Changeset 19867
- Timestamp:
- 02/08/2012 03:40:26 PM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/class-wp-xmlrpc-server.php
r19864 r19867 622 622 return new IXR_Error( 403, __( 'Invalid post type' ) ); 623 623 624 if ( ! current_user_can( $post_type->cap->edit_posts ) ) 625 return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) ); 624 $update = false; 625 if ( ! empty( $post_data[ 'ID' ] ) ) 626 $update = true; 627 628 if ( $update ) { 629 if ( ! current_user_can( $post_type->cap->edit_post, $post_data[ 'ID' ] ) ) 630 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); 631 } else { 632 if ( ! current_user_can( $post_type->cap->edit_posts ) ) 633 return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) ); 634 } 626 635 627 636 switch ( $post_data['post_status'] ) { … … 646 655 return new IXR_Error( 401, __( 'Sorry, you are not allowed to create password protected posts in this post type' ) ); 647 656 648 649 657 $post_data['post_author'] = absint( $post_data['post_author'] ); 650 658 if ( ! empty( $post_data['post_author'] ) && $post_data['post_author'] != $user->ID ) { … … 656 664 if ( ! $author ) 657 665 return new IXR_Error( 404, __( 'Invalid author ID.' ) ); 658 } 659 else { 666 } else { 660 667 $post_data['post_author'] = $user->ID; 661 668 } … … 3136 3143 $publish = $args[4]; 3137 3144 3138 if ( ! $user = $this->login($username, $password) )3145 if ( ! $user = $this->login($username, $password) ) 3139 3146 return $this->error; 3140 3147 3141 3148 do_action('xmlrpc_call', 'metaWeblog.editPost'); 3142 3149 3143 $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; 3144 $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); 3145 $post_type = 'post'; 3146 $page_template = ''; 3147 if ( !empty( $content_struct['post_type'] ) ) { 3148 if ( $content_struct['post_type'] == 'page' ) { 3149 if ( $publish || 'publish' == $content_struct['page_status'] ) 3150 $cap = 'publish_pages'; 3151 else 3152 $cap = 'edit_pages'; 3153 $error_message = __( 'Sorry, you are not allowed to publish pages on this site.' ); 3154 $post_type = 'page'; 3155 if ( !empty( $content_struct['wp_page_template'] ) ) 3156 $page_template = $content_struct['wp_page_template']; 3157 } elseif ( $content_struct['post_type'] == 'post' ) { 3158 if ( $publish || 'publish' == $content_struct['post_status'] ) 3159 $cap = 'publish_posts'; 3160 else 3161 $cap = 'edit_posts'; 3162 $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); 3163 $post_type = 'post'; 3164 } else { 3165 // No other post_type values are allowed here 3166 return new IXR_Error( 401, __( 'Invalid post type.' ) ); 3167 } 3168 } else { 3169 if ( $publish || 'publish' == $content_struct['post_status'] ) 3170 $cap = 'publish_posts'; 3171 else 3172 $cap = 'edit_posts'; 3173 $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); 3174 $post_type = 'post'; 3175 } 3176 3177 if ( !current_user_can( $cap ) ) 3178 return new IXR_Error( 401, $error_message ); 3150 $postdata = wp_get_single_post( $post_ID, ARRAY_A ); 3151 3152 // If there is no post data for the give post id, stop 3153 // now and return an error. Other wise a new post will be 3154 // created (which was the old behavior). 3155 if ( ! $postdata || empty( $postdata[ 'ID' ] ) ) 3156 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 3157 3158 if ( ! current_user_can( 'edit_post', $post_ID ) ) 3159 return new IXR_Error( 401, __( 'Sorry, you do not have the right to edit this post.' ) ); 3179 3160 3180 3161 // Check for a valid post format if one was given … … 3185 3166 } 3186 3167 } 3187 3188 $postdata = wp_get_single_post($post_ID, ARRAY_A);3189 3190 // If there is no post data for the give post id, stop3191 // now and return an error. Other wise a new post will be3192 // created (which was the old behavior).3193 if ( empty($postdata["ID"]) )3194 return(new IXR_Error(404, __('Invalid post ID.')));3195 3168 3196 3169 $this->escape($postdata);
Note: See TracChangeset
for help on using the changeset viewer.