WordPress.org

Make WordPress Core

Ticket #2273: xmlrpc-auth.diff

File xmlrpc-auth.diff, 6.3 KB (added by skeltoac, 12 years ago)
  • xmlrpc.php

     
    11<?php
    22
     3define('XMLRPC_REQUEST', true);
     4
     5// Some browser-embedded clients send cookies. We don't want them.
     6$_COOKIE = array();
     7
    38# fix for mozBlog and other cases where '<?xml' isn't on the very first line
    49$HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA);
    510
     
    179184            return $this->error;
    180185          }
    181186
    182           $user = new WP_User(0, $user_login);
     187//        $user = new WP_User(0, $user_login);
     188        $user = set_current_user(0, $user_login);
    183189          $is_admin = $user->has_cap('level_8');
    184190
    185191          $struct = array(
     
    188194            'blogid'   => '1',
    189195            'blogName' => get_settings('blogname')
    190196          );
    191 
     197error_log(print_r($struct,1), 3, '/tmp/xmlrpc');
    192198          return array($struct);
    193199        }
    194200
     
    317323            return $this->error;
    318324          }
    319325
    320           $user = new WP_User(0, $user_login);
     326//        $user = new WP_User(0, $user_login);
     327        $user = set_current_user(0, $user_login);
    321328          if ( !$user->has_cap('edit_themes') ) {
    322329            return new IXR_Error(401, 'Sorry, this user can not edit the template.');
    323330          }
     
    352359            return $this->error;
    353360          }
    354361
    355           $user = new WP_User(0, $user_login);
     362//        $user = new WP_User(0, $user_login);
     363        $user = set_current_user(0, $user_login);
    356364          if ( !$user->has_cap('edit_themes') ) {
    357365            return new IXR_Error(401, 'Sorry, this user can not edit the template.');
    358366          }
     
    391399         
    392400          $cap = ($publish) ? 'publish_posts' : 'edit_posts';
    393401
    394           $user = new WP_User(0, $user_login);
     402//        $user = new WP_User(0, $user_login);
     403        $user = set_current_user(0, $user_login);
    395404          if ( !$user->has_cap($cap) )
    396405            return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
    397406
     
    445454
    446455                $this->escape($actual_post);
    447456
    448           $user = new WP_User(0, $user_login);
     457//        $user = new WP_User(0, $user_login);
     458        $user = set_current_user(0, $user_login);
    449459          if ( !$user->has_cap('edit_post', $post_ID) )
    450460            return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.');
    451461
     
    489499                return new IXR_Error(404, 'Sorry, no such post.');
    490500          }
    491501
    492           $user = new WP_User(0, $user_login);
     502//        $user = new WP_User(0, $user_login);
     503        $user = set_current_user(0, $user_login);
    493504          if ( !$user->has_cap('edit_post', $post_ID) )
    494505            return new IXR_Error(401, 'Sorry, you do not have the right to delete this post.');
    495506
     
    525536            return $this->error;
    526537          }
    527538
    528           $user = new WP_User(0, $user_login);
     539//        $user = new WP_User(0, $user_login);
     540        $user = set_current_user(0, $user_login);
    529541          if ( !$user->has_cap('publish_posts') )
    530542            return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
    531543
     
    605617            return $this->error;
    606618          }
    607619
    608           $user = new WP_User(0, $user_login);
     620//        $user = new WP_User(0, $user_login);
     621        $user = set_current_user(0, $user_login);
    609622          if ( !$user->has_cap('edit_post', $post_ID) )
    610623            return new IXR_Error(401, 'Sorry, you can not edit this post.');
    611624
     
    844857                if ( !$this->login_pass_ok($user_login, $user_pass) )
    845858                        return $this->error;
    846859
    847                 $user = new WP_User(0, $user_login);
     860//              $user = new WP_User(0, $user_login);
     861        $user = set_current_user(0, $user_login);
    848862
    849863                if ( !$user->has_cap('upload_files') ) {
    850864                        logIO('O', '(MW) User does not have upload_files capability');
     
    984998            return $this->error;
    985999          }
    9861000
    987           $user = new WP_User(0, $user_login);
     1001//        $user = new WP_User(0, $user_login);
     1002        $user = set_current_user(0, $user_login);
    9881003          if ( !$user->has_cap('edit_post', $post_ID) )
    9891004            return new IXR_Error(401, 'Sorry, you can not edit this post.');
    9901005
     
    10661081            return $this->error;
    10671082          }
    10681083
    1069           $user = new WP_User(0, $user_login);
     1084//        $user = new WP_User(0, $user_login);
     1085        $user = set_current_user(0, $user_login);
    10701086          if ( !$user->has_cap('edit_post', $post_ID) )
    10711087            return new IXR_Error(401, 'Sorry, you can not edit this post.');
    10721088
     
    12821298
    12831299$wp_xmlrpc_server = new wp_xmlrpc_server();
    12841300
    1285 ?>
    1286  No newline at end of file
     1301?>
  • wp-includes/kses.php

     
    530530function kses_init() {
    531531        global $current_user;
    532532
    533         get_currentuserinfo(); // set $current_user
     533        remove_filter('pre_comment_author', 'wp_filter_kses');
     534        remove_filter('pre_comment_content', 'wp_filter_kses');
     535        remove_filter('content_save_pre', 'wp_filter_post_kses');
     536        remove_filter('title_save_pre', 'wp_filter_kses');
     537
     538        if (! defined('XMLRPC_REQUEST') )
     539                get_currentuserinfo();
     540
    534541        if (current_user_can('unfiltered_html') == false)
    535542                kses_init_filters();
    536543}
    537544add_action('init', 'kses_init');
     545add_action('set_current_user', 'kses_init');
    538546?>
  • wp-includes/pluggable-functions.php

     
    33        /* These functions can be replaced via plugins.  They are loaded after
    44         plugins are loaded. */
    55
     6if ( !function_exists('set_current_user') ) :
     7function set_current_user($id, $name = '') {
     8        global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
    69
     10        $current_user   = '';
     11
     12        $current_user   = new WP_User($id, $name);
     13
     14        $userdata       = get_userdatabylogin($user_login);
     15
     16        $user_login     = $userdata->user_login;
     17        $user_level     = $userdata->user_level;
     18        $user_ID        = $userdata->ID;
     19        $user_email     = $userdata->user_email;
     20        $user_url       = $userdata->user_url;
     21        $user_pass_md5  = md5($userdata->user_pass);
     22        $user_identity  = $userdata->display_name;
     23
     24        do_action('set_current_user');
     25
     26        return $current_user;
     27}
     28endif;
     29
     30
    731if ( !function_exists('get_currentuserinfo') ) :
    832function get_currentuserinfo() {
    933        global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
    1034
     35        if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
     36                return false;
     37
    1138        if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ||
    1239                !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
    1340                $current_user = new WP_User(0);