Ticket #2273: xmlrpc-auth.diff
File xmlrpc-auth.diff, 6.3 KB (added by , 19 years ago) |
---|
-
xmlrpc.php
1 1 <?php 2 2 3 define('XMLRPC_REQUEST', true); 4 5 // Some browser-embedded clients send cookies. We don't want them. 6 $_COOKIE = array(); 7 3 8 # fix for mozBlog and other cases where '<?xml' isn't on the very first line 4 9 $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA); 5 10 … … 179 184 return $this->error; 180 185 } 181 186 182 $user = new WP_User(0, $user_login); 187 // $user = new WP_User(0, $user_login); 188 $user = set_current_user(0, $user_login); 183 189 $is_admin = $user->has_cap('level_8'); 184 190 185 191 $struct = array( … … 188 194 'blogid' => '1', 189 195 'blogName' => get_settings('blogname') 190 196 ); 191 197 error_log(print_r($struct,1), 3, '/tmp/xmlrpc'); 192 198 return array($struct); 193 199 } 194 200 … … 317 323 return $this->error; 318 324 } 319 325 320 $user = new WP_User(0, $user_login); 326 // $user = new WP_User(0, $user_login); 327 $user = set_current_user(0, $user_login); 321 328 if ( !$user->has_cap('edit_themes') ) { 322 329 return new IXR_Error(401, 'Sorry, this user can not edit the template.'); 323 330 } … … 352 359 return $this->error; 353 360 } 354 361 355 $user = new WP_User(0, $user_login); 362 // $user = new WP_User(0, $user_login); 363 $user = set_current_user(0, $user_login); 356 364 if ( !$user->has_cap('edit_themes') ) { 357 365 return new IXR_Error(401, 'Sorry, this user can not edit the template.'); 358 366 } … … 391 399 392 400 $cap = ($publish) ? 'publish_posts' : 'edit_posts'; 393 401 394 $user = new WP_User(0, $user_login); 402 // $user = new WP_User(0, $user_login); 403 $user = set_current_user(0, $user_login); 395 404 if ( !$user->has_cap($cap) ) 396 405 return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.'); 397 406 … … 445 454 446 455 $this->escape($actual_post); 447 456 448 $user = new WP_User(0, $user_login); 457 // $user = new WP_User(0, $user_login); 458 $user = set_current_user(0, $user_login); 449 459 if ( !$user->has_cap('edit_post', $post_ID) ) 450 460 return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.'); 451 461 … … 489 499 return new IXR_Error(404, 'Sorry, no such post.'); 490 500 } 491 501 492 $user = new WP_User(0, $user_login); 502 // $user = new WP_User(0, $user_login); 503 $user = set_current_user(0, $user_login); 493 504 if ( !$user->has_cap('edit_post', $post_ID) ) 494 505 return new IXR_Error(401, 'Sorry, you do not have the right to delete this post.'); 495 506 … … 525 536 return $this->error; 526 537 } 527 538 528 $user = new WP_User(0, $user_login); 539 // $user = new WP_User(0, $user_login); 540 $user = set_current_user(0, $user_login); 529 541 if ( !$user->has_cap('publish_posts') ) 530 542 return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.'); 531 543 … … 605 617 return $this->error; 606 618 } 607 619 608 $user = new WP_User(0, $user_login); 620 // $user = new WP_User(0, $user_login); 621 $user = set_current_user(0, $user_login); 609 622 if ( !$user->has_cap('edit_post', $post_ID) ) 610 623 return new IXR_Error(401, 'Sorry, you can not edit this post.'); 611 624 … … 844 857 if ( !$this->login_pass_ok($user_login, $user_pass) ) 845 858 return $this->error; 846 859 847 $user = new WP_User(0, $user_login); 860 // $user = new WP_User(0, $user_login); 861 $user = set_current_user(0, $user_login); 848 862 849 863 if ( !$user->has_cap('upload_files') ) { 850 864 logIO('O', '(MW) User does not have upload_files capability'); … … 984 998 return $this->error; 985 999 } 986 1000 987 $user = new WP_User(0, $user_login); 1001 // $user = new WP_User(0, $user_login); 1002 $user = set_current_user(0, $user_login); 988 1003 if ( !$user->has_cap('edit_post', $post_ID) ) 989 1004 return new IXR_Error(401, 'Sorry, you can not edit this post.'); 990 1005 … … 1066 1081 return $this->error; 1067 1082 } 1068 1083 1069 $user = new WP_User(0, $user_login); 1084 // $user = new WP_User(0, $user_login); 1085 $user = set_current_user(0, $user_login); 1070 1086 if ( !$user->has_cap('edit_post', $post_ID) ) 1071 1087 return new IXR_Error(401, 'Sorry, you can not edit this post.'); 1072 1088 … … 1282 1298 1283 1299 $wp_xmlrpc_server = new wp_xmlrpc_server(); 1284 1300 1285 ?> 1286 No newline at end of file 1301 ?> -
wp-includes/kses.php
530 530 function kses_init() { 531 531 global $current_user; 532 532 533 get_currentuserinfo(); // set $current_user 533 remove_filter('pre_comment_author', 'wp_filter_kses'); 534 remove_filter('pre_comment_content', 'wp_filter_kses'); 535 remove_filter('content_save_pre', 'wp_filter_post_kses'); 536 remove_filter('title_save_pre', 'wp_filter_kses'); 537 538 if (! defined('XMLRPC_REQUEST') ) 539 get_currentuserinfo(); 540 534 541 if (current_user_can('unfiltered_html') == false) 535 542 kses_init_filters(); 536 543 } 537 544 add_action('init', 'kses_init'); 545 add_action('set_current_user', 'kses_init'); 538 546 ?> -
wp-includes/pluggable-functions.php
3 3 /* These functions can be replaced via plugins. They are loaded after 4 4 plugins are loaded. */ 5 5 6 if ( !function_exists('set_current_user') ) : 7 function set_current_user($id, $name = '') { 8 global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user; 6 9 10 $current_user = ''; 11 12 $current_user = new WP_User($id, $name); 13 14 $userdata = get_userdatabylogin($user_login); 15 16 $user_login = $userdata->user_login; 17 $user_level = $userdata->user_level; 18 $user_ID = $userdata->ID; 19 $user_email = $userdata->user_email; 20 $user_url = $userdata->user_url; 21 $user_pass_md5 = md5($userdata->user_pass); 22 $user_identity = $userdata->display_name; 23 24 do_action('set_current_user'); 25 26 return $current_user; 27 } 28 endif; 29 30 7 31 if ( !function_exists('get_currentuserinfo') ) : 8 32 function get_currentuserinfo() { 9 33 global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user; 10 34 35 if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ) 36 return false; 37 11 38 if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) || 12 39 !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) { 13 40 $current_user = new WP_User(0);