From f22abd7533527fda0fb1170027fd896af1cc3822 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Fri, 20 Jun 2008 15:39:41 +0000
Subject: [PATCH] Disable remote publishing by default.  Add options to turn
 them back on. Props josephscott. see #7157

git-svn-id: http://svn.automattic.com/wordpress/trunk@8136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/schema.php |  4 +++-
 wp-admin/options-writing.php | 20 ++++++++++++++++++++
 xmlrpc.php                   | 18 +++++++++++++++---
 3 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/wp-admin/includes/schema.php b/wp-admin/includes/schema.php
index 86a9a80776..d796eadb5f 100644
--- a/wp-admin/includes/schema.php
+++ b/wp-admin/includes/schema.php
@@ -255,7 +255,9 @@ function populate_options() {
 
 	// 2.6
 	add_option('avatar_default', 'mystery');
-
+	add_option('enable_app',0);
+	add_option('enable_xmlrpc',0);
+	
 	// Delete unused options
 	$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update', 'action', 'rich_editing', 'autosave_interval', 'deactivated_plugins');
 	foreach ($unusedoptions as $option) :
diff --git a/wp-admin/options-writing.php b/wp-admin/options-writing.php
index 68f304af1b..3d1fc97921 100644
--- a/wp-admin/options-writing.php
+++ b/wp-admin/options-writing.php
@@ -57,6 +57,26 @@ endforeach;
 </tr>
 </table>
 
+<h3><?php _e('Remote Publishing') ?></h3>
+<p><?php printf(__('To post to WordPress from a desktop blogging client or remote website that uses the Atom Publishing Protocol or one of the XML-RPC publishing interfaces you must enable them below.')) ?></p>
+<table class="form-table">
+<tr valign="top">
+<th scope="row"><?php _e('Atom Publishing Protocol') ?></th>
+<td><fieldset><legend class="hidden"><?php _e('Atom Publishing Protocol') ?></legend>
+<label for="enable_app">
+<input name="enable_app" type="checkbox" id="enable_app" value="1" <?php checked('1', get_option('enable_app')); ?> />
+<?php _e('Enable the Atom Publishing Protocol.') ?></label><br />
+</fieldset></td>
+</tr>
+<tr valign="top">
+<th scope="row"><?php _e('XML-RPC') ?></th>
+<td><fieldset><legend class="hidden"><?php _e('XML-RPC') ?></legend>
+<label for="enable_xmlrpc">
+<input name="enable_xmlrpc" type="checkbox" id="enable_xmlrpc" value="1" <?php checked('1', get_option('enable_xmlrpc')); ?> />
+<?php _e('Enable the WordPress, Movable Type, MetaWeblog and Blogger XML-RPC publishing protocols.') ?></label><br />
+</fieldset></td>
+</tr></table>
+
 <h3><?php _e('Post via e-mail') ?></h3>
 <p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it&#8217;s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), wp_generate_password(8, false), wp_generate_password(8, false), wp_generate_password(8, false)) ?></p>
 
diff --git a/xmlrpc.php b/xmlrpc.php
index e58bda195f..5e2d675626 100644
--- a/xmlrpc.php
+++ b/xmlrpc.php
@@ -39,11 +39,14 @@ header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true);
     <engineLink>http://wordpress.org/</engineLink>
     <homePageLink><?php bloginfo_rss('url') ?></homePageLink>
     <apis>
+    <?php if ( get_option('enable_xmlrpc') ) :?>
       <api name="WordPress" blogID="1" preferred="true" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
       <api name="Movable Type" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
       <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
       <api name="Blogger" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
+    <?php endif; if ( get_option('enable_app') ) :?>
       <api name="Atom" blogID="" preferred="false" apiLink="<?php echo apply_filters('atom_service_url', (get_bloginfo('url')."/wp-app.php/service"))?>" />
+    <?php endif; ?>
     </apis>
   </service>
 </rsd>
@@ -108,7 +111,7 @@ if ( isset($HTTP_RAW_POST_DATA) )
 class wp_xmlrpc_server extends IXR_Server {
 
 	function wp_xmlrpc_server() {
-		$this->methods = array(
+		$xmlrpc_methods = array(
 			// WordPress API
 			'wp.getUsersBlogs'		=> 'this:wp_getUsersBlogs',
 			'wp.getPage'			=> 'this:wp_getPage',
@@ -164,8 +167,10 @@ class wp_xmlrpc_server extends IXR_Server {
 			'mt.supportedMethods' => 'this:mt_supportedMethods',
 			'mt.supportedTextFilters' => 'this:mt_supportedTextFilters',
 			'mt.getTrackbackPings' => 'this:mt_getTrackbackPings',
-			'mt.publishPost' => 'this:mt_publishPost',
-
+			'mt.publishPost' => 'this:mt_publishPost'
+		);
+		
+		$xmlrpc_functions = array (
 			// PingBack
 			'pingback.ping' => 'this:pingback_ping',
 			'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks',
@@ -174,6 +179,13 @@ class wp_xmlrpc_server extends IXR_Server {
 			'demo.addTwoNumbers' => 'this:addTwoNumbers'
 		);
 
+		if ( get_option('enable_xmlrpc') )
+		{
+			$this->methods = array_merge($xmlrpc_methods,$xmlrpc_functions);
+		} else {
+			$this->methods = $xmlrpc_functions;
+		}
+		
 		$this->initialise_blog_option_info( );
 		$this->methods = apply_filters('xmlrpc_methods', $this->methods);
 		$this->IXR_Server($this->methods);