Changeset 34570 for trunk/src/wp-includes/class-wp-xmlrpc-server.php
- Timestamp:
- 09/26/2015 02:48:47 AM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-xmlrpc-server.php
r34559 r34570 3156 3156 $comment_id = (int) $args[3]; 3157 3157 3158 if ( !$user = $this->login($username, $password) ) 3159 return $this->error; 3160 3161 if ( !current_user_can( 'moderate_comments' ) ) 3162 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 3158 if ( ! $user = $this->login( $username, $password ) ) { 3159 return $this->error; 3160 } 3163 3161 3164 3162 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3165 3163 do_action( 'xmlrpc_call', 'wp.getComment' ); 3166 3164 3167 if ( ! $comment = get_comment( $comment_id) )3165 if ( ! $comment = get_comment( $comment_id ) ) { 3168 3166 return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 3167 } 3168 3169 if ( ! current_user_can( 'edit_comment', $comment_id ) ) { 3170 return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) ); 3171 } 3169 3172 3170 3173 return $this->_prepare_comment( $comment ); … … 3204 3207 $struct = isset( $args[3] ) ? $args[3] : array(); 3205 3208 3206 if ( !$user = $this->login($username, $password) ) 3207 return $this->error; 3208 3209 if ( !current_user_can( 'moderate_comments' ) ) 3210 return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) ); 3209 if ( ! $user = $this->login($username, $password ) ) 3210 return $this->error; 3211 3211 3212 3212 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3213 3213 do_action( 'xmlrpc_call', 'wp.getComments' ); 3214 3214 3215 if ( isset( $struct['status']) )3215 if ( isset( $struct['status'] ) ) 3216 3216 $status = $struct['status']; 3217 3217 else 3218 3218 $status = ''; 3219 3220 if ( ! current_user_can( 'moderate_comments' ) && 'approve' !== $status ) { 3221 return new IXR_Error( 401, __( 'Invalid comment status.' ) ); 3222 } 3219 3223 3220 3224 $post_id = ''; … … 3261 3265 * @return bool|IXR_Error {@link wp_delete_comment()} 3262 3266 */ 3263 public function wp_deleteComment( $args) {3267 public function wp_deleteComment( $args ) { 3264 3268 $this->escape($args); 3265 3269 … … 3268 3272 $comment_ID = (int) $args[3]; 3269 3273 3270 if ( !$user = $this->login($username, $password) ) 3271 return $this->error; 3272 3273 if ( !current_user_can( 'moderate_comments' ) ) 3274 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 3275 3276 if ( ! get_comment($comment_ID) ) 3274 if ( ! $user = $this->login( $username, $password ) ) { 3275 return $this->error; 3276 } 3277 3278 if ( ! get_comment( $comment_ID ) ) { 3277 3279 return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 3278 3279 if ( !current_user_can( 'edit_comment', $comment_ID ) ) 3280 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 3280 } 3281 3282 if ( !current_user_can( 'edit_comment', $comment_ID ) ) { 3283 return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) ); 3284 } 3281 3285 3282 3286 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ … … 3335 3339 $content_struct = $args[4]; 3336 3340 3337 if ( !$user = $this->login($username, $password) ) 3338 return $this->error; 3339 3340 if ( !current_user_can( 'moderate_comments' ) ) 3341 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 3342 3343 if ( ! get_comment($comment_ID) ) 3341 if ( !$user = $this->login( $username, $password ) ) { 3342 return $this->error; 3343 } 3344 3345 if ( ! get_comment( $comment_ID ) ) { 3344 3346 return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 3345 3346 if ( !current_user_can( 'edit_comment', $comment_ID ) ) 3347 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 3347 } 3348 3349 if ( ! current_user_can( 'edit_comment', $comment_ID ) ) { 3350 return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) ); 3351 } 3348 3352 3349 3353 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ … … 3537 3541 * @return array|IXR_Error 3538 3542 */ 3539 public function wp_getCommentStatusList( $args) {3543 public function wp_getCommentStatusList( $args ) { 3540 3544 $this->escape( $args ); 3541 3545 … … 3543 3547 $password = $args[2]; 3544 3548 3545 if ( !$user = $this->login($username, $password) ) 3546 return $this->error; 3547 3548 if ( !current_user_can( 'moderate_comments' ) ) 3549 if ( ! $user = $this->login( $username, $password ) ) { 3550 return $this->error; 3551 } 3552 3553 if ( ! current_user_can( 'publish_posts' ) ) { 3549 3554 return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); 3555 } 3550 3556 3551 3557 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ … … 3577 3583 $post_id = (int) $args[3]; 3578 3584 3579 if ( !$user = $this->login($username, $password) ) 3580 return $this->error; 3581 3582 if ( !current_user_can( 'edit_posts' ) ) 3583 return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) ); 3585 if ( ! $user = $this->login( $username, $password ) ) { 3586 return $this->error; 3587 } 3588 3589 $post = get_post( $post_id, ARRAY_A ); 3590 if ( empty( $post['ID'] ) ) { 3591 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 3592 } 3593 3594 if ( ! current_user_can( 'edit_post', $post_id ) ) { 3595 return new IXR_Error( 403, __( 'You are not allowed access to details of this post.' ) ); 3596 } 3584 3597 3585 3598 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ … … 3587 3600 3588 3601 $count = wp_count_comments( $post_id ); 3602 3589 3603 return array( 3590 3604 'approved' => $count->approved,
Note: See TracChangeset
for help on using the changeset viewer.