Commit Graph

259 Commits

Author SHA1 Message Date
Dion Hulse
a579aad05b XMLRPC: Prevent authentication from occuring after a failed authentication attmept in any single XML-RPC call.
This hardens WordPress against a common vector which uses multiple user identifiers in a single `system.multicall` call. In the event that authentication fails, all following authentication attempts ''in that call'' will also fail.

Props dd32, johnbillion.
Fixes #34336

Built from https://develop.svn.wordpress.org/trunk@35366


git-svn-id: http://core.svn.wordpress.org/trunk@35331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-23 04:46:24 +00:00
Drew Jaynes
217b661703 Docs: Add missing descriptions for the $wpdb global in DocBlocks all the places.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35170


git-svn-id: http://core.svn.wordpress.org/trunk@35136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-14 23:44:25 +00:00
Scott Taylor
8c256a3357 XML-RPC: allow wp_xmlrpc_server::wp_getPosts() to receive s as a filter.
Props chriscct7.
Fixes #25406.

Built from https://develop.svn.wordpress.org/trunk@34860


git-svn-id: http://core.svn.wordpress.org/trunk@34825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-06 13:41:26 +00:00
Sergey Biryukov
0aacea6535 Merge some strings with the same meaning in wp-includes/class-wp-xmlrpc-server.php.
Props pavelevap.
Fixes #33644.
Built from https://develop.svn.wordpress.org/trunk@34798


git-svn-id: http://core.svn.wordpress.org/trunk@34763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-03 14:09:43 +00:00
Scott Taylor
111c05ba47 XML-RPC: calculate the proper offset for GMT in wp.newPost, mw.newPost, and mw.editPost when post_date is set, wp.editComment when comment_date is set. post|comment_date is assumed to be GMT. This is only true if the timezone string for the site matches GMT.
Adds unit tests for each.

Props smerriman, justdaiv, wonderboymusic.
Fixes #30429.

Built from https://develop.svn.wordpress.org/trunk@34681


git-svn-id: http://core.svn.wordpress.org/trunk@34645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 04:05:24 +00:00
Scott Taylor
2c30a11518 After [34577], alter wp_xmlrpc_server::mw_newMediaObject() to check upload space in multisite.
See #21292.

Built from https://develop.svn.wordpress.org/trunk@34603


git-svn-id: http://core.svn.wordpress.org/trunk@34567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 19:49:25 +00:00
Scott Taylor
0405a03b5e XML-RPC: in wp_xmlrpc_server::wp_editTerm(), check ! empty when applying parent logic.
Adds unit tests.

Props hrishiv90, markoheijnen, sam2kb.
Fixes #21977.

Built from https://develop.svn.wordpress.org/trunk@34580


git-svn-id: http://core.svn.wordpress.org/trunk@34544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 05:31:25 +00:00
Scott Taylor
80ac048cbc XML-RPC: upgrade the resposnse ofwp_xmlrpc_server::mw_newMediaObject() based on work down in 3.4 so that it runs the struct through ->_prepare_media_item().
Props markoheijnen.
Fixes #6430.

Built from https://develop.svn.wordpress.org/trunk@34579


git-svn-id: http://core.svn.wordpress.org/trunk@34543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 05:15:25 +00:00
Scott Taylor
e9aa518f04 XML-RPC: move the malfunctioning 'overwrite' code from wp_xmlrpc_server::mw_newMediaObject(). This was suggested 3 years ago.
Props markoheijnen.
Fixes #17604.

Built from https://develop.svn.wordpress.org/trunk@34578


git-svn-id: http://core.svn.wordpress.org/trunk@34542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 05:03:24 +00:00
Scott Taylor
ffe7f0ec5a XML-RPC: In wp_xmlrpc_server::wp_getComments(), allow post_type to be passed as part of $struct.
Props nprasath002.
Fixes #20026.

Built from https://develop.svn.wordpress.org/trunk@34575


git-svn-id: http://core.svn.wordpress.org/trunk@34539 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 04:45:25 +00:00
Scott Taylor
c8b308a647 XML-RPC: In wp_xmlrpc_server::wp_getUsersBlogs(), return the isPrimary flag for each blog.
Props SergeyBiryukov, daniloercoli.
Fixes #25958.

Built from https://develop.svn.wordpress.org/trunk@34574


git-svn-id: http://core.svn.wordpress.org/trunk@34538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 04:35:25 +00:00
Scott Taylor
9b253bbc7b XML-RPC: In wp_xmlrpc_server::blogger_editPost(), make use of the $publish arg (the 6th arg passed to the method) to specify publish or draft. Restores the arg, which I removed in [31092], because it was unused cruft.
Props mdawaffe.
Fixes #10764.

Built from https://develop.svn.wordpress.org/trunk@34573


git-svn-id: http://core.svn.wordpress.org/trunk@34537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 04:01:26 +00:00
Scott Taylor
dd1098e7c5 XML-RPC: In wp_xmlrpc_server::mw_newPost(), if $dateCreated is not set, don't set post_date and post_date_gmt. It calls wp_insert_post(), which will handle it correctly. The problem was drafts being created and GMT date being set. It shouldn't be.
Adds unit test.

Fixes #16985.

Built from https://develop.svn.wordpress.org/trunk@34572


git-svn-id: http://core.svn.wordpress.org/trunk@34536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 03:38:25 +00:00
Scott Taylor
a0ccd4eae8 XML-RPC: wp.getComments should be allowed to return approved comments to those without the 'moderate_comments' cap.
Adds (rewrites) unit tests from 4 years ago that we never committed because....

Props wonderboymusic, koke, ericmann, nprasath002.
Fixes #17981.

Built from https://develop.svn.wordpress.org/trunk@34570


git-svn-id: http://core.svn.wordpress.org/trunk@34534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 02:49:27 +00:00
Scott Taylor
5ea01de963 XML-RPC: Introduce the concept of unit testing to wp_xmlrpc_server::wp_newComment():
* Don't allow comments to be created for posts that have `comment_status` set to `'closed'`
* Set some magic props on `WP_User` to vars before passing them to `wp_xmlrpc_server::escape()`

Props wonderboymusic, jesin.
Fixes #27471.

Built from https://develop.svn.wordpress.org/trunk@34559


git-svn-id: http://core.svn.wordpress.org/trunk@34523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 20:20:23 +00:00
Scott Taylor
c871986819 Uploader: Fire 'wp_handle_upload' in wp_upload_bits(). Thusly, the filter in wp_xmlrpc_server::mw_newMediaObject() is redundant.
Props dllh.
Fixes #33539.

Built from https://develop.svn.wordpress.org/trunk@34257


git-svn-id: http://core.svn.wordpress.org/trunk@34221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 04:46:25 +00:00
Dominik Schilling
e932a2dc5d XMLRPC: Don't allow private posts to be sticky.
See #20662.
Built from https://develop.svn.wordpress.org/trunk@34135


git-svn-id: http://core.svn.wordpress.org/trunk@34103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:38:23 +00:00
Scott Taylor
e73ee5ac98 Introduce WP_Comment class to model/strongly-type rows from the comments database table. Inclusion of this class is a pre-req for some more general comment cleanup and sanity.
* Takes inspiration from `WP_Post` and adds sanity to comment caching. 
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now

Props wonderboymusic, nacin.

See #32619.

Built from https://develop.svn.wordpress.org/trunk@33891


git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 18:17:24 +00:00
Sergey Biryukov
ce05b02a59 Provide more helpful feedback than just "Cheatin' uh?" for permission errors in wp-admin/users.php.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33679. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33885


git-svn-id: http://core.svn.wordpress.org/trunk@33854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 08:54:24 +00:00
Sergey Biryukov
b136b074bf Provide more helpful feedback than just "Cheatin' uh?" for permission errors in wp-admin/edit.php.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33671. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33861


git-svn-id: http://core.svn.wordpress.org/trunk@33829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-02 18:15:20 +00:00
Scott Taylor
ef87172270 foreach is a statement, not a function.
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
Scott Taylor
3982598305 Doc block for_wp_specialchars: $quote_style can also be string ('single' or 'double')
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33700


git-svn-id: http://core.svn.wordpress.org/trunk@33667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-21 18:36:24 +00:00
Drew Jaynes
02ec47fc92 Docs: Standardize @deprecated tag formatting in the DocBlock for wp_xmlrpc_server::login_pass_ok().
Props Alphawolf.
See #28806.

Built from https://develop.svn.wordpress.org/trunk@33677


git-svn-id: http://core.svn.wordpress.org/trunk@33644 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 22:38:25 +00:00
Scott Taylor
45fc6a3def Deprecate post_permalink() (Introduced in 1.0, already had a deprecated argument in 1.3), which just wraps get_permalink() and was only used by XML-RPC in 4 places.
Props solarissmoke.
Fixes #16982.

Built from https://develop.svn.wordpress.org/trunk@33659


git-svn-id: http://core.svn.wordpress.org/trunk@33626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 06:24:26 +00:00
Scott Taylor
4a1f50f732 After [33325], supply a missing post_type in ->mw_editPost().
Add unit test.

Props ocean90.
Fixes #20662.

Built from https://develop.svn.wordpress.org/trunk@33612


git-svn-id: http://core.svn.wordpress.org/trunk@33579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-13 15:28:27 +00:00
Drew Jaynes
bed02906f2 Docs: Fix incorrect indentation for the wp_xmlrpc_server->wp_getPostFormats() DocBlock.
Also adds a missing return description.

Props TomHarrigan.
Fixes #33078.

Built from https://develop.svn.wordpress.org/trunk@33407


git-svn-id: http://core.svn.wordpress.org/trunk@33375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-23 13:19:27 +00:00
Scott Taylor
bf481ed496 After [33325], add a doc summary.
Fixes #20662.

Built from https://develop.svn.wordpress.org/trunk@33343


git-svn-id: http://core.svn.wordpress.org/trunk@33315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-21 15:18:25 +00:00
Scott Taylor
432f9891f7 Ensure that private posts cannot be made sticky via Quick Edit.
DRY the logic for stickies in `wp_xmlrpc_server` by introducing `->_toggle_sticky()`.

Props wonderboymusic, obenland, chriscct7.
Fixes #20662.

Built from https://develop.svn.wordpress.org/trunk@33325


git-svn-id: http://core.svn.wordpress.org/trunk@33297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-19 18:09:25 +00:00
Konstantin Obenland
a4e803fbd4 Use get_default_comment_status() globally.
Also makes the filter name static and passes the post type for context.

Props valendesigns.
Fixes #31168.


Built from https://develop.svn.wordpress.org/trunk@33054


git-svn-id: http://core.svn.wordpress.org/trunk@33025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-02 22:32:25 +00:00
Dion Hulse
2a35e075d7 XML-RPC: Only escape what we need to in wp.editPage, this allows for passwords with the special characters "' to work in a request.
Props redsweater for initial Patch.
Fixes #32703

Built from https://develop.svn.wordpress.org/trunk@32993


git-svn-id: http://core.svn.wordpress.org/trunk@32964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-29 02:07:23 +00:00
Scott Taylor
5c6b63d3a6 if is a statment, not a function.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32800


git-svn-id: http://core.svn.wordpress.org/trunk@32771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 20:01:25 +00:00
Scott Taylor
f888767c73 $status shouldn't be loosely compared to true in wp_xmlrpc_server::wp_deleteComment().
`$initial` shouldn't be loosely compared to `true` in `get_calendar()`.
`current_user_can()` shouldn't be loosely compared to `false` in `kses_init()`
`$get_all` shouldn't be loosely compared to `true` in `get_blog_details()`.
`is_array()` and `in_array()` shouldn't be loosely compared in `wpmu_validate_user_signup()`.
`$result` should by strictly compared in `check_ajax_referer()`.
`wp_verify_nonce()` should by strictly compared in `_show_post_preview()`.
`is_user_logged_in()` should not be loosly compared against `false` in `wp-signup.php`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32733


git-svn-id: http://core.svn.wordpress.org/trunk@32704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 17:48:26 +00:00
Scott Taylor
c502a281bb After [32656], add @access annotations to methods that have no doc block in wp-includes/*.
Makes it easier to search for no doc blocks via `}[\n\t\r ]+(protected|private|public)`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32657


git-svn-id: http://core.svn.wordpress.org/trunk@32627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 21:37:24 +00:00
Scott Taylor
19b8ef0c92 get_comments() can return int, so a few places need to check if the return value is traversable before passing what is assumed to be an array.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32600


git-svn-id: http://core.svn.wordpress.org/trunk@32570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-25 17:59:25 +00:00
Drew Jaynes
4c37f68b79 Fix inline documentation syntax in wp_xmlrpc_server.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32591


git-svn-id: http://core.svn.wordpress.org/trunk@32561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-25 06:25:25 +00:00
Scott Taylor
bd8fafea54 Use void instead of null where appropriate when pipe-delimiting @return types. If a @return only contains void, remove it.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32568


git-svn-id: http://core.svn.wordpress.org/trunk@32538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-24 05:40:25 +00:00
Drew Jaynes
459ccb0d8b Add missing or incomplete argument and return descriptions for wp_xmlrpc_server->wp_editPost().
Also includes many small syntax fixes for inline documentation throughout the file.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@32565


git-svn-id: http://core.svn.wordpress.org/trunk@32535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:47:25 +00:00
Drew Jaynes
2bebcf4c39 Add missing parameter and return descriptions to the DocBlock for wp_xmlrpc_server->_convert_date_gmt().
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32564


git-svn-id: http://core.svn.wordpress.org/trunk@32534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:41:24 +00:00
Drew Jaynes
d94d97eab6 Add missing parameter and return descriptions to the DocBlock for wp_xmlrpc_server->_convert_date().
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32563


git-svn-id: http://core.svn.wordpress.org/trunk@32533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:40:24 +00:00
Drew Jaynes
9f73a3351f Fix inline documentation syntax in the DocBlock for wp_xmlrpc_server->_prepare_taxonomy().
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32562


git-svn-id: http://core.svn.wordpress.org/trunk@32532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:38:25 +00:00
Drew Jaynes
8aa163e65a Fix some inline documentation syntax in the DocBlock for wp_xmlrpc_server->minimum_args().
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32561


git-svn-id: http://core.svn.wordpress.org/trunk@32531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:37:26 +00:00
Drew Jaynes
ebe60d1fc4 Use a valid parameter type of string for the $name parameter in the xmlrpc_call hook docs.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32560


git-svn-id: http://core.svn.wordpress.org/trunk@32530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:36:26 +00:00
Drew Jaynes
18066945ae Add missing argument descriptions for the $args hash notation in wp_xmlrpc_server->wp_getUsersBlogs().
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32559


git-svn-id: http://core.svn.wordpress.org/trunk@32529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:33:27 +00:00
Drew Jaynes
c76493d29b Properly notate the inline link to the xmlrpc_blog_options filter in the description for wp_xmlrpc_server->initialise_blog_option_info().
See #30224.

Built from https://develop.svn.wordpress.org/trunk@32558


git-svn-id: http://core.svn.wordpress.org/trunk@32528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:30:26 +00:00
Drew Jaynes
ed0421e7de Add a proper return description for the wp_xmlrpc_server->addTwoNumbers() method.
See [30181]. See #30224.

Built from https://develop.svn.wordpress.org/trunk@32557


git-svn-id: http://core.svn.wordpress.org/trunk@32527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:26:26 +00:00
Drew Jaynes
7a93dda2d2 Add proper descriptions for the $methods, $blog_options, and $error properties in wp_xmlrpc_server.
See [30181]. See #30224.

Built from https://develop.svn.wordpress.org/trunk@32556


git-svn-id: http://core.svn.wordpress.org/trunk@32526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:23:25 +00:00
Scott Taylor
ecf4c668b3 Upgrade the doc blocks in class-wp-xmlrpc-server.php. Rehabilitate some unfortunate use of tabbing.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32550


git-svn-id: http://core.svn.wordpress.org/trunk@32520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 19:37:24 +00:00
Dominik Schilling
60c9fdf9fd Merge similar error strings for invalid data.
props pavelevap.
fixes #32329.
Built from https://develop.svn.wordpress.org/trunk@32477


git-svn-id: http://core.svn.wordpress.org/trunk@32447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-09 21:09:25 +00:00
Sergey Biryukov
7a6cba1308 Remove duplicate string with a typo, merge it with an existing string.
props pavelevap.
fixes #32020.
Built from https://develop.svn.wordpress.org/trunk@32209


git-svn-id: http://core.svn.wordpress.org/trunk@32182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 15:27:25 +00:00
John Blackbourn
c996169c04 Correctly set the post author in wp_xmlrpc_server::mw_editPost() when the current user is not the author of the post.
Props redsweater, markoheijnen, DrewAPicture
Fixes #24916

Built from https://develop.svn.wordpress.org/trunk@31983


git-svn-id: http://core.svn.wordpress.org/trunk@31962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-02 15:49:30 +00:00