Make the xmlrpc user the current user. fixes #2273
git-svn-id: http://svn.automattic.com/wordpress/trunk@3430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
558711072b
commit
cb093369a1
|
|
@ -530,9 +530,17 @@ function kses_init_filters() {
|
|||
function kses_init() {
|
||||
global $current_user;
|
||||
|
||||
get_currentuserinfo(); // set $current_user
|
||||
remove_filter('pre_comment_author', 'wp_filter_kses');
|
||||
remove_filter('pre_comment_content', 'wp_filter_kses');
|
||||
remove_filter('content_save_pre', 'wp_filter_post_kses');
|
||||
remove_filter('title_save_pre', 'wp_filter_kses');
|
||||
|
||||
if (! defined('XMLRPC_REQUEST') )
|
||||
get_currentuserinfo();
|
||||
|
||||
if (current_user_can('unfiltered_html') == false)
|
||||
kses_init_filters();
|
||||
}
|
||||
add_action('init', 'kses_init');
|
||||
add_action('set_current_user', 'kses_init');
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -3,11 +3,38 @@
|
|||
/* These functions can be replaced via plugins. They are loaded after
|
||||
plugins are loaded. */
|
||||
|
||||
if ( !function_exists('set_current_user') ) :
|
||||
function set_current_user($id, $name = '') {
|
||||
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
|
||||
|
||||
$current_user = '';
|
||||
|
||||
$current_user = new WP_User($id, $name);
|
||||
|
||||
$userdata = get_userdatabylogin($user_login);
|
||||
|
||||
$user_login = $userdata->user_login;
|
||||
$user_level = $userdata->user_level;
|
||||
$user_ID = $userdata->ID;
|
||||
$user_email = $userdata->user_email;
|
||||
$user_url = $userdata->user_url;
|
||||
$user_pass_md5 = md5($userdata->user_pass);
|
||||
$user_identity = $userdata->display_name;
|
||||
|
||||
do_action('set_current_user');
|
||||
|
||||
return $current_user;
|
||||
}
|
||||
endif;
|
||||
|
||||
|
||||
if ( !function_exists('get_currentuserinfo') ) :
|
||||
function get_currentuserinfo() {
|
||||
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
|
||||
|
||||
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
||||
return false;
|
||||
|
||||
if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ||
|
||||
!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
|
||||
$current_user = new WP_User(0);
|
||||
|
|
|
|||
55
xmlrpc.php
55
xmlrpc.php
|
|
@ -1,5 +1,10 @@
|
|||
<?php
|
||||
|
||||
define('XMLRPC_REQUEST', true);
|
||||
|
||||
// Some browser-embedded clients send cookies. We don't want them.
|
||||
$_COOKIE = array();
|
||||
|
||||
# fix for mozBlog and other cases where '<?xml' isn't on the very first line
|
||||
$HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA);
|
||||
|
||||
|
|
@ -179,8 +184,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
$is_admin = $user->has_cap('level_8');
|
||||
set_current_user(0, $user_login);
|
||||
$is_admin = current_user_can('level_8');
|
||||
|
||||
$struct = array(
|
||||
'isAdmin' => $is_admin,
|
||||
|
|
@ -188,7 +193,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
'blogid' => '1',
|
||||
'blogName' => get_settings('blogname')
|
||||
);
|
||||
|
||||
error_log(print_r($struct,1), 3, '/tmp/xmlrpc');
|
||||
return array($struct);
|
||||
}
|
||||
|
||||
|
|
@ -317,8 +322,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_themes') ) {
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_themes') ) {
|
||||
return new IXR_Error(401, 'Sorry, this user can not edit the template.');
|
||||
}
|
||||
|
||||
|
|
@ -352,8 +357,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_themes') ) {
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_themes') ) {
|
||||
return new IXR_Error(401, 'Sorry, this user can not edit the template.');
|
||||
}
|
||||
|
||||
|
|
@ -390,9 +395,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
}
|
||||
|
||||
$cap = ($publish) ? 'publish_posts' : 'edit_posts';
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap($cap) )
|
||||
$user = set_current_user(0, $user_login);
|
||||
if ( !current_user_can($cap) )
|
||||
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
|
||||
|
||||
$post_status = ($publish) ? 'publish' : 'draft';
|
||||
|
|
@ -445,8 +449,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
|
||||
$this->escape($actual_post);
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.');
|
||||
|
||||
extract($actual_post);
|
||||
|
|
@ -489,8 +493,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return new IXR_Error(404, 'Sorry, no such post.');
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, 'Sorry, you do not have the right to delete this post.');
|
||||
|
||||
$result = wp_delete_post($post_ID);
|
||||
|
|
@ -525,8 +529,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('publish_posts') )
|
||||
$user = set_current_user(0, $user_login);
|
||||
if ( !current_user_can('publish_posts') )
|
||||
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
|
||||
|
||||
$post_author = $user->ID;
|
||||
|
|
@ -605,8 +609,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
||||
|
||||
$postdata = wp_get_single_post($post_ID, ARRAY_A);
|
||||
|
|
@ -844,9 +848,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
if ( !$this->login_pass_ok($user_login, $user_pass) )
|
||||
return $this->error;
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
|
||||
if ( !$user->has_cap('upload_files') ) {
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('upload_files') ) {
|
||||
logIO('O', '(MW) User does not have upload_files capability');
|
||||
$this->error = new IXR_Error(401, 'You are not allowed to upload files to this site.');
|
||||
return $this->error;
|
||||
|
|
@ -984,8 +987,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
||||
|
||||
foreach($categories as $cat) {
|
||||
|
|
@ -1066,8 +1069,8 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
return $this->error;
|
||||
}
|
||||
|
||||
$user = new WP_User(0, $user_login);
|
||||
if ( !$user->has_cap('edit_post', $post_ID) )
|
||||
set_current_user(0, $user_login);
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
return new IXR_Error(401, 'Sorry, you can not edit this post.');
|
||||
|
||||
$postdata = wp_get_single_post($post_ID,ARRAY_A);
|
||||
|
|
@ -1282,4 +1285,4 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||
|
||||
$wp_xmlrpc_server = new wp_xmlrpc_server();
|
||||
|
||||
?>
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue