Eliminate use of extract() in wp_xmlrpc_server::blogger_editPost().

See #22400.

Built from https://develop.svn.wordpress.org/trunk@28412


git-svn-id: http://core.svn.wordpress.org/trunk@28239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Scott Taylor 2014-05-15 03:25:15 +00:00
parent a7a6cb5bef
commit 4b94efd93b

View File

@ -4209,7 +4209,7 @@ class wp_xmlrpc_server extends IXR_Server {
* @param array $args Method parameters. * @param array $args Method parameters.
* @return bool true when done. * @return bool true when done.
*/ */
function blogger_editPost($args) { function blogger_editPost( $args ) {
$this->escape($args); $this->escape($args);
@ -4219,39 +4219,42 @@ class wp_xmlrpc_server extends IXR_Server {
$content = $args[4]; $content = $args[4];
$publish = $args[5]; $publish = $args[5];
if ( !$user = $this->login($username, $password) ) if ( ! $user = $this->login( $username, $password ) ) {
return $this->error; return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.editPost' ); do_action( 'xmlrpc_call', 'blogger.editPost' );
$actual_post = get_post($post_ID,ARRAY_A); $actual_post = get_post( $post_ID, ARRAY_A );
if ( !$actual_post || $actual_post['post_type'] != 'post' ) if ( ! $actual_post || $actual_post['post_type'] != 'post' ) {
return new IXR_Error(404, __('Sorry, no such post.')); return new IXR_Error( 404, __( 'Sorry, no such post.' ) );
}
$this->escape($actual_post); $this->escape($actual_post);
if ( !current_user_can('edit_post', $post_ID) ) if ( ! current_user_can( 'edit_post', $post_ID ) ) {
return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
}
if ( 'publish' == $actual_post['post_status'] && ! current_user_can( 'publish_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this post.' ) );
}
extract($actual_post, EXTR_SKIP); $postdata = array();
$postdata['ID'] = $actual_post['ID'];
$postdata['post_content'] = xmlrpc_removepostdata( $content );
$postdata['post_title'] = xmlrpc_getposttitle( $content );
$postdata['post_category'] = xmlrpc_getpostcategory( $content );
$postdata['post_status'] = $actual_post['post_status'];
$postdata['post_excerpt'] = $actual_post['post_excerpt'];
if ( ('publish' == $post_status) && !current_user_can('publish_posts') ) $result = wp_update_post( $postdata );
return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.'));
$post_title = xmlrpc_getposttitle($content); if ( ! $result ) {
$post_category = xmlrpc_getpostcategory($content);
$post_content = xmlrpc_removepostdata($content);
$postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt');
$result = wp_update_post($postdata);
if ( !$result )
return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be edited.')); return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be edited.'));
}
$this->attach_uploads( $ID, $post_content ); $this->attach_uploads( $actual_post['ID'], $postdata['post_content'] );
/** /**
* Fires after a post has been successfully updated via the XML-RPC Blogger API. * Fires after a post has been successfully updated via the XML-RPC Blogger API.