Changeset 16803 for branches/3.0/xmlrpc.php
- Timestamp:
- 12/08/2010 05:50:05 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.0/xmlrpc.php
r15426 r16803 1157 1157 do_action('xmlrpc_call', 'wp.deleteComment'); 1158 1158 1159 if ( ! get_comment($comment_ID) )1159 if ( !$comment = get_comment( $comment_ID ) ) 1160 1160 return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 1161 1162 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) 1163 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 1161 1164 1162 1165 return wp_delete_comment($comment_ID); … … 1185 1188 if ( !current_user_can( 'moderate_comments' ) ) 1186 1189 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 1190 1191 if ( !$comment = get_comment( $comment_ID ) ) 1192 return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 1193 1194 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) 1195 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 1187 1196 1188 1197 do_action('xmlrpc_call', 'wp.editComment'); 1189 1190 if ( ! get_comment($comment_ID) )1191 return new IXR_Error( 404, __( 'Invalid comment ID.' ) );1192 1198 1193 1199 if ( isset($content_struct['status']) ) { … … 1418 1424 return $this->error; 1419 1425 1420 if ( !current_user_can( 'edit_p osts' ) )1426 if ( !current_user_can( 'edit_pages' ) ) 1421 1427 return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); 1422 1428 … … 1958 1964 return new IXR_Error(404, __('Sorry, no such post.')); 1959 1965 1960 if ( !current_user_can(' edit_post', $post_ID) )1966 if ( !current_user_can('delete_post', $post_ID) ) 1961 1967 return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.')); 1962 1968 … … 1988 1994 $password = $args[2]; 1989 1995 $content_struct = $args[3]; 1990 $publish = $args[4];1996 $publish = isset( $args[4] ) ? $args[4] : 0; 1991 1997 1992 1998 if ( !$user = $this->login($username, $password) ) … … 1994 2000 1995 2001 do_action('xmlrpc_call', 'metaWeblog.newPost'); 1996 1997 $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; 1998 $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); 1999 $post_type = 'post'; 2002 2000 2003 $page_template = ''; 2001 2004 if ( !empty( $content_struct['post_type'] ) ) { 2002 2005 if ( $content_struct['post_type'] == 'page' ) { 2003 $cap = ( $publish ) ? 'publish_pages' : 'edit_pages'; 2006 if ( $publish || 'publish' == $content_struct['page_status']) 2007 $cap = 'publish_pages'; 2008 else 2009 $cap = 'edit_pages'; 2004 2010 $error_message = __( 'Sorry, you are not allowed to publish pages on this site.' ); 2005 2011 $post_type = 'page'; … … 2007 2013 $page_template = $content_struct['wp_page_template']; 2008 2014 } elseif ( $content_struct['post_type'] == 'post' ) { 2009 // This is the default, no changes needed 2015 if ( $publish || 'publish' == $content_struct['post_status']) 2016 $cap = 'publish_posts'; 2017 else 2018 $cap = 'edit_posts'; 2019 $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); 2020 $post_type = 'post'; 2010 2021 } else { 2011 2022 // No other post_type values are allowed here 2012 2023 return new IXR_Error( 401, __( 'Invalid post type.' ) ); 2013 2024 } 2025 } else { 2026 if ( $publish || 'publish' == $content_struct['post_status']) 2027 $cap = 'publish_posts'; 2028 else 2029 $cap = 'edit_posts'; 2030 $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); 2031 $post_type = 'post'; 2014 2032 } 2015 2033 … … 2276 2294 if ( !empty( $content_struct['post_type'] ) ) { 2277 2295 if ( $content_struct['post_type'] == 'page' ) { 2278 $cap = ( $publish ) ? 'publish_pages' : 'edit_pages'; 2296 if ( $publish || 'publish' == $content_struct['page_status'] ) 2297 $cap = 'publish_pages'; 2298 else 2299 $cap = 'edit_pages'; 2279 2300 $error_message = __( 'Sorry, you are not allowed to publish pages on this site.' ); 2280 2301 $post_type = 'page'; … … 2282 2303 $page_template = $content_struct['wp_page_template']; 2283 2304 } elseif ( $content_struct['post_type'] == 'post' ) { 2284 // This is the default, no changes needed 2305 if ( $publish || 'publish' == $content_struct['post_status'] ) 2306 $cap = 'publish_posts'; 2307 else 2308 $cap = 'edit_posts'; 2309 $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); 2310 $post_type = 'post'; 2285 2311 } else { 2286 2312 // No other post_type values are allowed here 2287 2313 return new IXR_Error( 401, __( 'Invalid post type.' ) ); 2288 2314 } 2315 } else { 2316 if ( $publish || 'publish' == $content_struct['post_status'] ) 2317 $cap = 'publish_posts'; 2318 else 2319 $cap = 'edit_posts'; 2320 $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); 2321 $post_type = 'post'; 2289 2322 } 2290 2323 … … 3102 3135 do_action('xmlrpc_call', 'mt.publishPost'); 3103 3136 3104 if ( !current_user_can(' edit_post', $post_ID) )3137 if ( !current_user_can('publish_posts') || !current_user_can('edit_post', $post_ID) ) 3105 3138 return new IXR_Error(401, __('Sorry, you cannot edit this post.')); 3106 3139
Note: See TracChangeset
for help on using the changeset viewer.