Changeset 6503 for trunk/xmlrpc.php
- Timestamp:
- 12/27/2007 10:14:27 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/xmlrpc.php
r6498 r6503 231 231 return($this->error); 232 232 } 233 234 set_current_user( 0, $username ); 235 if( !current_user_can( 'edit_page', $page_id ) ) 236 return new IXR_Error( 401, __( 'Sorry, you can not edit this page.' ) ); 233 237 234 238 do_action('xmlrpc_call', 'wp.getPage'); … … 316 320 } 317 321 322 set_current_user( 0, $username ); 323 if( !current_user_can( 'edit_pages' ) ) 324 return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); 325 318 326 do_action('xmlrpc_call', 'wp.getPages'); 319 327 … … 482 490 } 483 491 492 set_current_user( 0, $username ); 493 if( !current_user_can( 'edit_pages' ) ) 494 return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); 495 484 496 do_action('xmlrpc_call', 'wp.getPageList'); 485 497 … … 647 659 } 648 660 661 set_current_user(0, $username); 662 if( !current_user_can( 'edit_posts' ) ) 663 return new IXR_Error( 401, __( 'Sorry, you must be able to publish to this blog in order to view categories.' ) ); 664 649 665 do_action('xmlrpc_call', 'wp.suggestCategories'); 650 666 … … 707 723 } 708 724 725 set_current_user( 0, $user_login ); 726 if( !current_user_can( 'edit_posts' ) ) 727 return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) ); 728 709 729 do_action('xmlrpc_call', 'blogger.getUserInfo'); 710 730 … … 715 735 'userid' => $user_data->ID, 716 736 'url' => $user_data->user_url, 717 'email' => $user_data->user_email,718 737 'lastname' => $user_data->last_name, 719 738 'firstname' => $user_data->first_name … … 736 755 return $this->error; 737 756 } 757 758 set_current_user( 0, $user_login ); 759 if( !current_user_can( 'edit_post', $post_ID ) ) 760 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 738 761 739 762 do_action('xmlrpc_call', 'blogger.getPost'); … … 776 799 $posts_list = wp_get_recent_posts($num_posts); 777 800 801 set_current_user( 0, $user_login ); 802 778 803 if (!$posts_list) { 779 804 $this->error = new IXR_Error(500, __('Either there are no posts, or something went wrong.')); … … 782 807 783 808 foreach ($posts_list as $entry) { 809 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 810 continue; 784 811 785 812 $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); … … 1462 1489 return $this->error; 1463 1490 } 1491 1492 set_current_user( 0, $user_login ); 1493 if( !current_user_can( 'edit_post', $post_ID ) ) 1494 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 1464 1495 1465 1496 do_action('xmlrpc_call', 'metaWeblog.getPost'); … … 1550 1581 } 1551 1582 1552 $this_user =set_current_user( 0, $user_login );1583 set_current_user( 0, $user_login ); 1553 1584 1554 1585 foreach ($posts_list as $entry) { 1555 if ( 1556 !empty( $entry['post_password'] ) 1557 && !current_user_can( 'edit_post', $entry['ID'] ) 1558 ) { 1559 unset( $entry['post_password'] ); 1560 } 1586 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 1587 continue; 1561 1588 1562 1589 $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); … … 1638 1665 } 1639 1666 1667 set_current_user( 0, $user_login ); 1668 if( !current_user_can( 'edit_posts' ) ) 1669 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); 1670 1640 1671 do_action('xmlrpc_call', 'metaWeblog.getCategories'); 1641 1672 … … 1761 1792 } 1762 1793 1794 set_current_user( 0, $user_login ); 1795 1763 1796 foreach ($posts_list as $entry) { 1797 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 1798 continue; 1764 1799 1765 1800 $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); … … 1798 1833 } 1799 1834 1835 set_current_user( 0, $user_login ); 1836 if( !current_user_can( 'edit_posts' ) ) 1837 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); 1838 1800 1839 do_action('xmlrpc_call', 'mt.getCategoryList'); 1801 1840 1802 1841 $categories_struct = array(); 1803 1842 1804 // FIXME: can we avoid using direct SQL there?1805 1843 if ( $cats = get_categories('hide_empty=0&hierarchical=0') ) { 1806 1844 foreach ($cats as $cat) { … … 1828 1866 return $this->error; 1829 1867 } 1868 1869 set_current_user( 0, $user_login ); 1870 if( !current_user_can( 'edit_post', $post_ID ) ) 1871 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 1830 1872 1831 1873 do_action('xmlrpc_call', 'mt.getPostCategories');
Note: See TracChangeset
for help on using the changeset viewer.