1535 | 1535 | $password = $args[2]; |
1536 | 1536 | $post_id = (int) $args[3]; |
1537 | 1537 | $content_struct = $args[4]; |
1538 | 1538 | |
1539 | 1539 | if ( ! $user = $this->login( $username, $password ) ) |
1540 | 1540 | return $this->error; |
1541 | 1541 | |
1542 | 1542 | /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ |
1543 | 1543 | do_action( 'xmlrpc_call', 'wp.editPost' ); |
1544 | 1544 | |
1545 | 1545 | $post = get_post( $post_id, ARRAY_A ); |
1546 | 1546 | |
1547 | 1547 | if ( empty( $post['ID'] ) ) |
1548 | 1548 | return new IXR_Error( 404, __( 'Invalid post ID.' ) ); |
1549 | 1549 | |
1551 | 1551 | // If the post has been modified since the date provided, return an error. |
1552 | 1552 | if ( mysql2date( 'U', $post['post_modified_gmt'] ) > $content_struct['if_not_modified_since']->getTimestamp() ) { |
1553 | 1553 | return new IXR_Error( 409, __( 'There is a revision of this post that is more recent.' ) ); |
1554 | 1554 | } |
1555 | 1555 | } |
1556 | 1556 | |
1557 | 1557 | // Convert the date field back to IXR form. |
1558 | 1558 | $post['post_date'] = $this->_convert_date( $post['post_date'] ); |
1559 | 1559 | |
1560 | 1560 | /* |
1561 | 1561 | * Ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct, |
1562 | 1562 | * since _insert_post() will ignore the non-GMT date if the GMT date is set. |
1563 | 1563 | */ |
1855 | 1855 | |
1856 | 1856 | $taxonomy = get_taxonomy( $content_struct['taxonomy'] ); |
1857 | 1857 | |
1858 | 1858 | if ( ! current_user_can( $taxonomy->cap->manage_terms ) ) |
1859 | 1859 | return new IXR_Error( 401, __( 'You are not allowed to create terms in this taxonomy.' ) ); |
1860 | 1860 | |
1861 | 1861 | $taxonomy = (array) $taxonomy; |
1862 | 1862 | |
1863 | 1863 | // hold the data of the term |
1864 | 1864 | $term_data = array(); |
1865 | 1865 | |
1866 | 1866 | $term_data['name'] = trim( $content_struct['name'] ); |
1867 | 1867 | if ( empty( $term_data['name'] ) ) |
1868 | 1868 | return new IXR_Error( 403, __( 'The term name cannot be empty.' ) ); |
1869 | 1869 | |
1871 | 1871 | if ( ! $taxonomy['hierarchical'] ) |
1872 | 1872 | return new IXR_Error( 403, __( 'This taxonomy is not hierarchical.' ) ); |
1873 | 1873 | |
1874 | 1874 | $parent_term_id = (int) $content_struct['parent']; |
1875 | 1875 | $parent_term = get_term( $parent_term_id , $taxonomy['name'] ); |
1876 | 1876 | |
1877 | 1877 | if ( is_wp_error( $parent_term ) ) |
1878 | 1878 | return new IXR_Error( 500, $parent_term->get_error_message() ); |
1879 | 1879 | |
1880 | 1880 | if ( ! $parent_term ) |
1881 | 1881 | return new IXR_Error( 403, __( 'Parent term does not exist.' ) ); |
1882 | 1882 | |
1883 | 1883 | $term_data['parent'] = $content_struct['parent']; |
1884 | 1884 | } |
1885 | 1885 | |
1890 | 1890 | $term_data['slug'] = $content_struct['slug']; |
1891 | 1891 | |
1892 | 1892 | $term = wp_insert_term( $term_data['name'] , $taxonomy['name'] , $term_data ); |
1893 | 1893 | |
1894 | 1894 | if ( is_wp_error( $term ) ) |
1895 | 1895 | return new IXR_Error( 500, $term->get_error_message() ); |
1896 | 1896 | |
1897 | 1897 | if ( ! $term ) |
1898 | 1898 | return new IXR_Error( 500, __( 'Sorry, your term could not be created. Something wrong happened.' ) ); |
1899 | 1899 | |
1900 | 1900 | return strval( $term['term_id'] ); |
1901 | 1901 | } |
1902 | 1902 | |
1903 | 1903 | /** |
1904 | 1904 | * Edit a term. |
1946 | 1946 | return new IXR_Error( 401, __( 'You are not allowed to edit terms in this taxonomy.' ) ); |
1947 | 1947 | |
1948 | 1948 | $taxonomy = (array) $taxonomy; |
1949 | 1949 | |
1950 | 1950 | // hold the data of the term |
1951 | 1951 | $term_data = array(); |
1952 | 1952 | |
1953 | 1953 | $term = get_term( $term_id , $content_struct['taxonomy'] ); |
1954 | 1954 | |
1955 | 1955 | if ( is_wp_error( $term ) ) |
1956 | 1956 | return new IXR_Error( 500, $term->get_error_message() ); |
1957 | 1957 | |
1958 | 1958 | if ( ! $term ) |
1959 | 1959 | return new IXR_Error( 404, __( 'Invalid term ID' ) ); |
1960 | 1960 | |
1962 | 1962 | $term_data['name'] = trim( $content_struct['name'] ); |
1963 | 1963 | |
1964 | 1964 | if ( empty( $term_data['name'] ) ) |
1965 | 1965 | return new IXR_Error( 403, __( 'The term name cannot be empty.' ) ); |
1966 | 1966 | } |
1967 | 1967 | |
1968 | 1968 | if ( ! empty( $content_struct['parent'] ) ) { |
1969 | 1969 | if ( ! $taxonomy['hierarchical'] ) |
1970 | 1970 | return new IXR_Error( 403, __( "This taxonomy is not hierarchical so you can't set a parent." ) ); |
1971 | 1971 | |
1972 | 1972 | $parent_term_id = (int) $content_struct['parent']; |
1973 | 1973 | $parent_term = get_term( $parent_term_id , $taxonomy['name'] ); |
1974 | 1974 | |
1975 | 1975 | if ( is_wp_error( $parent_term ) ) |
1976 | 1976 | return new IXR_Error( 500, $parent_term->get_error_message() ); |
1977 | 1977 | |
1978 | 1978 | if ( ! $parent_term ) |
1979 | 1979 | return new IXR_Error( 403, __( 'Parent term does not exist.' ) ); |
1980 | 1980 | |
1981 | 1981 | $term_data['parent'] = $content_struct['parent']; |
1982 | 1982 | } |
1983 | 1983 | |
2565 | 2565 | |
2566 | 2566 | if ( ! $user = $this->login( $username, $password ) ) |
2567 | 2567 | return $this->error; |
2568 | 2568 | |
2569 | 2569 | /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ |
2570 | 2570 | do_action( 'xmlrpc_call', 'wp.editProfile' ); |
2571 | 2571 | |
2572 | 2572 | if ( ! current_user_can( 'edit_user', $user->ID ) ) |
2573 | 2573 | return new IXR_Error( 401, __( 'Sorry, you cannot edit your profile.' ) ); |
2574 | 2574 | |
2575 | 2575 | // holds data of the user |
2576 | 2576 | $user_data = array(); |
2577 | 2577 | $user_data['ID'] = $user->ID; |
2578 | 2578 | |
2579 | 2579 | // only set the user details if it was given |
4859 | 4859 | $content_struct['wp_post_format'] = sanitize_key( $content_struct['wp_post_format'] ); |
4860 | 4860 | if ( !array_key_exists( $content_struct['wp_post_format'], get_post_format_strings() ) ) { |
4861 | 4861 | return new IXR_Error( 404, __( 'Invalid post format' ) ); |
4862 | 4862 | } |
4863 | 4863 | } |
4864 | 4864 | |
4865 | 4865 | // Let WordPress generate the post_name (slug) unless |
4866 | 4866 | // one has been provided. |
4867 | 4867 | $post_name = ""; |
4868 | 4868 | if ( isset($content_struct['wp_slug']) ) |
4869 | 4869 | $post_name = $content_struct['wp_slug']; |
4870 | 4870 | |
4871 | 4871 | // Only use a password if one was given. |
4872 | 4872 | if ( isset($content_struct['wp_password']) ) |
4873 | 4873 | $post_password = $content_struct['wp_password']; |
4874 | 4874 | |
4875 | 4875 | // Only set a post parent if one was provided. |
4876 | 4876 | if ( isset($content_struct['wp_page_parent_id']) ) |
4877 | 4877 | $post_parent = $content_struct['wp_page_parent_id']; |
4878 | 4878 | |
4879 | 4879 | // Only set the menu_order if it was provided. |
4880 | 4880 | if ( isset($content_struct['wp_page_order']) ) |
4881 | 4881 | $menu_order = $content_struct['wp_page_order']; |
4882 | 4882 | |
4883 | 4883 | $post_author = $user->ID; |
4884 | 4884 | |
4885 | 4885 | // If an author id was provided then use it instead. |
4887 | 4887 | switch ( $post_type ) { |
4888 | 4888 | case "post": |
4889 | 4889 | if ( !current_user_can( 'edit_others_posts' ) ) |
4890 | 4890 | return new IXR_Error( 401, __( 'You are not allowed to create posts as this user.' ) ); |
4891 | 4891 | break; |
4892 | 4892 | case "page": |
4893 | 4893 | if ( !current_user_can( 'edit_others_pages' ) ) |
4894 | 4894 | return new IXR_Error( 401, __( 'You are not allowed to create pages as this user.' ) ); |
4895 | 4895 | break; |
4896 | 4896 | default: |
4897 | 4897 | return new IXR_Error( 401, __( 'Invalid post type' ) ); |
4898 | 4898 | } |
4899 | 4899 | $author = get_userdata( $content_struct['wp_author_id'] ); |
4900 | 4900 | if ( ! $author ) |
4901 | 4901 | return new IXR_Error( 404, __( 'Invalid author ID.' ) ); |
4902 | 4902 | $post_author = $content_struct['wp_author_id']; |
4903 | 4903 | } |
4904 | 4904 | |
4995 | 4995 | $to_ping = $content_struct['mt_tb_ping_urls']; |
4996 | 4996 | if ( is_array($to_ping) ) |
4997 | 4997 | $to_ping = implode(' ', $to_ping); |
4998 | 4998 | } |
4999 | 4999 | |
5000 | 5000 | // Do some timestamp voodoo |
5001 | 5001 | if ( !empty( $content_struct['date_created_gmt'] ) ) |
5002 | 5002 | // We know this is supposed to be GMT, so we're going to slap that Z on there by force |
5003 | 5003 | $dateCreated = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z'; |
5004 | 5004 | elseif ( !empty( $content_struct['dateCreated']) ) |
5005 | 5005 | $dateCreated = $content_struct['dateCreated']->getIso(); |
5006 | 5006 | |
5007 | 5007 | if ( !empty( $dateCreated ) ) { |
5008 | 5008 | $post_date = iso8601_to_datetime( $dateCreated ); |
5009 | 5009 | $post_date_gmt = get_gmt_from_date( $post_date ); |
5010 | 5010 | } else { |
5011 | 5011 | $post_date = ''; |
5012 | 5012 | $post_date_gmt = ''; |
5013 | 5013 | } |
5014 | 5014 | |
5015 | 5015 | $post_category = array(); |
5017 | 5017 | $catnames = $content_struct['categories']; |
5018 | 5018 | |
5019 | 5019 | if ( is_array($catnames) ) { |
5020 | 5020 | foreach ($catnames as $cat) { |
5021 | 5021 | $post_category[] = get_cat_ID($cat); |
5022 | 5022 | } |
5023 | 5023 | } |
5024 | 5024 | } |
5025 | 5025 | |
5026 | 5026 | $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping', 'post_type', 'post_name', 'post_password', 'post_parent', 'menu_order', 'tags_input', 'page_template'); |
5027 | 5027 | |
5028 | 5028 | $post_ID = $postdata['ID'] = get_default_post_to_edit( $post_type, true )->ID; |
5029 | 5029 | |
5030 | 5030 | // Only posts can be sticky |
5032 | 5032 | $data = $postdata; |
5033 | 5033 | $data['sticky'] = $content_struct['sticky']; |
5034 | 5034 | $error = $this->_toggle_sticky( $data ); |
5035 | 5035 | if ( $error ) { |
5036 | 5036 | return $error; |
5037 | 5037 | } |
5038 | 5038 | } |
5039 | 5039 | |
5040 | 5040 | if ( isset($content_struct['custom_fields']) ) |
5041 | 5041 | $this->set_custom_fields($post_ID, $content_struct['custom_fields']); |
5042 | 5042 | |
5043 | 5043 | if ( isset ( $content_struct['wp_post_thumbnail'] ) ) { |
5044 | 5044 | if ( set_post_thumbnail( $post_ID, $content_struct['wp_post_thumbnail'] ) === false ) |
5045 | 5045 | return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); |
5046 | 5046 | |
5047 | 5047 | unset( $content_struct['wp_post_thumbnail'] ); |
5048 | 5048 | } |
5049 | 5049 | |
5050 | 5050 | // Handle enclosures |
5051 | 5051 | $thisEnclosure = isset($content_struct['enclosure']) ? $content_struct['enclosure'] : null; |
5052 | 5052 | $this->add_enclosure_if_new($post_ID, $thisEnclosure); |
5053 | 5053 | |
5054 | 5054 | $this->attach_uploads( $post_ID, $post_content ); |
5055 | 5055 | |
5056 | 5056 | // Handle post formats if assigned, value is validated earlier |
5057 | 5057 | // in this function |
5059 | 5059 | set_post_format( $post_ID, $content_struct['wp_post_format'] ); |
5060 | 5060 | |
5061 | 5061 | $post_ID = wp_insert_post( $postdata, true ); |
5062 | 5062 | if ( is_wp_error( $post_ID ) ) |
5063 | 5063 | return new IXR_Error(500, $post_ID->get_error_message()); |
5064 | 5064 | |
5065 | 5065 | if ( !$post_ID ) |
5066 | 5066 | return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.')); |
5067 | 5067 | |
5068 | 5068 | /** |
5069 | 5069 | * Fires after a new post has been successfully created via the XML-RPC MovableType API. |
5070 | 5070 | * |
5071 | 5071 | * @since 3.4.0 |
5072 | 5072 | * |
5073 | 5073 | * @param int $post_ID ID of the new post. |
5167 | 5167 | if ( ! $postdata || empty( $postdata[ 'ID' ] ) ) |
5168 | 5168 | return new IXR_Error( 404, __( 'Invalid post ID.' ) ); |
5169 | 5169 | |
5170 | 5170 | if ( ! current_user_can( 'edit_post', $post_ID ) ) |
5171 | 5171 | return new IXR_Error( 401, __( 'Sorry, you do not have the right to edit this post.' ) ); |
5172 | 5172 | |
5173 | 5173 | // Use wp.editPost to edit post types other than post and page. |
5174 | 5174 | if ( ! in_array( $postdata[ 'post_type' ], array( 'post', 'page' ) ) ) |
5175 | 5175 | return new IXR_Error( 401, __( 'Invalid post type' ) ); |
5176 | 5176 | |
5177 | 5177 | // Thwart attempt to change the post type. |
5178 | 5178 | if ( ! empty( $content_struct[ 'post_type' ] ) && ( $content_struct['post_type'] != $postdata[ 'post_type' ] ) ) |
5179 | 5179 | return new IXR_Error( 401, __( 'The post type may not be changed.' ) ); |
5180 | 5180 | |
5181 | 5181 | // Check for a valid post format if one was given |
5183 | 5183 | $content_struct['wp_post_format'] = sanitize_key( $content_struct['wp_post_format'] ); |
5184 | 5184 | if ( !array_key_exists( $content_struct['wp_post_format'], get_post_format_strings() ) ) { |
5185 | 5185 | return new IXR_Error( 404, __( 'Invalid post format' ) ); |
5186 | 5186 | } |
5187 | 5187 | } |
5188 | 5188 | |
5189 | 5189 | $this->escape($postdata); |
5190 | 5190 | |
5191 | 5191 | $ID = $postdata['ID']; |
5192 | 5192 | $post_content = $postdata['post_content']; |
5193 | 5193 | $post_title = $postdata['post_title']; |
5194 | 5194 | $post_excerpt = $postdata['post_excerpt']; |
5195 | 5195 | $post_password = $postdata['post_password']; |
5196 | 5196 | $post_parent = $postdata['post_parent']; |
5197 | 5197 | $post_type = $postdata['post_type']; |
5209 | 5209 | // Only set a post parent if one was given. |
5210 | 5210 | if ( isset($content_struct['wp_page_parent_id']) ) |
5211 | 5211 | $post_parent = $content_struct['wp_page_parent_id']; |
5212 | 5212 | |
5213 | 5213 | // Only set the menu_order if it was given. |
5214 | 5214 | if ( isset($content_struct['wp_page_order']) ) |
5215 | 5215 | $menu_order = $content_struct['wp_page_order']; |
5216 | 5216 | |
5217 | 5217 | $page_template = null; |
5218 | 5218 | if ( ! empty( $content_struct['wp_page_template'] ) && 'page' == $post_type ) |
5219 | 5219 | $page_template = $content_struct['wp_page_template']; |
5220 | 5220 | |
5221 | 5221 | $post_author = $postdata['post_author']; |
5222 | 5222 | |
5223 | 5223 | // Only set the post_author if one is set. |
5225 | 5225 | // Check permissions if attempting to switch author to or from another user. |
5226 | 5226 | if ( $user->ID != $content_struct['wp_author_id'] || $user->ID != $post_author ) { |
5227 | 5227 | switch ( $post_type ) { |
5228 | 5228 | case 'post': |
5229 | 5229 | if ( ! current_user_can( 'edit_others_posts' ) ) { |
5230 | 5230 | return new IXR_Error( 401, __( 'You are not allowed to change the post author as this user.' ) ); |
5231 | 5231 | } |
5232 | 5232 | break; |
5233 | 5233 | case 'page': |
5234 | 5234 | if ( ! current_user_can( 'edit_others_pages' ) ) { |
5235 | 5235 | return new IXR_Error( 401, __( 'You are not allowed to change the page author as this user.' ) ); |
5236 | 5236 | } |
5237 | 5237 | break; |
5238 | 5238 | default: |
5239 | 5239 | return new IXR_Error( 401, __( 'Invalid post type' ) ); |
5339 | 5339 | |
5340 | 5340 | if ( 'publish' == $post_status || 'private' == $post_status ) { |
5341 | 5341 | if ( 'page' == $post_type && ! current_user_can( 'publish_pages' ) ) { |
5342 | 5342 | return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this page.' ) ); |
5343 | 5343 | } elseif ( ! current_user_can( 'publish_posts' ) ) { |
5344 | 5344 | return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this post.' ) ); |
5345 | 5345 | } |
5346 | 5346 | } |
5347 | 5347 | |
5348 | 5348 | if ( $post_more ) |
5349 | 5349 | $post_content = $post_content . "<!--more-->" . $post_more; |
5350 | 5350 | |
5351 | 5351 | $to_ping = null; |
5353 | 5353 | $to_ping = $content_struct['mt_tb_ping_urls']; |
5354 | 5354 | if ( is_array($to_ping) ) |
5355 | 5355 | $to_ping = implode(' ', $to_ping); |
5356 | 5356 | } |
5357 | 5357 | |
5358 | 5358 | // Do some timestamp voodoo. |
5359 | 5359 | if ( !empty( $content_struct['date_created_gmt'] ) ) |
5360 | 5360 | // We know this is supposed to be GMT, so we're going to slap that Z on there by force. |
5361 | 5361 | $dateCreated = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z'; |
5362 | 5362 | elseif ( !empty( $content_struct['dateCreated']) ) |
5363 | 5363 | $dateCreated = $content_struct['dateCreated']->getIso(); |
5364 | 5364 | |
5365 | 5365 | if ( !empty( $dateCreated ) ) { |
5366 | 5366 | $post_date = iso8601_to_datetime( $dateCreated ); |
5367 | 5367 | $post_date_gmt = get_gmt_from_date( $post_date, 'GMT' ); |
5369 | 5369 | $post_date = $postdata['post_date']; |
5370 | 5370 | $post_date_gmt = $postdata['post_date_gmt']; |
5371 | 5371 | } |
5372 | 5372 | |
5373 | 5373 | // We've got all the data -- post it. |
5374 | 5374 | $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt', 'to_ping', 'post_name', 'post_password', 'post_parent', 'menu_order', 'post_author', 'tags_input', 'page_template'); |
5375 | 5375 | |
5376 | 5376 | $result = wp_update_post($newpost, true); |
5377 | 5377 | if ( is_wp_error( $result ) ) |
5378 | 5378 | return new IXR_Error(500, $result->get_error_message()); |
5379 | 5379 | |
5380 | 5380 | if ( !$result ) |
5381 | 5381 | return new IXR_Error(500, __('Sorry, your entry could not be edited. Something wrong happened.')); |
5382 | 5382 | |
5383 | 5383 | // Only posts can be sticky |
5385 | 5385 | $data = $newpost; |
5386 | 5386 | $data['sticky'] = $content_struct['sticky']; |
5387 | 5387 | $data['post_type'] = 'post'; |
5388 | 5388 | $error = $this->_toggle_sticky( $data, true ); |
5389 | 5389 | if ( $error ) { |
5390 | 5390 | return $error; |
5391 | 5391 | } |
5392 | 5392 | } |
5393 | 5393 | |
5394 | 5394 | if ( isset($content_struct['custom_fields']) ) |
5395 | 5395 | $this->set_custom_fields($post_ID, $content_struct['custom_fields']); |
5396 | 5396 | |
5397 | 5397 | if ( isset ( $content_struct['wp_post_thumbnail'] ) ) { |
5398 | 5398 | |
5399 | 5399 | // Empty value deletes, non-empty value adds/updates. |
5401 | 5401 | delete_post_thumbnail( $post_ID ); |
5402 | 5402 | } else { |
5403 | 5403 | if ( set_post_thumbnail( $post_ID, $content_struct['wp_post_thumbnail'] ) === false ) |
5404 | 5404 | return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); |
5405 | 5405 | } |
5406 | 5406 | unset( $content_struct['wp_post_thumbnail'] ); |
5407 | 5407 | } |
5408 | 5408 | |
5409 | 5409 | // Handle enclosures. |
5410 | 5410 | $thisEnclosure = isset($content_struct['enclosure']) ? $content_struct['enclosure'] : null; |
5411 | 5411 | $this->add_enclosure_if_new($post_ID, $thisEnclosure); |
5412 | 5412 | |
5413 | 5413 | $this->attach_uploads( $ID, $post_content ); |
5414 | 5414 | |
5415 | 5415 | // Handle post formats if assigned, validation is handled earlier in this function. |