Changeset 12734 for trunk/wp-app.php
- Timestamp:
- 01/15/2010 10:25:40 PM (15 years ago)
- File:
-
- 1 edited
-
trunk/wp-app.php (modified) (32 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-app.php
r12587 r12734 266 266 global $always_authenticate; 267 267 268 if ( !empty( $_SERVER['ORIG_PATH_INFO'] ) )268 if ( !empty( $_SERVER['ORIG_PATH_INFO'] ) ) 269 269 $path = $_SERVER['ORIG_PATH_INFO']; 270 270 else … … 279 279 280 280 // exception case for HEAD (treat exactly as GET, but don't output) 281 if ($method == 'HEAD') {281 if ($method == 'HEAD') { 282 282 $this->do_output = false; 283 283 $method = 'GET'; … … 285 285 286 286 // redirect to /service in case no path is found. 287 if(strlen($path) == 0 || $path == '/') {287 if(strlen($path) == 0 || $path == '/') 288 288 $this->redirect($this->get_service_url()); 289 }290 289 291 290 // check to see if AtomPub is enabled 292 if ( !get_option( 'enable_app' ) )291 if ( !get_option( 'enable_app' ) ) 293 292 $this->forbidden( sprintf( __( 'AtomPub services are disabled on this blog. An admin user can enable them at %s' ), admin_url('options-writing.php') ) ); 294 293 295 294 // dispatch 296 foreach ($this->selectors as $regex => $funcs) {297 if (preg_match($regex, $path, $matches)) {298 if(isset($funcs[$method])) {299 300 // authenticate regardless of the operation and set the current301 // user. each handler will decide if auth is required or not.302 if(!$this->authenticate()) {303 if ($always_authenticate) {304 $this->auth_required('Credentials required.');295 foreach ( $this->selectors as $regex => $funcs ) { 296 if ( preg_match($regex, $path, $matches) ) { 297 if ( isset($funcs[$method]) ) { 298 299 // authenticate regardless of the operation and set the current 300 // user. each handler will decide if auth is required or not. 301 if ( !$this->authenticate() ) { 302 if ( $always_authenticate ) 303 $this->auth_required('Credentials required.'); 305 304 } 305 306 array_shift($matches); 307 call_user_func_array(array(&$this,$funcs[$method]), $matches); 308 exit(); 309 } else { 310 // only allow what we have handlers for... 311 $this->not_allowed(array_keys($funcs)); 306 312 } 307 308 array_shift($matches);309 call_user_func_array(array(&$this,$funcs[$method]), $matches);310 exit();311 } else {312 // only allow what we have handlers for...313 $this->not_allowed(array_keys($funcs));314 }315 313 } 316 314 } … … 328 326 log_app('function','get_service()'); 329 327 330 if ( !current_user_can( 'edit_posts' ) )328 if ( !current_user_can( 'edit_posts' ) ) 331 329 $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); 332 330 … … 339 337 } 340 338 $atom_prefix="atom"; 341 $atom_blogname =get_bloginfo('name');339 $atom_blogname = get_bloginfo('name'); 342 340 $service_doc = <<<EOD 343 341 <service xmlns="$this->ATOMPUB_NS" xmlns:$atom_prefix="$this->ATOM_NS"> … … 369 367 log_app('function','get_categories_xml()'); 370 368 371 if ( !current_user_can( 'edit_posts' ) )369 if ( !current_user_can( 'edit_posts' ) ) 372 370 $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); 373 371 … … 376 374 $categories = ""; 377 375 $cats = get_categories(array('hierarchical' => 0, 'hide_empty' => 0)); 378 foreach ( (array) $cats as $cat) {376 foreach ( (array) $cats as $cat ) { 379 377 $categories .= " <category term=\"" . esc_attr($cat->name) . "\" />\n"; 380 }378 } 381 379 $output = <<<EOD 382 380 <app:categories xmlns:app="$this->ATOMPUB_NS" … … 386 384 </app:categories> 387 385 EOD; 388 $this->output($output, $this->CATEGORIES_CONTENT_TYPE);389 }386 $this->output($output, $this->CATEGORIES_CONTENT_TYPE); 387 } 390 388 391 389 /** … … 399 397 400 398 $parser = new AtomParser(); 401 if (!$parser->parse()) {399 if ( !$parser->parse() ) 402 400 $this->client_error(); 403 }404 401 405 402 $entry = array_pop($parser->feed->entries); … … 408 405 409 406 $catnames = array(); 410 foreach ($entry->categories as $cat)407 foreach ( $entry->categories as $cat ) { 411 408 array_push($catnames, $cat["term"]); 409 } 412 410 413 411 $wp_cats = get_categories(array('hide_empty' => false)); … … 415 413 $post_category = array(); 416 414 417 foreach ($wp_cats as $cat) {418 if (in_array($cat->name, $catnames))415 foreach ( $wp_cats as $cat ) { 416 if ( in_array($cat->name, $catnames) ) 419 417 array_push($post_category, $cat->term_id); 420 418 } … … 424 422 $cap = ($publish) ? 'publish_posts' : 'edit_posts'; 425 423 426 if (!current_user_can($cap))424 if ( !current_user_can($cap) ) 427 425 $this->auth_required(__('Sorry, you do not have the right to edit/publish new posts.')); 428 426 … … 449 447 $this->internal_error($postID->get_error_message()); 450 448 451 if ( !$postID)449 if ( !$postID ) 452 450 $this->internal_error(__('Sorry, your entry could not be posted. Something wrong happened.')); 453 451 … … 476 474 global $entry; 477 475 478 if ( !current_user_can( 'edit_post', $postID ) )476 if ( !current_user_can( 'edit_post', $postID ) ) 479 477 $this->auth_required( __( 'Sorry, you do not have the right to access this post.' ) ); 480 478 … … 499 497 500 498 $parser = new AtomParser(); 501 if (!$parser->parse()) {499 if ( !$parser->parse() ) 502 500 $this->bad_request(); 503 }504 501 505 502 $parsed = array_pop($parser->feed->entries); … … 511 508 $this->set_current_entry($postID); 512 509 513 if (!current_user_can('edit_post', $entry['ID']))510 if ( !current_user_can('edit_post', $entry['ID']) ) 514 511 $this->auth_required(__('Sorry, you do not have the right to edit this post.')); 515 512 … … 534 531 $result = wp_update_post($postdata); 535 532 536 if ( !$result) {533 if ( !$result ) 537 534 $this->internal_error(__('For some strange yet very annoying reason, this post could not be edited.')); 538 }539 535 540 536 do_action( 'atompub_put_post', $ID, $parsed ); … … 557 553 $this->set_current_entry($postID); 558 554 559 if (!current_user_can('edit_post', $postID)) {555 if ( !current_user_can('edit_post', $postID) ) 560 556 $this->auth_required(__('Sorry, you do not have the right to delete this post.')); 561 } 562 563 if ($entry['post_type'] == 'attachment') { 557 558 if ( $entry['post_type'] == 'attachment' ) { 564 559 $this->delete_attachment($postID); 565 560 } else { 566 561 $result = wp_delete_post($postID); 567 562 568 if ( !$result) {563 if ( !$result ) { 569 564 $this->internal_error(__('For some strange yet very annoying reason, this post could not be deleted.')); 570 565 } … … 584 579 */ 585 580 function get_attachment($postID = null) { 586 if ( !current_user_can( 'upload_files' ) )581 if ( !current_user_can( 'upload_files' ) ) 587 582 $this->auth_required( __( 'Sorry, you do not have permission to upload files.' ) ); 588 583 589 if ( !isset($postID)) {584 if ( !isset($postID) ) { 590 585 $this->get_attachments(); 591 586 } else { … … 606 601 $type = $this->get_accepted_content_type(); 607 602 608 if (!current_user_can('upload_files'))603 if ( !current_user_can('upload_files') ) 609 604 $this->auth_required(__('You do not have permission to upload files.')); 610 605 611 606 $fp = fopen("php://input", "rb"); 612 607 $bits = null; 613 while (!feof($fp)) {608 while ( !feof($fp) ) { 614 609 $bits .= fread($fp, 4096); 615 610 } … … 679 674 $this->set_current_entry($postID); 680 675 681 if (!current_user_can('edit_post', $entry['ID']))676 if ( !current_user_can('edit_post', $entry['ID']) ) 682 677 $this->auth_required(__('Sorry, you do not have the right to edit this post.')); 683 678 … … 695 690 $result = wp_update_post($postdata); 696 691 697 if ( !$result) {692 if ( !$result ) 698 693 $this->internal_error(__('For some strange yet very annoying reason, this post could not be edited.')); 699 }700 694 701 695 log_app('function',"put_attachment($postID)"); … … 717 711 $this->set_current_entry($postID); 718 712 719 if (!current_user_can('edit_post', $postID)) {713 if ( !current_user_can('edit_post', $postID) ) 720 714 $this->auth_required(__('Sorry, you do not have the right to delete this post.')); 721 }722 715 723 716 $location = get_post_meta($entry['ID'], '_wp_attached_file', true); 724 717 $filetype = wp_check_filetype($location); 725 718 726 if (!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))719 if ( !isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']) ) 727 720 $this->internal_error(__('Error ocurred while accessing post metadata for file location.')); 728 721 … … 733 726 $result = wp_delete_post($postID); 734 727 735 if ( !$result) {728 if ( !$result ) 736 729 $this->internal_error(__('For some strange yet very annoying reason, this post could not be deleted.')); 737 }738 730 739 731 log_app('function',"delete_attachment($postID). File '$location' deleted."); … … 755 747 756 748 // then whether user can edit the specific post 757 if (!current_user_can('edit_post', $postID)) {749 if ( !current_user_can('edit_post', $postID) ) 758 750 $this->auth_required(__('Sorry, you do not have the right to edit this post.')); 759 }760 751 761 752 $location = get_post_meta($entry['ID'], '_wp_attached_file', true); … … 763 754 $filetype = wp_check_filetype($location); 764 755 765 if (!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))756 if ( !isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']) ) 766 757 $this->internal_error(__('Error ocurred while accessing post metadata for file location.')); 767 758 … … 770 761 header('Connection: close'); 771 762 772 if ( $fp = fopen($location, "rb")) {763 if ( $fp = fopen($location, "rb") ) { 773 764 status_header('200'); 774 765 header('Content-Type: ' . $entry['post_mime_type']); 775 766 header('Connection: close'); 776 767 777 while (!feof($fp)) {768 while ( !feof($fp) ) { 778 769 echo fread($fp, 4096); 779 770 } … … 798 789 799 790 // first check if user can upload 800 if (!current_user_can('upload_files'))791 if ( !current_user_can('upload_files') ) 801 792 $this->auth_required(__('You do not have permission to upload files.')); 802 793 … … 806 797 807 798 // then whether user can edit the specific post 808 if (!current_user_can('edit_post', $postID)) {799 if ( !current_user_can('edit_post', $postID) ) 809 800 $this->auth_required(__('Sorry, you do not have the right to edit this post.')); 810 }811 801 812 802 $upload_dir = wp_upload_dir( ); … … 821 811 $fp = fopen("php://input", "rb"); 822 812 $localfp = fopen($location, "w+"); 823 while (!feof($fp)) {813 while ( !feof($fp) ) { 824 814 fwrite($localfp,fread($fp, 4096)); 825 815 } … … 838 828 $result = wp_update_post($post_data); 839 829 840 if ( !$result) {830 if ( !$result ) 841 831 $this->internal_error(__('Sorry, your entry could not be posted. Something wrong happened.')); 842 }843 832 844 833 wp_update_attachment_metadata( $postID, wp_generate_attachment_metadata( $postID, $location ) ); … … 857 846 */ 858 847 function get_entries_url($page = null) { 859 if ( isset($GLOBALS['post_type']) && ( $GLOBALS['post_type'] == 'attachment' ) ) {848 if ( isset($GLOBALS['post_type']) && ( $GLOBALS['post_type'] == 'attachment' ) ) 860 849 $path = $this->MEDIA_PATH; 861 } else {850 else 862 851 $path = $this->ENTRIES_PATH; 863 }864 852 $url = $this->app_base . $path; 865 if (isset($page) && is_int($page)) {853 if ( isset($page) && is_int($page) ) 866 854 $url .= "/$page"; 867 }868 855 return $url; 869 856 }
Note: See TracChangeset
for help on using the changeset viewer.