Changes from tags/2.3.1 at r6528 to tags/2.3.2 at r6528
- Location:
- tags/2.3.2
- Files:
-
- 16 edited
Legend:
- Unmodified
- Added
- Removed
-
tags/2.3.2/wp-admin/admin.php
r6528 r6528 1 1 <?php 2 define('WP_ADMIN', TRUE); 3 2 4 if ( defined('ABSPATH') ) 3 5 require_once( ABSPATH . 'wp-config.php'); -
tags/2.3.2/wp-admin/includes/file.php
r6528 r6528 44 44 45 45 function validate_file( $file, $allowed_files = '' ) { 46 if ( false !== strpos( $file, '..' )) 47 return 1; 48 46 49 if ( false !== strpos( $file, './' )) 47 50 return 1; -
tags/2.3.2/wp-admin/install.php
r6528 r6528 14 14 else 15 15 $step = 0; 16 function display_header(){ 16 17 header( 'Content-Type: text/html; charset=utf-8' ); 17 18 ?> … … 25 26 <body> 26 27 <h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1> 28 27 29 <?php 30 }//end function display_header(); 31 28 32 // Let's check to make sure WP isn't already installed. 29 if ( is_blog_installed() ) die('<h1>'.__('Already Installed').'</h1><p>'.__('You appear to have already installed WordPress. To reinstall please clear your old database tables first.').'</p></body></html>');33 if ( is_blog_installed() ) {display_header(); die('<h1>'.__('Already Installed').'</h1><p>'.__('You appear to have already installed WordPress. To reinstall please clear your old database tables first.').'</p></body></html>');} 30 34 31 35 switch($step) { 32 36 case 0: 33 37 case 1: // in case people are directly linking to this 38 display_header(); 34 39 ?> 35 40 <h1><?php _e('Welcome'); ?></h1> … … 62 67 break; 63 68 case 2: 69 if ( !empty($wpdb->error) ) 70 wp_die($wpdb->error->get_error_message()); 71 72 display_header(); 64 73 // Fill in the data we gathered 65 74 $weblog_title = stripslashes($_POST['weblog_title']); … … 75 84 } 76 85 77 $result = wp_install($weblog_title, 'admin', $admin_email, $public); 78 extract($result, EXTR_SKIP); 86 $wpdb->show_errors(); 87 $result = wp_install($weblog_title, 'admin', $admin_email, $public); 88 extract($result, EXTR_SKIP); 79 89 ?> 80 90 -
tags/2.3.2/wp-admin/setup-config.php
r6528 r6528 4 4 require_once('../wp-includes/compat.php'); 5 5 require_once('../wp-includes/functions.php'); 6 require_once('../wp-includes/classes.php'); 6 7 7 8 if (!file_exists('../wp-config-sample.php')) … … 162 163 // We'll fail here if the values are no good. 163 164 require_once('../wp-includes/wp-db.php'); 165 if ( !empty($wpdb->error) ) 166 wp_die($wpdb->error->get_error_message()); 167 164 168 $handle = fopen('../wp-config.php', 'w'); 165 169 -
tags/2.3.2/wp-app.php
r6528 r6528 160 160 function get_service() { 161 161 log_app('function','get_service()'); 162 163 if( !current_user_can( 'edit_posts' ) ) 164 $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); 165 162 166 $entries_url = attribute_escape($this->get_entries_url()); 163 167 $categories_url = attribute_escape($this->get_categories_url()); … … 189 193 190 194 function get_categories_xml() { 191 192 195 log_app('function','get_categories_xml()'); 196 197 if( !current_user_can( 'edit_posts' ) ) 198 $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) ); 199 193 200 $home = attribute_escape(get_bloginfo_rss('home')); 194 201 … … 283 290 284 291 function get_post($postID) { 285 286 292 global $entry; 293 294 if( !current_user_can( 'edit_post', $postID ) ) 295 $this->auth_required( __( 'Sorry, you do not have the right to access this post.' ) ); 296 287 297 $this->set_current_entry($postID); 288 298 $output = $this->get_entry($postID); … … 373 383 374 384 function get_attachment($postID = NULL) { 375 376 global $entry; 385 if( !current_user_can( 'upload_files' ) ) 386 $this->auth_required( __( 'Sorry, you do not have the right to file uploads on this blog.' ) ); 387 377 388 if (!isset($postID)) { 378 389 $this->get_attachments(); … … 495 506 496 507 $location = get_post_meta($entry['ID'], '_wp_attached_file', true); 508 $filetype = wp_check_filetype($location); 509 510 if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext'])) 511 $this->internal_error(__('Error ocurred while accessing post metadata for file location.')); 497 512 498 513 // delete file … … 796 811 <author> 797 812 <name><?php the_author()?></name> 798 <email><?php the_author_email()?></email>799 813 <?php if (get_the_author_url() && get_the_author_url() != 'http://') { ?> 800 814 <uri><?php the_author_url()?></uri> -
tags/2.3.2/wp-includes/formatting.php
r6528 r6528 623 623 } 624 624 625 function _make_url_clickable_cb($matches) { 626 $url = $matches[2]; 627 $url = clean_url($url); 628 if ( empty($url) ) 629 return $matches[0]; 630 return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>"; 631 } 632 633 function _make_web_ftp_clickable_cb($matches) { 634 $dest = $matches[2]; 635 $dest = 'http://' . $dest; 636 $dest = clean_url($dest); 637 if ( empty($dest) ) 638 return $matches[0]; 639 640 return $matches[1] . "<a href=\"$dest\" rel=\"nofollow\">$dest</a>"; 641 } 642 643 function _make_email_clickable_cb($matches) { 644 $email = $matches[2] . '@' . $matches[3]; 645 return $matches[1] . "<a href=\"mailto:$email\">$email</a>"; 646 } 647 625 648 function make_clickable($ret) { 626 649 $ret = ' ' . $ret; 627 650 // in testing, using arrays here was found to be faster 628 $ret = preg_replace( 629 array( 630 '#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', 631 '#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', 632 '#([\s>])([a-z0-9\-_.]+)@([^,< \n\r]+)#i'), 633 array( 634 '$1<a href="$2" rel="nofollow">$2</a>', 635 '$1<a href="http://$2" rel="nofollow">$2</a>', 636 '$1<a href="mailto:$2@$3">$2@$3</a>'),$ret); 651 $ret = preg_replace_callback('#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_url_clickable_cb', $ret); 652 $ret = preg_replace_callback('#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_web_ftp_clickable_cb', $ret); 653 $ret = preg_replace_callback('#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret); 637 654 // this one is not in an array because we need it to run last, for cleanup of accidental links within links 638 655 $ret = preg_replace("#(<a( [^>]+?>|>))<a [^>]+?>([^>]+?)</a></a>#i", "$1$3</a>", $ret); -
tags/2.3.2/wp-includes/functions.php
r6528 r6528 199 199 if ( false === $value ) { 200 200 if ( defined('WP_INSTALLING') ) 201 $ wpdb->hide_errors();201 $show = $wpdb->hide_errors(); 202 202 $row = $wpdb->get_row("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1"); 203 203 if ( defined('WP_INSTALLING') ) 204 $wpdb->show_errors( );204 $wpdb->show_errors($show); 205 205 206 206 if( is_object( $row) ) { // Has to be get_row instead of get_var because of funkiness with 0, false, null values … … 237 237 function get_alloptions() { 238 238 global $wpdb, $wp_queries; 239 $ wpdb->hide_errors();239 $show = $wpdb->hide_errors(); 240 240 if ( !$options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'") ) { 241 241 $options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options"); 242 242 } 243 $wpdb->show_errors( );243 $wpdb->show_errors($show); 244 244 245 245 foreach ($options as $option) { … … 264 264 265 265 if ( !$alloptions ) { 266 $ wpdb->hide_errors();266 $show = $wpdb->hide_errors(); 267 267 if ( !$alloptions_db = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'") ) 268 268 $alloptions_db = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options"); 269 $wpdb->show_errors( );269 $wpdb->show_errors($show); 270 270 $alloptions = array(); 271 271 foreach ( (array) $alloptions_db as $o ) … … 893 893 function is_blog_installed() { 894 894 global $wpdb; 895 $ wpdb->hide_errors();895 $show = $wpdb->hide_errors(); 896 896 $installed = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'"); 897 $wpdb->show_errors( );897 $wpdb->show_errors($show); 898 898 899 899 $install_status = !empty( $installed ) ? TRUE : FALSE; … … 1420 1420 } 1421 1421 1422 function dead_db() { 1423 global $wpdb; 1424 1425 // Load custom DB error template, if present. 1426 if ( file_exists( ABSPATH . 'wp-content/db-error.php' ) ) { 1427 require_once( ABSPATH . 'wp-content/db-error.php' ); 1428 die(); 1429 } 1430 1431 // If installing or in the admin, provide the verbose message. 1432 if ( defined('WP_INSTALLING') || defined('WP_ADMIN') ) 1433 wp_die($wpdb->error); 1434 1435 // Otherwise, be terse. 1436 status_header( 500 ); 1437 nocache_headers(); 1438 header( 'Content-Type: text/html; charset=utf-8' ); 1422 1439 ?> 1440 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 1441 <html xmlns="http://www.w3.org/1999/xhtml" <?php if ( function_exists( 'language_attributes' ) ) language_attributes(); ?>> 1442 <head> 1443 <title>Database Error</title> 1444 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 1445 </head> 1446 <body> 1447 <h1>Error establishing a database connection</h1> 1448 </body> 1449 </html> 1450 <?php 1451 die(); 1452 } 1453 1454 ?> -
tags/2.3.2/wp-includes/pluggable.php
r6528 r6528 73 73 return false; 74 74 75 $ wpdb->hide_errors();75 $show = $wpdb->hide_errors(); 76 76 $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'"); 77 $wpdb->show_errors( );77 $wpdb->show_errors($show); 78 78 79 79 if ($metavalues) { -
tags/2.3.2/wp-includes/post.php
r6528 r6528 429 429 430 430 function sanitize_post($post, $context = 'display') { 431 432 if ( 'raw' == $context ) 433 return $post; 434 431 435 // TODO: Use array keys instead of hard coded list 432 436 $fields = array('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_date', 'post_date_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'post_category'); … … 1140 1144 $meta_key = ''; 1141 1145 $meta_value = ''; 1146 $hierarchical = false; 1142 1147 $incpages = preg_split('/[\s,]+/',$include); 1143 1148 if ( count($incpages) ) { -
tags/2.3.2/wp-includes/query.php
r6528 r6528 33 33 34 34 function is_admin () { 35 global $wp_query;36 37 return ($wp_query->is_admin || (stripos($_SERVER['REQUEST_URI'], 'wp-admin/') !== false));35 if ( defined('WP_ADMIN') ) 36 return WP_ADMIN; 37 return false; 38 38 } 39 39 … … 643 643 $this->is_preview = true; 644 644 645 if ( strpos($_SERVER['PHP_SELF'], 'wp-admin/') !== false)645 if ( is_admin() ) 646 646 $this->is_admin = true; 647 647 -
tags/2.3.2/wp-includes/taxonomy.php
r6528 r6528 664 664 */ 665 665 function sanitize_term($term, $taxonomy, $context = 'display') { 666 667 if ( 'raw' == $context ) 668 return $term; 669 666 670 $fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group'); 667 671 -
tags/2.3.2/wp-includes/version.php
r6528 r6528 3 3 // This holds the version number in a separate file so we can bump it without cluttering the SVN 4 4 5 $wp_version = '2.3. 1';5 $wp_version = '2.3.2'; 6 6 $wp_db_version = 6124; 7 7 -
tags/2.3.2/wp-includes/wp-db.php
r6528 r6528 16 16 class wpdb { 17 17 18 var $show_errors = true;18 var $show_errors = false; 19 19 var $num_queries = 0; 20 20 var $last_query; 21 21 var $col_info; 22 22 var $queries; 23 var $ready = false; 23 24 24 25 // Our tables … … 57 58 register_shutdown_function(array(&$this, "__destruct")); 58 59 60 if ( defined('WP_DEBUG') and WP_DEBUG == true ) 61 $this->show_errors(); 62 59 63 if ( defined('DB_CHARSET') ) 60 64 $this->charset = DB_CHARSET; … … 75 79 <p>If you're unsure what these terms mean you should probably contact your host. If you still need help you can always visit the <a href='http://wordpress.org/support/'>WordPress Support Forums</a>.</p> 76 80 "); 77 } 81 return; 82 } 83 84 $this->ready = true; 78 85 79 86 if ( !empty($this->charset) && version_compare(mysql_get_server_info(), '4.1.0', '>=') ) … … 93 100 function select($db) { 94 101 if (!@mysql_select_db($db, $this->dbh)) { 102 $this->ready = false; 95 103 $this->bail(" 96 104 <h1>Can’t select database</h1> … … 98 106 <ul> 99 107 <li>Are you sure it exists?</li> 108 <li>Does the user <code>".DB_USER."</code> have permission to use the <code>$db</code> database?</li> 100 109 <li>On some systems the name of your database is prefixed with your username, so it would be like username_wordpress. Could that be the problem?</li> 101 110 </ul> 102 111 <p>If you don't know how to setup a database you should <strong>contact your host</strong>. If all else fails you may find help at the <a href='http://wordpress.org/support/'>WordPress Support Forums</a>.</p>"); 112 return; 103 113 } 104 114 } … … 150 160 array ('query' => $this->last_query, 'error_str' => $str); 151 161 162 $error_str = "WordPress database error $str for query $this->last_query"; 163 error_log($error_str, 0); 164 165 // Is error output turned on or not.. 166 if ( !$this->show_errors ) 167 return false; 168 152 169 $str = htmlspecialchars($str, ENT_QUOTES); 153 170 $query = htmlspecialchars($this->last_query, ENT_QUOTES); 154 // Is error output turned on or not.. 155 if ( $this->show_errors ) { 156 // If there is an error then take note of it 157 print "<div id='error'> 158 <p class='wpdberror'><strong>WordPress database error:</strong> [$str]<br /> 159 <code>$query</code></p> 160 </div>"; 161 } else { 162 return false; 163 } 171 172 // If there is an error then take note of it 173 print "<div id='error'> 174 <p class='wpdberror'><strong>WordPress database error:</strong> [$str]<br /> 175 <code>$query</code></p> 176 </div>"; 164 177 } 165 178 … … 167 180 // Turn error handling on or off.. 168 181 169 function show_errors() { 170 $this->show_errors = true; 182 function show_errors( $show = true ) { 183 $errors = $this->show_errors; 184 $this->show_errors = $show; 185 return $errors; 171 186 } 172 187 173 188 function hide_errors() { 189 $show = $this->show_errors; 174 190 $this->show_errors = false; 191 return $show; 175 192 } 176 193 … … 188 205 189 206 function query($query) { 207 if ( ! $this->ready ) 208 return false; 209 190 210 // filter the query, if filters are available 191 211 // NOTE: some queries are made before the plugins have been loaded, and thus cannot be filtered with this method … … 400 420 */ 401 421 function bail($message) { // Just wraps errors in a nice header and footer 402 if ( !$this->show_errors ) 422 if ( !$this->show_errors ) { 423 if ( class_exists('WP_Error') ) 424 $this->error = new WP_Error('500', $message); 425 else 426 $this->error = $message; 403 427 return false; 428 } 404 429 wp_die($message); 405 430 } -
tags/2.3.2/wp-mail.php
r6528 r6528 13 13 14 14 if (!$pop3->connect(get_option('mailserver_url'), get_option('mailserver_port'))) 15 wp_die( $pop3->ERROR);15 wp_die(wp_specialchars($pop3->ERROR)); 16 16 17 17 $count = $pop3->login(get_option('mailserver_login'), get_option('mailserver_pass')); … … 130 130 $content[1] ? $content = $content[1] : $content = $content[0]; 131 131 132 echo "<p><b>Content-type:</b> $content_type, <b>Content-Transfer-Encoding:</b> $content_transfer_encoding, <b>boundary:</b> $boundary</p>\n";133 echo "<p><b>Raw content:</b><br /><pre>".$content.'</pre></p>';134 135 132 $content = trim($content); 136 133 … … 162 159 do_action('publish_phone', $post_ID); 163 160 164 echo "\n<p><b>Author:</b> $post_author</p>"; 165 echo "\n<p><b>Posted title:</b> $post_title<br />"; 166 echo "\n<b>Posted content:</b><br /><pre>".$content.'</pre></p>'; 161 echo "\n<p><b>Author:</b> " . wp_specialchars($post_author) . "</p>"; 162 echo "\n<p><b>Posted title:</b> " . wp_specialchars($post_title) . "<br />"; 167 163 168 164 if(!$pop3->delete($i)) { 169 echo '<p>Oops '. $pop3->ERROR.'</p></div>';165 echo '<p>Oops '.wp_specialchars($pop3->ERROR).'</p></div>'; 170 166 $pop3->reset(); 171 167 exit; -
tags/2.3.2/wp-settings.php
r6528 r6528 122 122 else 123 123 require_once (ABSPATH . WPINC . '/wp-db.php'); 124 125 if ( !empty($wpdb->error) ) 126 dead_db(); 124 127 125 128 // $table_prefix is deprecated as of 2.1 -
tags/2.3.2/xmlrpc.php
r6528 r6528 187 187 return($this->error); 188 188 } 189 190 set_current_user( 0, $username ); 191 if( !current_user_can( 'edit_page', $page_id ) ) 192 return new IXR_Error( 401, __( 'Sorry, you can not edit this page.' ) ); 193 194 do_action('xmlrpc_call', 'wp.getPage'); 189 195 190 196 // Lookup page info. … … 269 275 } 270 276 277 set_current_user( 0, $username ); 278 if( !current_user_can( 'edit_pages' ) ) 279 return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); 280 281 do_action('xmlrpc_call', 'wp.getPages'); 282 271 283 // Lookup info on pages. 272 284 $pages = get_pages(); … … 427 439 } 428 440 441 set_current_user( 0, $username ); 442 if( !current_user_can( 'edit_pages' ) ) 443 return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); 444 445 do_action('xmlrpc_call', 'wp.getPageList'); 446 429 447 // Get list of pages ids and titles 430 448 $page_list = $wpdb->get_results(" … … 460 478 */ 461 479 function wp_getAuthors($args) { 462 global $wpdb;463 480 464 481 $this->escape($args); … … 472 489 } 473 490 474 return(get_users_of_blog()); 491 set_current_user(0, $username); 492 if(!current_user_can("edit_posts")) { 493 return(new IXR_Error(401, __("Sorry, you can not edit posts on this blog."))); 494 } 495 496 do_action('xmlrpc_call', 'wp.getAuthors'); 497 498 $authors = array(); 499 foreach( (array) get_users_of_blog() as $row ) { 500 $authors[] = array( 501 "user_id" => $row->user_id, 502 "user_login" => $row->user_login, 503 "display_name" => $row->display_name 504 ); 505 } 506 507 return($authors); 475 508 } 476 509 … … 494 527 // allowed to add a category. 495 528 set_current_user(0, $username); 496 if(!current_user_can("manage_categories" , $page_id)) {529 if(!current_user_can("manage_categories")) { 497 530 return(new IXR_Error(401, __("Sorry, you do not have the right to add a category."))); 498 531 } … … 548 581 } 549 582 583 set_current_user(0, $username); 584 if( !current_user_can( 'edit_posts' ) ) 585 return new IXR_Error( 401, __( 'Sorry, you must be able to publish to this blog in order to view categories.' ) ); 586 587 do_action('xmlrpc_call', 'wp.suggestCategories'); 588 550 589 $args = array('get' => 'all', 'number' => $max_results, 'name__like' => $category); 551 590 $category_suggestions = get_categories($args); … … 598 637 } 599 638 639 set_current_user( 0, $user_login ); 640 if( !current_user_can( 'edit_posts' ) ) 641 return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) ); 642 643 do_action('xmlrpc_call', 'blogger.getUserInfo'); 644 600 645 $user_data = get_userdatabylogin($user_login); 601 646 … … 604 649 'userid' => $user_data->ID, 605 650 'url' => $user_data->user_url, 606 'email' => $user_data->user_email,607 651 'lastname' => $user_data->last_name, 608 652 'firstname' => $user_data->first_name … … 626 670 } 627 671 628 $user_data = get_userdatabylogin($user_login); 672 set_current_user( 0, $user_login ); 673 if( !current_user_can( 'edit_post', $post_ID ) ) 674 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 675 676 do_action('xmlrpc_call', 'blogger.getPost'); 677 629 678 $post_data = wp_get_single_post($post_ID, ARRAY_A); 630 679 … … 664 713 $posts_list = wp_get_recent_posts($num_posts); 665 714 715 set_current_user( 0, $user_login ); 716 666 717 if (!$posts_list) { 667 718 $this->error = new IXR_Error(500, __('Either there are no posts, or something went wrong.')); … … 670 721 671 722 foreach ($posts_list as $entry) { 723 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 724 continue; 672 725 673 726 $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); … … 1329 1382 function mw_getPost($args) { 1330 1383 1331 global $wpdb; 1332 1333 $this->escape($args); 1334 1335 $post_ID = (int) $args[0]; 1336 $user_login = $args[1]; 1337 $user_pass = $args[2]; 1338 1339 if (!$this->login_pass_ok($user_login, $user_pass)) { 1340 return $this->error; 1341 } 1342 1343 $postdata = wp_get_single_post($post_ID, ARRAY_A); 1344 1345 if ($postdata['post_date'] != '') { 1346 1347 $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); 1348 $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); 1349 1350 $categories = array(); 1351 $catids = wp_get_post_categories($post_ID); 1352 foreach($catids as $catid) { 1353 $categories[] = get_cat_name($catid); 1354 } 1355 1356 $tagnames = array(); 1357 $tags = wp_get_post_tags( $post_ID ); 1358 if ( !empty( $tags ) ) { 1359 foreach ( $tags as $tag ) { 1360 $tagnames[] = $tag->name; 1361 } 1362 $tagnames = implode( ', ', $tagnames ); 1384 global $wpdb; 1385 1386 $this->escape($args); 1387 1388 $post_ID = (int) $args[0]; 1389 $user_login = $args[1]; 1390 $user_pass = $args[2]; 1391 1392 if (!$this->login_pass_ok($user_login, $user_pass)) { 1393 return $this->error; 1394 } 1395 1396 set_current_user( 0, $user_login ); 1397 if( !current_user_can( 'edit_post', $post_ID ) ) 1398 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 1399 1400 do_action('xmlrpc_call', 'metaWeblog.getPost'); 1401 1402 $postdata = wp_get_single_post($post_ID, ARRAY_A); 1403 1404 if ($postdata['post_date'] != '') { 1405 $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); 1406 $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); 1407 1408 $categories = array(); 1409 $catids = wp_get_post_categories($post_ID); 1410 foreach($catids as $catid) { 1411 $categories[] = get_cat_name($catid); 1412 } 1413 1414 $tagnames = array(); 1415 $tags = wp_get_post_tags( $post_ID ); 1416 if ( !empty( $tags ) ) { 1417 foreach ( $tags as $tag ) { 1418 $tagnames[] = $tag->name; 1419 } 1420 $tagnames = implode( ', ', $tagnames ); 1421 } else { 1422 $tagnames = ''; 1423 } 1424 1425 $post = get_extended($postdata['post_content']); 1426 $link = post_permalink($postdata['ID']); 1427 1428 // Get the author info. 1429 $author = get_userdata($postdata['post_author']); 1430 1431 $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; 1432 $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; 1433 1434 $resp = array( 1435 'dateCreated' => new IXR_Date($post_date), 1436 'userid' => $postdata['post_author'], 1437 'postid' => $postdata['ID'], 1438 'description' => $post['main'], 1439 'title' => $postdata['post_title'], 1440 'link' => $link, 1441 'permaLink' => $link, 1442 // commented out because no other tool seems to use this 1443 // 'content' => $entry['post_content'], 1444 'categories' => $categories, 1445 'mt_excerpt' => $postdata['post_excerpt'], 1446 'mt_text_more' => $post['extended'], 1447 'mt_allow_comments' => $allow_comments, 1448 'mt_allow_pings' => $allow_pings, 1449 'mt_keywords' => $tagnames, 1450 'wp_slug' => $postdata['post_name'], 1451 'wp_password' => $postdata['post_password'], 1452 'wp_author_id' => $author->ID, 1453 'wp_author_display_name' => $author->display_name, 1454 'date_created_gmt' => new IXR_Date($post_date_gmt) 1455 ); 1456 1457 return $resp; 1363 1458 } else { 1364 $tagnames = ''; 1365 } 1366 1367 $post = get_extended($postdata['post_content']); 1368 $link = post_permalink($postdata['ID']); 1369 1370 // Get the author info. 1371 $author = get_userdata($postdata['post_author']); 1372 1373 $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; 1374 $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; 1375 1376 $resp = array( 1377 'dateCreated' => new IXR_Date($post_date), 1378 'userid' => $postdata['post_author'], 1379 'postid' => $postdata['ID'], 1380 'description' => $post['main'], 1381 'title' => $postdata['post_title'], 1382 'link' => $link, 1383 'permaLink' => $link, 1384 // commented out because no other tool seems to use this 1385 // 'content' => $entry['post_content'], 1386 'categories' => $categories, 1387 'mt_excerpt' => $postdata['post_excerpt'], 1388 'mt_text_more' => $post['extended'], 1389 'mt_allow_comments' => $allow_comments, 1390 'mt_allow_pings' => $allow_pings, 1391 'mt_keywords' => $tagnames, 1392 'wp_slug' => $postdata['post_name'], 1393 'wp_password' => $postdata['post_password'], 1394 'wp_author_id' => $author->ID, 1395 'wp_author_display_name' => $author->display_name, 1396 'date_created_gmt' => new IXR_Date($post_date_gmt) 1397 ); 1398 1399 return $resp; 1400 } else { 1401 return new IXR_Error(404, __('Sorry, no such post.')); 1402 } 1459 return new IXR_Error(404, __('Sorry, no such post.')); 1460 } 1403 1461 } 1404 1462 … … 1425 1483 } 1426 1484 1485 set_current_user( 0, $user_login ); 1486 1427 1487 foreach ($posts_list as $entry) { 1488 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 1489 continue; 1428 1490 1429 1491 $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); … … 1505 1567 } 1506 1568 1569 set_current_user( 0, $user_login ); 1570 if( !current_user_can( 'edit_posts' ) ) 1571 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); 1572 1573 do_action('xmlrpc_call', 'metaWeblog.getCategories'); 1574 1507 1575 $categories_struct = array(); 1508 1576 … … 1624 1692 } 1625 1693 1694 set_current_user( 0, $user_login ); 1695 1626 1696 foreach ($posts_list as $entry) { 1697 if( !current_user_can( 'edit_post', $entry['ID'] ) ) 1698 continue; 1627 1699 1628 1700 $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); … … 1663 1735 } 1664 1736 1737 set_current_user( 0, $user_login ); 1738 if( !current_user_can( 'edit_posts' ) ) 1739 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); 1740 1741 do_action('xmlrpc_call', 'mt.getCategoryList'); 1742 1665 1743 $categories_struct = array(); 1666 1744 1667 // FIXME: can we avoid using direct SQL there?1668 1745 if ( $cats = get_categories('hide_empty=0&hierarchical=0') ) { 1669 1746 foreach ($cats as $cat) { … … 1691 1768 return $this->error; 1692 1769 } 1770 1771 set_current_user( 0, $user_login ); 1772 if( !current_user_can( 'edit_post', $post_ID ) ) 1773 return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); 1774 1775 do_action('xmlrpc_call', 'mt.getPostCategories'); 1693 1776 1694 1777 $categories = array();
Note: See TracChangeset
for help on using the changeset viewer.