp_filter_kses'); + remove_filter('pre_comment_content', 'wp_filter_kses'); + remove_filter('content_save_pre', 'wp_filter_post_kses'); + remove_filter('title_save_pre', 'wp_filter_kses'); + + if (! defined('XMLRPC_REQUEST') ) + get_currentuserinfo(); + if (current_user_can('unfiltered_html') == false) kses_init_filters(); } add_action('init', 'kses_init'); +add_action('set_current_user', 'kses_init'); ?> Index: wp-includes/pluggable-functions.php =================================================================== --- wp-includes/pluggable-functions.php (revision 3429) +++ wp-includes/pluggable-functions.php (working copy) @@ -3,11 +3,38 @@ /* These functions can be replaced via plugins. They are loaded after plugins are loaded. */ +if ( !function_exists('set_current_user') ) : +function set_current_user($id, $name = '') { + global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user; + $current_user = ''; + + $current_user = new WP_User($id, $name); + + $userdata = get_userdatabylogin($user_login); + + $user_login = $userdata->user_login; + $user_level = $userdata->user_level; + $user_ID = $userdata->ID; + $user_email = $userdata->user_email; + $user_url = $userdata->user_url; + $user_pass_md5 = md5($userdata->user_pass); + $user_identity = $userdata->display_name; + + do_action('set_current_user'); + + return $current_user; +} +endif; + + if ( !function_exists('get_currentuserinfo') ) : function get_currentuserinfo() { global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user; + if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ) + return false; + if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) || !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) { $current_user = new WP_User(0);