WordPress.org

Make WordPress Core

Ticket #17981: 17981-refresh.diff

File 17981-refresh.diff, 3.5 KB (added by ericmann, 6 years ago)

Refresh patch to match latest version of trunk.

  • wp-includes/class-wp-xmlrpc-server.php

     
    16491649                if ( !$user = $this->login($username, $password) )
    16501650                        return $this->error;
    16511651
    1652                 if ( !current_user_can( 'moderate_comments' ) )
    1653                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
    1654 
    16551652                do_action('xmlrpc_call', 'wp.getComment');
    16561653
    16571654                if ( ! $comment = get_comment($comment_id) )
    16581655                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
    16591656
     1657                if ( ! current_user_can( 'edit_comment', $comment_id ) )
     1658                        return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
     1659
    16601660                // Format page date.
    16611661                $comment_date = mysql2date('Ymd\TH:i:s', $comment->comment_date, false);
    16621662                $comment_date_gmt = mysql2date('Ymd\TH:i:s', $comment->comment_date_gmt, false);
     
    17231723                if ( !$user = $this->login($username, $password) )
    17241724                        return $this->error;
    17251725
    1726                 if ( !current_user_can( 'moderate_comments' ) )
    1727                         return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) );
    1728 
    17291726                do_action('xmlrpc_call', 'wp.getComments');
    17301727
    17311728                if ( isset($struct['status']) )
     
    17911788                if ( !$user = $this->login($username, $password) )
    17921789                        return $this->error;
    17931790
    1794                 if ( !current_user_can( 'moderate_comments' ) )
    1795                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
    1796 
    17971791                if ( ! get_comment($comment_ID) )
    17981792                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
    17991793
    18001794                if ( !current_user_can( 'edit_comment', $comment_ID ) )
    1801                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
     1795                        return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) );
    18021796
    18031797                do_action('xmlrpc_call', 'wp.deleteComment');
    18041798
     
    18411835                if ( !$user = $this->login($username, $password) )
    18421836                        return $this->error;
    18431837
    1844                 if ( !current_user_can( 'moderate_comments' ) )
    1845                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
    1846 
    18471838                if ( ! get_comment($comment_ID) )
    18481839                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
    18491840
    18501841                if ( !current_user_can( 'edit_comment', $comment_ID ) )
    1851                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
     1842                        return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) );
    18521843
    18531844                do_action('xmlrpc_call', 'wp.editComment');
    18541845
     
    19941985                if ( !$user = $this->login($username, $password) )
    19951986                        return $this->error;
    19961987
    1997                 if ( !current_user_can( 'moderate_comments' ) )
     1988                if ( !current_user_can( 'publish_posts' ) )
    19981989                        return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) );
    19991990
    20001991                do_action('xmlrpc_call', 'wp.getCommentStatusList');
     
    20212012                if ( !$user = $this->login($username, $password) )
    20222013                        return $this->error;
    20232014
    2024                 if ( !current_user_can( 'edit_posts' ) )
    2025                         return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) );
     2015                $post = wp_get_single_post( $post_id, ARRAY_A );
     2016                if ( empty( $post['ID'] ) )
     2017                        return new IXR_Error( 404, __( 'Invalid post ID.' ) );
    20262018
     2019                if ( !current_user_can( 'edit_post', $post_id ) )
     2020                        return new IXR_Error( 403, __( 'You are not allowed access to details of this post.' ) );
     2021
    20272022                do_action('xmlrpc_call', 'wp.getCommentCount');
    20282023
    20292024                $count = wp_count_comments( $post_id );