WordPress.org

Make WordPress Core

Ticket #17981: commentAPIfixes.patch

File commentAPIfixes.patch, 3.9 KB (added by nprasath002, 2 years ago)

Fixes cap checks

  • class-wp-xmlrpc-server.php

    # This patch file was generated by NetBeans IDE
    # Following Index: paths are relative to: C:\xampp\htdocs\wordtrunk\wp-includes
    # This patch can be applied using context Tools: Patch action on respective folder.
    # It uses platform neutral UTF-8 encoding and \n newlines.
    # Above lines and this line are ignored by the patching process.
     
    998998                if ( !$user = $this->login($username, $password) ) 
    999999                        return $this->error; 
    10001000 
    1001                 if ( !current_user_can( 'moderate_comments' ) ) 
    1002                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 
    1003  
    10041001                do_action('xmlrpc_call', 'wp.getComment'); 
    10051002 
    10061003                if ( ! $comment = get_comment($comment_id) ) 
    10071004                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 
    10081005 
     1006                if ( !current_user_can( 'edit_comment', $comment_id ) ) 
     1007                        return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 
     1008 
    10091009                // Format page date. 
    10101010                $comment_date = mysql2date('Ymd\TH:i:s', $comment->comment_date, false); 
    10111011                $comment_date_gmt = mysql2date('Ymd\TH:i:s', $comment->comment_date_gmt, false); 
     
    10721072                if ( !$user = $this->login($username, $password) ) 
    10731073                        return $this->error; 
    10741074 
    1075                 if ( !current_user_can( 'moderate_comments' ) ) 
    1076                         return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) ); 
    1077  
    10781075                do_action('xmlrpc_call', 'wp.getComments'); 
    10791076 
    10801077                if ( isset($struct['status']) ) 
     
    11401137                if ( !$user = $this->login($username, $password) ) 
    11411138                        return $this->error; 
    11421139 
    1143                 if ( !current_user_can( 'moderate_comments' ) ) 
    1144                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 
    1145  
    11461140                if ( ! get_comment($comment_ID) ) 
    11471141                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 
    11481142 
    11491143                if ( !current_user_can( 'edit_comment', $comment_ID ) ) 
    1150                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 
     1144                        return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) ); 
    11511145 
    11521146                do_action('xmlrpc_call', 'wp.deleteComment'); 
    11531147 
     
    11901184                if ( !$user = $this->login($username, $password) ) 
    11911185                        return $this->error; 
    11921186 
    1193                 if ( !current_user_can( 'moderate_comments' ) ) 
    1194                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 
    1195  
    11961187                if ( ! get_comment($comment_ID) ) 
    11971188                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 
    11981189 
    11991190                if ( !current_user_can( 'edit_comment', $comment_ID ) ) 
    1200                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 
     1191                        return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) ); 
    12011192 
    12021193                do_action('xmlrpc_call', 'wp.editComment'); 
    12031194 
     
    13431334                if ( !$user = $this->login($username, $password) ) 
    13441335                        return $this->error; 
    13451336 
    1346                 if ( !current_user_can( 'moderate_comments' ) ) 
     1337                if ( !current_user_can( 'publish_posts' ) ) 
    13471338                        return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); 
    13481339 
    13491340                do_action('xmlrpc_call', 'wp.getCommentStatusList'); 
     
    13701361                if ( !$user = $this->login($username, $password) ) 
    13711362                        return $this->error; 
    13721363 
    1373                 if ( !current_user_can( 'edit_posts' ) ) 
    1374                         return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) ); 
     1364                $post = wp_get_single_post( $post_id, ARRAY_A ); 
     1365                if ( empty( $post['ID'] ) ) 
     1366                        return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 
    13751367 
     1368                if ( !current_user_can( 'edit_posts', $post_id ) ) 
     1369                        return new IXR_Error( 403, __( 'You are not allowed access to details of this post.' ) ); 
     1370 
    13761371                do_action('xmlrpc_call', 'wp.getCommentCount'); 
    13771372 
    13781373                $count = wp_count_comments( $post_id );