Changeset 6364 for trunk/xmlrpc.php
- Timestamp:
- 12/06/2007 07:49:33 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/xmlrpc.php
r6358 r6364 460 460 */ 461 461 function wp_getAuthors($args) { 462 global $wpdb;463 462 464 463 $this->escape($args); … … 534 533 */ 535 534 function wp_suggestCategories($args) { 536 global $wpdb;537 538 535 $this->escape($args); 539 536 … … 626 623 } 627 624 628 $user_data = get_userdatabylogin($user_login);629 625 $post_data = wp_get_single_post($post_ID, ARRAY_A); 630 626 … … 649 645 function blogger_getRecentPosts($args) { 650 646 651 global $wpdb;652 653 647 $this->escape($args); 654 648 … … 768 762 function blogger_newPost($args) { 769 763 770 global $wpdb; 771 772 $this->escape($args); 773 774 $blog_ID = (int) $args[1]; /* though we don't use it yet */ 775 $user_login = $args[2]; 776 $user_pass = $args[3]; 777 $content = $args[4]; 778 $publish = $args[5]; 779 780 if (!$this->login_pass_ok($user_login, $user_pass)) { 781 return $this->error; 782 } 783 784 $cap = ($publish) ? 'publish_posts' : 'edit_posts'; 785 $user = set_current_user(0, $user_login); 786 if ( !current_user_can($cap) ) 787 return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.')); 788 789 $post_status = ($publish) ? 'publish' : 'draft'; 790 791 $post_author = $user->ID; 792 793 $post_title = xmlrpc_getposttitle($content); 794 $post_category = xmlrpc_getpostcategory($content); 795 $post_content = xmlrpc_removepostdata($content); 796 797 $post_date = current_time('mysql'); 798 $post_date_gmt = current_time('mysql', 1); 799 800 $post_data = compact('blog_ID', 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status'); 801 802 $post_ID = wp_insert_post($post_data); 803 if ( is_wp_error( $post_ID ) ) 804 return new IXR_Error(500, $post_ID->get_error_message()); 805 806 if (!$post_ID) { 807 return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.')); 808 } 809 $this->attach_uploads( $post_ID, $post_content ); 810 811 logIO('O', "Posted ! ID: $post_ID"); 812 813 return $post_ID; 814 } 815 764 $this->escape($args); 765 766 $blog_ID = (int) $args[1]; /* though we don't use it yet */ 767 $user_login = $args[2]; 768 $user_pass = $args[3]; 769 $content = $args[4]; 770 $publish = $args[5]; 771 772 if (!$this->login_pass_ok($user_login, $user_pass)) { 773 return $this->error; 774 } 775 776 $cap = ($publish) ? 'publish_posts' : 'edit_posts'; 777 $user = set_current_user(0, $user_login); 778 if ( !current_user_can($cap) ) 779 return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.')); 780 781 $post_status = ($publish) ? 'publish' : 'draft'; 782 783 $post_author = $user->ID; 784 785 $post_title = xmlrpc_getposttitle($content); 786 $post_category = xmlrpc_getpostcategory($content); 787 $post_content = xmlrpc_removepostdata($content); 788 789 $post_date = current_time('mysql'); 790 $post_date_gmt = current_time('mysql', 1); 791 792 $post_data = compact('blog_ID', 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status'); 793 794 $post_ID = wp_insert_post($post_data); 795 if ( is_wp_error( $post_ID ) ) 796 return new IXR_Error(500, $post_ID->get_error_message()); 797 798 if (!$post_ID) 799 return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.')); 800 801 $this->attach_uploads( $post_ID, $post_content ); 802 803 logIO('O', "Posted ! ID: $post_ID"); 804 805 return $post_ID; 806 } 816 807 817 808 /* blogger.editPost ...edits a post */ 818 809 function blogger_editPost($args) { 819 810 820 global $wpdb; 821 822 $this->escape($args); 823 824 $post_ID = (int) $args[1]; 825 $user_login = $args[2]; 826 $user_pass = $args[3]; 827 $content = $args[4]; 828 $publish = $args[5]; 829 830 if (!$this->login_pass_ok($user_login, $user_pass)) { 831 return $this->error; 832 } 833 834 $actual_post = wp_get_single_post($post_ID,ARRAY_A); 835 836 if (!$actual_post) { 837 return new IXR_Error(404, __('Sorry, no such post.')); 838 } 839 811 $this->escape($args); 812 813 $post_ID = (int) $args[1]; 814 $user_login = $args[2]; 815 $user_pass = $args[3]; 816 $content = $args[4]; 817 $publish = $args[5]; 818 819 if (!$this->login_pass_ok($user_login, $user_pass)) { 820 return $this->error; 821 } 822 823 $actual_post = wp_get_single_post($post_ID,ARRAY_A); 824 825 if (!$actual_post) { 826 return new IXR_Error(404, __('Sorry, no such post.')); 827 } 828 840 829 $this->escape($actual_post); 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 830 831 set_current_user(0, $user_login); 832 if ( !current_user_can('edit_post', $post_ID) ) 833 return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); 834 835 extract($actual_post, EXTR_SKIP); 836 837 if ( ('publish' == $post_status) && !current_user_can('publish_posts') ) 838 return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); 839 840 $post_title = xmlrpc_getposttitle($content); 841 $post_category = xmlrpc_getpostcategory($content); 842 $post_content = xmlrpc_removepostdata($content); 843 844 $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt'); 845 846 $result = wp_update_post($postdata); 847 848 if (!$result) { 849 return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be edited.')); 850 } 851 $this->attach_uploads( $ID, $post_content ); 852 853 return true; 865 854 } 866 855 … … 868 857 /* blogger.deletePost ...deletes a post */ 869 858 function blogger_deletePost($args) { 870 871 global $wpdb; 872 873 $this->escape($args); 874 875 $post_ID = (int) $args[1]; 876 $user_login = $args[2]; 877 $user_pass = $args[3]; 878 $publish = $args[4]; 879 880 if (!$this->login_pass_ok($user_login, $user_pass)) { 881 return $this->error; 882 } 883 884 $actual_post = wp_get_single_post($post_ID,ARRAY_A); 885 886 if (!$actual_post) { 887 return new IXR_Error(404, __('Sorry, no such post.')); 888 } 889 890 set_current_user(0, $user_login); 891 if ( !current_user_can('edit_post', $post_ID) ) 892 return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.')); 893 894 $result = wp_delete_post($post_ID); 895 896 if (!$result) { 897 return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be deleted.')); 898 } 899 900 return true; 859 $this->escape($args); 860 861 $post_ID = (int) $args[1]; 862 $user_login = $args[2]; 863 $user_pass = $args[3]; 864 $publish = $args[4]; 865 866 if (!$this->login_pass_ok($user_login, $user_pass)) { 867 return $this->error; 868 } 869 870 $actual_post = wp_get_single_post($post_ID,ARRAY_A); 871 872 if (!$actual_post) { 873 return new IXR_Error(404, __('Sorry, no such post.')); 874 } 875 876 set_current_user(0, $user_login); 877 if ( !current_user_can('edit_post', $post_ID) ) 878 return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.')); 879 880 $result = wp_delete_post($post_ID); 881 882 if (!$result) { 883 return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be deleted.')); 884 } 885 886 return true; 901 887 } 902 888 … … 909 895 /* metaweblog.newPost creates a post */ 910 896 function mw_newPost($args) { 911 912 global $wpdb, $post_default_category; 913 914 $this->escape($args); 915 916 $blog_ID = (int) $args[0]; // we will support this in the near future 917 $user_login = $args[1]; 918 $user_pass = $args[2]; 919 $content_struct = $args[3]; 920 $publish = $args[4]; 921 922 if (!$this->login_pass_ok($user_login, $user_pass)) { 923 return $this->error; 924 } 925 926 $cap = ($publish) ? 'publish_posts' : 'edit_posts'; 927 $user = set_current_user(0, $user_login); 928 if ( !current_user_can($cap) ) 929 return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.')); 897 $this->escape($args); 898 899 $blog_ID = (int) $args[0]; // we will support this in the near future 900 $user_login = $args[1]; 901 $user_pass = $args[2]; 902 $content_struct = $args[3]; 903 $publish = $args[4]; 904 905 if (!$this->login_pass_ok($user_login, $user_pass)) { 906 return $this->error; 907 } 908 909 $cap = ($publish) ? 'publish_posts' : 'edit_posts'; 910 $user = set_current_user(0, $user_login); 911 if ( !current_user_can($cap) ) 912 return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.')); 930 913 931 914 // The post_type defaults to post, but could also be page. … … 960 943 } 961 944 962 945 $post_author = $user->ID; 963 946 964 947 // If an author id was provided then use it instead. … … 985 968 } 986 969 987 988 989 990 991 992 970 $post_title = $content_struct['title']; 971 $post_content = apply_filters( 'content_save_pre', $content_struct['description'] ); 972 $post_status = $publish ? 'publish' : 'draft'; 973 974 $post_excerpt = $content_struct['mt_excerpt']; 975 $post_more = $content_struct['mt_text_more']; 993 976 994 977 $tags_input = $content_struct['mt_keywords']; … … 1059 1042 } 1060 1043 1061 1062 1063 1064 1065 1066 1067 1044 if ($post_more) { 1045 $post_content = $post_content . "\n<!--more-->\n" . $post_more; 1046 } 1047 1048 $to_ping = $content_struct['mt_tb_ping_urls']; 1049 if ( is_array($to_ping) ) 1050 $to_ping = implode(' ', $to_ping); 1068 1051 1069 1052 // Do some timestamp voodoo … … 1078 1061 } 1079 1062 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1063 $catnames = $content_struct['categories']; 1064 logIO('O', 'Post cats: ' . printr($catnames,true)); 1065 $post_category = array(); 1066 1067 if (is_array($catnames)) { 1068 foreach ($catnames as $cat) { 1069 $post_category[] = get_cat_ID($cat); 1070 } 1071 } 1072 1073 // We've got all the data -- post it: 1074 $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping', 'post_type', 'post_name', 'post_password', 'post_parent', 'menu_order', 'tags_input'); 1075 1076 $post_ID = wp_insert_post($postdata); 1077 if ( is_wp_error( $post_ID ) ) 1078 return new IXR_Error(500, $post_ID->get_error_message()); 1079 1080 if (!$post_ID) { 1081 return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.')); 1082 } 1083 1084 $this->attach_uploads( $post_ID, $post_content ); 1085 1086 logIO('O', "Posted ! ID: $post_ID"); 1087 1088 return strval($post_ID); 1106 1089 } 1107 1090 … … 1123 1106 function mw_editPost($args) { 1124 1107 1125 global $wpdb, $post_default_category; 1126 1127 $this->escape($args); 1128 1129 $post_ID = (int) $args[0]; 1130 $user_login = $args[1]; 1131 $user_pass = $args[2]; 1132 $content_struct = $args[3]; 1133 $publish = $args[4]; 1134 1135 if (!$this->login_pass_ok($user_login, $user_pass)) { 1136 return $this->error; 1137 } 1108 $this->escape($args); 1109 1110 $post_ID = (int) $args[0]; 1111 $user_login = $args[1]; 1112 $user_pass = $args[2]; 1113 $content_struct = $args[3]; 1114 $publish = $args[4]; 1115 1116 if (!$this->login_pass_ok($user_login, $user_pass)) { 1117 return $this->error; 1118 } 1138 1119 1139 1120 $user = set_current_user(0, $user_login); … … 1148 1129 } 1149 1130 1150 1151 1152 1153 1154 1131 // Edit page caps are checked in editPage. Just check post here. 1132 if ( ( 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) ) 1133 return new IXR_Error(401, __('Sorry, you can not edit this post.')); 1134 1135 $postdata = wp_get_single_post($post_ID, ARRAY_A); 1155 1136 1156 1137 // If there is no post data for the give post id, stop … … 1269 1250 } 1270 1251 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1252 $post_title = $content_struct['title']; 1253 $post_content = apply_filters( 'content_save_pre', $content_struct['description'] ); 1254 $catnames = $content_struct['categories']; 1255 1256 $post_category = array(); 1257 1258 if (is_array($catnames)) { 1259 foreach ($catnames as $cat) { 1260 $post_category[] = get_cat_ID($cat); 1261 } 1262 } 1263 1264 $post_excerpt = $content_struct['mt_excerpt']; 1265 $post_more = $content_struct['mt_text_more']; 1266 $post_status = $publish ? 'publish' : 'draft'; 1267 1268 $tags_input = $content_struct['mt_keywords']; 1269 1270 if ( ('publish' == $post_status) ) { 1271 if ( ( 'page' == $post_type ) && !current_user_can('publish_pages') ) 1272 return new IXR_Error(401, __('Sorry, you do not have the right to publish this page.')); 1273 else if ( !current_user_can('publish_posts') ) 1274 return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); 1275 } 1276 1277 if ($post_more) { 1278 $post_content = $post_content . "\n<!--more-->\n" . $post_more; 1279 } 1280 1281 $to_ping = $content_struct['mt_tb_ping_urls']; 1282 if ( is_array($to_ping) ) 1283 $to_ping = implode(' ', $to_ping); 1284 1285 // Do some timestamp voodoo 1286 $dateCreatedd = $content_struct['dateCreated']; 1287 if (!empty($dateCreatedd)) { 1288 $dateCreated = $dateCreatedd->getIso(); 1289 $post_date = get_date_from_gmt(iso8601_to_datetime($dateCreated)); 1290 $post_date_gmt = iso8601_to_datetime($dateCreated . "Z", GMT); 1291 } else { 1292 $post_date = $postdata['post_date']; 1293 $post_date_gmt = $postdata['post_date_gmt']; 1294 } 1295 1296 // We've got all the data -- post it: 1297 $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt', 'to_ping', 'post_name', 'post_password', 'post_parent', 'menu_order', 'post_author', 'tags_input'); 1298 1299 $result = wp_update_post($newpost); 1300 if (!$result) { 1301 return new IXR_Error(500, __('Sorry, your entry could not be edited. Something wrong happened.')); 1302 } 1303 $this->attach_uploads( $ID, $post_content ); 1304 1305 logIO('O',"(MW) Edited ! ID: $post_ID"); 1306 1307 return true; 1327 1308 } 1328 1309 … … 1331 1312 function mw_getPost($args) { 1332 1313 1333 global $wpdb; 1334 1335 $this->escape($args); 1336 1337 $post_ID = (int) $args[0]; 1338 $user_login = $args[1]; 1339 $user_pass = $args[2]; 1340 1341 if (!$this->login_pass_ok($user_login, $user_pass)) { 1342 return $this->error; 1343 } 1344 1345 $postdata = wp_get_single_post($post_ID, ARRAY_A); 1346 1347 if ($postdata['post_date'] != '') { 1348 1349 $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); 1350 $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); 1351 1352 $categories = array(); 1353 $catids = wp_get_post_categories($post_ID); 1354 foreach($catids as $catid) { 1355 $categories[] = get_cat_name($catid); 1356 } 1357 1358 $tagnames = array(); 1359 $tags = wp_get_post_tags( $post_ID ); 1360 if ( !empty( $tags ) ) { 1361 foreach ( $tags as $tag ) { 1362 $tagnames[] = $tag->name; 1363 } 1364 $tagnames = implode( ', ', $tagnames ); 1314 $this->escape($args); 1315 1316 $post_ID = (int) $args[0]; 1317 $user_login = $args[1]; 1318 $user_pass = $args[2]; 1319 1320 if (!$this->login_pass_ok($user_login, $user_pass)) { 1321 return $this->error; 1322 } 1323 1324 $postdata = wp_get_single_post($post_ID, ARRAY_A); 1325 1326 if ($postdata['post_date'] != '') { 1327 $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); 1328 $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); 1329 1330 $categories = array(); 1331 $catids = wp_get_post_categories($post_ID); 1332 foreach($catids as $catid) 1333 $categories[] = get_cat_name($catid); 1334 1335 $tagnames = array(); 1336 $tags = wp_get_post_tags( $post_ID ); 1337 if ( !empty( $tags ) ) { 1338 foreach ( $tags as $tag ) 1339 $tagnames[] = $tag->name; 1340 $tagnames = implode( ', ', $tagnames ); 1341 } else { 1342 $tagnames = ''; 1343 } 1344 1345 $post = get_extended($postdata['post_content']); 1346 $link = post_permalink($postdata['ID']); 1347 1348 // Get the author info. 1349 $author = get_userdata($postdata['post_author']); 1350 1351 $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; 1352 $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; 1353 1354 $resp = array( 1355 'dateCreated' => new IXR_Date($post_date), 1356 'userid' => $postdata['post_author'], 1357 'postid' => $postdata['ID'], 1358 'description' => $post['main'], 1359 'title' => $postdata['post_title'], 1360 'link' => $link, 1361 'permaLink' => $link, 1362 // commented out because no other tool seems to use this 1363 // 'content' => $entry['post_content'], 1364 'categories' => $categories, 1365 'mt_excerpt' => $postdata['post_excerpt'], 1366 'mt_text_more' => $post['extended'], 1367 'mt_allow_comments' => $allow_comments, 1368 'mt_allow_pings' => $allow_pings, 1369 'mt_keywords' => $tagnames, 1370 'wp_slug' => $postdata['post_name'], 1371 'wp_password' => $postdata['post_password'], 1372 'wp_author_id' => $author->ID, 1373 'wp_author_display_name' => $author->display_name, 1374 'date_created_gmt' => new IXR_Date($post_date_gmt), 1375 'post_status' => $postdata['post_status'] 1376 ); 1377 1378 return $resp; 1365 1379 } else { 1366 $tagnames = ''; 1367 } 1368 1369 $post = get_extended($postdata['post_content']); 1370 $link = post_permalink($postdata['ID']); 1371 1372 // Get the author info. 1373 $author = get_userdata($postdata['post_author']); 1374 1375 $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; 1376 $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; 1377 1378 $resp = array( 1379 'dateCreated' => new IXR_Date($post_date), 1380 'userid' => $postdata['post_author'], 1381 'postid' => $postdata['ID'], 1382 'description' => $post['main'], 1383 'title' => $postdata['post_title'], 1384 'link' => $link, 1385 'permaLink' => $link, 1386 // commented out because no other tool seems to use this 1387 // 'content' => $entry['post_content'], 1388 'categories' => $categories, 1389 'mt_excerpt' => $postdata['post_excerpt'], 1390 'mt_text_more' => $post['extended'], 1391 'mt_allow_comments' => $allow_comments, 1392 'mt_allow_pings' => $allow_pings, 1393 'mt_keywords' => $tagnames, 1394 'wp_slug' => $postdata['post_name'], 1395 'wp_password' => $postdata['post_password'], 1396 'wp_author_id' => $author->ID, 1397 'wp_author_display_name' => $author->display_name, 1398 'date_created_gmt' => new IXR_Date($post_date_gmt), 1399 'post_status' => $postdata['post_status'] 1400 ); 1401 1402 return $resp; 1403 } else { 1404 return new IXR_Error(404, __('Sorry, no such post.')); 1405 } 1380 return new IXR_Error(404, __('Sorry, no such post.')); 1381 } 1406 1382 } 1407 1383 … … 1497 1473 function mw_getCategories($args) { 1498 1474 1499 global $wpdb;1500 1501 1475 $this->escape($args); 1502 1476 … … 1577 1551 } 1578 1552 1579 $upload = wp_upload_bits($name, $type, $bits , $overwrite);1553 $upload = wp_upload_bits($name, $type, $bits); 1580 1554 if ( ! empty($upload['error']) ) { 1581 1555 $errorString = sprintf(__('Could not write file %1$s (%2$s)'), $name, $upload['error']); … … 1655 1629 function mt_getCategoryList($args) { 1656 1630 1657 global $wpdb;1658 1659 1631 $this->escape($args); 1660 1632 … … 1835 1807 /* pingback.ping gets a pingback and registers it */ 1836 1808 function pingback_ping($args) { 1837 global $wpdb , $wp_version;1809 global $wpdb; 1838 1810 1839 1811 $this->escape($args); … … 1848 1820 $pagelinkedto = str_replace('&', '&', $pagelinkedto); 1849 1821 1850 $error_code = -1;1851 1852 1822 // Check if the page linked to is in our site 1853 1823 $pos1 = strpos($pagelinkedto, str_replace(array('http://www.','http://','https://www.','https://'), '', get_option('home'))); 1854 1824 if( !$pos1 ) 1855 1825 return new IXR_Error(0, __('Is there no link to us?')); 1856 1826 1857 1827 // let's find which post is linked to … … 1913 1883 1914 1884 // Let's check that the remote site didn't already pingback this entry 1915 $ result = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_ID' AND comment_author_url = '$pagelinkedfrom'");1885 $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_ID' AND comment_author_url = '$pagelinkedfrom'"); 1916 1886 1917 1887 if ( $wpdb->num_rows ) // We already have a Pingback from this URL … … 1975 1945 1976 1946 $context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]'; 1977 $original_pagelinkedfrom = $pagelinkedfrom;1978 1947 $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom ); 1979 $original_title = $title;1980 1948 1981 1949 $comment_post_ID = (int) $post_ID;
Note: See TracChangeset
for help on using the changeset viewer.