WordPress.org

Make WordPress Core

Ticket #17981: commentAPIfixes.patch

File commentAPIfixes.patch, 3.9 KB (added by nprasath002, 6 years ago)

Fixes cap checks

  • class-wp-xmlrpc-server.php

    # This patch file was generated by NetBeans IDE
    # Following Index: paths are relative to: C:\xampp\htdocs\wordtrunk\wp-includes
    # This patch can be applied using context Tools: Patch action on respective folder.
    # It uses platform neutral UTF-8 encoding and \n newlines.
    # Above lines and this line are ignored by the patching process.
     
    998998                if ( !$user = $this->login($username, $password) )
    999999                        return $this->error;
    10001000
    1001                 if ( !current_user_can( 'moderate_comments' ) )
    1002                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
    1003 
    10041001                do_action('xmlrpc_call', 'wp.getComment');
    10051002
    10061003                if ( ! $comment = get_comment($comment_id) )
    10071004                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
    10081005
     1006                if ( !current_user_can( 'edit_comment', $comment_id ) )
     1007                        return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
     1008
    10091009                // Format page date.
    10101010                $comment_date = mysql2date('Ymd\TH:i:s', $comment->comment_date, false);
    10111011                $comment_date_gmt = mysql2date('Ymd\TH:i:s', $comment->comment_date_gmt, false);
     
    10721072                if ( !$user = $this->login($username, $password) )
    10731073                        return $this->error;
    10741074
    1075                 if ( !current_user_can( 'moderate_comments' ) )
    1076                         return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) );
    1077 
    10781075                do_action('xmlrpc_call', 'wp.getComments');
    10791076
    10801077                if ( isset($struct['status']) )
     
    11401137                if ( !$user = $this->login($username, $password) )
    11411138                        return $this->error;
    11421139
    1143                 if ( !current_user_can( 'moderate_comments' ) )
    1144                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
    1145 
    11461140                if ( ! get_comment($comment_ID) )
    11471141                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
    11481142
    11491143                if ( !current_user_can( 'edit_comment', $comment_ID ) )
    1150                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
     1144                        return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) );
    11511145
    11521146                do_action('xmlrpc_call', 'wp.deleteComment');
    11531147
     
    11901184                if ( !$user = $this->login($username, $password) )
    11911185                        return $this->error;
    11921186
    1193                 if ( !current_user_can( 'moderate_comments' ) )
    1194                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
    1195 
    11961187                if ( ! get_comment($comment_ID) )
    11971188                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
    11981189
    11991190                if ( !current_user_can( 'edit_comment', $comment_ID ) )
    1200                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
     1191                        return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) );
    12011192
    12021193                do_action('xmlrpc_call', 'wp.editComment');
    12031194
     
    13431334                if ( !$user = $this->login($username, $password) )
    13441335                        return $this->error;
    13451336
    1346                 if ( !current_user_can( 'moderate_comments' ) )
     1337                if ( !current_user_can( 'publish_posts' ) )
    13471338                        return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) );
    13481339
    13491340                do_action('xmlrpc_call', 'wp.getCommentStatusList');
     
    13701361                if ( !$user = $this->login($username, $password) )
    13711362                        return $this->error;
    13721363
    1373                 if ( !current_user_can( 'edit_posts' ) )
    1374                         return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) );
     1364                $post = wp_get_single_post( $post_id, ARRAY_A );
     1365                if ( empty( $post['ID'] ) )
     1366                        return new IXR_Error( 404, __( 'Invalid post ID.' ) );
    13751367
     1368                if ( !current_user_can( 'edit_posts', $post_id ) )
     1369                        return new IXR_Error( 403, __( 'You are not allowed access to details of this post.' ) );
     1370
    13761371                do_action('xmlrpc_call', 'wp.getCommentCount');
    13771372
    13781373                $count = wp_count_comments( $post_id );