Navigation

← Previous Changeset
Next Changeset →

Changeset 6714

Timestamp:

02/04/08 18:35:05 (6 months ago)

Author:

ryan

Message:

More cap checks from josephscott. see #5313

Files:

trunk/xmlrpc.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/xmlrpc.php

r6709	r6714
1129	1129	return $this->error;
1130	1130	}
	1131	$user = set_current_user(0, $user_login);
1131	1132
1132	1133	do_action('xmlrpc_call', 'metaWeblog.newPost');
1133	1134
1134		$cap = ($publish) ? 'publish_posts' : 'edit_posts';
1135		$user = set_current_user(0, $user_login);
1136		if ( !current_user_can($cap) )
1137		return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.'));
1138
1139		// The post_type defaults to post, but could also be page.
1140		$post_type = "post";
1141		if(
1142		!empty($content_struct["post_type"])
1143		&& ($content_struct["post_type"] == "page")
1144		) {
1145		$post_type = "page";
	1135	$cap = ( $publish ) ? 'publish_posts' : 'edit_posts';
	1136	$error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' );
	1137	$post_type = 'post';
	1138	if( !empty( $content_struct['post_type'] ) ) {
	1139	if( $content_struct['post_type'] == 'page' ) {
	1140	$cap = ( $publish ) ? 'publish_pages' : 'edit_pages';
	1141	$error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' );
	1142	$post_type = 'page';
	1143	}
	1144	elseif( $content_type['post_type'] == 'post' ) {
	1145	// This is the default, no changes needed
	1146	}
	1147	else {
	1148	// No other post_type values are allowed here
	1149	return new IXR_Error( 401, __( 'Invalid post type.' ) );
	1150	}
	1151	}
	1152
	1153	if( !current_user_can( $cap ) ) {
	1154	return new IXR_Error( 401, $error_message );
1146	1155	}
1147	1156
…	…
1369	1378	return $this->error;
1370	1379	}
	1380	$user = set_current_user(0, $user_login);
1371	1381
1372	1382	do_action('xmlrpc_call', 'metaWeblog.editPost');
1373	1383
1374		$user = set_current_user(0, $user_login);
1375
1376		// The post_type defaults to post, but could also be page.
1377		$post_type = "post";
1378		if(
1379		!empty($content_struct["post_type"])
1380		&& ($content_struct["post_type"] == "page")
1381		) {
1382		if( !current_user_can( 'edit_page', $post_ID ) ) {
1383		return(new IXR_Error(401, __("Sorry, you do not have the right to edit this page.")));
1384		}
1385
1386		$post_type = "page";
1387		}
1388
1389		if ( ( 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) )
1390		return new IXR_Error(401, __('Sorry, you can not edit this post.'));
	1384	$cap = ( $publish ) ? 'publish_posts' : 'edit_posts';
	1385	$error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' );
	1386	$post_type = 'post';
	1387	if( !empty( $content_struct['post_type'] ) ) {
	1388	if( $content_struct['post_type'] == 'page' ) {
	1389	$cap = ( $publish ) ? 'publish_pages' : 'edit_pages';
	1390	$error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' );
	1391	$post_type = 'page';
	1392	}
	1393	elseif( $content_type['post_type'] == 'post' ) {
	1394	// This is the default, no changes needed
	1395	}
	1396	else {
	1397	// No other post_type values are allowed here
	1398	return new IXR_Error( 401, __( 'Invalid post type.' ) );
	1399	}
	1400	}
	1401
	1402	if( !current_user_can( $cap ) ) {
	1403	return new IXR_Error( 401, $error_message );
	1404	}
1391	1405
1392	1406	$postdata = wp_get_single_post($post_ID, ARRAY_A);

Download in other formats: