Changeset 10456
- Timestamp:
- 01/29/2009 12:25:24 AM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/xmlrpc.php
r10383 r10456 239 239 * @param string $user_pass User's password. 240 240 * @return bool Whether authentication passed. 241 * @deprecated use wp_xmlrpc_server::login 242 * @see wp_xmlrpc_server::login 241 243 */ 242 244 function login_pass_ok($user_login, $user_pass) { … … 251 253 } 252 254 return true; 255 } 256 257 /** 258 * Log user in. 259 * 260 * @since 2.8 261 * 262 * @param string $username User's username. 263 * @param string $password User's password. 264 * @return mixed WP_User object if authentication passed, false otherwise 265 */ 266 function login($username, $password) { 267 if ( !get_option( 'enable_xmlrpc' ) ) { 268 $this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this blog. An admin user can enable them at %s'), admin_url('options-writing.php') ) ); 269 return false; 270 } 271 272 $user = wp_authenticate($username, $password); 273 274 if (is_wp_error($user)) { 275 $this->error = new IXR_Error(403, __('Bad login/pass combination.')); 276 return false; 277 } 278 279 set_current_user( $user->ID ); 280 return $user; 253 281 } 254 282 … … 418 446 $password = $args[1]; 419 447 420 if( !$this->login_pass_ok( $username, $password ) ) 421 return $this->error; 448 if ( !$user = $this->login($username, $password) ) { 449 return $this->error; 450 } 422 451 423 452 do_action( 'xmlrpc_call', 'wp.getUsersBlogs' ); 424 425 $user = set_current_user( 0, $username );426 453 427 454 $blogs = (array) get_blogs_of_user( $user->ID ); … … 467 494 $password = $args[3]; 468 495 469 if(!$this->login_pass_ok($username, $password)) { 470 return($this->error); 471 } 472 473 set_current_user( 0, $username ); 496 if ( !$user = $this->login($username, $password) ) { 497 return $this->error; 498 } 499 474 500 if( !current_user_can( 'edit_page', $page_id ) ) 475 501 return new IXR_Error( 401, __( 'Sorry, you can not edit this page.' ) ); … … 565 591 $num_pages = (int) $args[3]; 566 592 567 if(!$this->login_pass_ok($username, $password)) { 568 return($this->error); 569 } 570 571 set_current_user( 0, $username ); 593 if ( !$user = $this->login($username, $password) ) { 594 return $this->error; 595 } 596 572 597 if( !current_user_can( 'edit_pages' ) ) 573 598 return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); … … 617 642 $publish = $args[4]; 618 643 619 if (!$this->login_pass_ok($username, $password)) {620 return ($this->error);644 if ( !$user = $this->login($username, $password) ) { 645 return $this->error; 621 646 } 622 647 623 648 do_action('xmlrpc_call', 'wp.newPage'); 624 649 625 // Set the user context and check if they are allowed 626 // to add new pages. 627 $user = set_current_user(0, $username); 650 // Make sure the user is allowed to add new pages. 628 651 if(!current_user_can("publish_pages")) { 629 652 return(new IXR_Error(401, __("Sorry, you can not add new pages."))); … … 653 676 $page_id = (int) $args[3]; 654 677 655 if (!$this->login_pass_ok($username, $password)) {656 return ($this->error);678 if ( !$user = $this->login($username, $password) ) { 679 return $this->error; 657 680 } 658 681 … … 669 692 } 670 693 671 // Set the user context and make sure they can delete pages. 672 set_current_user(0, $username); 694 // Make sure the user can delete pages. 673 695 if(!current_user_can("delete_page", $page_id)) { 674 696 return(new IXR_Error(401, __("Sorry, you do not have the right to delete this page."))); … … 701 723 $publish = $args[5]; 702 724 703 if (!$this->login_pass_ok($username, $password)) {704 return ($this->error);725 if ( !$user = $this->login($username, $password) ) { 726 return $this->error; 705 727 } 706 728 … … 716 738 } 717 739 718 // Set the user context and make sure they are allowed to edit pages. 719 set_current_user(0, $username); 740 // Make sure the user is allowed to edit pages. 720 741 if(!current_user_can("edit_page", $page_id)) { 721 742 return(new IXR_Error(401, __("Sorry, you do not have the right to edit this page."))); … … 755 776 $password = $args[2]; 756 777 757 if(!$this->login_pass_ok($username, $password)) { 758 return($this->error); 759 } 760 761 set_current_user( 0, $username ); 778 if ( !$user = $this->login($username, $password) ) { 779 return $this->error; 780 } 781 762 782 if( !current_user_can( 'edit_pages' ) ) 763 783 return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); … … 809 829 $password = $args[2]; 810 830 811 if(!$this->login_pass_ok($username, $password)) { 812 return($this->error); 813 } 814 815 set_current_user(0, $username); 831 if ( !$user = $this->login($username, $password) ) { 832 return $this->error; 833 } 834 816 835 if(!current_user_can("edit_posts")) { 817 836 return(new IXR_Error(401, __("Sorry, you can not edit posts on this blog."))); … … 847 866 $password = $args[2]; 848 867 849 if( !$this->login_pass_ok( $username, $password ) ) { 850 return $this->error; 851 } 852 853 set_current_user( 0, $username ); 868 if ( !$user = $this->login($username, $password) ) { 869 return $this->error; 870 } 871 854 872 if( !current_user_can( 'edit_posts' ) ) { 855 873 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view tags.' ) ); … … 892 910 $category = $args[3]; 893 911 894 if (!$this->login_pass_ok($username, $password)) {895 return ($this->error);912 if ( !$user = $this->login($username, $password) ) { 913 return $this->error; 896 914 } 897 915 898 916 do_action('xmlrpc_call', 'wp.newCategory'); 899 917 900 // Set the user context and make sure they are 901 // allowed to add a category. 902 set_current_user(0, $username); 918 // Make sure the user is allowed to add a category. 903 919 if(!current_user_can("manage_categories")) { 904 920 return(new IXR_Error(401, __("Sorry, you do not have the right to add a category."))); … … 952 968 $category_id = (int) $args[3]; 953 969 954 if ( !$this->login_pass_ok( $username, $password) ) {970 if ( !$user = $this->login($username, $password) ) { 955 971 return $this->error; 956 972 } … … 958 974 do_action('xmlrpc_call', 'wp.deleteCategory'); 959 975 960 set_current_user(0, $username);961 976 if( !current_user_can("manage_categories") ) { 962 977 return new IXR_Error( 401, __( "Sorry, you do not have the right to delete a category." ) ); … … 983 998 $max_results = (int) $args[4]; 984 999 985 if(!$this->login_pass_ok($username, $password)) { 986 return($this->error); 987 } 988 989 set_current_user(0, $username); 1000 if ( !$user = $this->login($username, $password) ) { 1001 return $this->error; 1002 } 1003 990 1004 if( !current_user_can( 'edit_posts' ) ) 991 1005 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts to this blog in order to view categories.' ) ); … … 1021 1035 $comment_id = (int) $args[3]; 1022 1036 1023 if ( !$ this->login_pass_ok( $username, $password ) )1024 return $this->error; 1025 1026 set_current_user( 0, $username ); 1037 if ( !$user = $this->login($username, $password) ) { 1038 return $this->error; 1039 } 1040 1027 1041 if ( !current_user_can( 'moderate_comments' ) ) 1028 1042 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) ); … … 1084 1098 $struct = $args[3]; 1085 1099 1086 if ( !$ this->login_pass_ok($username, $password) )1087 return ($this->error);1088 1089 set_current_user( 0, $username ); 1100 if ( !$user = $this->login($username, $password) ) { 1101 return $this->error; 1102 } 1103 1090 1104 if ( !current_user_can( 'moderate_comments' ) ) 1091 1105 return new IXR_Error( 401, __( 'Sorry, you can not edit comments.' ) ); … … 1144 1158 $comment_ID = (int) $args[3]; 1145 1159 1146 if ( !$ this->login_pass_ok( $username, $password ) )1147 return $this->error; 1148 1149 set_current_user( 0, $username ); 1160 if ( !$user = $this->login($username, $password) ) { 1161 return $this->error; 1162 } 1163 1150 1164 if ( !current_user_can( 'moderate_comments' ) ) 1151 1165 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) ); … … 1176 1190 $content_struct = $args[4]; 1177 1191 1178 if ( !$ this->login_pass_ok( $username, $password ) )1179 return $this->error; 1180 1181 set_current_user( 0, $username ); 1192 if ( !$user = $this->login($username, $password) ) { 1193 return $this->error; 1194 } 1195 1182 1196 if ( !current_user_can( 'moderate_comments' ) ) 1183 1197 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) ); … … 1250 1264 $allow_anon = apply_filters('xmlrpc_allow_anonymous_comments', false); 1251 1265 1252 if ( !$this->login_pass_ok( $username, $password ) ) { 1266 $user = $this->login($username, $password); 1267 1268 if ( !$user ) { 1253 1269 $logged_in = false; 1254 1270 if ( $allow_anon && get_option('comment_registration') ) … … 1258 1274 } else { 1259 1275 $logged_in = true; 1260 set_current_user( 0, $username );1261 1276 } 1262 1277 … … 1275 1290 1276 1291 if ( $logged_in ) { 1277 $user = wp_get_current_user();1278 1292 $comment['comment_author'] = $wpdb->escape( $user->display_name ); 1279 1293 $comment['comment_author_email'] = $wpdb->escape( $user->user_email ); … … 1327 1341 $password = $args[2]; 1328 1342 1329 if ( !$ this->login_pass_ok( $username, $password ) )1330 return $this->error; 1331 1332 set_current_user( 0, $username ); 1343 if ( !$user = $this->login($username, $password) ) { 1344 return $this->error; 1345 } 1346 1333 1347 if ( !current_user_can( 'moderate_comments' ) ) 1334 1348 return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); … … 1355 1369 $post_id = (int) $args[3]; 1356 1370 1357 if( !$this->login_pass_ok( $username, $password ) ) { 1358 return $this->error; 1359 } 1360 1361 set_current_user( 0, $username ); 1371 if ( !$user = $this->login($username, $password) ) { 1372 return $this->error; 1373 } 1374 1362 1375 if( !current_user_can( 'edit_posts' ) ) { 1363 1376 return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) ); … … 1390 1403 $password = $args[2]; 1391 1404 1392 if( !$this->login_pass_ok( $username, $password ) ) { 1393 return $this->error; 1394 } 1395 1396 set_current_user( 0, $username ); 1405 if ( !$user = $this->login($username, $password) ) { 1406 return $this->error; 1407 } 1408 1397 1409 if( !current_user_can( 'edit_posts' ) ) { 1398 1410 return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); … … 1419 1431 $password = $args[2]; 1420 1432 1421 if( !$this->login_pass_ok( $username, $password ) ) { 1422 return $this->error; 1423 } 1424 1425 set_current_user( 0, $username ); 1433 if ( !$user = $this->login($username, $password) ) { 1434 return $this->error; 1435 } 1436 1426 1437 if( !current_user_can( 'edit_posts' ) ) { 1427 1438 return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); … … 1448 1459 $password = $args[2]; 1449 1460 1450 if( !$this->login_pass_ok( $username, $password ) ) { 1451 return $this->error; 1452 } 1453 1454 set_current_user( 0, $username ); 1461 if ( !$user = $this->login($username, $password) ) { 1462 return $this->error; 1463 } 1464 1455 1465 if( !current_user_can( 'edit_pages' ) ) { 1456 1466 return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); … … 1479 1489 $options = (array) $args[3]; 1480 1490 1481 if( !$this->login_pass_ok( $username, $password ) ) 1482 return $this->error; 1483 1484 $user = set_current_user( 0, $username ); 1491 if ( !$user = $this->login($username, $password) ) { 1492 return $this->error; 1493 } 1485 1494 1486 1495 // If no specific options where asked for, return all of them … … 1534 1543 $options = (array) $args[3]; 1535 1544 1536 if ( !$this->login_pass_ok( $username, $password ) )1537 return $this->error; 1538 1539 $user = set_current_user( 0, $username ); 1545 if ( !$user = $this->login($username, $password) ) { 1546 return $this->error; 1547 } 1548 1540 1549 if( !current_user_can( 'manage_options' ) ) 1541 1550 return new IXR_Error( 403, __( 'You are not allowed to update options.' ) ); … … 1577 1586 $this->escape($args); 1578 1587 1579 $user _login= $args[1];1580 $ user_pass= $args[2];1581 1582 if ( !$this->login_pass_ok($user_login, $user_pass)) {1588 $username = $args[1]; 1589 $password = $args[2]; 1590 1591 if ( !$user = $this->login($username, $password) ) { 1583 1592 return $this->error; 1584 1593 } … … 1586 1595 do_action('xmlrpc_call', 'blogger.getUsersBlogs'); 1587 1596 1588 set_current_user(0, $user_login);1589 1597 $is_admin = current_user_can('manage_options'); 1590 1598 … … 1614 1622 $this->escape($args); 1615 1623 1616 $user_login = $args[1]; 1617 $user_pass = $args[2]; 1618 1619 if (!$this->login_pass_ok($user_login, $user_pass)) { 1620 return $this->error; 1621 } 1622 1623 set_current_user( 0, $user_login ); 1624 $username = $args[1]; 1625 $password = $args[2]; 1626 1627 if ( !$user = $this->login($username, $password) ) { 1628 return $this->error; 1629 } 1630 1624 1631 if( !current_user_can( 'edit_posts' ) ) 1625 1632 return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) ); … … 1627 1634 do_action('xmlrpc_call', 'blogger.getUserInfo'); 1628 1635 1629 $user_data = get_userdatabylogin($user_login);1630 1631 1636 $struct = array( 1632 'nickname' => $user _data->nickname,1633 'userid' => $user _data->ID,1634 'url' => $user _data->user_url,1635 'lastname' => $user _data->last_name,1636 'firstname' => $user _data->first_name1637 'nickname' => $user->nickname, 1638 'userid' => $user->ID, 1639 'url' => $user->user_url, 1640 'lastname' => $user->last_name, 1641 'firstname' => $user->first_name 1637 1642 ); 1638 1643 … … 1653 1658 1654 1659 $post_ID = (int) $args[1]; 1655 $user_login = $args[2]; 1656 $user_pass = $args[3]; 1657 1658 if (!$this->login_pass_ok($user_login, $user_pass)) { 1659 return $this->error; 1660 } 1661 1662 set_current_user( 0, $user_login ); 1660 $username = $args[2]; 1661 $password = $args[3]; 1662 1663 if ( !$user = $this->login($username, $password) ) { 1664 return $this->error; 1665 } 1666 1663 1667 if( !current_user_can( 'edit_post', $post_ID ) ) 1664 1668 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); … … 1697 1701 1698 1702 $blog_ID = (int) $args[1]; /* though we don't use it yet */ 1699 $user _login= $args[2];1700 $ user_pass= $args[3];1703 $username = $args[2]; 1704 $password = $args[3]; 1701 1705 $num_posts = $args[4]; 1702 1706 1703 if ( !$this->login_pass_ok($user_login, $user_pass)) {1707 if ( !$user = $this->login($username, $password) ) { 1704 1708 return $this->error; 1705 1709 } … … 1708 1712 1709 1713 $posts_list = wp_get_recent_posts($num_posts); 1710 1711 set_current_user( 0, $user_login );1712 1714 1713 1715 if (!$posts_list) { … … 1757 1759 1758 1760 $blog_ID = (int) $args[1]; 1759 $user _login= $args[2];1760 $ user_pass= $args[3];1761 $username = $args[2]; 1762 $password = $args[3]; 1761 1763 $template = $args[4]; /* could be 'main' or 'archiveIndex', but we don't use it */ 1762 1764 1763 if ( !$this->login_pass_ok($user_login, $user_pass)) {1765 if ( !$user = $this->login($username, $password) ) { 1764 1766 return $this->error; 1765 1767 } … … 1767 1769 do_action('xmlrpc_call', 'blogger.getTemplate'); 1768 1770 1769 set_current_user(0, $user_login);1770 1771 if ( !current_user_can('edit_themes') ) { 1771 1772 return new IXR_Error(401, __('Sorry, this user can not edit the template.')); … … 1799 1800 1800 1801 $blog_ID = (int) $args[1]; 1801 $user _login= $args[2];1802 $ user_pass= $args[3];1802 $username = $args[2]; 1803 $password = $args[3]; 1803 1804 $content = $args[4]; 1804 1805 $template = $args[5]; /* could be 'main' or 'archiveIndex', but we don't use it */ 1805 1806 1806 if ( !$this->login_pass_ok($user_login, $user_pass)) {1807 if ( !$user = $this->login($username, $password) ) { 1807 1808 return $this->error; 1808 1809 } … … 1810 1811 do_action('xmlrpc_call', 'blogger.setTemplate'); 1811 1812 1812 set_current_user(0, $user_login);1813 1813 if ( !current_user_can('edit_themes') ) { 1814 1814 return new IXR_Error(401, __('Sorry, this user can not edit the template.')); … … 1842 1842 1843 1843 $blog_ID = (int) $args[1]; /* though we don't use it yet */ 1844 $user _login= $args[2];1845 $ user_pass= $args[3];1844 $username = $args[2]; 1845 $password = $args[3]; 1846 1846 $content = $args[4]; 1847 1847 $publish = $args[5]; 1848 1848 1849 if ( !$this->login_pass_ok($user_login, $user_pass)) {1849 if ( !$user = $this->login($username, $password) ) { 1850 1850 return $this->error; 1851 1851 } … … 1854 1854 1855 1855 $cap = ($publish) ? 'publish_posts' : 'edit_posts'; 1856 $user = set_current_user(0, $user_login);1857 1856 if ( !current_user_can($cap) ) 1858 1857 return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.')); … … 1898 1897 1899 1898 $post_ID = (int) $args[1]; 1900 $user _login= $args[2];1901 $ user_pass= $args[3];1899 $username = $args[2]; 1900 $password = $args[3]; 1902 1901 $content = $args[4]; 1903 1902 $publish = $args[5]; 1904 1903 1905 if ( !$this->login_pass_ok($user_login, $user_pass)) {1904 if ( !$user = $this->login($username, $password) ) { 1906 1905 return $this->error; 1907 1906 } … … 1917 1916 $this->escape($actual_post); 1918 1917 1919 set_current_user(0, $user_login);1920 1918 if ( !current_user_can('edit_post', $post_ID) ) 1921 1919 return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); … … 1954 1952 1955 1953 $post_ID = (int) $args[1]; 1956 $user _login= $args[2];1957 $ user_pass= $args[3];1954 $username = $args[2]; 1955 $password = $args[3]; 1958 1956 $publish = $args[4]; 1959 1957 1960 if ( !$this->login_pass_ok($user_login, $user_pass)) {1958 if ( !$user = $this->login($username, $password) ) { 1961 1959 return $this->error; 1962 1960 } … … 1970 1968 } 1971 1969 1972 set_current_user(0, $user_login);1973 1970 if ( !current_user_can('edit_post', $post_ID) ) 1974 1971 return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.')); … … 1999 1996 2000 1997 $blog_ID = (int) $args[0]; // we will support this in the near future 2001 $user _login= $args[1];2002 $ user_pass= $args[2];1998 $username = $args[1]; 1999 $password = $args[2]; 2003 2000 $content_struct = $args[3]; 2004 2001 $publish = $args[4]; 2005 2002 2006 if (!$this->login_pass_ok($user_login, $user_pass)) { 2007 return $this->error; 2008 } 2009 $user = set_current_user(0, $user_login); 2003 if ( !$user = $this->login($username, $password) ) { 2004 return $this->error; 2005 } 2010 2006 2011 2007 do_action('xmlrpc_call', 'metaWeblog.newPost'); … … 2297 2293 2298 2294 $post_ID = (int) $args[0]; 2299 $user _login= $args[1];2300 $ user_pass= $args[2];2295 $username = $args[1]; 2296 $password = $args[2]; 2301 2297 $content_struct = $args[3]; 2302 2298 $publish = $args[4]; 2303 2299 2304 if (!$this->login_pass_ok($user_login, $user_pass)) { 2305 return $this->error; 2306 } 2307 $user = set_current_user(0, $user_login); 2300 if ( !$user = $this->login($username, $password) ) { 2301 return $this->error; 2302 } 2308 2303 2309 2304 do_action('xmlrpc_call', 'metaWeblog.editPost'); … … 2562 2557 2563 2558 $post_ID = (int) $args[0]; 2564 $user_login = $args[1]; 2565 $user_pass = $args[2]; 2566 2567 if (!$this->login_pass_ok($user_login, $user_pass)) { 2568 return $this->error; 2569 } 2570 2571 set_current_user( 0, $user_login ); 2559 $username = $args[1]; 2560 $password = $args[2]; 2561 2562 if ( !$user = $this->login($username, $password) ) { 2563 return $this->error; 2564 } 2565 2572 2566 if( !current_user_can( 'edit_post', $post_ID ) ) 2573 2567 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); … … 2674 2668 2675 2669 $blog_ID = (int) $args[0]; 2676 $user _login= $args[1];2677 $ user_pass= $args[2];2670 $username = $args[1]; 2671 $password = $args[2]; 2678 2672 $num_posts = (int) $args[3]; 2679 2673 2680 if ( !$this->login_pass_ok($user_login, $user_pass)) {2674 if ( !$user = $this->login($username, $password) ) { 2681 2675 return $this->error; 2682 2676 } … … 2689 2683 return array( ); 2690 2684 } 2691 2692 set_current_user( 0, $user_login );2693 2685 2694 2686 foreach ($posts_list as $entry) { … … 2778 2770 2779 2771 $blog_ID = (int) $args[0]; 2780 $user_login = $args[1]; 2781 $user_pass = $args[2]; 2782 2783 if (!$this->login_pass_ok($user_login, $user_pass)) { 2784 return $this->error; 2785 } 2786 2787 set_current_user( 0, $user_login ); 2772 $username = $args[1]; 2773 $password = $args[2]; 2774 2775 if ( !$user = $this->login($username, $password) ) { 2776 return $this->error; 2777 } 2778 2788 2779 if( !current_user_can( 'edit_posts' ) ) 2789 2780 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); … … 2826 2817 2827 2818 $blog_ID = (int) $args[0]; 2828 $user _login= $wpdb->escape($args[1]);2829 $ user_pass= $wpdb->escape($args[2]);2819 $username = $wpdb->escape($args[1]); 2820 $password = $wpdb->escape($args[2]); 2830 2821 $data = $args[3]; 2831 2822 … … 2836 2827 logIO('O', '(MW) Received '.strlen($bits).' bytes'); 2837 2828 2838 if ( !$this->login_pass_ok($user_login, $user_pass) ) 2839 return $this->error; 2829 if ( !$user = $this->login($username, $password) ) { 2830 return $this->error; 2831 } 2840 2832 2841 2833 do_action('xmlrpc_call', 'metaWeblog.newMediaObject'); 2842 2834 2843 set_current_user(0, $user_login);2844 2835 if ( !current_user_can('upload_files') ) { 2845 2836 logIO('O', '(MW) User does not have upload_files capability'); … … 2911 2902 2912 2903 $blog_ID = (int) $args[0]; 2913 $user _login= $args[1];2914 $ user_pass= $args[2];2904 $username = $args[1]; 2905 $password = $args[2]; 2915 2906 $num_posts = (int) $args[3]; 2916 2907 2917 if ( !$this->login_pass_ok($user_login, $user_pass)) {2908 if ( !$user = $this->login($username, $password) ) { 2918 2909 return $this->error; 2919 2910 } … … 2927 2918 return $this->error; 2928 2919 } 2929 2930 set_current_user( 0, $user_login );2931 2920 2932 2921 foreach ($posts_list as $entry) { … … 2968 2957 2969 2958 $blog_ID = (int) $args[0]; 2970 $user_login = $args[1]; 2971 $user_pass = $args[2]; 2972 2973 if (!$this->login_pass_ok($user_login, $user_pass)) { 2974 return $this->error; 2975 } 2976 2977 set_current_user( 0, $user_login ); 2959 $username = $args[1]; 2960 $password = $args[2]; 2961 2962 if ( !$user = $this->login($username, $password) ) { 2963 return $this->error; 2964 } 2965 2978 2966 if( !current_user_can( 'edit_posts' ) ) 2979 2967 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); … … 3008 2996 3009 2997 $post_ID = (int) $args[0]; 3010 $user_login = $args[1]; 3011 $user_pass = $args[2]; 3012 3013 if (!$this->login_pass_ok($user_login, $user_pass)) { 3014 return $this->error; 3015 } 3016 3017 set_current_user( 0, $user_login ); 2998 $username = $args[1]; 2999 $password = $args[2]; 3000 3001 if ( !$user = $this->login($username, $password) ) { 3002 return $this->error; 3003 } 3004 3018 3005 if( !current_user_can( 'edit_post', $post_ID ) ) 3019 3006 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); … … 3050 3037 3051 3038 $post_ID = (int) $args[0]; 3052 $user _login= $args[1];3053 $ user_pass= $args[2];3039 $username = $args[1]; 3040 $password = $args[2]; 3054 3041 $categories = $args[3]; 3055 3042 3056 if ( !$this->login_pass_ok($user_login, $user_pass)) {3043 if ( !$user = $this->login($username, $password) ) { 3057 3044 return $this->error; 3058 3045 } … … 3060 3047 do_action('xmlrpc_call', 'mt.setPostCategories'); 3061 3048 3062 set_current_user(0, $user_login);3063 3049 if ( !current_user_can('edit_post', $post_ID) ) 3064 3050 return new IXR_Error(401, __('Sorry, you can not edit this post.')); … … 3162 3148 3163 3149 $post_ID = (int) $args[0]; 3164 $user _login= $args[1];3165 $ user_pass= $args[2];3166 3167 if ( !$this->login_pass_ok($user_login, $user_pass)) {3150 $username = $args[1]; 3151 $password = $args[2]; 3152 3153 if ( !$user = $this->login($username, $password) ) { 3168 3154 return $this->error; 3169 3155 } … … 3171 3157 do_action('xmlrpc_call', 'mt.publishPost'); 3172 3158 3173 set_current_user(0, $user_login);3174 3159 if ( !current_user_can('edit_post', $post_ID) ) 3175 3160 return new IXR_Error(401, __('Sorry, you can not edit this post.'));
Note: See TracChangeset
for help on using the changeset viewer.