Ticket #7157: xmlrpc.php.diff

xmlrpc.php

@@ -39 +39 @@
     <engineLink>http://wordpress.org/</engineLink>
     <homePageLink><?php bloginfo_rss('url') ?></homePageLink>
     <apis>
-    <?php if ( get_option('enable_xmlrpc') ) :?>
       <api name="WordPress" blogID="1" preferred="true" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
       <api name="Movable Type" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
       <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
       <api name="Blogger" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
-    <?php endif; if ( get_option('enable_app') ) :?>
       <api name="Atom" blogID="" preferred="false" apiLink="<?php echo apply_filters('atom_service_url', (get_bloginfo('url')."/wp-app.php/service"))?>" />
-    <?php endif; ?>
     </apis>
   </service>
 </rsd>
@@ -111 +108 @@
 class wp_xmlrpc_server extends IXR_Server {
 
         function wp_xmlrpc_server() {
-                $xmlrpc_methods = array(
+                $this->methods = array(
                         // WordPress API
                         'wp.getUsersBlogs'              => 'this:wp_getUsersBlogs',
                         'wp.getPage'                    => 'this:wp_getPage',
@@ -167 +164 @@
                         'mt.supportedMethods' => 'this:mt_supportedMethods',
                         'mt.supportedTextFilters' => 'this:mt_supportedTextFilters',
                         'mt.getTrackbackPings' => 'this:mt_getTrackbackPings',
-                        'mt.publishPost' => 'this:mt_publishPost'
-                );
-                
-                $xmlrpc_functions = array (
+                        'mt.publishPost' => 'this:mt_publishPost',
+
                         // PingBack
                         'pingback.ping' => 'this:pingback_ping',
                         'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks',
@@ -179 +174 @@
                         'demo.addTwoNumbers' => 'this:addTwoNumbers'
                 );
 
-                if ( get_option('enable_xmlrpc') )
-                {
-                        $this->methods = array_merge($xmlrpc_methods,$xmlrpc_functions);
-                } else {
-                        $this->methods = $xmlrpc_functions;
-                }
-                
                 $this->initialise_blog_option_info( );
                 $this->methods = apply_filters('xmlrpc_methods', $this->methods);
                 $this->IXR_Server($this->methods);
@@ -202 +190 @@
         }
 
         function login_pass_ok($user_login, $user_pass) {
+                if( !get_option( 'enable_xmlrpc' ) ) {
+                        $this->error = new IXR_Error( 405, __( 'XML-RPC servies are disabled on this blog.  An admin user can enable them at ' . get_bloginfo( 'wpurl' ) . '/wp-admin/options-writing.php' ) );
+                        return false;
+                }
+
                 if (!user_pass_ok($user_login, $user_pass)) {
                         $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
                         return false;
@@ -845 +838 @@
                 $post_id        = (int) $args[3];
 
                 if( !$this->login_pass_ok( $username, $password ) ) {
-                        return new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
+                        return $this->error;
                 }
 
                 set_current_user( 0, $username );
@@ -873 +866 @@
                 $password       = $args[2];
 
                 if( !$this->login_pass_ok( $username, $password ) ) {
-                        return new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
+                        return $this->error;
                 }
 
                 set_current_user( 0, $username );
@@ -895 +888 @@
                 $password       = $args[2];
 
                 if( !$this->login_pass_ok( $username, $password ) ) {
-                        return new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
+                        return $this->error;
                 }
 
                 set_current_user( 0, $username );
@@ -916 +909 @@
                 $password       = $args[2];
 
                 if( !$this->login_pass_ok( $username, $password ) ) {
-                        return new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
+                        return $this->error;
                 }
 
                 set_current_user( 0, $username );
@@ -939 +932 @@
                 $options        = (array) $args[3];
 
                 if( !$this->login_pass_ok( $username, $password ) )
-                        return new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
+                        return $this->error;
 
                 $user = set_current_user( 0, $username );
 
@@ -978 +971 @@
                 $options        = (array) $args[3];
 
                 if( !$this->login_pass_ok( $username, $password ) )
-                        return new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
+                        return $this->error;
 
                 $user = set_current_user( 0, $username );
                 if( !current_user_can( 'manage_options' ) )