diff --git a/xmlrpc.php b/xmlrpc.php index 4866cc0012..353a44aad6 100644 --- a/xmlrpc.php +++ b/xmlrpc.php @@ -939,12 +939,12 @@ class wp_xmlrpc_server extends IXR_Server { // Let WordPress generate the post_name (slug) unless // one has been provided. $post_name = ""; - if(!empty($content_struct["wp_slug"])) { + if(isset($content_struct["wp_slug"])) { $post_name = $content_struct["wp_slug"]; } // Only use a password if one was given. - if(!empty($content_struct["wp_password"])) { + if(isset($content_struct["wp_password"])) { $post_password = $content_struct["wp_password"]; } @@ -954,14 +954,17 @@ class wp_xmlrpc_server extends IXR_Server { } // Only set the menu_order if it was provided. - if(!empty($content_struct["wp_page_order"])) { + if(isset($content_struct["wp_page_order"])) { $menu_order = $content_struct["wp_page_order"]; } $post_author = $user->ID; // If an author id was provided then use it instead. - if(!empty($content_struct["wp_author_id"])) { + if( + isset($content_struct["wp_author_id"]) + && ($user->ID != $content_struct["wp_author_id"]) + ) { switch($post_type) { case "post": if(!current_user_can("edit_others_posts")) { @@ -989,13 +992,33 @@ class wp_xmlrpc_server extends IXR_Server { $post_excerpt = $content_struct['mt_excerpt']; $post_more = $content_struct['mt_text_more']; - $comment_status = (!isset($content_struct['mt_allow_comments'])) ? - get_option('default_comment_status') - : $content_struct['mt_allow_comments']; + if(isset($content_struct["mt_allow_comments"])) { + switch((int) $content_struct["mt_allow_comments"]) { + case 0: + $comment_status = "closed"; + break; + case 1: + $comment_status = "open"; + break; + default: + $comment_status = get_option("default_comment_status"); + break; + } + } - $ping_status = (!isset($content_struct['mt_allow_pings'])) ? - get_option('default_ping_status') - : $content_struct['mt_allow_pings']; + if(isset($content_struct["mt_allow_pings"])) { + switch((int) $content_struct["mt_allow_pings"]) { + case 0: + $ping_status = "closed"; + break; + case 1: + $ping_status = "open"; + break; + default: + $ping_status = get_option("default_ping_status"); + break; + } + } if ($post_more) { $post_content = $post_content . "\n\n" . $post_more; @@ -1073,7 +1096,7 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - set_current_user(0, $user_login); + $user = set_current_user(0, $user_login); // The post_type defaults to post, but could also be page. $post_type = "post"; @@ -1102,12 +1125,12 @@ class wp_xmlrpc_server extends IXR_Server { // Let WordPress manage slug if none was provided. $post_name = ""; - if(!empty($content_struct["wp_slug"])) { + if(isset($content_struct["wp_slug"])) { $post_name = $content_struct["wp_slug"]; } // Only use a password if one was given. - if(!empty($content_struct["wp_password"])) { + if(isset($content_struct["wp_password"])) { $post_password = $content_struct["wp_password"]; } @@ -1117,12 +1140,17 @@ class wp_xmlrpc_server extends IXR_Server { } // Only set the menu_order if it was given. - if(!empty($content_struct["wp_page_order"])) { + if(isset($content_struct["wp_page_order"])) { $menu_order = $content_struct["wp_page_order"]; } + $post_author = $user->ID; + // Only set the post_author if one is set. - if(!empty($content_struct["wp_author_id"])) { + if( + isset($content_struct["wp_author_id"]) + && ($user->ID != $content_struct["wp_author_id"]) + ) { switch($post_type) { case "post": if(!current_user_can("edit_others_posts")) { @@ -1145,11 +1173,11 @@ class wp_xmlrpc_server extends IXR_Server { // Only set ping_status if it was provided. if(isset($content_struct["mt_allow_pings"])) { - switch($content_struct["mt_allow_pings"]) { - case "0": + switch((int) $content_struct["mt_allow_pings"]) { + case 0: $ping_status = "closed"; break; - case "1": + case 1: $ping_status = "open"; break; } @@ -1187,7 +1215,7 @@ class wp_xmlrpc_server extends IXR_Server { $to_ping = implode(' ', $to_ping); if(isset($content_struct["mt_allow_comments"])) { - $comment_status = $content_struct["mt_allow_comments"]; + $comment_status = (int) $content_struct["mt_allow_comments"]; } // Do some timestamp voodoo