WordPress.org

Make WordPress Core

Ticket #7157: disable_remote_publishing_by_default.diff

File disable_remote_publishing_by_default.diff, 5.8 KB (added by westi, 12 years ago)

First pass patch. Still needs to actually stop APP working.

  • C:/xampp/htdocs/wordpress/trunk/xmlrpc.php

     
    3939    <engineLink>http://wordpress.org/</engineLink>
    4040    <homePageLink><?php bloginfo_rss('url') ?></homePageLink>
    4141    <apis>
     42    <?php if ( get_option('enable_xmlrpc') ) :?>
    4243      <api name="WordPress" blogID="1" preferred="true" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
    4344      <api name="Movable Type" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
    4445      <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
    4546      <api name="Blogger" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
     47    <?php endif; if ( get_option('enable_app') ) :?>
    4648      <api name="Atom" blogID="" preferred="false" apiLink="<?php echo apply_filters('atom_service_url', (get_bloginfo('url')."/wp-app.php/service"))?>" />
     49    <?php endif; ?>
    4750    </apis>
    4851  </service>
    4952</rsd>
     
    108111class wp_xmlrpc_server extends IXR_Server {
    109112
    110113        function wp_xmlrpc_server() {
    111                 $this->methods = array(
     114                $xmlrpc_methods = array(
    112115                        // WordPress API
    113116                        'wp.getUsersBlogs'              => 'this:wp_getUsersBlogs',
    114117                        'wp.getPage'                    => 'this:wp_getPage',
     
    164167                        'mt.supportedMethods' => 'this:mt_supportedMethods',
    165168                        'mt.supportedTextFilters' => 'this:mt_supportedTextFilters',
    166169                        'mt.getTrackbackPings' => 'this:mt_getTrackbackPings',
    167                         'mt.publishPost' => 'this:mt_publishPost',
    168 
     170                        'mt.publishPost' => 'this:mt_publishPost'
     171                );
     172               
     173                $xmlrpc_functions = array (
    169174                        // PingBack
    170175                        'pingback.ping' => 'this:pingback_ping',
    171176                        'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks',
     
    174179                        'demo.addTwoNumbers' => 'this:addTwoNumbers'
    175180                );
    176181
     182                if ( get_option('enable_xmlrpc') )
     183                {
     184                        $this->methods = array_merge($xmlrpc_methods,$xmlrpc_functions);
     185                } else {
     186                        $this->methods = $xmlrpc_functions;
     187                }
     188               
    177189                $this->initialise_blog_option_info( );
    178190                $this->methods = apply_filters('xmlrpc_methods', $this->methods);
    179191                $this->IXR_Server($this->methods);
  • C:/xampp/htdocs/wordpress/trunk/wp-admin/includes/schema.php

     
    255255
    256256        // 2.6
    257257        add_option('avatar_default', 'mystery');
    258 
     258        add_option('enable_app',0);
     259        add_option('enable_xmlrpc',0);
     260       
    259261        // Delete unused options
    260262        $unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update', 'action', 'rich_editing', 'autosave_interval', 'deactivated_plugins');
    261263        foreach ($unusedoptions as $option) :
  • C:/xampp/htdocs/wordpress/trunk/wp-admin/options-writing.php

     
    5757</tr>
    5858</table>
    5959
     60<h3><?php _e('Remote Publishing') ?></h3>
     61<p><?php printf(__('To post to WordPress from a desktop blogging client or remote website that uses the Atom Publishing Protocol or one of the XML-RPC publishing interfaces you must enable them below.')) ?></p>
     62<table class="form-table">
     63<tr valign="top">
     64<th scope="row"><?php _e('Atom Publishing Protocol') ?></th>
     65<td><fieldset><legend class="hidden"><?php _e('Atom Publishing Protocol') ?></legend>
     66<label for="enable_app">
     67<input name="enable_app" type="checkbox" id="enable_app" value="1" <?php checked('1', get_option('enable_app')); ?> />
     68<?php _e('Enable the Atom Publishing Protocol.') ?></label><br />
     69</fieldset></td>
     70</tr>
     71<tr valign="top">
     72<th scope="row"><?php _e('XML-RPC') ?></th>
     73<td><fieldset><legend class="hidden"><?php _e('XML-RPC') ?></legend>
     74<label for="enable_xmlrpc">
     75<input name="enable_xmlrpc" type="checkbox" id="enable_xmlrpc" value="1" <?php checked('1', get_option('enable_xmlrpc')); ?> />
     76<?php _e('Enable the WordPress, Movable Type, MetaWeblog and Blogger XML-RPC publishing protocols.') ?></label><br />
     77</fieldset></td>
     78</tr></table>
     79
    6080<h3><?php _e('Post via e-mail') ?></h3>
    6181<p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it&#8217;s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), wp_generate_password(8, false), wp_generate_password(8, false), wp_generate_password(8, false)) ?></p>
    6282