WordPress.org

Make WordPress Core

Ticket #7157: disable_remote_publishing_by_default.diff

File disable_remote_publishing_by_default.diff, 5.8 KB (added by westi, 6 years ago)

First pass patch. Still needs to actually stop APP working.

  • C:/xampp/htdocs/wordpress/trunk/xmlrpc.php

     
    3939    <engineLink>http://wordpress.org/</engineLink> 
    4040    <homePageLink><?php bloginfo_rss('url') ?></homePageLink> 
    4141    <apis> 
     42    <?php if ( get_option('enable_xmlrpc') ) :?> 
    4243      <api name="WordPress" blogID="1" preferred="true" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" /> 
    4344      <api name="Movable Type" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" /> 
    4445      <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" /> 
    4546      <api name="Blogger" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" /> 
     47    <?php endif; if ( get_option('enable_app') ) :?> 
    4648      <api name="Atom" blogID="" preferred="false" apiLink="<?php echo apply_filters('atom_service_url', (get_bloginfo('url')."/wp-app.php/service"))?>" /> 
     49    <?php endif; ?> 
    4750    </apis> 
    4851  </service> 
    4952</rsd> 
     
    108111class wp_xmlrpc_server extends IXR_Server { 
    109112 
    110113        function wp_xmlrpc_server() { 
    111                 $this->methods = array( 
     114                $xmlrpc_methods = array( 
    112115                        // WordPress API 
    113116                        'wp.getUsersBlogs'              => 'this:wp_getUsersBlogs', 
    114117                        'wp.getPage'                    => 'this:wp_getPage', 
     
    164167                        'mt.supportedMethods' => 'this:mt_supportedMethods', 
    165168                        'mt.supportedTextFilters' => 'this:mt_supportedTextFilters', 
    166169                        'mt.getTrackbackPings' => 'this:mt_getTrackbackPings', 
    167                         'mt.publishPost' => 'this:mt_publishPost', 
    168  
     170                        'mt.publishPost' => 'this:mt_publishPost' 
     171                ); 
     172                 
     173                $xmlrpc_functions = array ( 
    169174                        // PingBack 
    170175                        'pingback.ping' => 'this:pingback_ping', 
    171176                        'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks', 
     
    174179                        'demo.addTwoNumbers' => 'this:addTwoNumbers' 
    175180                ); 
    176181 
     182                if ( get_option('enable_xmlrpc') ) 
     183                { 
     184                        $this->methods = array_merge($xmlrpc_methods,$xmlrpc_functions); 
     185                } else { 
     186                        $this->methods = $xmlrpc_functions; 
     187                } 
     188                 
    177189                $this->initialise_blog_option_info( ); 
    178190                $this->methods = apply_filters('xmlrpc_methods', $this->methods); 
    179191                $this->IXR_Server($this->methods); 
  • C:/xampp/htdocs/wordpress/trunk/wp-admin/includes/schema.php

     
    255255 
    256256        // 2.6 
    257257        add_option('avatar_default', 'mystery'); 
    258  
     258        add_option('enable_app',0); 
     259        add_option('enable_xmlrpc',0); 
     260         
    259261        // Delete unused options 
    260262        $unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update', 'action', 'rich_editing', 'autosave_interval', 'deactivated_plugins'); 
    261263        foreach ($unusedoptions as $option) : 
  • C:/xampp/htdocs/wordpress/trunk/wp-admin/options-writing.php

     
    5757</tr> 
    5858</table> 
    5959 
     60<h3><?php _e('Remote Publishing') ?></h3> 
     61<p><?php printf(__('To post to WordPress from a desktop blogging client or remote website that uses the Atom Publishing Protocol or one of the XML-RPC publishing interfaces you must enable them below.')) ?></p> 
     62<table class="form-table"> 
     63<tr valign="top"> 
     64<th scope="row"><?php _e('Atom Publishing Protocol') ?></th> 
     65<td><fieldset><legend class="hidden"><?php _e('Atom Publishing Protocol') ?></legend> 
     66<label for="enable_app"> 
     67<input name="enable_app" type="checkbox" id="enable_app" value="1" <?php checked('1', get_option('enable_app')); ?> /> 
     68<?php _e('Enable the Atom Publishing Protocol.') ?></label><br /> 
     69</fieldset></td> 
     70</tr> 
     71<tr valign="top"> 
     72<th scope="row"><?php _e('XML-RPC') ?></th> 
     73<td><fieldset><legend class="hidden"><?php _e('XML-RPC') ?></legend> 
     74<label for="enable_xmlrpc"> 
     75<input name="enable_xmlrpc" type="checkbox" id="enable_xmlrpc" value="1" <?php checked('1', get_option('enable_xmlrpc')); ?> /> 
     76<?php _e('Enable the WordPress, Movable Type, MetaWeblog and Blogger XML-RPC publishing protocols.') ?></label><br /> 
     77</fieldset></td> 
     78</tr></table> 
     79 
    6080<h3><?php _e('Post via e-mail') ?></h3> 
    6181<p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it&#8217;s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), wp_generate_password(8, false), wp_generate_password(8, false), wp_generate_password(8, false)) ?></p> 
    6282