Ticket #5313: 2.3-xmlrpc.php.diff

File 2.3-xmlrpc.php.diff, 3.2 kB (added by josephscott, 5 months ago)
Patch against 2.3-branch

xmlrpc.php

old	new
975	975	if (!$this->login_pass_ok($user_login, $user_pass)) {
976	976	return $this->error;
977	977	}
978
979		~~$cap = ($publish) ? 'publish_posts' : 'edit_posts';~~
980	978	$user = set_current_user(0, $user_login);
981		~~if ( !current_user_can($cap) )~~
982		~~return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.'));~~
983	979
984		// The post_type defaults to post, but could also be page.
985		$post_type = "post";
986		if(
987		!empty($content_struct["post_type"])
988		&& ($content_struct["post_type"] == "page")
989		) {
990		$post_type = "page";
	980	$cap = ( $publish ) ? 'publish_posts' : 'edit_posts';
	981	$error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' );
	982	$post_type = 'post';
	983	if( !empty( $content_struct['post_type'] ) ) {
	984	if( $content_struct['post_type'] == 'page' ) {
	985	$cap = ( $publish ) ? 'publish_pages' : 'edit_pages';
	986	$error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' );
	987	$post_type = 'page';
	988	}
	989	elseif( $content_type['post_type'] == 'post' ) {
	990	// This is the default, no changes needed
	991	}
	992	else {
	993	// No other post_type values are allowed here
	994	return new IXR_Error( 401, __( 'Invalid post type.' ) );
	995	}
991	996	}
992	997
	998	if( !current_user_can( $cap ) ) {
	999	return new IXR_Error( 401, $error_message );
	1000	}
	1001
993	1002	// Let WordPress generate the post_name (slug) unless
994	1003	// one has been provided.
995	1004	$post_name = "";
…	…
1187	1196	if (!$this->login_pass_ok($user_login, $user_pass)) {
1188	1197	return $this->error;
1189	1198	}
1190
1191	1199	$user = set_current_user(0, $user_login);
1192	1200
1193		~~// The post_type defaults to post, but could also be page.~~
1194		$~~post_type = "post"~~;
1195		~~if(~~
1196		~~!empty($content_struct["post_type"])~~
1197		~~&& ($content_struct["post_type"] == "page")~~
1198		~~) {~~
1199		~~if( !current_user_can( 'edit_page', $post_ID ) ) {~~
1200		~~return(new IXR_Error(401, __("Sorry, you do not have the right to edit this page.")))~~;
	1201	$cap = ( $publish ) ? 'publish_posts' : 'edit_posts';
	1202	$error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' );
	1203	$post_type = 'post';
	1204	if( !empty( $content_struct['post_type'] ) ) {
	1205	if( $content_struct['post_type'] == 'page' ) {
	1206	$cap = ( $publish ) ? 'publish_pages' : 'edit_pages';
	1207	$error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' );
	1208	$post_type = 'page';
1201	1209	}
	1210	elseif( $content_type['post_type'] == 'post' ) {
	1211	// This is the default, no changes needed
	1212	}
	1213	else {
	1214	// No other post_type values are allowed here
	1215	return new IXR_Error( 401, __( 'Invalid post type.' ) );
	1216	}
	1217	}
1202	1218
1203		$post_type = "page";
	1219	if( !current_user_can( $cap ) ) {
	1220	return new IXR_Error( 401, $error_message );
1204	1221	}
1205	1222
1206		~~// Edit page caps are checked in editPage. Just check post here.~~
1207		~~if ( ( 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) )~~
1208		~~return new IXR_Error(401, __('Sorry, you can not edit this post.'));~~
1209
1210	1223	$postdata = wp_get_single_post($post_ID, ARRAY_A);
1211	1224
1212	1225	// If there is no post data for the give post id, stop

Download in other formats:

Original Format