Make WordPress Core


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.0/xmlrpc.php

    r16804 r15426  
    11571157        do_action('xmlrpc_call', 'wp.deleteComment');
    11581158
    1159         if ( !$comment = get_comment( $comment_ID ) )
     1159        if ( ! get_comment($comment_ID) )
    11601160            return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
    1161 
    1162         if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
    1163             return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
    11641161
    11651162        return wp_delete_comment($comment_ID);
     
    11891186            return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
    11901187
    1191         if ( !$comment = get_comment( $comment_ID ) )
     1188        do_action('xmlrpc_call', 'wp.editComment');
     1189
     1190        if ( ! get_comment($comment_ID) )
    11921191            return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
    1193 
    1194         if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
    1195             return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
    1196 
    1197         do_action('xmlrpc_call', 'wp.editComment');
    11981192
    11991193        if ( isset($content_struct['status']) ) {
     
    14241418            return $this->error;
    14251419
    1426         if ( !current_user_can( 'edit_pages' ) )
     1420        if ( !current_user_can( 'edit_posts' ) )
    14271421            return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) );
    14281422
     
    19641958            return new IXR_Error(404, __('Sorry, no such post.'));
    19651959
    1966         if ( !current_user_can('delete_post', $post_ID) )
     1960        if ( !current_user_can('edit_post', $post_ID) )
    19671961            return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.'));
    19681962
     
    19941988        $password   = $args[2];
    19951989        $content_struct = $args[3];
    1996         $publish     = isset( $args[4] ) ? $args[4] : 0;
     1990        $publish     = $args[4];
    19971991
    19981992        if ( !$user = $this->login($username, $password) )
     
    20011995        do_action('xmlrpc_call', 'metaWeblog.newPost');
    20021996
     1997        $cap = ( $publish ) ? 'publish_posts' : 'edit_posts';
     1998        $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
     1999        $post_type = 'post';
    20032000        $page_template = '';
    20042001        if ( !empty( $content_struct['post_type'] ) ) {
    20052002            if ( $content_struct['post_type'] == 'page' ) {
    2006                 if ( $publish || 'publish' == $content_struct['page_status'])
    2007                     $cap  = 'publish_pages';
    2008                 else
    2009                     $cap = 'edit_pages';
     2003                $cap = ( $publish ) ? 'publish_pages' : 'edit_pages';
    20102004                $error_message = __( 'Sorry, you are not allowed to publish pages on this site.' );
    20112005                $post_type = 'page';
     
    20132007                    $page_template = $content_struct['wp_page_template'];
    20142008            } elseif ( $content_struct['post_type'] == 'post' ) {
    2015                 if ( $publish || 'publish' == $content_struct['post_status'])
    2016                     $cap  = 'publish_posts';
    2017                 else
    2018                     $cap = 'edit_posts';
    2019                 $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
    2020                 $post_type = 'post';
     2009                // This is the default, no changes needed
    20212010            } else {
    20222011                // No other post_type values are allowed here
    20232012                return new IXR_Error( 401, __( 'Invalid post type.' ) );
    20242013            }
    2025         } else {
    2026             if ( $publish || 'publish' == $content_struct['post_status'])
    2027                 $cap  = 'publish_posts';
    2028             else
    2029                 $cap = 'edit_posts';
    2030             $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
    2031             $post_type = 'post';
    20322014        }
    20332015
     
    22942276        if ( !empty( $content_struct['post_type'] ) ) {
    22952277            if ( $content_struct['post_type'] == 'page' ) {
    2296                 if ( $publish || 'publish' == $content_struct['page_status'] )
    2297                     $cap  = 'publish_pages';
    2298                 else
    2299                     $cap = 'edit_pages';
     2278                $cap = ( $publish ) ? 'publish_pages' : 'edit_pages';
    23002279                $error_message = __( 'Sorry, you are not allowed to publish pages on this site.' );
    23012280                $post_type = 'page';
     
    23032282                    $page_template = $content_struct['wp_page_template'];
    23042283            } elseif ( $content_struct['post_type'] == 'post' ) {
    2305                 if ( $publish || 'publish' == $content_struct['post_status'] )
    2306                     $cap  = 'publish_posts';
    2307                 else
    2308                     $cap = 'edit_posts';
    2309                 $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
    2310                 $post_type = 'post';
     2284                // This is the default, no changes needed
    23112285            } else {
    23122286                // No other post_type values are allowed here
    23132287                return new IXR_Error( 401, __( 'Invalid post type.' ) );
    23142288            }
    2315         } else {
    2316             if ( $publish || 'publish' == $content_struct['post_status'] )
    2317                 $cap  = 'publish_posts';
    2318             else
    2319                 $cap = 'edit_posts';
    2320             $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
    2321             $post_type = 'post';
    23222289        }
    23232290
     
    31353102        do_action('xmlrpc_call', 'mt.publishPost');
    31363103
    3137         if ( !current_user_can('publish_posts') || !current_user_can('edit_post', $post_ID) )
     3104        if ( !current_user_can('edit_post', $post_ID) )
    31383105            return new IXR_Error(401, __('Sorry, you cannot edit this post.'));
    31393106
Note: See TracChangeset for help on using the changeset viewer.