Changeset 6504
- Timestamp:
- 12/27/2007 10:30:18 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.3/xmlrpc.php
r6499 r6504 187 187 return($this->error); 188 188 } 189 190 set_current_user( 0, $username ); 191 if( !current_user_can( 'edit_page', $page_id ) ) 192 return new IXR_Error( 401, __( 'Sorry, you can not edit this page.' ) ); 193 194 do_action('xmlrpc_call', 'wp.getPage'); 189 195 190 196 // Lookup page info. … … 269 275 } 270 276 277 set_current_user( 0, $username ); 278 if( !current_user_can( 'edit_pages' ) ) 279 return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); 280 281 do_action('xmlrpc_call', 'wp.getPages'); 282 271 283 // Lookup info on pages. 272 284 $pages = get_pages(); … … 427 439 } 428 440 441 set_current_user( 0, $username ); 442 if( !current_user_can( 'edit_pages' ) ) 443 return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); 444 445 do_action('xmlrpc_call', 'wp.getPageList'); 446 429 447 // Get list of pages ids and titles 430 448 $page_list = $wpdb->get_results(" … … 460 478 */ 461 479 function wp_getAuthors($args) { 462 global $wpdb;463 480 464 481 $this->escape($args); … … 510 527 // allowed to add a category. 511 528 set_current_user(0, $username); 512 if(!current_user_can("manage_categories" , $page_id)) {529 if(!current_user_can("manage_categories")) { 513 530 return(new IXR_Error(401, __("Sorry, you do not have the right to add a category."))); 514 531 } … … 564 581 } 565 582 583 set_current_user(0, $username); 584 if( !current_user_can( 'edit_posts' ) ) 585 return new IXR_Error( 401, __( 'Sorry, you must be able to publish to this blog in order to view categories.' ) ); 586 587 do_action('xmlrpc_call', 'wp.suggestCategories'); 588 566 589 $args = array('get' => 'all', 'number' => $max_results, 'name__like' => $category); 567 590 $category_suggestions = get_categories($args); … … 614 637 } 615 638 639 set_current_user( 0, $user_login ); 640 if( !current_user_can( 'edit_posts' ) ) 641 return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) ); 642 643 do_action('xmlrpc_call', 'blogger.getUserInfo'); 644 616 645 $user_data = get_userdatabylogin($user_login); 617 646 … … 620 649 'userid' => $user_data->ID, 621 650 'url' => $user_data->user_url, 622 'email' => $user_data->user_email,623 651 'lastname' => $user_data->last_name, 624 652 'firstname' => $user_data->first_name … … 642 670 } 643 671 644 $user_data = get_userdatabylogin($user_login); 672 set_current_user( 0, $user_login ); 673 if( !current_user_can( 'edit_post', $post_ID ) ) 674 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 675 676 do_action('xmlrpc_call', 'blogger.getPost'); 677 645 678 $post_data = wp_get_single_post($post_ID, ARRAY_A); 646 679 … … 680 713 $posts_list = wp_get_recent_posts($num_posts); 681 714 715 set_current_user( 0, $user_login ); 716 682 717 if (!$posts_list) { 683 718 $this->error = new IXR_Error(500, __('Either there are no posts, or something went wrong.')); … … 686 721 687 722 foreach ($posts_list as $entry) { 723 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 724 continue; 688 725 689 726 $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); … … 1345 1382 function mw_getPost($args) { 1346 1383 1347 global $wpdb; 1348 1349 $this->escape($args); 1350 1351 $post_ID = (int) $args[0]; 1352 $user_login = $args[1]; 1353 $user_pass = $args[2]; 1354 1355 if (!$this->login_pass_ok($user_login, $user_pass)) { 1356 return $this->error; 1357 } 1358 1359 $postdata = wp_get_single_post($post_ID, ARRAY_A); 1360 1361 if ($postdata['post_date'] != '') { 1362 1363 $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); 1364 $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); 1365 1366 $categories = array(); 1367 $catids = wp_get_post_categories($post_ID); 1368 foreach($catids as $catid) { 1369 $categories[] = get_cat_name($catid); 1370 } 1371 1372 $tagnames = array(); 1373 $tags = wp_get_post_tags( $post_ID ); 1374 if ( !empty( $tags ) ) { 1375 foreach ( $tags as $tag ) { 1376 $tagnames[] = $tag->name; 1377 } 1378 $tagnames = implode( ', ', $tagnames ); 1384 global $wpdb; 1385 1386 $this->escape($args); 1387 1388 $post_ID = (int) $args[0]; 1389 $user_login = $args[1]; 1390 $user_pass = $args[2]; 1391 1392 if (!$this->login_pass_ok($user_login, $user_pass)) { 1393 return $this->error; 1394 } 1395 1396 set_current_user( 0, $user_login ); 1397 if( !current_user_can( 'edit_post', $post_ID ) ) 1398 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 1399 1400 do_action('xmlrpc_call', 'metaWeblog.getPost'); 1401 1402 $postdata = wp_get_single_post($post_ID, ARRAY_A); 1403 1404 if ($postdata['post_date'] != '') { 1405 $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); 1406 $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); 1407 1408 $categories = array(); 1409 $catids = wp_get_post_categories($post_ID); 1410 foreach($catids as $catid) { 1411 $categories[] = get_cat_name($catid); 1412 } 1413 1414 $tagnames = array(); 1415 $tags = wp_get_post_tags( $post_ID ); 1416 if ( !empty( $tags ) ) { 1417 foreach ( $tags as $tag ) { 1418 $tagnames[] = $tag->name; 1419 } 1420 $tagnames = implode( ', ', $tagnames ); 1421 } else { 1422 $tagnames = ''; 1423 } 1424 1425 $post = get_extended($postdata['post_content']); 1426 $link = post_permalink($postdata['ID']); 1427 1428 // Get the author info. 1429 $author = get_userdata($postdata['post_author']); 1430 1431 $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; 1432 $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; 1433 1434 $resp = array( 1435 'dateCreated' => new IXR_Date($post_date), 1436 'userid' => $postdata['post_author'], 1437 'postid' => $postdata['ID'], 1438 'description' => $post['main'], 1439 'title' => $postdata['post_title'], 1440 'link' => $link, 1441 'permaLink' => $link, 1442 // commented out because no other tool seems to use this 1443 // 'content' => $entry['post_content'], 1444 'categories' => $categories, 1445 'mt_excerpt' => $postdata['post_excerpt'], 1446 'mt_text_more' => $post['extended'], 1447 'mt_allow_comments' => $allow_comments, 1448 'mt_allow_pings' => $allow_pings, 1449 'mt_keywords' => $tagnames, 1450 'wp_slug' => $postdata['post_name'], 1451 'wp_password' => $postdata['post_password'], 1452 'wp_author_id' => $author->ID, 1453 'wp_author_display_name' => $author->display_name, 1454 'date_created_gmt' => new IXR_Date($post_date_gmt) 1455 ); 1456 1457 return $resp; 1379 1458 } else { 1380 $tagnames = ''; 1381 } 1382 1383 $post = get_extended($postdata['post_content']); 1384 $link = post_permalink($postdata['ID']); 1385 1386 // Get the author info. 1387 $author = get_userdata($postdata['post_author']); 1388 1389 $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; 1390 $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; 1391 1392 $resp = array( 1393 'dateCreated' => new IXR_Date($post_date), 1394 'userid' => $postdata['post_author'], 1395 'postid' => $postdata['ID'], 1396 'description' => $post['main'], 1397 'title' => $postdata['post_title'], 1398 'link' => $link, 1399 'permaLink' => $link, 1400 // commented out because no other tool seems to use this 1401 // 'content' => $entry['post_content'], 1402 'categories' => $categories, 1403 'mt_excerpt' => $postdata['post_excerpt'], 1404 'mt_text_more' => $post['extended'], 1405 'mt_allow_comments' => $allow_comments, 1406 'mt_allow_pings' => $allow_pings, 1407 'mt_keywords' => $tagnames, 1408 'wp_slug' => $postdata['post_name'], 1409 'wp_password' => $postdata['post_password'], 1410 'wp_author_id' => $author->ID, 1411 'wp_author_display_name' => $author->display_name, 1412 'date_created_gmt' => new IXR_Date($post_date_gmt) 1413 ); 1414 1415 return $resp; 1416 } else { 1417 return new IXR_Error(404, __('Sorry, no such post.')); 1418 } 1459 return new IXR_Error(404, __('Sorry, no such post.')); 1460 } 1419 1461 } 1420 1462 … … 1441 1483 } 1442 1484 1443 $this_user =set_current_user( 0, $user_login );1485 set_current_user( 0, $user_login ); 1444 1486 1445 1487 foreach ($posts_list as $entry) { 1446 if ( 1447 !empty( $entry['post_password'] ) 1448 && !current_user_can( 'edit_post', $entry['ID'] ) 1449 ) { 1450 unset( $entry['post_password'] ); 1451 } 1488 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 1489 continue; 1452 1490 1453 1491 $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); … … 1529 1567 } 1530 1568 1569 set_current_user( 0, $user_login ); 1570 if( !current_user_can( 'edit_posts' ) ) 1571 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); 1572 1573 do_action('xmlrpc_call', 'metaWeblog.getCategories'); 1574 1531 1575 $categories_struct = array(); 1532 1576 … … 1648 1692 } 1649 1693 1694 set_current_user( 0, $user_login ); 1695 1650 1696 foreach ($posts_list as $entry) { 1697 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 1698 continue; 1651 1699 1652 1700 $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); … … 1687 1735 } 1688 1736 1737 set_current_user( 0, $user_login ); 1738 if( !current_user_can( 'edit_posts' ) ) 1739 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); 1740 1741 do_action('xmlrpc_call', 'mt.getCategoryList'); 1742 1689 1743 $categories_struct = array(); 1690 1744 1691 // FIXME: can we avoid using direct SQL there?1692 1745 if ( $cats = get_categories('hide_empty=0&hierarchical=0') ) { 1693 1746 foreach ($cats as $cat) { … … 1715 1768 return $this->error; 1716 1769 } 1770 1771 set_current_user( 0, $user_login ); 1772 if( !current_user_can( 'edit_post', $post_ID ) ) 1773 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 1774 1775 do_action('xmlrpc_call', 'mt.getPostCategories'); 1717 1776 1718 1777 $categories = array();
Note: See TracChangeset
for help on using the changeset viewer.