Changeset 6726 for trunk/xmlrpc.php
- Timestamp:
- 02/05/2008 06:47:27 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/xmlrpc.php
r6714 r6726 32 32 <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" /> 33 33 <api name="Blogger" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" /> 34 <api name="Atom" blogID="" preferred="false" apiLink="<?php echo apply_filters('atom_service_url', (get_bloginfo('url')."/wp-app.php/service"))?>" /> 34 <api name="Atom" blogID="" preferred="false" apiLink="<?php echo apply_filters('atom_service_url', (get_bloginfo('url')."/wp-app.php/service"))?>" /> 35 35 </apis> 36 36 </service> … … 175 175 } 176 176 177 function get_custom_fields($post_id) { 178 $post_id = (int) $post_id; 179 180 $custom_fields = array(); 181 182 foreach ( (array) has_meta($post_id) as $meta ) { 183 // Don't expose protected fields. 184 if ( strpos($meta['meta_key'], '_wp_') === 0 ) { 185 continue; 186 } 187 188 $custom_fields[] = array( 189 "id" => $meta['meta_id'], 190 "key" => $meta['meta_key'], 191 "value" => $meta['meta_value'] 192 ); 193 } 194 195 return $custom_fields; 196 } 197 198 function set_custom_fields($post_id, $fields) { 199 $post_id = (int) $post_id; 200 201 foreach ( (array) $fields as $meta ) { 202 if ( isset($meta['id']) ) { 203 $meta['id'] = (int) $meta['id']; 204 205 if ( isset($meta['key']) ) { 206 update_meta($meta['id'], $meta['key'], $meta['value']); 207 } 208 else { 209 delete_meta($meta['id']); 210 } 211 } 212 else { 213 $_POST['metakeyinput'] = $meta['key']; 214 $_POST['metavalue'] = $meta['value']; 215 add_meta($post_id); 216 } 217 } 218 } 177 function get_custom_fields($post_id) { 178 $post_id = (int) $post_id; 179 180 $custom_fields = array(); 181 182 foreach ( (array) has_meta($post_id) as $meta ) { 183 // Don't expose protected fields. 184 if ( strpos($meta['meta_key'], '_wp_') === 0 ) { 185 continue; 186 } 187 188 $custom_fields[] = array( 189 "id" => $meta['meta_id'], 190 "key" => $meta['meta_key'], 191 "value" => $meta['meta_value'] 192 ); 193 } 194 195 return $custom_fields; 196 } 197 198 function set_custom_fields($post_id, $fields) { 199 $post_id = (int) $post_id; 200 201 foreach ( (array) $fields as $meta ) { 202 if ( isset($meta['id']) ) { 203 $meta['id'] = (int) $meta['id']; 204 205 if ( isset($meta['key']) ) { 206 update_meta($meta['id'], $meta['key'], $meta['value']); 207 } 208 else { 209 delete_meta($meta['id']); 210 } 211 } 212 else { 213 $_POST['metakeyinput'] = $meta['key']; 214 $_POST['metavalue'] = $meta['value']; 215 add_meta($post_id); 216 } 217 } 218 } 219 219 220 220 /** … … 662 662 663 663 set_current_user(0, $username); 664 if( !current_user_can( 'edit_posts' ) ) 664 if( !current_user_can( 'edit_posts' ) ) 665 665 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts to this blog in order to view categories.' ) ); 666 666 … … 680 680 681 681 function wp_getCommentCount( $args ) { 682 $this->escape($args); 683 684 $blog_id = (int) $args[0]; 685 $username = $args[1]; 686 $password = $args[2]; 687 $post_id = (int) $args[3]; 688 689 if( !$this->login_pass_ok( $username, $password ) ) { 690 return new IXR_Error( 403, __( 'Bad login/pass combination.' ) ); 691 } 692 693 set_current_user( 0, $username ); 694 if( !current_user_can( 'edit_posts' ) ) { 695 return new IXR_Error( 403, __( 'You are not allowed details about comments.' ) ); 696 } 682 $this->escape($args); 683 684 $blog_id = (int) $args[0]; 685 $username = $args[1]; 686 $password = $args[2]; 687 $post_id = (int) $args[3]; 688 689 if( !$this->login_pass_ok( $username, $password ) ) { 690 return new IXR_Error( 403, __( 'Bad login/pass combination.' ) ); 691 } 692 693 set_current_user( 0, $username ); 694 if( !current_user_can( 'edit_posts' ) ) { 695 return new IXR_Error( 403, __( 'You are not allowed details about comments.' ) ); 696 } 697 697 698 698 do_action('xmlrpc_call', 'wp.getCommentCount'); … … 792 792 793 793 set_current_user( 0, $user_login ); 794 if( !current_user_can( 'edit_posts' ) ) 794 if( !current_user_can( 'edit_posts' ) ) 795 795 return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) ); 796 796 … … 825 825 826 826 set_current_user( 0, $user_login ); 827 if( !current_user_can( 'edit_post', $post_ID ) ) 827 if( !current_user_can( 'edit_post', $post_ID ) ) 828 828 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 829 829 … … 986 986 $content = $args[4]; 987 987 $publish = $args[5]; 988 988 989 989 if (!$this->login_pass_ok($user_login, $user_pass)) { 990 990 return $this->error; … … 997 997 if ( !current_user_can($cap) ) 998 998 return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.')); 999 999 1000 1000 $post_status = ($publish) ? 'publish' : 'draft'; 1001 1001 1002 1002 $post_author = $user->ID; 1003 1003 1004 1004 $post_title = xmlrpc_getposttitle($content); 1005 1005 $post_category = xmlrpc_getpostcategory($content); 1006 1006 $post_content = xmlrpc_removepostdata($content); 1007 1007 1008 1008 $post_date = current_time('mysql'); 1009 1009 $post_date_gmt = current_time('mysql', 1); 1010 1010 1011 1011 $post_data = compact('blog_ID', 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status'); 1012 1012 1013 1013 $post_ID = wp_insert_post($post_data); 1014 1014 if ( is_wp_error( $post_ID ) ) … … 1029 1029 1030 1030 $this->escape($args); 1031 1031 1032 1032 $post_ID = (int) $args[1]; 1033 1033 $user_login = $args[2]; … … 1035 1035 $content = $args[4]; 1036 1036 $publish = $args[5]; 1037 1037 1038 1038 if (!$this->login_pass_ok($user_login, $user_pass)) { 1039 1039 return $this->error; … … 1043 1043 1044 1044 $actual_post = wp_get_single_post($post_ID,ARRAY_A); 1045 1045 1046 1046 if (!$actual_post) { 1047 1047 return new IXR_Error(404, __('Sorry, no such post.')); 1048 1048 } 1049 1049 1050 1050 $this->escape($actual_post); 1051 1051 1052 1052 set_current_user(0, $user_login); 1053 1053 if ( !current_user_can('edit_post', $post_ID) ) 1054 1054 return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); 1055 1055 1056 1056 extract($actual_post, EXTR_SKIP); 1057 1057 1058 1058 if ( ('publish' == $post_status) && !current_user_can('publish_posts') ) 1059 1059 return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); 1060 1060 1061 1061 $post_title = xmlrpc_getposttitle($content); 1062 1062 $post_category = xmlrpc_getpostcategory($content); 1063 1063 $post_content = xmlrpc_removepostdata($content); 1064 1064 1065 1065 $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt'); 1066 1066 1067 1067 $result = wp_update_post($postdata); 1068 1068 1069 1069 if (!$result) { 1070 1070 return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be edited.')); 1071 1071 } 1072 1072 $this->attach_uploads( $ID, $post_content ); 1073 1073 1074 1074 return true; 1075 1075 } … … 1079 1079 function blogger_deletePost($args) { 1080 1080 $this->escape($args); 1081 1081 1082 1082 $post_ID = (int) $args[1]; 1083 1083 $user_login = $args[2]; 1084 1084 $user_pass = $args[3]; 1085 1085 $publish = $args[4]; 1086 1086 1087 1087 if (!$this->login_pass_ok($user_login, $user_pass)) { 1088 1088 return $this->error; … … 1092 1092 1093 1093 $actual_post = wp_get_single_post($post_ID,ARRAY_A); 1094 1094 1095 1095 if (!$actual_post) { 1096 1096 return new IXR_Error(404, __('Sorry, no such post.')); 1097 1097 } 1098 1098 1099 1099 set_current_user(0, $user_login); 1100 1100 if ( !current_user_can('edit_post', $post_ID) ) 1101 1101 return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.')); 1102 1102 1103 1103 $result = wp_delete_post($post_ID); 1104 1104 1105 1105 if (!$result) { 1106 1106 return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be deleted.')); 1107 1107 } 1108 1108 1109 1109 return true; 1110 1110 } … … 1125 1125 $content_struct = $args[3]; 1126 1126 $publish = $args[4]; 1127 1127 1128 1128 if (!$this->login_pass_ok($user_login, $user_pass)) { 1129 1129 return $this->error; … … 1225 1225 } 1226 1226 } 1227 1227 1228 1228 $post_excerpt = $content_struct['mt_excerpt']; 1229 1229 $post_more = $content_struct['mt_text_more']; … … 1299 1299 $post_content = $post_content . "\n<!--more-->\n" . $post_more; 1300 1300 } 1301 1301 1302 1302 $to_ping = $content_struct['mt_tb_ping_urls']; 1303 1303 if ( is_array($to_ping) ) … … 1321 1321 logIO('O', 'Post cats: ' . var_export($catnames,true)); 1322 1322 $post_category = array(); 1323 1323 1324 1324 if (is_array($catnames)) { 1325 1325 foreach ($catnames as $cat) { … … 1330 1330 // We've got all the data -- post it: 1331 1331 $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping', 'post_type', 'post_name', 'post_password', 'post_parent', 'menu_order', 'tags_input'); 1332 1332 1333 1333 $post_ID = wp_insert_post($postdata); 1334 1334 if ( is_wp_error( $post_ID ) ) 1335 1335 return new IXR_Error(500, $post_ID->get_error_message()); 1336 1336 1337 1337 if (!$post_ID) { 1338 1338 return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.')); 1339 1339 } 1340 1340 1341 if ( isset($content_struct['custom_fields']) ) { 1342 $this->set_custom_fields($post_ID, $content_struct['custom_fields']); 1343 } 1344 1341 if ( isset($content_struct['custom_fields']) ) { 1342 $this->set_custom_fields($post_ID, $content_struct['custom_fields']); 1343 } 1344 1345 1345 $this->attach_uploads( $post_ID, $post_content ); 1346 1346 1347 1347 logIO('O', "Posted ! ID: $post_ID"); 1348 1348 1349 1349 return strval($post_ID); 1350 1350 } … … 1374 1374 $content_struct = $args[3]; 1375 1375 $publish = $args[4]; 1376 1376 1377 1377 if (!$this->login_pass_ok($user_login, $user_pass)) { 1378 1378 return $this->error; … … 1524 1524 $post_content = apply_filters( 'content_save_pre', $content_struct['description'] ); 1525 1525 $catnames = $content_struct['categories']; 1526 1526 1527 1527 $post_category = array(); 1528 1528 1529 1529 if (is_array($catnames)) { 1530 1530 foreach ($catnames as $cat) { … … 1532 1532 } 1533 1533 } 1534 1534 1535 1535 $post_excerpt = $content_struct['mt_excerpt']; 1536 1536 $post_more = $content_struct['mt_text_more']; … … 1555 1555 } 1556 1556 } 1557 1557 1558 1558 $tags_input = $content_struct['mt_keywords']; 1559 1559 … … 1564 1564 return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); 1565 1565 } 1566 1566 1567 1567 if ($post_more) { 1568 1568 $post_content = $post_content . "\n<!--more-->\n" . $post_more; … … 1589 1589 // We've got all the data -- post it: 1590 1590 $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt', 'to_ping', 'post_name', 'post_password', 'post_parent', 'menu_order', 'post_author', 'tags_input'); 1591 1591 1592 1592 $result = wp_update_post($newpost); 1593 1593 if (!$result) { … … 1595 1595 } 1596 1596 1597 if ( isset($content_struct['custom_fields']) ) { 1598 $this->set_custom_fields($post_ID, $content_struct['custom_fields']); 1599 } 1597 if ( isset($content_struct['custom_fields']) ) { 1598 $this->set_custom_fields($post_ID, $content_struct['custom_fields']); 1599 } 1600 1600 1601 1601 $this->attach_uploads( $ID, $post_content ); 1602 1602 1603 1603 logIO('O',"(MW) Edited ! ID: $post_ID"); 1604 1604 1605 1605 return true; 1606 1606 } … … 1611 1611 1612 1612 $this->escape($args); 1613 1613 1614 1614 $post_ID = (int) $args[0]; 1615 1615 $user_login = $args[1]; 1616 1616 $user_pass = $args[2]; 1617 1617 1618 1618 if (!$this->login_pass_ok($user_login, $user_pass)) { 1619 1619 return $this->error; … … 1627 1627 1628 1628 $postdata = wp_get_single_post($post_ID, ARRAY_A); 1629 1629 1630 1630 if ($postdata['post_date'] != '') { 1631 1631 $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); 1632 1632 $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); 1633 1633 1634 1634 $categories = array(); 1635 1635 $catids = wp_get_post_categories($post_ID); 1636 1636 foreach($catids as $catid) 1637 1637 $categories[] = get_cat_name($catid); 1638 1638 1639 1639 $tagnames = array(); 1640 1640 $tags = wp_get_post_tags( $post_ID ); … … 1646 1646 $tagnames = ''; 1647 1647 } 1648 1648 1649 1649 $post = get_extended($postdata['post_content']); 1650 1650 $link = post_permalink($postdata['ID']); 1651 1651 1652 1652 // Get the author info. 1653 1653 $author = get_userdata($postdata['post_author']); 1654 1654 1655 1655 $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; 1656 1656 $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; … … 1660 1660 $postdata['post_status'] = 'publish'; 1661 1661 } 1662 1662 1663 1663 $resp = array( 1664 1664 'dateCreated' => new IXR_Date($post_date), … … 1685 1685 'custom_fields' => $this->get_custom_fields($post_ID) 1686 1686 ); 1687 1687 1688 1688 return $resp; 1689 1689 } else { … … 1937 1937 1938 1938 foreach ($posts_list as $entry) { 1939 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 1939 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 1940 1940 continue; 1941 1941
Note: See TracChangeset
for help on using the changeset viewer.