Make WordPress Core

Changes from tags/2.3.1 at r6528 to tags/2.3.2 at r6528


Ignore:
Location:
tags/2.3.2
Files:
16 edited

Legend:

Unmodified
Added
Removed
  • tags/2.3.2/wp-admin/admin.php

    r6528 r6528  
    11<?php
     2define('WP_ADMIN', TRUE);
     3
    24if ( defined('ABSPATH') )
    35    require_once( ABSPATH . 'wp-config.php');
  • tags/2.3.2/wp-admin/includes/file.php

    r6528 r6528  
    4444
    4545function validate_file( $file, $allowed_files = '' ) {
     46    if ( false !== strpos( $file, '..' ))
     47        return 1;
     48
    4649    if ( false !== strpos( $file, './' ))
    4750        return 1;
  • tags/2.3.2/wp-admin/install.php

    r6528 r6528  
    1414else
    1515    $step = 0;
     16function display_header(){
    1617header( 'Content-Type: text/html; charset=utf-8' );
    1718?>
     
    2526<body>
    2627<h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1>
     28
    2729<?php
     30}//end function display_header();
     31
    2832// Let's check to make sure WP isn't already installed.
    29 if ( is_blog_installed() ) die('<h1>'.__('Already Installed').'</h1><p>'.__('You appear to have already installed WordPress. To reinstall please clear your old database tables first.').'</p></body></html>');
     33if ( is_blog_installed() ) {display_header(); die('<h1>'.__('Already Installed').'</h1><p>'.__('You appear to have already installed WordPress. To reinstall please clear your old database tables first.').'</p></body></html>');}
    3034
    3135switch($step) {
    3236    case 0:
    3337    case 1: // in case people are directly linking to this
     38      display_header();
    3439?>
    3540<h1><?php _e('Welcome'); ?></h1>
     
    6267        break;
    6368    case 2:
     69        if ( !empty($wpdb->error) )
     70            wp_die($wpdb->error->get_error_message());
     71
     72        display_header();   
    6473        // Fill in the data we gathered
    6574        $weblog_title = stripslashes($_POST['weblog_title']);
     
    7584        }
    7685
    77     $result = wp_install($weblog_title, 'admin', $admin_email, $public);
    78     extract($result, EXTR_SKIP);
     86        $wpdb->show_errors();
     87        $result = wp_install($weblog_title, 'admin', $admin_email, $public);
     88        extract($result, EXTR_SKIP);
    7989?>
    8090
  • tags/2.3.2/wp-admin/setup-config.php

    r6528 r6528  
    44require_once('../wp-includes/compat.php');
    55require_once('../wp-includes/functions.php');
     6require_once('../wp-includes/classes.php');
    67
    78if (!file_exists('../wp-config-sample.php'))
     
    162163    // We'll fail here if the values are no good.
    163164    require_once('../wp-includes/wp-db.php');
     165    if ( !empty($wpdb->error) )
     166        wp_die($wpdb->error->get_error_message());
     167
    164168    $handle = fopen('../wp-config.php', 'w');
    165169
  • tags/2.3.2/wp-app.php

    r6528 r6528  
    160160    function get_service() {
    161161        log_app('function','get_service()');
     162
     163        if( !current_user_can( 'edit_posts' ) )
     164            $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
     165
    162166        $entries_url = attribute_escape($this->get_entries_url());
    163167        $categories_url = attribute_escape($this->get_categories_url());
     
    189193
    190194    function get_categories_xml() {
    191 
    192195        log_app('function','get_categories_xml()');
     196
     197        if( !current_user_can( 'edit_posts' ) )
     198            $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
     199
    193200        $home = attribute_escape(get_bloginfo_rss('home'));
    194201
     
    283290
    284291    function get_post($postID) {
    285 
    286292        global $entry;
     293
     294        if( !current_user_can( 'edit_post', $postID ) )
     295            $this->auth_required( __( 'Sorry, you do not have the right to access this post.' ) );
     296
    287297        $this->set_current_entry($postID);
    288298        $output = $this->get_entry($postID);
     
    373383
    374384    function get_attachment($postID = NULL) {
    375 
    376         global $entry;
     385        if( !current_user_can( 'upload_files' ) )
     386            $this->auth_required( __( 'Sorry, you do not have the right to file uploads on this blog.' ) );
     387
    377388        if (!isset($postID)) {
    378389            $this->get_attachments();
     
    495506
    496507        $location = get_post_meta($entry['ID'], '_wp_attached_file', true);
     508        $filetype = wp_check_filetype($location);
     509
     510        if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
     511            $this->internal_error(__('Error ocurred while accessing post metadata for file location.'));
    497512
    498513        // delete file
     
    796811    <author>
    797812        <name><?php the_author()?></name>
    798         <email><?php the_author_email()?></email>
    799813<?php if (get_the_author_url() && get_the_author_url() != 'http://') { ?>
    800814        <uri><?php the_author_url()?></uri>
  • tags/2.3.2/wp-includes/formatting.php

    r6528 r6528  
    623623}
    624624
     625function _make_url_clickable_cb($matches) {
     626    $url = $matches[2];
     627    $url = clean_url($url);
     628    if ( empty($url) )
     629        return $matches[0];
     630    return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>";
     631}
     632
     633function _make_web_ftp_clickable_cb($matches) {
     634    $dest = $matches[2];
     635    $dest = 'http://' . $dest;
     636    $dest = clean_url($dest);
     637    if ( empty($dest) )
     638        return $matches[0];
     639
     640    return $matches[1] . "<a href=\"$dest\" rel=\"nofollow\">$dest</a>";
     641}
     642
     643function _make_email_clickable_cb($matches) {
     644    $email = $matches[2] . '@' . $matches[3];
     645    return $matches[1] . "<a href=\"mailto:$email\">$email</a>";
     646}
     647
    625648function make_clickable($ret) {
    626649    $ret = ' ' . $ret;
    627650    // in testing, using arrays here was found to be faster
    628     $ret = preg_replace(
    629         array(
    630             '#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is',
    631             '#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is',
    632             '#([\s>])([a-z0-9\-_.]+)@([^,< \n\r]+)#i'),
    633         array(
    634             '$1<a href="$2" rel="nofollow">$2</a>',
    635             '$1<a href="http://$2" rel="nofollow">$2</a>',
    636             '$1<a href="mailto:$2@$3">$2@$3</a>'),$ret);
     651    $ret = preg_replace_callback('#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_url_clickable_cb', $ret);
     652    $ret = preg_replace_callback('#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_web_ftp_clickable_cb', $ret);
     653    $ret = preg_replace_callback('#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret);
    637654    // this one is not in an array because we need it to run last, for cleanup of accidental links within links
    638655    $ret = preg_replace("#(<a( [^>]+?>|>))<a [^>]+?>([^>]+?)</a></a>#i", "$1$3</a>", $ret);
  • tags/2.3.2/wp-includes/functions.php

    r6528 r6528  
    199199        if ( false === $value ) {
    200200            if ( defined('WP_INSTALLING') )
    201                 $wpdb->hide_errors();
     201                $show = $wpdb->hide_errors();
    202202            $row = $wpdb->get_row("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1");
    203203            if ( defined('WP_INSTALLING') )
    204                 $wpdb->show_errors();
     204                $wpdb->show_errors($show);
    205205
    206206            if( is_object( $row) ) { // Has to be get_row instead of get_var because of funkiness with 0, false, null values
     
    237237function get_alloptions() {
    238238    global $wpdb, $wp_queries;
    239     $wpdb->hide_errors();
     239    $show = $wpdb->hide_errors();
    240240    if ( !$options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'") ) {
    241241        $options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options");
    242242    }
    243     $wpdb->show_errors();
     243    $wpdb->show_errors($show);
    244244
    245245    foreach ($options as $option) {
     
    264264
    265265    if ( !$alloptions ) {
    266         $wpdb->hide_errors();
     266        $show = $wpdb->hide_errors();
    267267        if ( !$alloptions_db = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'") )
    268268            $alloptions_db = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options");
    269         $wpdb->show_errors();
     269        $wpdb->show_errors($show);
    270270        $alloptions = array();
    271271        foreach ( (array) $alloptions_db as $o )
     
    893893function is_blog_installed() {
    894894    global $wpdb;
    895     $wpdb->hide_errors();
     895    $show = $wpdb->hide_errors();
    896896    $installed = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'");
    897     $wpdb->show_errors();
     897    $wpdb->show_errors($show);
    898898
    899899    $install_status = !empty( $installed ) ? TRUE : FALSE;
     
    14201420}
    14211421
     1422function dead_db() {
     1423    global $wpdb;
     1424
     1425    // Load custom DB error template, if present.
     1426    if ( file_exists( ABSPATH . 'wp-content/db-error.php' ) ) {
     1427        require_once( ABSPATH . 'wp-content/db-error.php' );
     1428        die();
     1429    }
     1430
     1431    // If installing or in the admin, provide the verbose message.
     1432    if ( defined('WP_INSTALLING') || defined('WP_ADMIN') )
     1433        wp_die($wpdb->error);
     1434
     1435    // Otherwise, be terse.
     1436    status_header( 500 );
     1437    nocache_headers();
     1438    header( 'Content-Type: text/html; charset=utf-8' );
    14221439?>
     1440<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
     1441<html xmlns="http://www.w3.org/1999/xhtml" <?php if ( function_exists( 'language_attributes' ) ) language_attributes(); ?>>
     1442<head>
     1443    <title>Database Error</title>
     1444    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
     1445</head>
     1446<body>
     1447    <h1>Error establishing a database connection</h1>
     1448</body>
     1449</html>
     1450<?php
     1451    die();
     1452}
     1453
     1454?>
  • tags/2.3.2/wp-includes/pluggable.php

    r6528 r6528  
    7373        return false;
    7474
    75     $wpdb->hide_errors();
     75    $show = $wpdb->hide_errors();
    7676    $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
    77     $wpdb->show_errors();
     77    $wpdb->show_errors($show);
    7878
    7979    if ($metavalues) {
  • tags/2.3.2/wp-includes/post.php

    r6528 r6528  
    429429
    430430function sanitize_post($post, $context = 'display') {
     431
     432    if ( 'raw' == $context )
     433        return $post;
     434
    431435    // TODO: Use array keys instead of hard coded list
    432436    $fields = array('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_date', 'post_date_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'post_category');
     
    11401144        $meta_key = '';
    11411145        $meta_value = '';
     1146        $hierarchical = false;
    11421147        $incpages = preg_split('/[\s,]+/',$include);
    11431148        if ( count($incpages) ) {
  • tags/2.3.2/wp-includes/query.php

    r6528 r6528  
    3333
    3434function is_admin () {
    35     global $wp_query;
    36 
    37     return ($wp_query->is_admin || (stripos($_SERVER['REQUEST_URI'], 'wp-admin/') !== false));
     35    if ( defined('WP_ADMIN') )
     36        return WP_ADMIN;
     37    return false;
    3838}
    3939
     
    643643            $this->is_preview = true;
    644644
    645         if ( strpos($_SERVER['PHP_SELF'], 'wp-admin/') !== false )
     645        if ( is_admin() )
    646646            $this->is_admin = true;
    647647
  • tags/2.3.2/wp-includes/taxonomy.php

    r6528 r6528  
    664664 */
    665665function sanitize_term($term, $taxonomy, $context = 'display') {
     666
     667    if ( 'raw' == $context )
     668        return $term;
     669
    666670    $fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group');
    667671
  • tags/2.3.2/wp-includes/version.php

    r6528 r6528  
    33// This holds the version number in a separate file so we can bump it without cluttering the SVN
    44
    5 $wp_version = '2.3.1';
     5$wp_version = '2.3.2';
    66$wp_db_version = 6124;
    77
  • tags/2.3.2/wp-includes/wp-db.php

    r6528 r6528  
    1616class wpdb {
    1717
    18     var $show_errors = true;
     18    var $show_errors = false;
    1919    var $num_queries = 0;
    2020    var $last_query;
    2121    var $col_info;
    2222    var $queries;
     23    var $ready = false;
    2324
    2425    // Our tables
     
    5758        register_shutdown_function(array(&$this, "__destruct"));
    5859
     60        if ( defined('WP_DEBUG') and WP_DEBUG == true )
     61            $this->show_errors();
     62
    5963        if ( defined('DB_CHARSET') )
    6064            $this->charset = DB_CHARSET;
     
    7579<p>If you're unsure what these terms mean you should probably contact your host. If you still need help you can always visit the <a href='http://wordpress.org/support/'>WordPress Support Forums</a>.</p>
    7680");
    77         }
     81            return;
     82        }
     83
     84        $this->ready = true;
    7885
    7986        if ( !empty($this->charset) && version_compare(mysql_get_server_info(), '4.1.0', '>=') )
     
    93100    function select($db) {
    94101        if (!@mysql_select_db($db, $this->dbh)) {
     102            $this->ready = false;
    95103            $this->bail("
    96104<h1>Can&#8217;t select database</h1>
     
    98106<ul>
    99107<li>Are you sure it exists?</li>
     108<li>Does the user <code>".DB_USER."</code> have permission to use the <code>$db</code> database?</li>
    100109<li>On some systems the name of your database is prefixed with your username, so it would be like username_wordpress. Could that be the problem?</li>
    101110</ul>
    102111<p>If you don't know how to setup a database you should <strong>contact your host</strong>. If all else fails you may find help at the <a href='http://wordpress.org/support/'>WordPress Support Forums</a>.</p>");
     112            return;
    103113        }
    104114    }
     
    150160        array ('query' => $this->last_query, 'error_str' => $str);
    151161
     162        $error_str = "WordPress database error $str for query $this->last_query";
     163        error_log($error_str, 0);
     164
     165        // Is error output turned on or not..
     166        if ( !$this->show_errors )
     167            return false;
     168
    152169        $str = htmlspecialchars($str, ENT_QUOTES);
    153170        $query = htmlspecialchars($this->last_query, ENT_QUOTES);
    154         // Is error output turned on or not..
    155         if ( $this->show_errors ) {
    156             // If there is an error then take note of it
    157             print "<div id='error'>
    158             <p class='wpdberror'><strong>WordPress database error:</strong> [$str]<br />
    159             <code>$query</code></p>
    160             </div>";
    161         } else {
    162             return false;
    163         }
     171
     172        // If there is an error then take note of it
     173        print "<div id='error'>
     174        <p class='wpdberror'><strong>WordPress database error:</strong> [$str]<br />
     175        <code>$query</code></p>
     176        </div>";
    164177    }
    165178
     
    167180    //  Turn error handling on or off..
    168181
    169     function show_errors() {
    170         $this->show_errors = true;
     182    function show_errors( $show = true ) {
     183        $errors = $this->show_errors;
     184        $this->show_errors = $show;
     185        return $errors;
    171186    }
    172187
    173188    function hide_errors() {
     189        $show = $this->show_errors;
    174190        $this->show_errors = false;
     191        return $show;
    175192    }
    176193
     
    188205
    189206    function query($query) {
     207        if ( ! $this->ready )
     208            return false;
     209
    190210        // filter the query, if filters are available
    191211        // NOTE: some queries are made before the plugins have been loaded, and thus cannot be filtered with this method
     
    400420     */
    401421    function bail($message) { // Just wraps errors in a nice header and footer
    402         if ( !$this->show_errors )
     422        if ( !$this->show_errors ) {
     423            if ( class_exists('WP_Error') )
     424                $this->error = new WP_Error('500', $message);
     425            else
     426                $this->error = $message;
    403427            return false;
     428        }
    404429        wp_die($message);
    405430    }
  • tags/2.3.2/wp-mail.php

    r6528 r6528  
    1313
    1414if (!$pop3->connect(get_option('mailserver_url'), get_option('mailserver_port')))
    15     wp_die($pop3->ERROR);
     15    wp_die(wp_specialchars($pop3->ERROR));
    1616
    1717$count = $pop3->login(get_option('mailserver_login'), get_option('mailserver_pass'));
     
    130130    $content[1] ? $content = $content[1] : $content = $content[0];
    131131
    132     echo "<p><b>Content-type:</b> $content_type, <b>Content-Transfer-Encoding:</b> $content_transfer_encoding, <b>boundary:</b> $boundary</p>\n";
    133     echo "<p><b>Raw content:</b><br /><pre>".$content.'</pre></p>';
    134 
    135132    $content = trim($content);
    136133
     
    162159    do_action('publish_phone', $post_ID);
    163160
    164     echo "\n<p><b>Author:</b> $post_author</p>";
    165     echo "\n<p><b>Posted title:</b> $post_title<br />";
    166     echo "\n<b>Posted content:</b><br /><pre>".$content.'</pre></p>';
     161    echo "\n<p><b>Author:</b> " . wp_specialchars($post_author) . "</p>";
     162    echo "\n<p><b>Posted title:</b> " . wp_specialchars($post_title) . "<br />";
    167163
    168164    if(!$pop3->delete($i)) {
    169         echo '<p>Oops '.$pop3->ERROR.'</p></div>';
     165        echo '<p>Oops '.wp_specialchars($pop3->ERROR).'</p></div>';
    170166        $pop3->reset();
    171167        exit;
  • tags/2.3.2/wp-settings.php

    r6528 r6528  
    122122else
    123123    require_once (ABSPATH . WPINC . '/wp-db.php');
     124
     125if ( !empty($wpdb->error) )
     126    dead_db();
    124127
    125128// $table_prefix is deprecated as of 2.1
  • tags/2.3.2/xmlrpc.php

    r6528 r6528  
    187187            return($this->error);
    188188        }
     189
     190        set_current_user( 0, $username );
     191        if( !current_user_can( 'edit_page', $page_id ) )
     192            return new IXR_Error( 401, __( 'Sorry, you can not edit this page.' ) );
     193
     194        do_action('xmlrpc_call', 'wp.getPage');
    189195
    190196        // Lookup page info.
     
    269275        }
    270276
     277        set_current_user( 0, $username );
     278        if( !current_user_can( 'edit_pages' ) )
     279            return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) );
     280
     281        do_action('xmlrpc_call', 'wp.getPages');
     282
    271283        // Lookup info on pages.
    272284        $pages = get_pages();
     
    427439        }
    428440
     441        set_current_user( 0, $username );
     442        if( !current_user_can( 'edit_pages' ) )
     443            return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) );
     444
     445        do_action('xmlrpc_call', 'wp.getPageList');
     446
    429447        // Get list of pages ids and titles
    430448        $page_list = $wpdb->get_results("
     
    460478     */
    461479    function wp_getAuthors($args) {
    462         global $wpdb;
    463480
    464481        $this->escape($args);
     
    472489        }
    473490
    474         return(get_users_of_blog());
     491        set_current_user(0, $username);
     492        if(!current_user_can("edit_posts")) {
     493            return(new IXR_Error(401, __("Sorry, you can not edit posts on this blog.")));
     494        }
     495
     496        do_action('xmlrpc_call', 'wp.getAuthors');
     497
     498        $authors = array();
     499        foreach( (array) get_users_of_blog() as $row ) {
     500            $authors[] = array(
     501                "user_id"       => $row->user_id,
     502                "user_login"    => $row->user_login,
     503                "display_name"  => $row->display_name
     504            );
     505        }
     506
     507        return($authors);
    475508    }
    476509
     
    494527        // allowed to add a category.
    495528        set_current_user(0, $username);
    496         if(!current_user_can("manage_categories", $page_id)) {
     529        if(!current_user_can("manage_categories")) {
    497530            return(new IXR_Error(401, __("Sorry, you do not have the right to add a category.")));
    498531        }
     
    548581        }
    549582
     583        set_current_user(0, $username);
     584        if( !current_user_can( 'edit_posts' ) )
     585            return new IXR_Error( 401, __( 'Sorry, you must be able to publish to this blog in order to view categories.' ) );
     586
     587        do_action('xmlrpc_call', 'wp.suggestCategories');
     588
    550589        $args = array('get' => 'all', 'number' => $max_results, 'name__like' => $category);
    551590        $category_suggestions = get_categories($args);
     
    598637        }
    599638
     639        set_current_user( 0, $user_login );
     640        if( !current_user_can( 'edit_posts' ) )
     641            return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) );
     642
     643        do_action('xmlrpc_call', 'blogger.getUserInfo');
     644
    600645        $user_data = get_userdatabylogin($user_login);
    601646
     
    604649            'userid'    => $user_data->ID,
    605650            'url'       => $user_data->user_url,
    606             'email'     => $user_data->user_email,
    607651            'lastname'  => $user_data->last_name,
    608652            'firstname' => $user_data->first_name
     
    626670        }
    627671
    628         $user_data = get_userdatabylogin($user_login);
     672        set_current_user( 0, $user_login );
     673        if( !current_user_can( 'edit_post', $post_ID ) )
     674            return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) );
     675
     676        do_action('xmlrpc_call', 'blogger.getPost');
     677
    629678        $post_data = wp_get_single_post($post_ID, ARRAY_A);
    630679
     
    664713        $posts_list = wp_get_recent_posts($num_posts);
    665714
     715        set_current_user( 0, $user_login );
     716
    666717        if (!$posts_list) {
    667718            $this->error = new IXR_Error(500, __('Either there are no posts, or something went wrong.'));
     
    670721
    671722        foreach ($posts_list as $entry) {
     723            if( !current_user_can( 'edit_post', $entry['ID'] ) )
     724                continue;
    672725
    673726            $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']);
     
    13291382    function mw_getPost($args) {
    13301383
    1331       global $wpdb;
    1332 
    1333         $this->escape($args);
    1334 
    1335       $post_ID     = (int) $args[0];
    1336       $user_login  = $args[1];
    1337       $user_pass   = $args[2];
    1338 
    1339       if (!$this->login_pass_ok($user_login, $user_pass)) {
    1340         return $this->error;
    1341       }
    1342 
    1343       $postdata = wp_get_single_post($post_ID, ARRAY_A);
    1344 
    1345       if ($postdata['post_date'] != '') {
    1346 
    1347         $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']);
    1348         $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']);
    1349 
    1350         $categories = array();
    1351         $catids = wp_get_post_categories($post_ID);
    1352         foreach($catids as $catid) {
    1353           $categories[] = get_cat_name($catid);
    1354         }
    1355 
    1356         $tagnames = array();
    1357         $tags = wp_get_post_tags( $post_ID );
    1358         if ( !empty( $tags ) ) {
    1359             foreach ( $tags as $tag ) {
    1360                 $tagnames[] = $tag->name;
    1361             }
    1362             $tagnames = implode( ', ', $tagnames );
     1384        global $wpdb;
     1385
     1386        $this->escape($args);
     1387
     1388        $post_ID     = (int) $args[0];
     1389        $user_login  = $args[1];
     1390        $user_pass   = $args[2];
     1391
     1392        if (!$this->login_pass_ok($user_login, $user_pass)) {
     1393            return $this->error;
     1394        }
     1395
     1396        set_current_user( 0, $user_login );
     1397        if( !current_user_can( 'edit_post', $post_ID ) )
     1398            return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) );
     1399
     1400        do_action('xmlrpc_call', 'metaWeblog.getPost');
     1401
     1402        $postdata = wp_get_single_post($post_ID, ARRAY_A);
     1403
     1404        if ($postdata['post_date'] != '') {
     1405            $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']);
     1406            $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']);
     1407
     1408            $categories = array();
     1409            $catids = wp_get_post_categories($post_ID);
     1410            foreach($catids as $catid) {
     1411                $categories[] = get_cat_name($catid);
     1412            }
     1413
     1414            $tagnames = array();
     1415            $tags = wp_get_post_tags( $post_ID );
     1416            if ( !empty( $tags ) ) {
     1417                foreach ( $tags as $tag ) {
     1418                    $tagnames[] = $tag->name;
     1419                }
     1420                $tagnames = implode( ', ', $tagnames );
     1421            } else {
     1422                $tagnames = '';
     1423            }
     1424
     1425            $post = get_extended($postdata['post_content']);
     1426            $link = post_permalink($postdata['ID']);
     1427
     1428            // Get the author info.
     1429            $author = get_userdata($postdata['post_author']);
     1430
     1431            $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0;
     1432            $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0;
     1433
     1434            $resp = array(
     1435                'dateCreated' => new IXR_Date($post_date),
     1436                'userid' => $postdata['post_author'],
     1437                'postid' => $postdata['ID'],
     1438                'description' => $post['main'],
     1439                'title' => $postdata['post_title'],
     1440                'link' => $link,
     1441                'permaLink' => $link,
     1442                // commented out because no other tool seems to use this
     1443                //        'content' => $entry['post_content'],
     1444                'categories' => $categories,
     1445                'mt_excerpt' => $postdata['post_excerpt'],
     1446                'mt_text_more' => $post['extended'],
     1447                'mt_allow_comments' => $allow_comments,
     1448                'mt_allow_pings' => $allow_pings,
     1449                'mt_keywords' => $tagnames,
     1450                'wp_slug' => $postdata['post_name'],
     1451                'wp_password' => $postdata['post_password'],
     1452                'wp_author_id' => $author->ID,
     1453                'wp_author_display_name'    => $author->display_name,
     1454                'date_created_gmt' => new IXR_Date($post_date_gmt)
     1455            );
     1456
     1457            return $resp;
    13631458        } else {
    1364             $tagnames = '';
    1365         }
    1366 
    1367         $post = get_extended($postdata['post_content']);
    1368         $link = post_permalink($postdata['ID']);
    1369 
    1370         // Get the author info.
    1371         $author = get_userdata($postdata['post_author']);
    1372 
    1373         $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0;
    1374         $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0;
    1375 
    1376         $resp = array(
    1377           'dateCreated' => new IXR_Date($post_date),
    1378           'userid' => $postdata['post_author'],
    1379           'postid' => $postdata['ID'],
    1380           'description' => $post['main'],
    1381           'title' => $postdata['post_title'],
    1382           'link' => $link,
    1383           'permaLink' => $link,
    1384 // commented out because no other tool seems to use this
    1385 //        'content' => $entry['post_content'],
    1386           'categories' => $categories,
    1387           'mt_excerpt' => $postdata['post_excerpt'],
    1388           'mt_text_more' => $post['extended'],
    1389           'mt_allow_comments' => $allow_comments,
    1390           'mt_allow_pings' => $allow_pings,
    1391           'mt_keywords' => $tagnames,
    1392           'wp_slug' => $postdata['post_name'],
    1393           'wp_password' => $postdata['post_password'],
    1394           'wp_author_id' => $author->ID,
    1395           'wp_author_display_name'  => $author->display_name,
    1396           'date_created_gmt' => new IXR_Date($post_date_gmt)
    1397         );
    1398 
    1399         return $resp;
    1400       } else {
    1401         return new IXR_Error(404, __('Sorry, no such post.'));
    1402       }
     1459            return new IXR_Error(404, __('Sorry, no such post.'));
     1460        }
    14031461    }
    14041462
     
    14251483        }
    14261484
     1485        set_current_user( 0, $user_login );
     1486
    14271487        foreach ($posts_list as $entry) {
     1488            if( !current_user_can( 'edit_post', $entry['ID'] ) )
     1489                continue;
    14281490
    14291491            $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']);
     
    15051567        }
    15061568
     1569        set_current_user( 0, $user_login );
     1570        if( !current_user_can( 'edit_posts' ) )
     1571            return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) );
     1572
     1573        do_action('xmlrpc_call', 'metaWeblog.getCategories');
     1574
    15071575        $categories_struct = array();
    15081576
     
    16241692        }
    16251693
     1694        set_current_user( 0, $user_login );
     1695
    16261696        foreach ($posts_list as $entry) {
     1697            if( !current_user_can( 'edit_post', $entry['ID'] ) )
     1698                continue;
    16271699
    16281700            $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']);
     
    16631735        }
    16641736
     1737        set_current_user( 0, $user_login );
     1738        if( !current_user_can( 'edit_posts' ) )
     1739            return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) );
     1740
     1741        do_action('xmlrpc_call', 'mt.getCategoryList');
     1742
    16651743        $categories_struct = array();
    16661744
    1667         // FIXME: can we avoid using direct SQL there?
    16681745        if ( $cats = get_categories('hide_empty=0&hierarchical=0') ) {
    16691746            foreach ($cats as $cat) {
     
    16911768            return $this->error;
    16921769        }
     1770
     1771        set_current_user( 0, $user_login );
     1772        if( !current_user_can( 'edit_post', $post_ID ) )
     1773            return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) );
     1774
     1775        do_action('xmlrpc_call', 'mt.getPostCategories');
    16931776
    16941777        $categories = array();
Note: See TracChangeset for help on using the changeset viewer.