mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-03-31 10:44:26 +00:00
Make the xmlrpc user the current user. fixes #2273
git-svn-id: https://develop.svn.wordpress.org/trunk@3430 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
55
xmlrpc.php
55
xmlrpc.php
@@ -1,5 +1,10 @@
|
||||
<?php
|
||||
|
||||
define('XMLRPC_REQUEST', true);
|
||||
|
||||
// Some browser-embedded clients send cookies. We don't want them.
|
||||
$_COOKIE = array();
|
||||
|
||||
# fix for mozBlog and other cases where '<?xml' isn't on the very first line
|
||||
$HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA);
|
||||
|
||||
@@ -179,8 +184,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
$is_admin = $user->has_cap('level_8');
|
||||
set_current_user(0, $user_login);
|
||||
$is_admin = current_user_can('level_8');
|
||||
|
||||
$struct = array(
|
||||
'isAdmin' => $is_admin,
|
||||
@@ -188,7 +193,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
'blogid' => '1',
|
||||
'blogName' => get_settings('blogname')
|
||||
);
|
||||
|
||||
error_log(print_r($struct,1), 3, '/tmp/xmlrpc');
|
||||
return array($struct);
|
||||
}
|
||||
|
||||
@@ -317,8 +322,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_themes') ) {
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_themes') ) {
|
||||
return new IXR_Error(401, 'Sorry, this user can not edit the template.');
|
||||
}
|
||||
|
||||
@@ -352,8 +357,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_themes') ) {
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_themes') ) {
|
||||
return new IXR_Error(401, 'Sorry, this user can not edit the template.');
|
||||
}
|
||||
|
||||
@@ -390,9 +395,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
}
|
||||
|
||||
$cap = ($publish) ? 'publish_posts' : 'edit_posts';
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap($cap) )
|
||||
$user = set_current_user(0, $user_login);
|
||||
if ( !current_user_can($cap) )
|
||||
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
|
||||
|
||||
$post_status = ($publish) ? 'publish' : 'draft';
|
||||
@@ -445,8 +449,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
$this->escape($actual_post);
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.');
|
||||
|
||||
extract($actual_post);
|
||||
@@ -489,8 +493,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return new IXR_Error(404, 'Sorry, no such post.');
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, 'Sorry, you do not have the right to delete this post.');
|
||||
|
||||
$result = wp_delete_post($post_ID);
|
||||
@@ -525,8 +529,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('publish_posts') )
|
||||
$user = set_current_user(0, $user_login);
|
||||
if ( !current_user_can('publish_posts') )
|
||||
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
|
||||
|
||||
$post_author = $user->ID;
|
||||
@@ -605,8 +609,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
||||
|
||||
$postdata = wp_get_single_post($post_ID, ARRAY_A);
|
||||
@@ -844,9 +848,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
if ( !$this->login_pass_ok($user_login, $user_pass) )
|
||||
return $this->error;
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
|
||||
if ( !$user->has_cap('upload_files') ) {
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('upload_files') ) {
|
||||
logIO('O', '(MW) User does not have upload_files capability');
|
||||
$this->error = new IXR_Error(401, 'You are not allowed to upload files to this site.');
|
||||
return $this->error;
|
||||
@@ -984,8 +987,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
||||
|
||||
foreach($categories as $cat) {
|
||||
@@ -1066,8 +1069,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
||||
|
||||
$postdata = wp_get_single_post($post_ID,ARRAY_A);
|
||||
@@ -1282,4 +1285,4 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
|
||||
$wp_xmlrpc_server = new wp_xmlrpc_server();
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user