Index: src/wp-includes/class-wp-xmlrpc-server.php =================================================================== --- src/wp-includes/class-wp-xmlrpc-server.php (revision 27729) +++ src/wp-includes/class-wp-xmlrpc-server.php (working copy) @@ -127,7 +127,17 @@ ); $this->initialise_blog_option_info(); - $this->methods = apply_filters('xmlrpc_methods', $this->methods); + + /** + * Filter the methods exposed by the XML-RPC server. + * + * This filter can be used to add new methods, and remove built-in methods. + * + * @since 1.5.0 + * + * @param array $methods An array of XML-RPC methods. + */ + $this->methods = apply_filters( 'xmlrpc_methods', $this->methods ); } function serve_request() { @@ -171,11 +181,37 @@ */ function login( $username, $password ) { // Respect any old filters against get_option() for 'enable_xmlrpc'. - $enabled = apply_filters( 'pre_option_enable_xmlrpc', false ); // Deprecated + + /** + * Filter whether XML-RPC is enabled. + * + * @since 3.5.0 + * @deprecated 3.5.0 Use 'xmlrpc_enabled' instead. + * + * @param bool $enable Whether to enable XML-RPC. Default false. + */ + $enabled = apply_filters( 'pre_option_enable_xmlrpc', false ); if ( false === $enabled ) - $enabled = apply_filters( 'option_enable_xmlrpc', true ); // Deprecated - // Proper filter for turning off XML-RPC. It is on by default. + /** + * Filter whether XML-RPC is enabled. + * + * @since 3.5.0 + * @deprecated 3.5.0 Use 'xmlrpc_enabled' instead. + * + * @param bool $enable Whether to enable XML-RPC. Default true. + */ + $enabled = apply_filters( 'option_enable_xmlrpc', true ); + + /** + * Filter whether XML-RPC is enabled. + * + * This is the proper filter for turning off XML-RPC. + * + * @since 3.5.0 + * + * @param bool $enabled Whether XML-RPC is enabled. Default true. + */ $enabled = apply_filters( 'xmlrpc_enabled', $enabled ); if ( ! $enabled ) { @@ -187,6 +223,15 @@ if (is_wp_error($user)) { $this->error = new IXR_Error( 403, __( 'Incorrect username or password.' ) ); + + /** + * Filter the XML-RPC user login error message. + * + * @since 3.5.0 + * + * @param string $error The XML-RPC error message. + * @param WP_User $user WP_User object. + */ $this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user ); return false; } @@ -441,6 +486,13 @@ ) ); + /** + * Filter the XML-RPC blog options property. + * + * @since 2.6.0 + * + * @param array $blog_options An array of XML-RPC blog options. + */ $this->blog_options = apply_filters( 'xmlrpc_blog_options', $this->blog_options ); } @@ -474,6 +526,17 @@ if ( !$user = $this->login($username, $password) ) return $this->error; + /** + * Fires after the XML-RPC user has been authenticated but before the rest of + * the method logic begins. + * + * All built-in XML-RPC methods use the action xmlrpc_call, with a parameter + * equal to the method's name, e.g., wp.getUsersBlogs, wp.newPost, etc. + * + * @since 2.5.0 + * + * @param method $name The method name. + */ do_action( 'xmlrpc_call', 'wp.getUsersBlogs' ); $blogs = (array) get_blogs_of_user( $user->ID ); @@ -553,6 +616,15 @@ if ( in_array( 'object_type', $fields ) ) $_taxonomy['object_type'] = array_unique( (array) $taxonomy->object_type ); + /** + * Filter XML-RPC-prepared data for the given taxonomy. + * + * @since 3.4.0 + * + * @param array $_taxonomy An array of taxonomy data. + * @param object $taxonomy Taxonomy object. + * @param array $fields The subset of taxonomy fields to return. + */ return apply_filters( 'xmlrpc_prepare_taxonomy', $_taxonomy, $taxonomy, $fields ); } @@ -578,6 +650,14 @@ // Count we are happy to return as an integer because people really shouldn't use terms that much. $_term['count'] = intval( $_term['count'] ); + /** + * Filter XML-RPC-prepared data for the given term. + * + * @since 3.4.0 + * + * @param array $_term An array of term data. + * @param array|object $term Term object or array. + */ return apply_filters( 'xmlrpc_prepare_term', $_term, $term ); } @@ -699,6 +779,15 @@ } } + /** + * Filter XML-RPC-prepared date for the given post. + * + * @since 3.4.0 + * + * @param array $_post An array of modified post data. + * @param array $post An array of post data. + * @param array $fields An array of post fields. + */ return apply_filters( 'xmlrpc_prepare_post', $_post, $post, $fields ); } @@ -741,6 +830,14 @@ if ( in_array( 'taxonomies', $fields ) ) $_post_type['taxonomies'] = get_object_taxonomies( $post_type->name, 'names' ); + /** + * Filter XML-RPC-prepared date for the given post type. + * + * @since 3.4.0 + * + * @param array $_post_type An array of post type data. + * @param object $post_type Post type object. + */ return apply_filters( 'xmlrpc_prepare_post_type', $_post_type, $post_type ); } @@ -771,6 +868,15 @@ else $_media_item['thumbnail'] = $_media_item['link']; + /** + * Filter XML-RPC-prepared data for the given media item. + * + * @since 3.4.0 + * + * @param array $_media_item An array of media item data. + * @param object $media_item Media item object. + * @param string $thumbnail_size Image size. + */ return apply_filters( 'xmlrpc_prepare_media_item', $_media_item, $media_item, $thumbnail_size ); } @@ -842,6 +948,14 @@ 'wp_page_template' => $page_template ); + /** + * Filter XML-RPC-prepared data for the given page. + * + * @since 3.4.0 + * + * @param array $_page An array of page data. + * @param WP_Post $page Page object. + */ return apply_filters( 'xmlrpc_prepare_page', $_page, $page ); } @@ -884,6 +998,14 @@ 'type' => $comment->comment_type, ); + /** + * Filter XML-RPC-prepared data for the given comment. + * + * @since 3.4.0 + * + * @param array $_comment An array of prepared comment data. + * @param object $comment Comment object. + */ return apply_filters( 'xmlrpc_prepare_comment', $_comment, $comment ); } @@ -924,6 +1046,15 @@ $_user = array_merge( $_user, $requested_fields ); } + /** + * Filter XML-RPC-prepared data for the given user. + * + * @since 3.5.0 + * + * @param array $_user An array of user data. + * @param WP_User $user User object. + * @param array $fields An array of user fields. + */ return apply_filters( 'xmlrpc_prepare_user', $_user, $user, $fields ); } @@ -972,6 +1103,7 @@ if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newPost' ); unset( $content_struct['ID'] ); @@ -1215,6 +1347,14 @@ $this->attach_uploads( $post_ID, $post_data['post_content'] ); + /** + * Filter post data array to be inserted via XML-RPC. + * + * @since 3.4.0 + * + * @param array $post_data Parsed array of post data. + * @param array $content_struct Post data array. + */ $post_data = apply_filters( 'xmlrpc_wp_insert_post_data', $post_data, $content_struct ); $post_ID = $update ? wp_update_post( $post_data, true ) : wp_insert_post( $post_data, true ); @@ -1258,6 +1398,7 @@ if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editPost' ); $post = get_post( $post_id, ARRAY_A ); @@ -1319,6 +1460,7 @@ if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deletePost' ); $post = get_post( $post_id, ARRAY_A ); @@ -1394,11 +1536,21 @@ if ( isset( $args[4] ) ) $fields = $args[4]; else + + /** + * Filter the list of post query fields used by the given XML-RPC method. + * + * @since 3.4.0 + * + * @param array $fields Array of post fields. + * @param string $method Method name. + */ $fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPost' ); if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPost' ); $post = get_post( $post_id, ARRAY_A ); @@ -1447,14 +1599,17 @@ $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array(); - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPosts' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPosts' ); $query = array(); @@ -1544,6 +1699,7 @@ if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newTerm' ); if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) @@ -1632,6 +1788,7 @@ if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editTerm' ); if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) @@ -1724,6 +1881,7 @@ if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deleteTerm' ); if ( ! taxonomy_exists( $taxonomy ) ) @@ -1791,6 +1949,7 @@ if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTerm' ); if ( ! taxonomy_exists( $taxonomy ) ) @@ -1844,6 +2003,7 @@ if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTerms' ); if ( ! taxonomy_exists( $taxonomy ) ) @@ -1915,14 +2075,24 @@ $password = $args[2]; $taxonomy = $args[3]; - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** + * Filter the taxonomy query fields used by the given XML-RPC method. + * + * @since 3.4.0 + * + * @param array $fields An array of taxonomy fields to retrieve. + * @param string $method The method name. + */ $fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomy' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTaxonomy' ); if ( ! taxonomy_exists( $taxonomy ) ) @@ -1959,14 +2129,17 @@ $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array( 'public' => true ); - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomies' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTaxonomies' ); $taxonomies = get_taxonomies( $filter, 'objects' ); @@ -2028,14 +2201,24 @@ $password = $args[2]; $user_id = (int) $args[3]; - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** + * Filter the default user query fields used by the given XML-RPC method. + * + * @since 3.5.0 + * + * @param array $fields User query fields for given method. Default 'all'. + * @param string $method The method name. + */ $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUser' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getUser' ); if ( ! current_user_can( 'edit_user', $user_id ) ) @@ -2081,14 +2264,17 @@ $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array(); - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUsers' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getUsers' ); if ( ! current_user_can( 'list_users' ) ) @@ -2148,14 +2334,17 @@ $username = $args[1]; $password = $args[2]; - if ( isset( $args[3] ) ) + if ( isset( $args[3] ) ) { $fields = $args[3]; - else + } else { + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getProfile' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getProfile' ); if ( ! current_user_can( 'edit_user', $user->ID ) ) @@ -2199,6 +2388,7 @@ if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editProfile' ); if ( ! current_user_can( 'edit_user', $user->ID ) ) @@ -2272,7 +2462,8 @@ if ( !current_user_can( 'edit_page', $page_id ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit this page.' ) ); - do_action('xmlrpc_call', 'wp.getPage'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getPage' ); // If we found the page then format the data. if ( $page->ID && ($page->post_type == 'page') ) { @@ -2310,7 +2501,8 @@ if ( !current_user_can( 'edit_pages' ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit pages.' ) ); - do_action('xmlrpc_call', 'wp.getPages'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getPages' ); $pages = get_posts( array('post_type' => 'page', 'post_status' => 'any', 'numberposts' => $num_pages) ); $num_pages = count($pages); @@ -2350,7 +2542,8 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'wp.newPage'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.newPage' ); // Mark this as content for a page. $args[3]["post_type"] = 'page'; @@ -2378,7 +2571,8 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'wp.deletePage'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.deletePage' ); // Get the current page based on the page_id and // make sure it is a page and not a post. @@ -2395,6 +2589,14 @@ if ( !$result ) return(new IXR_Error(500, __('Failed to delete the page.'))); + /** + * Fires after a page has been successfully deleted via XML-RPC. + * + * @since 3.4.0 + * + * @param int $page_id ID of the deleted page. + * @param array $args An array of arguments to delete the page. + */ do_action( 'xmlrpc_call_success_wp_deletePage', $page_id, $args ); return(true); @@ -2420,7 +2622,8 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'wp.editPage'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.editPage' ); // Get the page data and make sure it is a page. $actual_page = get_post($page_id, ARRAY_A); @@ -2470,7 +2673,8 @@ if ( !current_user_can( 'edit_pages' ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit pages.' ) ); - do_action('xmlrpc_call', 'wp.getPageList'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getPageList' ); // Get list of pages ids and titles $page_list = $wpdb->get_results(" @@ -2521,7 +2725,8 @@ if ( !current_user_can('edit_posts') ) return(new IXR_Error(401, __('Sorry, you cannot edit posts on this site.'))); - do_action('xmlrpc_call', 'wp.getAuthors'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getAuthors' ); $authors = array(); foreach ( get_users( array( 'fields' => array('ID','user_login','display_name') ) ) as $user ) { @@ -2556,6 +2761,7 @@ if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view tags.' ) ); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getKeywords' ); $tags = array(); @@ -2595,7 +2801,8 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'wp.newCategory'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.newCategory' ); // Make sure the user is allowed to add a category. if ( !current_user_can('manage_categories') ) @@ -2632,6 +2839,14 @@ return(new IXR_Error(500, __('Sorry, the new category failed.'))); } + /** + * Fires after a new category has been successfully created via XML-RPC. + * + * @since 3.4.0 + * + * @param int $cat_id ID of the new category. + * @param array $args An array of new category arguments. + */ do_action( 'xmlrpc_call_success_wp_newCategory', $cat_id, $args ); return $cat_id; @@ -2656,15 +2871,25 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'wp.deleteCategory'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.deleteCategory' ); if ( !current_user_can('manage_categories') ) return new IXR_Error( 401, __( 'Sorry, you do not have the right to delete a category.' ) ); $status = wp_delete_term( $category_id, 'category' ); - if( true == $status ) + if ( true == $status ) { + /** + * Fires after a category has been successfully deleted via XML-RPC. + * + * @since 3.4.0 + * + * @param int $category_id ID of the deleted category. + * @param array $args An array of arguments to delete the category. + */ do_action( 'xmlrpc_call_success_wp_deleteCategory', $category_id, $args ); + } return $status; } @@ -2692,7 +2917,8 @@ if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts to this site in order to view categories.' ) ); - do_action('xmlrpc_call', 'wp.suggestCategories'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.suggestCategories' ); $category_suggestions = array(); $args = array('get' => 'all', 'number' => $max_results, 'name__like' => $category); @@ -2728,7 +2954,8 @@ if ( !current_user_can( 'moderate_comments' ) ) return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - do_action('xmlrpc_call', 'wp.getComment'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getComment' ); if ( ! $comment = get_comment($comment_id) ) return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); @@ -2769,7 +2996,8 @@ if ( !current_user_can( 'moderate_comments' ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) ); - do_action('xmlrpc_call', 'wp.getComments'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getComments' ); if ( isset($struct['status']) ) $status = $struct['status']; @@ -2835,12 +3063,22 @@ if ( !current_user_can( 'edit_comment', $comment_ID ) ) return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - do_action('xmlrpc_call', 'wp.deleteComment'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.deleteComment' ); $status = wp_delete_comment( $comment_ID ); - if( true == $status ) + if ( true == $status ) { + /** + * Fires after a comment has been successfully deleted via XML-RPC. + * + * @since 3.4.0 + * + * @param int $comment_ID ID of the deleted comment. + * @param array $args An array of arguments to delete the comment. + */ do_action( 'xmlrpc_call_success_wp_deleteComment', $comment_ID, $args ); + } return $status; } @@ -2890,7 +3128,8 @@ if ( !current_user_can( 'edit_comment', $comment_ID ) ) return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - do_action('xmlrpc_call', 'wp.editComment'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.editComment' ); if ( isset($content_struct['status']) ) { $statuses = get_comment_statuses(); @@ -2931,6 +3170,14 @@ if ( !$result ) return new IXR_Error(500, __('Sorry, the comment could not be edited. Something wrong happened.')); + /** + * Fires after a comment has been successfully updated via XML-RPC. + * + * @since 3.4.0 + * + * @param int $comment_ID ID of the updated comment. + * @param array $args An array of arguments to update the comment. + */ do_action( 'xmlrpc_call_success_wp_editComment', $comment_ID, $args ); return true; @@ -2955,7 +3202,15 @@ $post = $args[3]; $content_struct = $args[4]; - $allow_anon = apply_filters('xmlrpc_allow_anonymous_comments', false); + /** + * Filter whether to allow anonymous comments over XML-RPC. + * + * @since 2.7.0 + * + * @param bool $allow Whether to allow anonymous commenting via XML-RPC. + * Default false. + */ + $allow_anon = apply_filters( 'xmlrpc_allow_anonymous_comments', false ); $user = $this->login($username, $password); @@ -3014,10 +3269,19 @@ $comment['comment_content'] = isset($content_struct['content']) ? $content_struct['content'] : null; - do_action('xmlrpc_call', 'wp.newComment'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.newComment' ); $comment_ID = wp_new_comment( $comment ); + /** + * Fires after a new comment has been successfully created via XML-RPC. + * + * @since 3.4.0 + * + * @param int $comment_ID ID of the new comment. + * @param array $args An array of new comment arguments. + */ do_action( 'xmlrpc_call_success_wp_newComment', $comment_ID, $args ); return $comment_ID; @@ -3044,7 +3308,8 @@ if ( !current_user_can( 'moderate_comments' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); - do_action('xmlrpc_call', 'wp.getCommentStatusList'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getCommentStatusList' ); return get_comment_statuses(); } @@ -3071,7 +3336,8 @@ if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) ); - do_action('xmlrpc_call', 'wp.getCommentCount'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getCommentCount' ); $count = wp_count_comments( $post_id ); return array( @@ -3103,7 +3369,8 @@ if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); - do_action('xmlrpc_call', 'wp.getPostStatusList'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getPostStatusList' ); return get_post_statuses(); } @@ -3129,7 +3396,8 @@ if ( !current_user_can( 'edit_pages' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); - do_action('xmlrpc_call', 'wp.getPageStatusList'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getPageStatusList' ); return get_page_statuses(); } @@ -3286,7 +3554,8 @@ if ( !current_user_can( 'upload_files' ) ) return new IXR_Error( 403, __( 'You do not have permission to upload files.' ) ); - do_action('xmlrpc_call', 'wp.getMediaItem'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getMediaItem' ); if ( ! $attachment = get_post($attachment_id) ) return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); @@ -3331,7 +3600,8 @@ if ( !current_user_can( 'upload_files' ) ) return new IXR_Error( 401, __( 'You do not have permission to upload files.' ) ); - do_action('xmlrpc_call', 'wp.getMediaLibrary'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getMediaLibrary' ); $parent_id = ( isset($struct['parent_id']) ) ? absint($struct['parent_id']) : '' ; $mime_type = ( isset($struct['mime_type']) ) ? $struct['mime_type'] : '' ; @@ -3372,6 +3642,7 @@ if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostFormats' ); $formats = get_post_format_strings(); @@ -3427,14 +3698,24 @@ $password = $args[2]; $post_type_name = $args[3]; - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** + * Filter the default query fields used by the given XML-RPC method. + * + * @since 3.4.0 + * + * @param array $fields An array of post type query fields for the given method. + * @param string $method The method name. + */ $fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostType' ); + } if ( !$user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostType' ); if( ! post_type_exists( $post_type_name ) ) @@ -3473,14 +3754,17 @@ $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array( 'public' => true ); - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostTypes' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostTypes' ); $post_types = get_post_types( $filter, 'objects' ); @@ -3527,14 +3811,24 @@ $password = $args[2]; $post_id = (int) $args[3]; - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** + * Filter the default revision query fields used by the given XML-RPC method. + * + * @since 3.5.0 + * + * @param array $field An array of revision query fields. + * @param string $method The method name. + */ $fields = apply_filters( 'xmlrpc_default_revision_fields', array( 'post_date', 'post_date_gmt' ), 'wp.getRevisions' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getRevisions' ); if ( ! $post = get_post( $post_id ) ) @@ -3596,6 +3890,7 @@ if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.restoreRevision' ); if ( ! $revision = wp_get_post_revision( $revision_id ) ) @@ -3645,7 +3940,8 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'blogger.getUsersBlogs'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'blogger.getUsersBlogs' ); $is_admin = current_user_can('manage_options'); @@ -3712,7 +4008,8 @@ if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this site.' ) ); - do_action('xmlrpc_call', 'blogger.getUserInfo'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'blogger.getUserInfo' ); $struct = array( 'nickname' => $user->nickname, @@ -3751,7 +4048,8 @@ if ( !current_user_can( 'edit_post', $post_ID ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) ); - do_action('xmlrpc_call', 'blogger.getPost'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'blogger.getPost' ); $categories = implode(',', wp_get_post_categories($post_ID)); @@ -3796,7 +4094,8 @@ if ( ! current_user_can( 'edit_posts' ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit posts on this site.' ) ); - do_action('xmlrpc_call', 'blogger.getRecentPosts'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'blogger.getRecentPosts' ); $posts_list = wp_get_recent_posts( $query ); @@ -3874,7 +4173,8 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'blogger.newPost'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'blogger.newPost' ); $cap = ($publish) ? 'publish_posts' : 'edit_posts'; if ( ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) || !current_user_can($cap) ) @@ -3902,6 +4202,14 @@ $this->attach_uploads( $post_ID, $post_content ); + /** + * Fires after a new post has been successfully created via the XML-RPC Blogger API. + * + * @since 3.4.0 + * + * @param int $post_ID ID of the new post. + * @param array $args An array of new post arguments. + */ do_action( 'xmlrpc_call_success_blogger_newPost', $post_ID, $args ); return $post_ID; @@ -3928,7 +4236,8 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'blogger.editPost'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'blogger.editPost' ); $actual_post = get_post($post_ID,ARRAY_A); @@ -3958,6 +4267,14 @@ $this->attach_uploads( $ID, $post_content ); + /** + * Fires after a post has been successfully updated via the XML-RPC Blogger API. + * + * @since 3.4.0 + * + * @param int $post_ID ID of the updated post. + * @param array $args An array of arguments for the post to edit. + */ do_action( 'xmlrpc_call_success_blogger_editPost', $post_ID, $args ); return true; @@ -3982,7 +4299,8 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'blogger.deletePost'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'blogger.deletePost' ); $actual_post = get_post($post_ID,ARRAY_A); @@ -3997,6 +4315,14 @@ if ( !$result ) return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be deleted.')); + /** + * Fires after a post has been successfully deleted via the XML-RPC Blogger API. + * + * @since 3.4.0 + * + * @param int $post_ID ID of the deleted post. + * @param array $args An array of arguments to delete the post. + */ do_action( 'xmlrpc_call_success_blogger_deletePost', $post_ID, $args ); return true; @@ -4053,7 +4379,8 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'metaWeblog.newPost'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'metaWeblog.newPost' ); $page_template = ''; if ( !empty( $content_struct['post_type'] ) ) { @@ -4307,6 +4634,14 @@ if ( !$post_ID ) return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.')); + /** + * Fires after a new post has been successfully created via the XML-RPC MovableType API. + * + * @since 3.4.0 + * + * @param int $post_ID ID of the new post. + * @param array $args An array of arguments to create the new post. + */ do_action( 'xmlrpc_call_success_mw_newPost', $post_ID, $args ); return strval($post_ID); @@ -4372,7 +4707,8 @@ if ( ! $user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'metaWeblog.editPost'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'metaWeblog.editPost' ); $postdata = get_post( $post_ID, ARRAY_A ); @@ -4615,6 +4951,14 @@ if ( isset( $content_struct['wp_post_format'] ) ) set_post_format( $post_ID, $content_struct['wp_post_format'] ); + /** + * Fires after a post has been successfully updated via the XML-RPC MovableType API. + * + * @since 3.4.0 + * + * @param int $post_ID ID of the updated post. + * @param array $args An array of arguments to update the post. + */ do_action( 'xmlrpc_call_success_mw_editPost', $post_ID, $args ); return true; @@ -4646,7 +4990,8 @@ if ( !current_user_can( 'edit_post', $post_ID ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) ); - do_action('xmlrpc_call', 'metaWeblog.getPost'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'metaWeblog.getPost' ); if ($postdata['post_date'] != '') { $post_date = $this->_convert_date( $postdata['post_date'] ); @@ -4770,7 +5115,8 @@ if ( ! current_user_can( 'edit_posts' ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit posts on this site.' ) ); - do_action('xmlrpc_call', 'metaWeblog.getRecentPosts'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'metaWeblog.getRecentPosts' ); $posts_list = wp_get_recent_posts( $query ); @@ -4885,7 +5231,8 @@ if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) ); - do_action('xmlrpc_call', 'metaWeblog.getCategories'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'metaWeblog.getCategories' ); $categories_struct = array(); @@ -4933,15 +5280,27 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'metaWeblog.newMediaObject'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'metaWeblog.newMediaObject' ); if ( !current_user_can('upload_files') ) { $this->error = new IXR_Error( 401, __( 'You do not have permission to upload files.' ) ); return $this->error; } - if ( $upload_err = apply_filters( 'pre_upload_error', false ) ) - return new IXR_Error(500, $upload_err); + /** + * Filter whether to preempt the XML-RPC media upload. + * + * Passing a truthy value will effectively short-circuit the media upload, + * returning that value as a 500 error instead. + * + * @since 2.1.0 + * + * @param bool $error Whether to pre-empt the media upload. Default false. + */ + if ( $upload_err = apply_filters( 'pre_upload_error', false ) ) { + return new IXR_Error( 500, $upload_err ); + } if ( !empty($data['overwrite']) && ($data['overwrite'] == true) ) { // Get postmeta info on the object. @@ -4987,6 +5346,14 @@ $id = wp_insert_attachment( $attachment, $upload[ 'file' ], $post_id ); wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $upload['file'] ) ); + /** + * Fires after a new attachment has been added via the XML-RPC MovableType API. + * + * @since 3.4.0 + * + * @param int $id ID of the new attachment. + * @param array $args An array of arguments to add the attachment. + */ do_action( 'xmlrpc_call_success_mw_newMediaObject', $id, $args ); $struct = array( @@ -5027,7 +5394,8 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'mt.getRecentPostTitles'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'mt.getRecentPostTitles' ); $posts_list = wp_get_recent_posts( $query ); @@ -5086,7 +5454,8 @@ if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) ); - do_action('xmlrpc_call', 'mt.getCategoryList'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'mt.getCategoryList' ); $categories_struct = array(); @@ -5127,7 +5496,8 @@ if ( !current_user_can( 'edit_post', $post_ID ) ) return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); - do_action('xmlrpc_call', 'mt.getPostCategories'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'mt.getPostCategories' ); $categories = array(); $catids = wp_get_post_categories(intval($post_ID)); @@ -5165,7 +5535,8 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'mt.setPostCategories'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'mt.setPostCategories' ); if ( ! get_post( $post_ID ) ) return new IXR_Error( 404, __( 'Invalid post ID.' ) ); @@ -5193,7 +5564,8 @@ */ function mt_supportedMethods($args) { - do_action('xmlrpc_call', 'mt.supportedMethods'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'mt.supportedMethods' ); $supported_methods = array(); foreach ( $this->methods as $key => $value ) { @@ -5211,8 +5583,17 @@ * @param array $args Method parameters. */ function mt_supportedTextFilters($args) { - do_action('xmlrpc_call', 'mt.supportedTextFilters'); - return apply_filters('xmlrpc_text_filters', array()); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'mt.supportedTextFilters' ); + + /** + * Filter the MoveableType text filters list for XML-RPC. + * + * @since 2.2.0 + * + * @param array $filters An array of text filters. + */ + return apply_filters( 'xmlrpc_text_filters', array() ); } /** @@ -5229,7 +5610,8 @@ $post_ID = intval($args); - do_action('xmlrpc_call', 'mt.getTrackbackPings'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'mt.getTrackbackPings' ); $actual_post = get_post($post_ID, ARRAY_A); @@ -5276,7 +5658,8 @@ if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'mt.publishPost'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'mt.publishPost' ); $postdata = get_post($post_ID, ARRAY_A); if ( ! $postdata ) @@ -5312,7 +5695,8 @@ function pingback_ping($args) { global $wpdb; - do_action('xmlrpc_call', 'pingback.ping'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'pingback.ping' ); $this->escape($args); @@ -5325,7 +5709,16 @@ $pagelinkedto = str_replace('&', '&', $pagelinkedto); $pagelinkedto = str_replace('&', '&', $pagelinkedto); + /** + * Filter the pingback source URI. + * + * @since 3.6.0 + * + * @param string $pagelinkedfrom URI of the page linked from. + * @param string $pagelinkedto URI of the page linked to. + */ $pagelinkedfrom = apply_filters( 'pingback_ping_source_uri', $pagelinkedfrom, $pagelinkedto ); + if ( ! $pagelinkedfrom ) return $this->pingback_error( 0, __( 'A valid URL was not provided.' ) ); @@ -5404,9 +5797,17 @@ $linea = wp_remote_retrieve_body( wp_safe_remote_get( $pagelinkedfrom, $http_api_args ) ); if ( !$linea ) - return $this->pingback_error( 16, __( 'The source URL does not exist.' ) ); + return $this->pingback_error( 16, __( 'The source URL does not exist.' ) ); - $linea = apply_filters('pre_remote_source', $linea, $pagelinkedto); + /** + * Filter the pingback remote source. + * + * @since 2.5.0 + * + * @param string $linea Response object for the page linked from. + * @param string $pagelinkedto URL of the page linked to. + */ + $linea = apply_filters( 'pre_remote_source', $linea, $pagelinkedto ); // Work around bug in strip_tags(): $linea = str_replace('escape($args); @@ -5524,6 +5934,13 @@ } protected function pingback_error( $code, $message ) { + /** + * Filter the XML-RPC pingback error return. + * + * @since 3.5.1 + * + * @param IXR_Error $error An IXR_Error object containing the error code and message. + */ return apply_filters( 'xmlrpc_pingback_error', new IXR_Error( $code, $message ) ); } }