WordPress 4.1
[autoinstalls/wordpress.git] / wp-includes / class-wp-xmlrpc-server.php
1 <?php
2 /**
3  * XML-RPC protocol support for WordPress
4  *
5  * @package WordPress
6  * @subpackage Publishing
7  */
8
9 /**
10  * WordPress XMLRPC server implementation.
11  *
12  * Implements compatibility for Blogger API, MetaWeblog API, MovableType, and
13  * pingback. Additional WordPress API for managing comments, pages, posts,
14  * options, etc.
15  *
16  * As of WordPress 3.5.0, XML-RPC is enabled by default. It can be disabled
17  * via the xmlrpc_enabled filter found in wp_xmlrpc_server::login().
18  *
19  * @package WordPress
20  * @subpackage Publishing
21  * @since 1.5.0
22  */
23 class wp_xmlrpc_server extends IXR_Server {
24         /**
25          * @var array
26          */
27         public $methods;
28         /**
29          * @var array
30          */
31         public $blog_options;
32         /**
33          * @var IXR_Error
34          */
35         public $error;
36         /**
37          * Register all of the XMLRPC methods that XMLRPC server understands.
38          *
39          * Sets up server and method property. Passes XMLRPC
40          * methods through the 'xmlrpc_methods' filter to allow plugins to extend
41          * or replace XMLRPC methods.
42          *
43          * @since 1.5.0
44          *
45          * @return wp_xmlrpc_server
46          */
47         public function __construct() {
48                 $this->methods = array(
49                         // WordPress API
50                         'wp.getUsersBlogs'              => 'this:wp_getUsersBlogs',
51                         'wp.newPost'                    => 'this:wp_newPost',
52                         'wp.editPost'                   => 'this:wp_editPost',
53                         'wp.deletePost'                 => 'this:wp_deletePost',
54                         'wp.getPost'                    => 'this:wp_getPost',
55                         'wp.getPosts'                   => 'this:wp_getPosts',
56                         'wp.newTerm'                    => 'this:wp_newTerm',
57                         'wp.editTerm'                   => 'this:wp_editTerm',
58                         'wp.deleteTerm'                 => 'this:wp_deleteTerm',
59                         'wp.getTerm'                    => 'this:wp_getTerm',
60                         'wp.getTerms'                   => 'this:wp_getTerms',
61                         'wp.getTaxonomy'                => 'this:wp_getTaxonomy',
62                         'wp.getTaxonomies'              => 'this:wp_getTaxonomies',
63                         'wp.getUser'                    => 'this:wp_getUser',
64                         'wp.getUsers'                   => 'this:wp_getUsers',
65                         'wp.getProfile'                 => 'this:wp_getProfile',
66                         'wp.editProfile'                => 'this:wp_editProfile',
67                         'wp.getPage'                    => 'this:wp_getPage',
68                         'wp.getPages'                   => 'this:wp_getPages',
69                         'wp.newPage'                    => 'this:wp_newPage',
70                         'wp.deletePage'                 => 'this:wp_deletePage',
71                         'wp.editPage'                   => 'this:wp_editPage',
72                         'wp.getPageList'                => 'this:wp_getPageList',
73                         'wp.getAuthors'                 => 'this:wp_getAuthors',
74                         'wp.getCategories'              => 'this:mw_getCategories',             // Alias
75                         'wp.getTags'                    => 'this:wp_getTags',
76                         'wp.newCategory'                => 'this:wp_newCategory',
77                         'wp.deleteCategory'             => 'this:wp_deleteCategory',
78                         'wp.suggestCategories'  => 'this:wp_suggestCategories',
79                         'wp.uploadFile'                 => 'this:mw_newMediaObject',    // Alias
80                         'wp.deleteFile'                 => 'this:wp_deletePost',                // Alias
81                         'wp.getCommentCount'    => 'this:wp_getCommentCount',
82                         'wp.getPostStatusList'  => 'this:wp_getPostStatusList',
83                         'wp.getPageStatusList'  => 'this:wp_getPageStatusList',
84                         'wp.getPageTemplates'   => 'this:wp_getPageTemplates',
85                         'wp.getOptions'                 => 'this:wp_getOptions',
86                         'wp.setOptions'                 => 'this:wp_setOptions',
87                         'wp.getComment'                 => 'this:wp_getComment',
88                         'wp.getComments'                => 'this:wp_getComments',
89                         'wp.deleteComment'              => 'this:wp_deleteComment',
90                         'wp.editComment'                => 'this:wp_editComment',
91                         'wp.newComment'                 => 'this:wp_newComment',
92                         'wp.getCommentStatusList' => 'this:wp_getCommentStatusList',
93                         'wp.getMediaItem'               => 'this:wp_getMediaItem',
94                         'wp.getMediaLibrary'    => 'this:wp_getMediaLibrary',
95                         'wp.getPostFormats'     => 'this:wp_getPostFormats',
96                         'wp.getPostType'                => 'this:wp_getPostType',
97                         'wp.getPostTypes'               => 'this:wp_getPostTypes',
98                         'wp.getRevisions'               => 'this:wp_getRevisions',
99                         'wp.restoreRevision'    => 'this:wp_restoreRevision',
100
101                         // Blogger API
102                         'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs',
103                         'blogger.getUserInfo' => 'this:blogger_getUserInfo',
104                         'blogger.getPost' => 'this:blogger_getPost',
105                         'blogger.getRecentPosts' => 'this:blogger_getRecentPosts',
106                         'blogger.newPost' => 'this:blogger_newPost',
107                         'blogger.editPost' => 'this:blogger_editPost',
108                         'blogger.deletePost' => 'this:blogger_deletePost',
109
110                         // MetaWeblog API (with MT extensions to structs)
111                         'metaWeblog.newPost' => 'this:mw_newPost',
112                         'metaWeblog.editPost' => 'this:mw_editPost',
113                         'metaWeblog.getPost' => 'this:mw_getPost',
114                         'metaWeblog.getRecentPosts' => 'this:mw_getRecentPosts',
115                         'metaWeblog.getCategories' => 'this:mw_getCategories',
116                         'metaWeblog.newMediaObject' => 'this:mw_newMediaObject',
117
118                         // MetaWeblog API aliases for Blogger API
119                         // see http://www.xmlrpc.com/stories/storyReader$2460
120                         'metaWeblog.deletePost' => 'this:blogger_deletePost',
121                         'metaWeblog.getUsersBlogs' => 'this:blogger_getUsersBlogs',
122
123                         // MovableType API
124                         'mt.getCategoryList' => 'this:mt_getCategoryList',
125                         'mt.getRecentPostTitles' => 'this:mt_getRecentPostTitles',
126                         'mt.getPostCategories' => 'this:mt_getPostCategories',
127                         'mt.setPostCategories' => 'this:mt_setPostCategories',
128                         'mt.supportedMethods' => 'this:mt_supportedMethods',
129                         'mt.supportedTextFilters' => 'this:mt_supportedTextFilters',
130                         'mt.getTrackbackPings' => 'this:mt_getTrackbackPings',
131                         'mt.publishPost' => 'this:mt_publishPost',
132
133                         // PingBack
134                         'pingback.ping' => 'this:pingback_ping',
135                         'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks',
136
137                         'demo.sayHello' => 'this:sayHello',
138                         'demo.addTwoNumbers' => 'this:addTwoNumbers'
139                 );
140
141                 $this->initialise_blog_option_info();
142
143                 /**
144                  * Filter the methods exposed by the XML-RPC server.
145                  *
146                  * This filter can be used to add new methods, and remove built-in methods.
147                  *
148                  * @since 1.5.0
149                  *
150                  * @param array $methods An array of XML-RPC methods.
151                  */
152                 $this->methods = apply_filters( 'xmlrpc_methods', $this->methods );
153         }
154
155         /**
156          * Make private/protected methods readable for backwards compatibility.
157          *
158          * @since 4.0.0
159          * @access public
160          *
161          * @param callable $name      Method to call.
162          * @param array    $arguments Arguments to pass when calling.
163          * @return mixed|bool Return value of the callback, false otherwise.
164          */
165         public function __call( $name, $arguments ) {
166                 return call_user_func_array( array( $this, $name ), $arguments );
167         }
168
169         public function serve_request() {
170                 $this->IXR_Server($this->methods);
171         }
172
173         /**
174          * Test XMLRPC API by saying, "Hello!" to client.
175          *
176          * @since 1.5.0
177          *
178          * @param array $args Method Parameters.
179          * @return string
180          */
181         public function sayHello($args) {
182                 return 'Hello!';
183         }
184
185         /**
186          * Test XMLRPC API by adding two numbers for client.
187          *
188          * @since 1.5.0
189          *
190          * @param array $args Method Parameters.
191          * @return int
192          */
193         public function addTwoNumbers($args) {
194                 $number1 = $args[0];
195                 $number2 = $args[1];
196                 return $number1 + $number2;
197         }
198
199         /**
200          * Log user in.
201          *
202          * @since 2.8.0
203          *
204          * @param string $username User's username.
205          * @param string $password User's password.
206          * @return WP_User|bool WP_User object if authentication passed, false otherwise
207          */
208         public function login( $username, $password ) {
209                 /*
210                  * Respect old get_option() filters left for back-compat when the 'enable_xmlrpc'
211                  * option was deprecated in 3.5.0. Use the 'xmlrpc_enabled' hook instead.
212                  */
213                 $enabled = apply_filters( 'pre_option_enable_xmlrpc', false );
214                 if ( false === $enabled ) {
215                         $enabled = apply_filters( 'option_enable_xmlrpc', true );
216                 }
217
218                 /**
219                  * Filter whether XML-RPC is enabled.
220                  *
221                  * This is the proper filter for turning off XML-RPC.
222                  *
223                  * @since 3.5.0
224                  *
225                  * @param bool $enabled Whether XML-RPC is enabled. Default true.
226                  */
227                 $enabled = apply_filters( 'xmlrpc_enabled', $enabled );
228
229                 if ( ! $enabled ) {
230                         $this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this site.' ) ) );
231                         return false;
232                 }
233
234                 $user = wp_authenticate($username, $password);
235
236                 if (is_wp_error($user)) {
237                         $this->error = new IXR_Error( 403, __( 'Incorrect username or password.' ) );
238
239                         /**
240                          * Filter the XML-RPC user login error message.
241                          *
242                          * @since 3.5.0
243                          *
244                          * @param string  $error The XML-RPC error message.
245                          * @param WP_User $user  WP_User object.
246                          */
247                         $this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user );
248                         return false;
249                 }
250
251                 wp_set_current_user( $user->ID );
252                 return $user;
253         }
254
255         /**
256          * Check user's credentials. Deprecated.
257          *
258          * @since 1.5.0
259          * @deprecated 2.8.0
260          * @deprecated use wp_xmlrpc_server::login
261          * @see wp_xmlrpc_server::login
262          *
263          * @param string $username User's username.
264          * @param string $password User's password.
265          * @return bool Whether authentication passed.
266          */
267         public function login_pass_ok( $username, $password ) {
268                 return (bool) $this->login( $username, $password );
269         }
270
271         /**
272          * Escape string or array of strings for database.
273          *
274          * @since 1.5.2
275          *
276          * @param string|array $data Escape single string or array of strings.
277          * @return string|array Type matches $data and sanitized for the database.
278          */
279         public function escape( &$data ) {
280                 if ( ! is_array( $data ) )
281                         return wp_slash( $data );
282
283                 foreach ( $data as &$v ) {
284                         if ( is_array( $v ) )
285                                 $this->escape( $v );
286                         elseif ( ! is_object( $v ) )
287                                 $v = wp_slash( $v );
288                 }
289         }
290
291         /**
292          * Retrieve custom fields for post.
293          *
294          * @since 2.5.0
295          *
296          * @param int $post_id Post ID.
297          * @return array Custom fields, if exist.
298          */
299         public function get_custom_fields($post_id) {
300                 $post_id = (int) $post_id;
301
302                 $custom_fields = array();
303
304                 foreach ( (array) has_meta($post_id) as $meta ) {
305                         // Don't expose protected fields.
306                         if ( ! current_user_can( 'edit_post_meta', $post_id , $meta['meta_key'] ) )
307                                 continue;
308
309                         $custom_fields[] = array(
310                                 "id"    => $meta['meta_id'],
311                                 "key"   => $meta['meta_key'],
312                                 "value" => $meta['meta_value']
313                         );
314                 }
315
316                 return $custom_fields;
317         }
318
319         /**
320          * Set custom fields for post.
321          *
322          * @since 2.5.0
323          *
324          * @param int $post_id Post ID.
325          * @param array $fields Custom fields.
326          */
327         public function set_custom_fields($post_id, $fields) {
328                 $post_id = (int) $post_id;
329
330                 foreach ( (array) $fields as $meta ) {
331                         if ( isset($meta['id']) ) {
332                                 $meta['id'] = (int) $meta['id'];
333                                 $pmeta = get_metadata_by_mid( 'post', $meta['id'] );
334                                 if ( isset($meta['key']) ) {
335                                         $meta['key'] = wp_unslash( $meta['key'] );
336                                         if ( $meta['key'] !== $pmeta->meta_key )
337                                                 continue;
338                                         $meta['value'] = wp_unslash( $meta['value'] );
339                                         if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
340                                                 update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
341                                 } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
342                                         delete_metadata_by_mid( 'post', $meta['id'] );
343                                 }
344                         } elseif ( current_user_can( 'add_post_meta', $post_id, wp_unslash( $meta['key'] ) ) ) {
345                                 add_post_meta( $post_id, $meta['key'], $meta['value'] );
346                         }
347                 }
348         }
349
350         /**
351          * Set up blog options property.
352          *
353          * Passes property through 'xmlrpc_blog_options' filter.
354          *
355          * @since 2.6.0
356          */
357         public function initialise_blog_option_info() {
358                 global $wp_version;
359
360                 $this->blog_options = array(
361                         // Read only options
362                         'software_name'     => array(
363                                 'desc'          => __( 'Software Name' ),
364                                 'readonly'      => true,
365                                 'value'         => 'WordPress'
366                         ),
367                         'software_version'  => array(
368                                 'desc'          => __( 'Software Version' ),
369                                 'readonly'      => true,
370                                 'value'         => $wp_version
371                         ),
372                         'blog_url'          => array(
373                                 'desc'          => __( 'WordPress Address (URL)' ),
374                                 'readonly'      => true,
375                                 'option'        => 'siteurl'
376                         ),
377                         'home_url'          => array(
378                                 'desc'          => __( 'Site Address (URL)' ),
379                                 'readonly'      => true,
380                                 'option'        => 'home'
381                         ),
382                         'login_url'          => array(
383                                 'desc'          => __( 'Login Address (URL)' ),
384                                 'readonly'      => true,
385                                 'value'         => wp_login_url( )
386                         ),
387                         'admin_url'          => array(
388                                 'desc'          => __( 'The URL to the admin area' ),
389                                 'readonly'      => true,
390                                 'value'         => get_admin_url( )
391                         ),
392                         'image_default_link_type' => array(
393                                 'desc'          => __( 'Image default link type' ),
394                                 'readonly'      => true,
395                                 'option'        => 'image_default_link_type'
396                         ),
397                         'image_default_size' => array(
398                                 'desc'          => __( 'Image default size' ),
399                                 'readonly'      => true,
400                                 'option'        => 'image_default_size'
401                         ),
402                         'image_default_align' => array(
403                                 'desc'          => __( 'Image default align' ),
404                                 'readonly'      => true,
405                                 'option'        => 'image_default_align'
406                         ),
407                         'template'          => array(
408                                 'desc'          => __( 'Template' ),
409                                 'readonly'      => true,
410                                 'option'        => 'template'
411                         ),
412                         'stylesheet'        => array(
413                                 'desc'          => __( 'Stylesheet' ),
414                                 'readonly'      => true,
415                                 'option'        => 'stylesheet'
416                         ),
417                         'post_thumbnail'    => array(
418                                 'desc'          => __('Post Thumbnail'),
419                                 'readonly'      => true,
420                                 'value'         => current_theme_supports( 'post-thumbnails' )
421                         ),
422
423                         // Updatable options
424                         'time_zone'         => array(
425                                 'desc'          => __( 'Time Zone' ),
426                                 'readonly'      => false,
427                                 'option'        => 'gmt_offset'
428                         ),
429                         'blog_title'        => array(
430                                 'desc'          => __( 'Site Title' ),
431                                 'readonly'      => false,
432                                 'option'        => 'blogname'
433                         ),
434                         'blog_tagline'      => array(
435                                 'desc'          => __( 'Site Tagline' ),
436                                 'readonly'      => false,
437                                 'option'        => 'blogdescription'
438                         ),
439                         'date_format'       => array(
440                                 'desc'          => __( 'Date Format' ),
441                                 'readonly'      => false,
442                                 'option'        => 'date_format'
443                         ),
444                         'time_format'       => array(
445                                 'desc'          => __( 'Time Format' ),
446                                 'readonly'      => false,
447                                 'option'        => 'time_format'
448                         ),
449                         'users_can_register' => array(
450                                 'desc'          => __( 'Allow new users to sign up' ),
451                                 'readonly'      => false,
452                                 'option'        => 'users_can_register'
453                         ),
454                         'thumbnail_size_w'  => array(
455                                 'desc'          => __( 'Thumbnail Width' ),
456                                 'readonly'      => false,
457                                 'option'        => 'thumbnail_size_w'
458                         ),
459                         'thumbnail_size_h'  => array(
460                                 'desc'          => __( 'Thumbnail Height' ),
461                                 'readonly'      => false,
462                                 'option'        => 'thumbnail_size_h'
463                         ),
464                         'thumbnail_crop'    => array(
465                                 'desc'          => __( 'Crop thumbnail to exact dimensions' ),
466                                 'readonly'      => false,
467                                 'option'        => 'thumbnail_crop'
468                         ),
469                         'medium_size_w'     => array(
470                                 'desc'          => __( 'Medium size image width' ),
471                                 'readonly'      => false,
472                                 'option'        => 'medium_size_w'
473                         ),
474                         'medium_size_h'     => array(
475                                 'desc'          => __( 'Medium size image height' ),
476                                 'readonly'      => false,
477                                 'option'        => 'medium_size_h'
478                         ),
479                         'large_size_w'      => array(
480                                 'desc'          => __( 'Large size image width' ),
481                                 'readonly'      => false,
482                                 'option'        => 'large_size_w'
483                         ),
484                         'large_size_h'      => array(
485                                 'desc'          => __( 'Large size image height' ),
486                                 'readonly'      => false,
487                                 'option'        => 'large_size_h'
488                         ),
489                         'default_comment_status' => array(
490                                 'desc'          => __( 'Allow people to post comments on new articles' ),
491                                 'readonly'      => false,
492                                 'option'        => 'default_comment_status'
493                         ),
494                         'default_ping_status' => array(
495                                 'desc'          => __( 'Allow link notifications from other blogs (pingbacks and trackbacks)' ),
496                                 'readonly'      => false,
497                                 'option'        => 'default_ping_status'
498                         )
499                 );
500
501                 /**
502                  * Filter the XML-RPC blog options property.
503                  *
504                  * @since 2.6.0
505                  *
506                  * @param array $blog_options An array of XML-RPC blog options.
507                  */
508                 $this->blog_options = apply_filters( 'xmlrpc_blog_options', $this->blog_options );
509         }
510
511         /**
512          * Retrieve the blogs of the user.
513          *
514          * @since 2.6.0
515          *
516          * @param array $args Method parameters. Contains:
517          *  - username
518          *  - password
519          * @return array|IXR_Error Array contains:
520          *  - 'isAdmin'
521          *  - 'url'
522          *  - 'blogid'
523          *  - 'blogName'
524          *  - 'xmlrpc' - url of xmlrpc endpoint
525          */
526         public function wp_getUsersBlogs( $args ) {
527                 // If this isn't on WPMU then just use blogger_getUsersBlogs
528                 if ( !is_multisite() ) {
529                         array_unshift( $args, 1 );
530                         return $this->blogger_getUsersBlogs( $args );
531                 }
532
533                 $this->escape( $args );
534
535                 $username = $args[0];
536                 $password = $args[1];
537
538                 if ( !$user = $this->login($username, $password) )
539                         return $this->error;
540
541                 /**
542                  * Fires after the XML-RPC user has been authenticated but before the rest of
543                  * the method logic begins.
544                  *
545                  * All built-in XML-RPC methods use the action xmlrpc_call, with a parameter
546                  * equal to the method's name, e.g., wp.getUsersBlogs, wp.newPost, etc.
547                  *
548                  * @since 2.5.0
549                  *
550                  * @param method $name The method name.
551                  */
552                 do_action( 'xmlrpc_call', 'wp.getUsersBlogs' );
553
554                 $blogs = (array) get_blogs_of_user( $user->ID );
555                 $struct = array();
556
557                 foreach ( $blogs as $blog ) {
558                         // Don't include blogs that aren't hosted at this site
559                         if ( $blog->site_id != get_current_site()->id )
560                                 continue;
561
562                         $blog_id = $blog->userblog_id;
563
564                         switch_to_blog( $blog_id );
565
566                         $is_admin = current_user_can( 'manage_options' );
567
568                         $struct[] = array(
569                                 'isAdmin'               => $is_admin,
570                                 'url'                   => home_url( '/' ),
571                                 'blogid'                => (string) $blog_id,
572                                 'blogName'              => get_option( 'blogname' ),
573                                 'xmlrpc'                => site_url( 'xmlrpc.php', 'rpc' ),
574                         );
575
576                         restore_current_blog();
577                 }
578
579                 return $struct;
580         }
581
582         /**
583          * Checks if the method received at least the minimum number of arguments.
584          *
585          * @since 3.4.0
586          *
587          * @param string|array $args Sanitize single string or array of strings.
588          * @param int $count Minimum number of arguments.
589          * @return boolean if $args contains at least $count arguments.
590          */
591         protected function minimum_args( $args, $count ) {
592                 if ( count( $args ) < $count ) {
593                         $this->error = new IXR_Error( 400, __( 'Insufficient arguments passed to this XML-RPC method.' ) );
594                         return false;
595                 }
596
597                 return true;
598         }
599
600         /**
601          * Prepares taxonomy data for return in an XML-RPC object.
602          *
603          * @access protected
604          *
605          * @param object $taxonomy The unprepared taxonomy data
606          * @param array $fields The subset of taxonomy fields to return
607          * @return array The prepared taxonomy data
608          */
609         protected function _prepare_taxonomy( $taxonomy, $fields ) {
610                 $_taxonomy = array(
611                         'name' => $taxonomy->name,
612                         'label' => $taxonomy->label,
613                         'hierarchical' => (bool) $taxonomy->hierarchical,
614                         'public' => (bool) $taxonomy->public,
615                         'show_ui' => (bool) $taxonomy->show_ui,
616                         '_builtin' => (bool) $taxonomy->_builtin,
617                 );
618
619                 if ( in_array( 'labels', $fields ) )
620                         $_taxonomy['labels'] = (array) $taxonomy->labels;
621
622                 if ( in_array( 'cap', $fields ) )
623                         $_taxonomy['cap'] = (array) $taxonomy->cap;
624
625                 if ( in_array( 'menu', $fields ) )
626                         $_taxonomy['show_in_menu'] = (bool) $_taxonomy->show_in_menu;
627
628                 if ( in_array( 'object_type', $fields ) )
629                         $_taxonomy['object_type'] = array_unique( (array) $taxonomy->object_type );
630
631                 /**
632                  * Filter XML-RPC-prepared data for the given taxonomy.
633                  *
634                  * @since 3.4.0
635                  *
636                  * @param array  $_taxonomy An array of taxonomy data.
637                  * @param object $taxonomy  Taxonomy object.
638                  * @param array  $fields    The subset of taxonomy fields to return.
639                  */
640                 return apply_filters( 'xmlrpc_prepare_taxonomy', $_taxonomy, $taxonomy, $fields );
641         }
642
643         /**
644          * Prepares term data for return in an XML-RPC object.
645          *
646          * @access protected
647          *
648          * @param array|object $term The unprepared term data
649          * @return array The prepared term data
650          */
651         protected function _prepare_term( $term ) {
652                 $_term = $term;
653                 if ( ! is_array( $_term) )
654                         $_term = get_object_vars( $_term );
655
656                 // For integers which may be larger than XML-RPC supports ensure we return strings.
657                 $_term['term_id'] = strval( $_term['term_id'] );
658                 $_term['term_group'] = strval( $_term['term_group'] );
659                 $_term['term_taxonomy_id'] = strval( $_term['term_taxonomy_id'] );
660                 $_term['parent'] = strval( $_term['parent'] );
661
662                 // Count we are happy to return as an integer because people really shouldn't use terms that much.
663                 $_term['count'] = intval( $_term['count'] );
664
665                 /**
666                  * Filter XML-RPC-prepared data for the given term.
667                  *
668                  * @since 3.4.0
669                  *
670                  * @param array        $_term An array of term data.
671                  * @param array|object $term  Term object or array.
672                  */
673                 return apply_filters( 'xmlrpc_prepare_term', $_term, $term );
674         }
675
676         /**
677          * Convert a WordPress date string to an IXR_Date object.
678          *
679          * @access protected
680          *
681          * @param string $date
682          * @return IXR_Date
683          */
684         protected function _convert_date( $date ) {
685                 if ( $date === '0000-00-00 00:00:00' ) {
686                         return new IXR_Date( '00000000T00:00:00Z' );
687                 }
688                 return new IXR_Date( mysql2date( 'Ymd\TH:i:s', $date, false ) );
689         }
690
691         /**
692          * Convert a WordPress GMT date string to an IXR_Date object.
693          *
694          * @access protected
695          *
696          * @param string $date_gmt
697          * @param string $date
698          * @return IXR_Date
699          */
700         protected function _convert_date_gmt( $date_gmt, $date ) {
701                 if ( $date !== '0000-00-00 00:00:00' && $date_gmt === '0000-00-00 00:00:00' ) {
702                         return new IXR_Date( get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $date, false ), 'Ymd\TH:i:s' ) );
703                 }
704                 return $this->_convert_date( $date_gmt );
705         }
706
707         /**
708          * Prepares post data for return in an XML-RPC object.
709          *
710          * @access protected
711          *
712          * @param array $post The unprepared post data
713          * @param array $fields The subset of post type fields to return
714          * @return array The prepared post data
715          */
716         protected function _prepare_post( $post, $fields ) {
717                 // holds the data for this post. built up based on $fields
718                 $_post = array( 'post_id' => strval( $post['ID'] ) );
719
720                 // prepare common post fields
721                 $post_fields = array(
722                         'post_title'        => $post['post_title'],
723                         'post_date'         => $this->_convert_date( $post['post_date'] ),
724                         'post_date_gmt'     => $this->_convert_date_gmt( $post['post_date_gmt'], $post['post_date'] ),
725                         'post_modified'     => $this->_convert_date( $post['post_modified'] ),
726                         'post_modified_gmt' => $this->_convert_date_gmt( $post['post_modified_gmt'], $post['post_modified'] ),
727                         'post_status'       => $post['post_status'],
728                         'post_type'         => $post['post_type'],
729                         'post_name'         => $post['post_name'],
730                         'post_author'       => $post['post_author'],
731                         'post_password'     => $post['post_password'],
732                         'post_excerpt'      => $post['post_excerpt'],
733                         'post_content'      => $post['post_content'],
734                         'post_parent'       => strval( $post['post_parent'] ),
735                         'post_mime_type'    => $post['post_mime_type'],
736                         'link'              => post_permalink( $post['ID'] ),
737                         'guid'              => $post['guid'],
738                         'menu_order'        => intval( $post['menu_order'] ),
739                         'comment_status'    => $post['comment_status'],
740                         'ping_status'       => $post['ping_status'],
741                         'sticky'            => ( $post['post_type'] === 'post' && is_sticky( $post['ID'] ) ),
742                 );
743
744                 // Thumbnail
745                 $post_fields['post_thumbnail'] = array();
746                 $thumbnail_id = get_post_thumbnail_id( $post['ID'] );
747                 if ( $thumbnail_id ) {
748                         $thumbnail_size = current_theme_supports('post-thumbnail') ? 'post-thumbnail' : 'thumbnail';
749                         $post_fields['post_thumbnail'] = $this->_prepare_media_item( get_post( $thumbnail_id ), $thumbnail_size );
750                 }
751
752                 // Consider future posts as published
753                 if ( $post_fields['post_status'] === 'future' )
754                         $post_fields['post_status'] = 'publish';
755
756                 // Fill in blank post format
757                 $post_fields['post_format'] = get_post_format( $post['ID'] );
758                 if ( empty( $post_fields['post_format'] ) )
759                         $post_fields['post_format'] = 'standard';
760
761                 // Merge requested $post_fields fields into $_post
762                 if ( in_array( 'post', $fields ) ) {
763                         $_post = array_merge( $_post, $post_fields );
764                 } else {
765                         $requested_fields = array_intersect_key( $post_fields, array_flip( $fields ) );
766                         $_post = array_merge( $_post, $requested_fields );
767                 }
768
769                 $all_taxonomy_fields = in_array( 'taxonomies', $fields );
770
771                 if ( $all_taxonomy_fields || in_array( 'terms', $fields ) ) {
772                         $post_type_taxonomies = get_object_taxonomies( $post['post_type'], 'names' );
773                         $terms = wp_get_object_terms( $post['ID'], $post_type_taxonomies );
774                         $_post['terms'] = array();
775                         foreach ( $terms as $term ) {
776                                 $_post['terms'][] = $this->_prepare_term( $term );
777                         }
778                 }
779
780                 if ( in_array( 'custom_fields', $fields ) )
781                         $_post['custom_fields'] = $this->get_custom_fields( $post['ID'] );
782
783                 if ( in_array( 'enclosure', $fields ) ) {
784                         $_post['enclosure'] = array();
785                         $enclosures = (array) get_post_meta( $post['ID'], 'enclosure' );
786                         if ( ! empty( $enclosures ) ) {
787                                 $encdata = explode( "\n", $enclosures[0] );
788                                 $_post['enclosure']['url'] = trim( htmlspecialchars( $encdata[0] ) );
789                                 $_post['enclosure']['length'] = (int) trim( $encdata[1] );
790                                 $_post['enclosure']['type'] = trim( $encdata[2] );
791                         }
792                 }
793
794                 /**
795                  * Filter XML-RPC-prepared date for the given post.
796                  *
797                  * @since 3.4.0
798                  *
799                  * @param array $_post  An array of modified post data.
800                  * @param array $post   An array of post data.
801                  * @param array $fields An array of post fields.
802                  */
803                 return apply_filters( 'xmlrpc_prepare_post', $_post, $post, $fields );
804         }
805
806         /**
807          * Prepares post data for return in an XML-RPC object.
808          *
809          * @access protected
810          *
811          * @param object $post_type Post type object
812          * @param array $fields The subset of post fields to return
813          * @return array The prepared post type data
814          */
815         protected function _prepare_post_type( $post_type, $fields ) {
816                 $_post_type = array(
817                         'name' => $post_type->name,
818                         'label' => $post_type->label,
819                         'hierarchical' => (bool) $post_type->hierarchical,
820                         'public' => (bool) $post_type->public,
821                         'show_ui' => (bool) $post_type->show_ui,
822                         '_builtin' => (bool) $post_type->_builtin,
823                         'has_archive' => (bool) $post_type->has_archive,
824                         'supports' => get_all_post_type_supports( $post_type->name ),
825                 );
826
827                 if ( in_array( 'labels', $fields ) ) {
828                         $_post_type['labels'] = (array) $post_type->labels;
829                 }
830
831                 if ( in_array( 'cap', $fields ) ) {
832                         $_post_type['cap'] = (array) $post_type->cap;
833                         $_post_type['map_meta_cap'] = (bool) $post_type->map_meta_cap;
834                 }
835
836                 if ( in_array( 'menu', $fields ) ) {
837                         $_post_type['menu_position'] = (int) $post_type->menu_position;
838                         $_post_type['menu_icon'] = $post_type->menu_icon;
839                         $_post_type['show_in_menu'] = (bool) $post_type->show_in_menu;
840                 }
841
842                 if ( in_array( 'taxonomies', $fields ) )
843                         $_post_type['taxonomies'] = get_object_taxonomies( $post_type->name, 'names' );
844
845                 /**
846                  * Filter XML-RPC-prepared date for the given post type.
847                  *
848                  * @since 3.4.0
849                  *
850                  * @param array  $_post_type An array of post type data.
851                  * @param object $post_type  Post type object.
852                  */
853                 return apply_filters( 'xmlrpc_prepare_post_type', $_post_type, $post_type );
854         }
855
856         /**
857          * Prepares media item data for return in an XML-RPC object.
858          *
859          * @access protected
860          *
861          * @param object $media_item The unprepared media item data
862          * @param string $thumbnail_size The image size to use for the thumbnail URL
863          * @return array The prepared media item data
864          */
865         protected function _prepare_media_item( $media_item, $thumbnail_size = 'thumbnail' ) {
866                 $_media_item = array(
867                         'attachment_id'    => strval( $media_item->ID ),
868                         'date_created_gmt' => $this->_convert_date_gmt( $media_item->post_date_gmt, $media_item->post_date ),
869                         'parent'           => $media_item->post_parent,
870                         'link'             => wp_get_attachment_url( $media_item->ID ),
871                         'title'            => $media_item->post_title,
872                         'caption'          => $media_item->post_excerpt,
873                         'description'      => $media_item->post_content,
874                         'metadata'         => wp_get_attachment_metadata( $media_item->ID ),
875                 );
876
877                 $thumbnail_src = image_downsize( $media_item->ID, $thumbnail_size );
878                 if ( $thumbnail_src )
879                         $_media_item['thumbnail'] = $thumbnail_src[0];
880                 else
881                         $_media_item['thumbnail'] = $_media_item['link'];
882
883                 /**
884                  * Filter XML-RPC-prepared data for the given media item.
885                  *
886                  * @since 3.4.0
887                  *
888                  * @param array  $_media_item    An array of media item data.
889                  * @param object $media_item     Media item object.
890                  * @param string $thumbnail_size Image size.
891                  */
892                 return apply_filters( 'xmlrpc_prepare_media_item', $_media_item, $media_item, $thumbnail_size );
893         }
894
895         /**
896          * Prepares page data for return in an XML-RPC object.
897          *
898          * @access protected
899          *
900          * @param object $page The unprepared page data
901          * @return array The prepared page data
902          */
903         protected function _prepare_page( $page ) {
904                 // Get all of the page content and link.
905                 $full_page = get_extended( $page->post_content );
906                 $link = post_permalink( $page->ID );
907
908                 // Get info the page parent if there is one.
909                 $parent_title = "";
910                 if ( ! empty( $page->post_parent ) ) {
911                         $parent = get_post( $page->post_parent );
912                         $parent_title = $parent->post_title;
913                 }
914
915                 // Determine comment and ping settings.
916                 $allow_comments = comments_open( $page->ID ) ? 1 : 0;
917                 $allow_pings = pings_open( $page->ID ) ? 1 : 0;
918
919                 // Format page date.
920                 $page_date = $this->_convert_date( $page->post_date );
921                 $page_date_gmt = $this->_convert_date_gmt( $page->post_date_gmt, $page->post_date );
922
923                 // Pull the categories info together.
924                 $categories = array();
925                 if ( is_object_in_taxonomy( 'page', 'category' ) ) {
926                         foreach ( wp_get_post_categories( $page->ID ) as $cat_id ) {
927                                 $categories[] = get_cat_name( $cat_id );
928                         }
929                 }
930
931                 // Get the author info.
932                 $author = get_userdata( $page->post_author );
933
934                 $page_template = get_page_template_slug( $page->ID );
935                 if ( empty( $page_template ) )
936                         $page_template = 'default';
937
938                 $_page = array(
939                         'dateCreated'            => $page_date,
940                         'userid'                 => $page->post_author,
941                         'page_id'                => $page->ID,
942                         'page_status'            => $page->post_status,
943                         'description'            => $full_page['main'],
944                         'title'                  => $page->post_title,
945                         'link'                   => $link,
946                         'permaLink'              => $link,
947                         'categories'             => $categories,
948                         'excerpt'                => $page->post_excerpt,
949                         'text_more'              => $full_page['extended'],
950                         'mt_allow_comments'      => $allow_comments,
951                         'mt_allow_pings'         => $allow_pings,
952                         'wp_slug'                => $page->post_name,
953                         'wp_password'            => $page->post_password,
954                         'wp_author'              => $author->display_name,
955                         'wp_page_parent_id'      => $page->post_parent,
956                         'wp_page_parent_title'   => $parent_title,
957                         'wp_page_order'          => $page->menu_order,
958                         'wp_author_id'           => (string) $author->ID,
959                         'wp_author_display_name' => $author->display_name,
960                         'date_created_gmt'       => $page_date_gmt,
961                         'custom_fields'          => $this->get_custom_fields( $page->ID ),
962                         'wp_page_template'       => $page_template
963                 );
964
965                 /**
966                  * Filter XML-RPC-prepared data for the given page.
967                  *
968                  * @since 3.4.0
969                  *
970                  * @param array   $_page An array of page data.
971                  * @param WP_Post $page  Page object.
972                  */
973                 return apply_filters( 'xmlrpc_prepare_page', $_page, $page );
974         }
975
976         /**
977          * Prepares comment data for return in an XML-RPC object.
978          *
979          * @access protected
980          *
981          * @param object $comment The unprepared comment data
982          * @return array The prepared comment data
983          */
984         protected function _prepare_comment( $comment ) {
985                 // Format page date.
986                 $comment_date_gmt = $this->_convert_date_gmt( $comment->comment_date_gmt, $comment->comment_date );
987
988                 if ( '0' == $comment->comment_approved ) {
989                         $comment_status = 'hold';
990                 } elseif ( 'spam' == $comment->comment_approved ) {
991                         $comment_status = 'spam';
992                 } elseif ( '1' == $comment->comment_approved ) {
993                         $comment_status = 'approve';
994                 } else {
995                         $comment_status = $comment->comment_approved;
996                 }
997                 $_comment = array(
998                         'date_created_gmt' => $comment_date_gmt,
999                         'user_id'          => $comment->user_id,
1000                         'comment_id'       => $comment->comment_ID,
1001                         'parent'           => $comment->comment_parent,
1002                         'status'           => $comment_status,
1003                         'content'          => $comment->comment_content,
1004                         'link'             => get_comment_link($comment),
1005                         'post_id'          => $comment->comment_post_ID,
1006                         'post_title'       => get_the_title($comment->comment_post_ID),
1007                         'author'           => $comment->comment_author,
1008                         'author_url'       => $comment->comment_author_url,
1009                         'author_email'     => $comment->comment_author_email,
1010                         'author_ip'        => $comment->comment_author_IP,
1011                         'type'             => $comment->comment_type,
1012                 );
1013
1014                 /**
1015                  * Filter XML-RPC-prepared data for the given comment.
1016                  *
1017                  * @since 3.4.0
1018                  *
1019                  * @param array  $_comment An array of prepared comment data.
1020                  * @param object $comment  Comment object.
1021                  */
1022                 return apply_filters( 'xmlrpc_prepare_comment', $_comment, $comment );
1023         }
1024
1025         /**
1026          * Prepares user data for return in an XML-RPC object.
1027          *
1028          * @access protected
1029          *
1030          * @param WP_User $user The unprepared user object
1031          * @param array $fields The subset of user fields to return
1032          * @return array The prepared user data
1033          */
1034         protected function _prepare_user( $user, $fields ) {
1035                 $_user = array( 'user_id' => strval( $user->ID ) );
1036
1037                 $user_fields = array(
1038                         'username'          => $user->user_login,
1039                         'first_name'        => $user->user_firstname,
1040                         'last_name'         => $user->user_lastname,
1041                         'registered'        => $this->_convert_date( $user->user_registered ),
1042                         'bio'               => $user->user_description,
1043                         'email'             => $user->user_email,
1044                         'nickname'          => $user->nickname,
1045                         'nicename'          => $user->user_nicename,
1046                         'url'               => $user->user_url,
1047                         'display_name'      => $user->display_name,
1048                         'roles'             => $user->roles,
1049                 );
1050
1051                 if ( in_array( 'all', $fields ) ) {
1052                         $_user = array_merge( $_user, $user_fields );
1053                 } else {
1054                         if ( in_array( 'basic', $fields ) ) {
1055                                 $basic_fields = array( 'username', 'email', 'registered', 'display_name', 'nicename' );
1056                                 $fields = array_merge( $fields, $basic_fields );
1057                         }
1058                         $requested_fields = array_intersect_key( $user_fields, array_flip( $fields ) );
1059                         $_user = array_merge( $_user, $requested_fields );
1060                 }
1061
1062                 /**
1063                  * Filter XML-RPC-prepared data for the given user.
1064                  *
1065                  * @since 3.5.0
1066                  *
1067                  * @param array   $_user  An array of user data.
1068                  * @param WP_User $user   User object.
1069                  * @param array   $fields An array of user fields.
1070                  */
1071                 return apply_filters( 'xmlrpc_prepare_user', $_user, $user, $fields );
1072         }
1073
1074         /**
1075          * Create a new post for any registered post type.
1076          *
1077          * @since 3.4.0
1078          *
1079          * @param array $args Method parameters. Contains:
1080          *  - int     $blog_id (unused)
1081          *  - string  $username
1082          *  - string  $password
1083          *  - array   $content_struct
1084          *      $content_struct can contain:
1085          *      - post_type (default: 'post')
1086          *      - post_status (default: 'draft')
1087          *      - post_title
1088          *      - post_author
1089          *      - post_excerpt
1090          *      - post_content
1091          *      - post_date_gmt | post_date
1092          *      - post_format
1093          *      - post_password
1094          *      - comment_status - can be 'open' | 'closed'
1095          *      - ping_status - can be 'open' | 'closed'
1096          *      - sticky
1097          *      - post_thumbnail - ID of a media item to use as the post thumbnail/featured image
1098          *      - custom_fields - array, with each element containing 'key' and 'value'
1099          *      - terms - array, with taxonomy names as keys and arrays of term IDs as values
1100          *      - terms_names - array, with taxonomy names as keys and arrays of term names as values
1101          *      - enclosure
1102          *      - any other fields supported by wp_insert_post()
1103          * @return string|IXR_Error post_id
1104          */
1105         public function wp_newPost( $args ) {
1106                 if ( ! $this->minimum_args( $args, 4 ) )
1107                         return $this->error;
1108
1109                 $this->escape( $args );
1110
1111                 $username       = $args[1];
1112                 $password       = $args[2];
1113                 $content_struct = $args[3];
1114
1115                 if ( ! $user = $this->login( $username, $password ) )
1116                         return $this->error;
1117
1118                 // convert the date field back to IXR form
1119                 if ( isset( $content_struct['post_date'] ) && ! is_a( $content_struct['post_date'], 'IXR_Date' ) ) {
1120                         $content_struct['post_date'] = $this->_convert_date( $content_struct['post_date'] );
1121                 }
1122
1123                 // ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct,
1124                 // since _insert_post will ignore the non-GMT date if the GMT date is set
1125                 if ( isset( $content_struct['post_date_gmt'] ) && ! is_a( $content_struct['post_date_gmt'], 'IXR_Date' ) ) {
1126                         if ( $content_struct['post_date_gmt'] == '0000-00-00 00:00:00' || isset( $content_struct['post_date'] ) ) {
1127                                 unset( $content_struct['post_date_gmt'] );
1128                         } else {
1129                                 $content_struct['post_date_gmt'] = $this->_convert_date( $content_struct['post_date_gmt'] );
1130                         }
1131                 }
1132
1133                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
1134                 do_action( 'xmlrpc_call', 'wp.newPost' );
1135
1136                 unset( $content_struct['ID'] );
1137
1138                 return $this->_insert_post( $user, $content_struct );
1139         }
1140
1141         /**
1142          * Helper method for filtering out elements from an array.
1143          *
1144          * @since 3.4.0
1145          *
1146          * @param int $count Number to compare to one.
1147          */
1148         private function _is_greater_than_one( $count ) {
1149                 return $count > 1;
1150         }
1151
1152         /**
1153          * Helper method for wp_newPost and wp_editPost, containing shared logic.
1154          *
1155          * @since 3.4.0
1156          * @uses wp_insert_post()
1157          *
1158          * @param WP_User $user The post author if post_author isn't set in $content_struct.
1159          * @param array|IXR_Error $content_struct Post data to insert.
1160          */
1161         protected function _insert_post( $user, $content_struct ) {
1162                 $defaults = array( 'post_status' => 'draft', 'post_type' => 'post', 'post_author' => 0,
1163                         'post_password' => '', 'post_excerpt' => '', 'post_content' => '', 'post_title' => '' );
1164
1165                 $post_data = wp_parse_args( $content_struct, $defaults );
1166
1167                 $post_type = get_post_type_object( $post_data['post_type'] );
1168                 if ( ! $post_type )
1169                         return new IXR_Error( 403, __( 'Invalid post type' ) );
1170
1171                 $update = ! empty( $post_data['ID'] );
1172
1173                 if ( $update ) {
1174                         if ( ! get_post( $post_data['ID'] ) )
1175                                 return new IXR_Error( 401, __( 'Invalid post ID.' ) );
1176                         if ( ! current_user_can( 'edit_post', $post_data['ID'] ) )
1177                                 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
1178                         if ( $post_data['post_type'] != get_post_type( $post_data['ID'] ) )
1179                                 return new IXR_Error( 401, __( 'The post type may not be changed.' ) );
1180                 } else {
1181                         if ( ! current_user_can( $post_type->cap->create_posts ) || ! current_user_can( $post_type->cap->edit_posts ) )
1182                                 return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) );
1183                 }
1184
1185                 switch ( $post_data['post_status'] ) {
1186                         case 'draft':
1187                         case 'pending':
1188                                 break;
1189                         case 'private':
1190                                 if ( ! current_user_can( $post_type->cap->publish_posts ) )
1191                                         return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type' ) );
1192                                 break;
1193                         case 'publish':
1194                         case 'future':
1195                                 if ( ! current_user_can( $post_type->cap->publish_posts ) )
1196                                         return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type' ) );
1197                                 break;
1198                         default:
1199                                 if ( ! get_post_status_object( $post_data['post_status'] ) )
1200                                         $post_data['post_status'] = 'draft';
1201                         break;
1202                 }
1203
1204                 if ( ! empty( $post_data['post_password'] ) && ! current_user_can( $post_type->cap->publish_posts ) )
1205                         return new IXR_Error( 401, __( 'Sorry, you are not allowed to create password protected posts in this post type' ) );
1206
1207                 $post_data['post_author'] = absint( $post_data['post_author'] );
1208                 if ( ! empty( $post_data['post_author'] ) && $post_data['post_author'] != $user->ID ) {
1209                         if ( ! current_user_can( $post_type->cap->edit_others_posts ) )
1210                                 return new IXR_Error( 401, __( 'You are not allowed to create posts as this user.' ) );
1211
1212                         $author = get_userdata( $post_data['post_author'] );
1213
1214                         if ( ! $author )
1215                                 return new IXR_Error( 404, __( 'Invalid author ID.' ) );
1216                 } else {
1217                         $post_data['post_author'] = $user->ID;
1218                 }
1219
1220                 if ( isset( $post_data['comment_status'] ) && $post_data['comment_status'] != 'open' && $post_data['comment_status'] != 'closed' )
1221                         unset( $post_data['comment_status'] );
1222
1223                 if ( isset( $post_data['ping_status'] ) && $post_data['ping_status'] != 'open' && $post_data['ping_status'] != 'closed' )
1224                         unset( $post_data['ping_status'] );
1225
1226                 // Do some timestamp voodoo
1227                 if ( ! empty( $post_data['post_date_gmt'] ) ) {
1228                         // We know this is supposed to be GMT, so we're going to slap that Z on there by force
1229                         $dateCreated = rtrim( $post_data['post_date_gmt']->getIso(), 'Z' ) . 'Z';
1230                 } elseif ( ! empty( $post_data['post_date'] ) ) {
1231                         $dateCreated = $post_data['post_date']->getIso();
1232                 }
1233
1234                 if ( ! empty( $dateCreated ) ) {
1235                         $post_data['post_date'] = get_date_from_gmt( iso8601_to_datetime( $dateCreated ) );
1236                         $post_data['post_date_gmt'] = iso8601_to_datetime( $dateCreated, 'GMT' );
1237                 }
1238
1239                 if ( ! isset( $post_data['ID'] ) )
1240                         $post_data['ID'] = get_default_post_to_edit( $post_data['post_type'], true )->ID;
1241                 $post_ID = $post_data['ID'];
1242
1243                 if ( $post_data['post_type'] == 'post' ) {
1244                         // Private and password-protected posts cannot be stickied.
1245                         if ( $post_data['post_status'] == 'private' || ! empty( $post_data['post_password'] ) ) {
1246                                 // Error if the client tried to stick the post, otherwise, silently unstick.
1247                                 if ( ! empty( $post_data['sticky'] ) )
1248                                         return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) );
1249                                 if ( $update )
1250                                         unstick_post( $post_ID );
1251                         } elseif ( isset( $post_data['sticky'] ) )  {
1252                                 if ( ! current_user_can( $post_type->cap->edit_others_posts ) )
1253                                         return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) );
1254                                 if ( $post_data['sticky'] )
1255                                         stick_post( $post_ID );
1256                                 else
1257                                         unstick_post( $post_ID );
1258                         }
1259                 }
1260
1261                 if ( isset( $post_data['post_thumbnail'] ) ) {
1262                         // empty value deletes, non-empty value adds/updates
1263                         if ( ! $post_data['post_thumbnail'] )
1264                                 delete_post_thumbnail( $post_ID );
1265                         elseif ( ! get_post( absint( $post_data['post_thumbnail'] ) ) )
1266                                 return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
1267                         set_post_thumbnail( $post_ID, $post_data['post_thumbnail'] );
1268                         unset( $content_struct['post_thumbnail'] );
1269                 }
1270
1271                 if ( isset( $post_data['custom_fields'] ) )
1272                         $this->set_custom_fields( $post_ID, $post_data['custom_fields'] );
1273
1274                 if ( isset( $post_data['terms'] ) || isset( $post_data['terms_names'] ) ) {
1275                         $post_type_taxonomies = get_object_taxonomies( $post_data['post_type'], 'objects' );
1276
1277                         // accumulate term IDs from terms and terms_names
1278                         $terms = array();
1279
1280                         // first validate the terms specified by ID
1281                         if ( isset( $post_data['terms'] ) && is_array( $post_data['terms'] ) ) {
1282                                 $taxonomies = array_keys( $post_data['terms'] );
1283
1284                                 // validating term ids
1285                                 foreach ( $taxonomies as $taxonomy ) {
1286                                         if ( ! array_key_exists( $taxonomy , $post_type_taxonomies ) )
1287                                                 return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) );
1288
1289                                         if ( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->assign_terms ) )
1290                                                 return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) );
1291
1292                                         $term_ids = $post_data['terms'][$taxonomy];
1293                                         $terms[ $taxonomy ] = array();
1294                                         foreach ( $term_ids as $term_id ) {
1295                                                 $term = get_term_by( 'id', $term_id, $taxonomy );
1296
1297                                                 if ( ! $term )
1298                                                         return new IXR_Error( 403, __( 'Invalid term ID' ) );
1299
1300                                                 $terms[$taxonomy][] = (int) $term_id;
1301                                         }
1302                                 }
1303                         }
1304
1305                         // now validate terms specified by name
1306                         if ( isset( $post_data['terms_names'] ) && is_array( $post_data['terms_names'] ) ) {
1307                                 $taxonomies = array_keys( $post_data['terms_names'] );
1308
1309                                 foreach ( $taxonomies as $taxonomy ) {
1310                                         if ( ! array_key_exists( $taxonomy , $post_type_taxonomies ) )
1311                                                 return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) );
1312
1313                                         if ( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->assign_terms ) )
1314                                                 return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) );
1315
1316                                         // for hierarchical taxonomies, we can't assign a term when multiple terms in the hierarchy share the same name
1317                                         $ambiguous_terms = array();
1318                                         if ( is_taxonomy_hierarchical( $taxonomy ) ) {
1319                                                 $tax_term_names = get_terms( $taxonomy, array( 'fields' => 'names', 'hide_empty' => false ) );
1320
1321                                                 // count the number of terms with the same name
1322                                                 $tax_term_names_count = array_count_values( $tax_term_names );
1323
1324                                                 // filter out non-ambiguous term names
1325                                                 $ambiguous_tax_term_counts = array_filter( $tax_term_names_count, array( $this, '_is_greater_than_one') );
1326
1327                                                 $ambiguous_terms = array_keys( $ambiguous_tax_term_counts );
1328                                         }
1329
1330                                         $term_names = $post_data['terms_names'][$taxonomy];
1331                                         foreach ( $term_names as $term_name ) {
1332                                                 if ( in_array( $term_name, $ambiguous_terms ) )
1333                                                         return new IXR_Error( 401, __( 'Ambiguous term name used in a hierarchical taxonomy. Please use term ID instead.' ) );
1334
1335                                                 $term = get_term_by( 'name', $term_name, $taxonomy );
1336
1337                                                 if ( ! $term ) {
1338                                                         // term doesn't exist, so check that the user is allowed to create new terms
1339                                                         if ( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->edit_terms ) )
1340                                                                 return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a term to one of the given taxonomies.' ) );
1341
1342                                                         // create the new term
1343                                                         $term_info = wp_insert_term( $term_name, $taxonomy );
1344                                                         if ( is_wp_error( $term_info ) )
1345                                                                 return new IXR_Error( 500, $term_info->get_error_message() );
1346
1347                                                         $terms[$taxonomy][] = (int) $term_info['term_id'];
1348                                                 } else {
1349                                                         $terms[$taxonomy][] = (int) $term->term_id;
1350                                                 }
1351                                         }
1352                                 }
1353                         }
1354
1355                         $post_data['tax_input'] = $terms;
1356                         unset( $post_data['terms'], $post_data['terms_names'] );
1357                 } else {
1358                         // do not allow direct submission of 'tax_input', clients must use 'terms' and/or 'terms_names'
1359                         unset( $post_data['tax_input'], $post_data['post_category'], $post_data['tags_input'] );
1360                 }
1361
1362                 if ( isset( $post_data['post_format'] ) ) {
1363                         $format = set_post_format( $post_ID, $post_data['post_format'] );
1364
1365                         if ( is_wp_error( $format ) )
1366                                 return new IXR_Error( 500, $format->get_error_message() );
1367
1368                         unset( $post_data['post_format'] );
1369                 }
1370
1371                 // Handle enclosures
1372                 $enclosure = isset( $post_data['enclosure'] ) ? $post_data['enclosure'] : null;
1373                 $this->add_enclosure_if_new( $post_ID, $enclosure );
1374
1375                 $this->attach_uploads( $post_ID, $post_data['post_content'] );
1376
1377                 /**
1378                  * Filter post data array to be inserted via XML-RPC.
1379                  *
1380                  * @since 3.4.0
1381                  *
1382                  * @param array $post_data      Parsed array of post data.
1383                  * @param array $content_struct Post data array.
1384                  */
1385                 $post_data = apply_filters( 'xmlrpc_wp_insert_post_data', $post_data, $content_struct );
1386
1387                 $post_ID = $update ? wp_update_post( $post_data, true ) : wp_insert_post( $post_data, true );
1388                 if ( is_wp_error( $post_ID ) )
1389                         return new IXR_Error( 500, $post_ID->get_error_message() );
1390
1391                 if ( ! $post_ID )
1392                         return new IXR_Error( 401, __( 'Sorry, your entry could not be posted. Something wrong happened.' ) );
1393
1394                 return strval( $post_ID );
1395         }
1396
1397         /**
1398          * Edit a post for any registered post type.
1399          *
1400          * The $content_struct parameter only needs to contain fields that
1401          * should be changed. All other fields will retain their existing values.
1402          *
1403          * @since 3.4.0
1404          *
1405          * @param array $args Method parameters. Contains:
1406          *  - int     $blog_id (unused)
1407          *  - string  $username
1408          *  - string  $password
1409          *  - int     $post_id
1410          *  - array   $content_struct
1411          * @return bool|IXR_Error true on success
1412          */
1413         public function wp_editPost( $args ) {
1414                 if ( ! $this->minimum_args( $args, 5 ) )
1415                         return $this->error;
1416
1417                 $this->escape( $args );
1418
1419                 $username       = $args[1];
1420                 $password       = $args[2];
1421                 $post_id        = (int) $args[3];
1422                 $content_struct = $args[4];
1423
1424                 if ( ! $user = $this->login( $username, $password ) )
1425                         return $this->error;
1426
1427                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
1428                 do_action( 'xmlrpc_call', 'wp.editPost' );
1429
1430                 $post = get_post( $post_id, ARRAY_A );
1431
1432                 if ( empty( $post['ID'] ) )
1433                         return new IXR_Error( 404, __( 'Invalid post ID.' ) );
1434
1435                 if ( isset( $content_struct['if_not_modified_since'] ) ) {
1436                         // If the post has been modified since the date provided, return an error.
1437                         if ( mysql2date( 'U', $post['post_modified_gmt'] ) > $content_struct['if_not_modified_since']->getTimestamp() ) {
1438                                 return new IXR_Error( 409, __( 'There is a revision of this post that is more recent.' ) );
1439                         }
1440                 }
1441
1442                 // convert the date field back to IXR form
1443                 $post['post_date'] = $this->_convert_date( $post['post_date'] );
1444
1445                 // ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct,
1446                 // since _insert_post will ignore the non-GMT date if the GMT date is set
1447                 if ( $post['post_date_gmt'] == '0000-00-00 00:00:00' || isset( $content_struct['post_date'] ) )
1448                         unset( $post['post_date_gmt'] );
1449                 else
1450                         $post['post_date_gmt'] = $this->_convert_date( $post['post_date_gmt'] );
1451
1452                 $this->escape( $post );
1453                 $merged_content_struct = array_merge( $post, $content_struct );
1454
1455                 $retval = $this->_insert_post( $user, $merged_content_struct );
1456                 if ( $retval instanceof IXR_Error )
1457                         return $retval;
1458
1459                 return true;
1460         }
1461
1462         /**
1463          * Delete a post for any registered post type.
1464          *
1465          * @since 3.4.0
1466          *
1467          * @uses wp_delete_post()
1468          * @param array $args Method parameters. Contains:
1469          *  - int     $blog_id (unused)
1470          *  - string  $username
1471          *  - string  $password
1472          *  - int     $post_id
1473          * @return bool|IXR_Error true on success
1474          */
1475         public function wp_deletePost( $args ) {
1476                 if ( ! $this->minimum_args( $args, 4 ) )
1477                         return $this->error;
1478
1479                 $this->escape( $args );
1480
1481                 $username   = $args[1];
1482                 $password   = $args[2];
1483                 $post_id    = (int) $args[3];
1484
1485                 if ( ! $user = $this->login( $username, $password ) )
1486                         return $this->error;
1487
1488                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
1489                 do_action( 'xmlrpc_call', 'wp.deletePost' );
1490
1491                 $post = get_post( $post_id, ARRAY_A );
1492                 if ( empty( $post['ID'] ) )
1493                         return new IXR_Error( 404, __( 'Invalid post ID.' ) );
1494
1495                 if ( ! current_user_can( 'delete_post', $post_id ) )
1496                         return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) );
1497
1498                 $result = wp_delete_post( $post_id );
1499
1500                 if ( ! $result )
1501                         return new IXR_Error( 500, __( 'The post cannot be deleted.' ) );
1502
1503                 return true;
1504         }
1505
1506         /**
1507          * Retrieve a post.
1508          *
1509          * @since 3.4.0
1510          *
1511          * The optional $fields parameter specifies what fields will be included
1512          * in the response array. This should be a list of field names. 'post_id' will
1513          * always be included in the response regardless of the value of $fields.
1514          *
1515          * Instead of, or in addition to, individual field names, conceptual group
1516          * names can be used to specify multiple fields. The available conceptual
1517          * groups are 'post' (all basic fields), 'taxonomies', 'custom_fields',
1518          * and 'enclosure'.
1519          *
1520          * @uses get_post()
1521          * @param array $args Method parameters. Contains:
1522          *  - int     $blog_id (unset)
1523          *  - string  $username
1524          *  - string  $password
1525          *  - int     $post_id
1526          *  - array   $fields optional
1527          * @return array|IXR_Error Array contains (based on $fields parameter):
1528          *  - 'post_id'
1529          *  - 'post_title'
1530          *  - 'post_date'
1531          *  - 'post_date_gmt'
1532          *  - 'post_modified'
1533          *  - 'post_modified_gmt'
1534          *  - 'post_status'
1535          *  - 'post_type'
1536          *  - 'post_name'
1537          *  - 'post_author'
1538          *  - 'post_password'
1539          *  - 'post_excerpt'
1540          *  - 'post_content'
1541          *  - 'link'
1542          *  - 'comment_status'
1543          *  - 'ping_status'
1544          *  - 'sticky'
1545          *  - 'custom_fields'
1546          *  - 'terms'
1547          *  - 'categories'
1548          *  - 'tags'
1549          *  - 'enclosure'
1550          */
1551         public function wp_getPost( $args ) {
1552                 if ( ! $this->minimum_args( $args, 4 ) )
1553                         return $this->error;
1554
1555                 $this->escape( $args );
1556
1557                 $username           = $args[1];
1558                 $password           = $args[2];
1559                 $post_id            = (int) $args[3];
1560
1561                 if ( isset( $args[4] ) ) {
1562                         $fields = $args[4];
1563                 } else {
1564                         /**
1565                          * Filter the list of post query fields used by the given XML-RPC method.
1566                          *
1567                          * @since 3.4.0
1568                          *
1569                          * @param array $fields  Array of post fields.
1570                          * @param string $method Method name.
1571                          */
1572                         $fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPost' );
1573                 }
1574
1575                 if ( ! $user = $this->login( $username, $password ) )
1576                         return $this->error;
1577
1578                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
1579                 do_action( 'xmlrpc_call', 'wp.getPost' );
1580
1581                 $post = get_post( $post_id, ARRAY_A );
1582
1583                 if ( empty( $post['ID'] ) )
1584                         return new IXR_Error( 404, __( 'Invalid post ID.' ) );
1585
1586                 if ( ! current_user_can( 'edit_post', $post_id ) )
1587                         return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) );
1588
1589                 return $this->_prepare_post( $post, $fields );
1590         }
1591
1592         /**
1593          * Retrieve posts.
1594          *
1595          * @since 3.4.0
1596          *
1597          * The optional $filter parameter modifies the query used to retrieve posts.
1598          * Accepted keys are 'post_type', 'post_status', 'number', 'offset',
1599          * 'orderby', and 'order'.
1600          *
1601          * The optional $fields parameter specifies what fields will be included
1602          * in the response array.
1603          *
1604          * @uses wp_get_recent_posts()
1605          * @see wp_getPost() for more on $fields
1606          * @see get_posts() for more on $filter values
1607          *
1608          * @param array $args Method parameters. Contains:
1609          *  - int     $blog_id (unused)
1610          *  - string  $username
1611          *  - string  $password
1612          *  - array   $filter optional
1613          *  - array   $fields optional
1614          * @return array|IXR_Error Array contains a collection of posts.
1615          */
1616         public function wp_getPosts( $args ) {
1617                 if ( ! $this->minimum_args( $args, 3 ) )
1618                         return $this->error;
1619
1620                 $this->escape( $args );
1621
1622                 $username   = $args[1];
1623                 $password   = $args[2];
1624                 $filter     = isset( $args[3] ) ? $args[3] : array();
1625
1626                 if ( isset( $args[4] ) ) {
1627                         $fields = $args[4];
1628                 } else {
1629                         /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
1630                         $fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPosts' );
1631                 }
1632
1633                 if ( ! $user = $this->login( $username, $password ) )
1634                         return $this->error;
1635
1636                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
1637                 do_action( 'xmlrpc_call', 'wp.getPosts' );
1638
1639                 $query = array();
1640
1641                 if ( isset( $filter['post_type'] ) ) {
1642                         $post_type = get_post_type_object( $filter['post_type'] );
1643                         if ( ! ( (bool) $post_type ) )
1644                                 return new IXR_Error( 403, __( 'The post type specified is not valid' ) );
1645                 } else {
1646                         $post_type = get_post_type_object( 'post' );
1647                 }
1648
1649                 if ( ! current_user_can( $post_type->cap->edit_posts ) )
1650                         return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type' ));
1651
1652                 $query['post_type'] = $post_type->name;
1653
1654                 if ( isset( $filter['post_status'] ) )
1655                         $query['post_status'] = $filter['post_status'];
1656
1657                 if ( isset( $filter['number'] ) )
1658                         $query['numberposts'] = absint( $filter['number'] );
1659
1660                 if ( isset( $filter['offset'] ) )
1661                         $query['offset'] = absint( $filter['offset'] );
1662
1663                 if ( isset( $filter['orderby'] ) ) {
1664                         $query['orderby'] = $filter['orderby'];
1665
1666                         if ( isset( $filter['order'] ) )
1667                                 $query['order'] = $filter['order'];
1668                 }
1669
1670                 if ( isset( $filter['s'] ) ) {
1671                         $query['s'] = $filter['s'];
1672                 }
1673
1674                 $posts_list = wp_get_recent_posts( $query );
1675
1676                 if ( ! $posts_list )
1677                         return array();
1678
1679                 // holds all the posts data
1680                 $struct = array();
1681
1682                 foreach ( $posts_list as $post ) {
1683                         if ( ! current_user_can( 'edit_post', $post['ID'] ) )
1684                                 continue;
1685
1686                         $struct[] = $this->_prepare_post( $post, $fields );
1687                 }
1688
1689                 return $struct;
1690         }
1691
1692         /**
1693          * Create a new term.
1694          *
1695          * @since 3.4.0
1696          *
1697          * @uses wp_insert_term()
1698          * @param array $args Method parameters. Contains:
1699          *  - int     $blog_id (unused)
1700          *  - string  $username
1701          *  - string  $password
1702          *  - array   $content_struct
1703          *      The $content_struct must contain:
1704          *      - 'name'
1705          *      - 'taxonomy'
1706          *      Also, it can optionally contain:
1707          *      - 'parent'
1708          *      - 'description'
1709          *      - 'slug'
1710          * @return string|IXR_Error term_id
1711          */
1712         public function wp_newTerm( $args ) {
1713                 if ( ! $this->minimum_args( $args, 4 ) )
1714                         return $this->error;
1715
1716                 $this->escape( $args );
1717
1718                 $username           = $args[1];
1719                 $password           = $args[2];
1720                 $content_struct     = $args[3];
1721
1722                 if ( ! $user = $this->login( $username, $password ) )
1723                         return $this->error;
1724
1725                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
1726                 do_action( 'xmlrpc_call', 'wp.newTerm' );
1727
1728                 if ( ! taxonomy_exists( $content_struct['taxonomy'] ) )
1729                         return new IXR_Error( 403, __( 'Invalid taxonomy' ) );
1730
1731                 $taxonomy = get_taxonomy( $content_struct['taxonomy'] );
1732
1733                 if ( ! current_user_can( $taxonomy->cap->manage_terms ) )
1734                         return new IXR_Error( 401, __( 'You are not allowed to create terms in this taxonomy.' ) );
1735
1736                 $taxonomy = (array) $taxonomy;
1737
1738                 // hold the data of the term
1739                 $term_data = array();
1740
1741                 $term_data['name'] = trim( $content_struct['name'] );
1742                 if ( empty( $term_data['name'] ) )
1743                         return new IXR_Error( 403, __( 'The term name cannot be empty.' ) );
1744
1745                 if ( isset( $content_struct['parent'] ) ) {
1746                         if ( ! $taxonomy['hierarchical'] )
1747                                 return new IXR_Error( 403, __( 'This taxonomy is not hierarchical.' ) );
1748
1749                         $parent_term_id = (int) $content_struct['parent'];
1750                         $parent_term = get_term( $parent_term_id , $taxonomy['name'] );
1751
1752                         if ( is_wp_error( $parent_term ) )
1753                                 return new IXR_Error( 500, $parent_term->get_error_message() );
1754
1755                         if ( ! $parent_term )
1756                                 return new IXR_Error( 403, __( 'Parent term does not exist.' ) );
1757
1758                         $term_data['parent'] = $content_struct['parent'];
1759                 }
1760
1761                 if ( isset( $content_struct['description'] ) )
1762                         $term_data['description'] = $content_struct['description'];
1763
1764                 if ( isset( $content_struct['slug'] ) )
1765                         $term_data['slug'] = $content_struct['slug'];
1766
1767                 $term = wp_insert_term( $term_data['name'] , $taxonomy['name'] , $term_data );
1768
1769                 if ( is_wp_error( $term ) )
1770                         return new IXR_Error( 500, $term->get_error_message() );
1771
1772                 if ( ! $term )
1773                         return new IXR_Error( 500, __( 'Sorry, your term could not be created. Something wrong happened.' ) );
1774
1775                 return strval( $term['term_id'] );
1776         }
1777
1778         /**
1779          * Edit a term.
1780          *
1781          * @since 3.4.0
1782          *
1783          * @uses wp_update_term()
1784          * @param array $args Method parameters. Contains:
1785          *  - int     $blog_id (unused)
1786          *  - string  $username
1787          *  - string  $password
1788          *  - string  $term_id
1789          *  - array   $content_struct
1790          *      The $content_struct must contain:
1791          *      - 'taxonomy'
1792          *      Also, it can optionally contain:
1793          *      - 'name'
1794          *      - 'parent'
1795          *      - 'description'
1796          *      - 'slug'
1797          * @return bool|IXR_Error True, on success.
1798          */
1799         public function wp_editTerm( $args ) {
1800                 if ( ! $this->minimum_args( $args, 5 ) )
1801                         return $this->error;
1802
1803                 $this->escape( $args );
1804
1805                 $username           = $args[1];
1806                 $password           = $args[2];
1807                 $term_id            = (int) $args[3];
1808                 $content_struct     = $args[4];
1809
1810                 if ( ! $user = $this->login( $username, $password ) )
1811                         return $this->error;
1812
1813                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
1814                 do_action( 'xmlrpc_call', 'wp.editTerm' );
1815
1816                 if ( ! taxonomy_exists( $content_struct['taxonomy'] ) )
1817                         return new IXR_Error( 403, __( 'Invalid taxonomy' ) );
1818
1819                 $taxonomy = get_taxonomy( $content_struct['taxonomy'] );
1820
1821                 if ( ! current_user_can( $taxonomy->cap->edit_terms ) )
1822                         return new IXR_Error( 401, __( 'You are not allowed to edit terms in this taxonomy.' ) );
1823
1824                 $taxonomy = (array) $taxonomy;
1825
1826                 // hold the data of the term
1827                 $term_data = array();
1828
1829                 $term = get_term( $term_id , $content_struct['taxonomy'] );
1830
1831                 if ( is_wp_error( $term ) )
1832                         return new IXR_Error( 500, $term->get_error_message() );
1833
1834                 if ( ! $term )
1835                         return new IXR_Error( 404, __( 'Invalid term ID' ) );
1836
1837                 if ( isset( $content_struct['name'] ) ) {
1838                         $term_data['name'] = trim( $content_struct['name'] );
1839
1840                         if ( empty( $term_data['name'] ) )
1841                                 return new IXR_Error( 403, __( 'The term name cannot be empty.' ) );
1842                 }
1843
1844                 if ( isset( $content_struct['parent'] ) ) {
1845                         if ( ! $taxonomy['hierarchical'] )
1846                                 return new IXR_Error( 403, __( "This taxonomy is not hierarchical so you can't set a parent." ) );
1847
1848                         $parent_term_id = (int) $content_struct['parent'];
1849                         $parent_term = get_term( $parent_term_id , $taxonomy['name'] );
1850
1851                         if ( is_wp_error( $parent_term ) )
1852                                 return new IXR_Error( 500, $parent_term->get_error_message() );
1853
1854                         if ( ! $parent_term )
1855                                 return new IXR_Error( 403, __( 'Parent term does not exist.' ) );
1856
1857                         $term_data['parent'] = $content_struct['parent'];
1858                 }
1859
1860                 if ( isset( $content_struct['description'] ) )
1861                         $term_data['description'] = $content_struct['description'];
1862
1863                 if ( isset( $content_struct['slug'] ) )
1864                         $term_data['slug'] = $content_struct['slug'];
1865
1866                 $term = wp_update_term( $term_id , $taxonomy['name'] , $term_data );
1867
1868                 if ( is_wp_error( $term ) )
1869                         return new IXR_Error( 500, $term->get_error_message() );
1870
1871                 if ( ! $term )
1872                         return new IXR_Error( 500, __( 'Sorry, editing the term failed.' ) );
1873
1874                 return true;
1875         }
1876
1877         /**
1878          * Delete a term.
1879          *
1880          * @since 3.4.0
1881          *
1882          * @uses wp_delete_term()
1883          * @param array $args Method parameters. Contains:
1884          *  - int     $blog_id (unused)
1885          *  - string  $username
1886          *  - string  $password
1887          *  - string  $taxnomy_name
1888          *  - string     $term_id
1889          * @return boolean|IXR_Error If it suceeded true else a reason why not
1890          */
1891         public function wp_deleteTerm( $args ) {
1892                 if ( ! $this->minimum_args( $args, 5 ) )
1893                         return $this->error;
1894
1895                 $this->escape( $args );
1896
1897                 $username           = $args[1];
1898                 $password           = $args[2];
1899                 $taxonomy           = $args[3];
1900                 $term_id            = (int) $args[4];
1901
1902                 if ( ! $user = $this->login( $username, $password ) )
1903                         return $this->error;
1904
1905                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
1906                 do_action( 'xmlrpc_call', 'wp.deleteTerm' );
1907
1908                 if ( ! taxonomy_exists( $taxonomy ) )
1909                         return new IXR_Error( 403, __( 'Invalid taxonomy' ) );
1910
1911                 $taxonomy = get_taxonomy( $taxonomy );
1912
1913                 if ( ! current_user_can( $taxonomy->cap->delete_terms ) )
1914                         return new IXR_Error( 401, __( 'You are not allowed to delete terms in this taxonomy.' ) );
1915
1916                 $term = get_term( $term_id, $taxonomy->name );
1917
1918                 if ( is_wp_error( $term ) )
1919                         return new IXR_Error( 500, $term->get_error_message() );
1920
1921                 if ( ! $term )
1922                         return new IXR_Error( 404, __( 'Invalid term ID' ) );
1923
1924                 $result = wp_delete_term( $term_id, $taxonomy->name );
1925
1926                 if ( is_wp_error( $result ) )
1927                         return new IXR_Error( 500, $term->get_error_message() );
1928
1929                 if ( ! $result )
1930                         return new IXR_Error( 500, __( 'Sorry, deleting the term failed.' ) );
1931
1932                 return $result;
1933         }
1934
1935         /**
1936          * Retrieve a term.
1937          *
1938          * @since 3.4.0
1939          *
1940          * @uses get_term()
1941          * @param array $args Method parameters. Contains:
1942          *  - int     $blog_id (unused)
1943          *  - string  $username
1944          *  - string  $password
1945          *  - string  $taxonomy
1946          *  - string  $term_id
1947          * @return array|IXR_Error Array contains:
1948          *  - 'term_id'
1949          *  - 'name'
1950          *  - 'slug'
1951          *  - 'term_group'
1952          *  - 'term_taxonomy_id'
1953          *  - 'taxonomy'
1954          *  - 'description'
1955          *  - 'parent'
1956          *  - 'count'
1957          */
1958         public function wp_getTerm( $args ) {
1959                 if ( ! $this->minimum_args( $args, 5 ) )
1960                         return $this->error;
1961
1962                 $this->escape( $args );
1963
1964                 $username           = $args[1];
1965                 $password           = $args[2];
1966                 $taxonomy           = $args[3];
1967                 $term_id            = (int) $args[4];
1968
1969                 if ( ! $user = $this->login( $username, $password ) )
1970                         return $this->error;
1971
1972                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
1973                 do_action( 'xmlrpc_call', 'wp.getTerm' );
1974
1975                 if ( ! taxonomy_exists( $taxonomy ) )
1976                         return new IXR_Error( 403, __( 'Invalid taxonomy' ) );
1977
1978                 $taxonomy = get_taxonomy( $taxonomy );
1979
1980                 if ( ! current_user_can( $taxonomy->cap->assign_terms ) )
1981                         return new IXR_Error( 401, __( 'You are not allowed to assign terms in this taxonomy.' ) );
1982
1983                 $term = get_term( $term_id , $taxonomy->name, ARRAY_A );
1984
1985                 if ( is_wp_error( $term ) )
1986                         return new IXR_Error( 500, $term->get_error_message() );
1987
1988                 if ( ! $term )
1989                         return new IXR_Error( 404, __( 'Invalid term ID' ) );
1990
1991                 return $this->_prepare_term( $term );
1992         }
1993
1994         /**
1995          * Retrieve all terms for a taxonomy.
1996          *
1997          * @since 3.4.0
1998          *
1999          * The optional $filter parameter modifies the query used to retrieve terms.
2000          * Accepted keys are 'number', 'offset', 'orderby', 'order', 'hide_empty', and 'search'.
2001          *
2002          * @uses get_terms()
2003          * @param array $args Method parameters. Contains:
2004          *  - int     $blog_id (unused)
2005          *  - string  $username
2006          *  - string  $password
2007          *  - string  $taxonomy
2008          *  - array   $filter optional
2009          * @return array|IXR_Error terms
2010          */
2011         public function wp_getTerms( $args ) {
2012                 if ( ! $this->minimum_args( $args, 4 ) )
2013                         return $this->error;
2014
2015                 $this->escape( $args );
2016
2017                 $username       = $args[1];
2018                 $password       = $args[2];
2019                 $taxonomy       = $args[3];
2020                 $filter         = isset( $args[4] ) ? $args[4] : array();
2021
2022                 if ( ! $user = $this->login( $username, $password ) )
2023                         return $this->error;
2024
2025                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2026                 do_action( 'xmlrpc_call', 'wp.getTerms' );
2027
2028                 if ( ! taxonomy_exists( $taxonomy ) )
2029                         return new IXR_Error( 403, __( 'Invalid taxonomy' ) );
2030
2031                 $taxonomy = get_taxonomy( $taxonomy );
2032
2033                 if ( ! current_user_can( $taxonomy->cap->assign_terms ) )
2034                         return new IXR_Error( 401, __( 'You are not allowed to assign terms in this taxonomy.' ) );
2035
2036                 $query = array();
2037
2038                 if ( isset( $filter['number'] ) )
2039                         $query['number'] = absint( $filter['number'] );
2040
2041                 if ( isset( $filter['offset'] ) )
2042                         $query['offset'] = absint( $filter['offset'] );
2043
2044                 if ( isset( $filter['orderby'] ) ) {
2045                         $query['orderby'] = $filter['orderby'];
2046
2047                         if ( isset( $filter['order'] ) )
2048                                 $query['order'] = $filter['order'];
2049                 }
2050
2051                 if ( isset( $filter['hide_empty'] ) )
2052                         $query['hide_empty'] = $filter['hide_empty'];
2053                 else
2054                         $query['get'] = 'all';
2055
2056                 if ( isset( $filter['search'] ) )
2057                         $query['search'] = $filter['search'];
2058
2059                 $terms = get_terms( $taxonomy->name, $query );
2060
2061                 if ( is_wp_error( $terms ) )
2062                         return new IXR_Error( 500, $terms->get_error_message() );
2063
2064                 $struct = array();
2065
2066                 foreach ( $terms as $term ) {
2067                         $struct[] = $this->_prepare_term( $term );
2068                 }
2069
2070                 return $struct;
2071         }
2072
2073         /**
2074          * Retrieve a taxonomy.
2075          *
2076          * @since 3.4.0
2077          *
2078          * @uses get_taxonomy()
2079          * @param array $args Method parameters. Contains:
2080          *  - int     $blog_id (unused)
2081          *  - string  $username
2082          *  - string  $password
2083          *  - string  $taxonomy
2084          * @return array|IXR_Error (@see get_taxonomy())
2085          */
2086         public function wp_getTaxonomy( $args ) {
2087                 if ( ! $this->minimum_args( $args, 4 ) )
2088                         return $this->error;
2089
2090                 $this->escape( $args );
2091
2092                 $username       = $args[1];
2093                 $password       = $args[2];
2094                 $taxonomy       = $args[3];
2095
2096                 if ( isset( $args[4] ) ) {
2097                         $fields = $args[4];
2098                 } else {
2099                         /**
2100                          * Filter the taxonomy query fields used by the given XML-RPC method.
2101                          *
2102                          * @since 3.4.0
2103                          *
2104                          * @param array  $fields An array of taxonomy fields to retrieve.
2105                          * @param string $method The method name.
2106                          */
2107                         $fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomy' );
2108                 }
2109
2110                 if ( ! $user = $this->login( $username, $password ) )
2111                         return $this->error;
2112
2113                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2114                 do_action( 'xmlrpc_call', 'wp.getTaxonomy' );
2115
2116                 if ( ! taxonomy_exists( $taxonomy ) )
2117                         return new IXR_Error( 403, __( 'Invalid taxonomy' ) );
2118
2119                 $taxonomy = get_taxonomy( $taxonomy );
2120
2121                 if ( ! current_user_can( $taxonomy->cap->assign_terms ) )
2122                         return new IXR_Error( 401, __( 'You are not allowed to assign terms in this taxonomy.' ) );
2123
2124                 return $this->_prepare_taxonomy( $taxonomy, $fields );
2125         }
2126
2127         /**
2128          * Retrieve all taxonomies.
2129          *
2130          * @since 3.4.0
2131          *
2132          * @uses get_taxonomies()
2133          * @param array $args Method parameters. Contains:
2134          *  - int     $blog_id (unused)
2135          *  - string  $username
2136          *  - string  $password
2137          * @return array taxonomies
2138          */
2139         public function wp_getTaxonomies( $args ) {
2140                 if ( ! $this->minimum_args( $args, 3 ) )
2141                         return $this->error;
2142
2143                 $this->escape( $args );
2144
2145                 $username           = $args[1];
2146                 $password           = $args[2];
2147                 $filter             = isset( $args[3] ) ? $args[3] : array( 'public' => true );
2148
2149                 if ( isset( $args[4] ) ) {
2150                         $fields = $args[4];
2151                 } else {
2152                         /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2153                         $fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomies' );
2154                 }
2155
2156                 if ( ! $user = $this->login( $username, $password ) )
2157                         return $this->error;
2158
2159                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2160                 do_action( 'xmlrpc_call', 'wp.getTaxonomies' );
2161
2162                 $taxonomies = get_taxonomies( $filter, 'objects' );
2163
2164                 // holds all the taxonomy data
2165                 $struct = array();
2166
2167                 foreach ( $taxonomies as $taxonomy ) {
2168                         // capability check for post_types
2169                         if ( ! current_user_can( $taxonomy->cap->assign_terms ) )
2170                                 continue;
2171
2172                         $struct[] = $this->_prepare_taxonomy( $taxonomy, $fields );
2173                 }
2174
2175                 return $struct;
2176         }
2177
2178         /**
2179          * Retrieve a user.
2180          *
2181          * The optional $fields parameter specifies what fields will be included
2182          * in the response array. This should be a list of field names. 'user_id' will
2183          * always be included in the response regardless of the value of $fields.
2184          *
2185          * Instead of, or in addition to, individual field names, conceptual group
2186          * names can be used to specify multiple fields. The available conceptual
2187          * groups are 'basic' and 'all'.
2188          *
2189          * @uses get_userdata()
2190          * @param array $args Method parameters. Contains:
2191          *  - int     $blog_id (unused)
2192          *  - string  $username
2193          *  - string  $password
2194          *  - int     $user_id
2195          *  - array   $fields optional
2196          * @return array|IXR_Error Array contains (based on $fields parameter):
2197          *  - 'user_id'
2198          *  - 'username'
2199          *  - 'first_name'
2200          *  - 'last_name'
2201          *  - 'registered'
2202          *  - 'bio'
2203          *  - 'email'
2204          *  - 'nickname'
2205          *  - 'nicename'
2206          *  - 'url'
2207          *  - 'display_name'
2208          *  - 'roles'
2209          */
2210         public function wp_getUser( $args ) {
2211                 if ( ! $this->minimum_args( $args, 4 ) )
2212                         return $this->error;
2213
2214                 $this->escape( $args );
2215
2216                 $username   = $args[1];
2217                 $password   = $args[2];
2218                 $user_id    = (int) $args[3];
2219
2220                 if ( isset( $args[4] ) ) {
2221                         $fields = $args[4];
2222                 } else {
2223                         /**
2224                          * Filter the default user query fields used by the given XML-RPC method.
2225                          *
2226                          * @since 3.5.0
2227                          *
2228                          * @param array  $fields User query fields for given method. Default 'all'.
2229                          * @param string $method The method name.
2230                          */
2231                         $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUser' );
2232                 }
2233
2234                 if ( ! $user = $this->login( $username, $password ) )
2235                         return $this->error;
2236
2237                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2238                 do_action( 'xmlrpc_call', 'wp.getUser' );
2239
2240                 if ( ! current_user_can( 'edit_user', $user_id ) )
2241                         return new IXR_Error( 401, __( 'Sorry, you cannot edit users.' ) );
2242
2243                 $user_data = get_userdata( $user_id );
2244
2245                 if ( ! $user_data )
2246                         return new IXR_Error( 404, __( 'Invalid user ID' ) );
2247
2248                 return $this->_prepare_user( $user_data, $fields );
2249         }
2250
2251         /**
2252          * Retrieve users.
2253          *
2254          * The optional $filter parameter modifies the query used to retrieve users.
2255          * Accepted keys are 'number' (default: 50), 'offset' (default: 0), 'role',
2256          * 'who', 'orderby', and 'order'.
2257          *
2258          * The optional $fields parameter specifies what fields will be included
2259          * in the response array.
2260          *
2261          * @uses get_users()
2262          * @see wp_getUser() for more on $fields and return values
2263          *
2264          * @param array $args Method parameters. Contains:
2265          *  - int     $blog_id (unused)
2266          *  - string  $username
2267          *  - string  $password
2268          *  - array   $filter optional
2269          *  - array   $fields optional
2270          * @return array|IXR_Error users data
2271          */
2272         public function wp_getUsers( $args ) {
2273                 if ( ! $this->minimum_args( $args, 3 ) )
2274                         return $this->error;
2275
2276                 $this->escape( $args );
2277
2278                 $username   = $args[1];
2279                 $password   = $args[2];
2280                 $filter     = isset( $args[3] ) ? $args[3] : array();
2281
2282                 if ( isset( $args[4] ) ) {
2283                         $fields = $args[4];
2284                 } else {
2285                         /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2286                         $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUsers' );
2287                 }
2288
2289                 if ( ! $user = $this->login( $username, $password ) )
2290                         return $this->error;
2291
2292                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2293                 do_action( 'xmlrpc_call', 'wp.getUsers' );
2294
2295                 if ( ! current_user_can( 'list_users' ) )
2296                         return new IXR_Error( 401, __( 'Sorry, you cannot list users.' ) );
2297
2298                 $query = array( 'fields' => 'all_with_meta' );
2299
2300                 $query['number'] = ( isset( $filter['number'] ) ) ? absint( $filter['number'] ) : 50;
2301                 $query['offset'] = ( isset( $filter['offset'] ) ) ? absint( $filter['offset'] ) : 0;
2302
2303                 if ( isset( $filter['orderby'] ) ) {
2304                         $query['orderby'] = $filter['orderby'];
2305
2306                         if ( isset( $filter['order'] ) )
2307                                 $query['order'] = $filter['order'];
2308                 }
2309
2310                 if ( isset( $filter['role'] ) ) {
2311                         if ( get_role( $filter['role'] ) === null )
2312                                 return new IXR_Error( 403, __( 'The role specified is not valid' ) );
2313
2314                         $query['role'] = $filter['role'];
2315                 }
2316
2317                 if ( isset( $filter['who'] ) ) {
2318                         $query['who'] = $filter['who'];
2319                 }
2320
2321                 $users = get_users( $query );
2322
2323                 $_users = array();
2324                 foreach ( $users as $user_data ) {
2325                         if ( current_user_can( 'edit_user', $user_data->ID ) )
2326                                 $_users[] = $this->_prepare_user( $user_data, $fields );
2327                 }
2328                 return $_users;
2329         }
2330
2331         /**
2332          * Retrieve information about the requesting user.
2333          *
2334          * @uses get_userdata()
2335          * @param array $args Method parameters. Contains:
2336          *  - int     $blog_id (unused)
2337          *  - string  $username
2338          *  - string  $password
2339          *  - array   $fields optional
2340          * @return array|IXR_Error (@see wp_getUser)
2341          */
2342         public function wp_getProfile( $args ) {
2343                 if ( ! $this->minimum_args( $args, 3 ) )
2344                         return $this->error;
2345
2346                 $this->escape( $args );
2347
2348                 $username   = $args[1];
2349                 $password   = $args[2];
2350
2351                 if ( isset( $args[3] ) ) {
2352                         $fields = $args[3];
2353                 } else {
2354                         /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2355                         $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getProfile' );
2356                 }
2357
2358                 if ( ! $user = $this->login( $username, $password ) )
2359                         return $this->error;
2360
2361                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2362                 do_action( 'xmlrpc_call', 'wp.getProfile' );
2363
2364                 if ( ! current_user_can( 'edit_user', $user->ID ) )
2365                         return new IXR_Error( 401, __( 'Sorry, you cannot edit your profile.' ) );
2366
2367                 $user_data = get_userdata( $user->ID );
2368
2369                 return $this->_prepare_user( $user_data, $fields );
2370         }
2371
2372         /**
2373          * Edit user's profile.
2374          *
2375          * @uses wp_update_user()
2376          * @param array $args Method parameters. Contains:
2377          *  - int     $blog_id (unused)
2378          *  - string  $username
2379          *  - string  $password
2380          *  - array   $content_struct
2381          *      It can optionally contain:
2382          *      - 'first_name'
2383          *      - 'last_name'
2384          *      - 'website'
2385          *      - 'display_name'
2386          *      - 'nickname'
2387          *      - 'nicename'
2388          *      - 'bio'
2389          * @return bool|IXR_Error True, on success.
2390          */
2391         public function wp_editProfile( $args ) {
2392                 if ( ! $this->minimum_args( $args, 4 ) )
2393                         return $this->error;
2394
2395                 $this->escape( $args );
2396
2397                 $username       = $args[1];
2398                 $password       = $args[2];
2399                 $content_struct = $args[3];
2400
2401                 if ( ! $user = $this->login( $username, $password ) )
2402                         return $this->error;
2403
2404                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2405                 do_action( 'xmlrpc_call', 'wp.editProfile' );
2406
2407                 if ( ! current_user_can( 'edit_user', $user->ID ) )
2408                         return new IXR_Error( 401, __( 'Sorry, you cannot edit your profile.' ) );
2409
2410                 // holds data of the user
2411                 $user_data = array();
2412                 $user_data['ID'] = $user->ID;
2413
2414                 // only set the user details if it was given
2415                 if ( isset( $content_struct['first_name'] ) )
2416                         $user_data['first_name'] = $content_struct['first_name'];
2417
2418                 if ( isset( $content_struct['last_name'] ) )
2419                         $user_data['last_name'] = $content_struct['last_name'];
2420
2421                 if ( isset( $content_struct['url'] ) )
2422                         $user_data['user_url'] = $content_struct['url'];
2423
2424                 if ( isset( $content_struct['display_name'] ) )
2425                         $user_data['display_name'] = $content_struct['display_name'];
2426
2427                 if ( isset( $content_struct['nickname'] ) )
2428                         $user_data['nickname'] = $content_struct['nickname'];
2429
2430                 if ( isset( $content_struct['nicename'] ) )
2431                         $user_data['user_nicename'] = $content_struct['nicename'];
2432
2433                 if ( isset( $content_struct['bio'] ) )
2434                         $user_data['description'] = $content_struct['bio'];
2435
2436                 $result = wp_update_user( $user_data );
2437
2438                 if ( is_wp_error( $result ) )
2439                         return new IXR_Error( 500, $result->get_error_message() );
2440
2441                 if ( ! $result )
2442                         return new IXR_Error( 500, __( 'Sorry, the user cannot be updated.' ) );
2443
2444                 return true;
2445         }
2446
2447         /**
2448          * Retrieve page.
2449          *
2450          * @since 2.2.0
2451          *
2452          * @param array $args Method parameters. Contains:
2453          *  - blog_id (unused)
2454          *  - page_id
2455          *  - username
2456          *  - password
2457          * @return array|IXR_Error
2458          */
2459         public function wp_getPage($args) {
2460                 $this->escape($args);
2461
2462                 $page_id        = (int) $args[1];
2463                 $username       = $args[2];
2464                 $password       = $args[3];
2465
2466                 if ( !$user = $this->login($username, $password) ) {
2467                         return $this->error;
2468                 }
2469
2470                 $page = get_post($page_id);
2471                 if ( ! $page )
2472                         return new IXR_Error( 404, __( 'Invalid post ID.' ) );
2473
2474                 if ( !current_user_can( 'edit_page', $page_id ) )
2475                         return new IXR_Error( 401, __( 'Sorry, you cannot edit this page.' ) );
2476
2477                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2478                 do_action( 'xmlrpc_call', 'wp.getPage' );
2479
2480                 // If we found the page then format the data.
2481                 if ( $page->ID && ($page->post_type == 'page') ) {
2482                         return $this->_prepare_page( $page );
2483                 }
2484                 // If the page doesn't exist indicate that.
2485                 else {
2486                         return new IXR_Error( 404, __( 'Sorry, no such page.' ) );
2487                 }
2488         }
2489
2490         /**
2491          * Retrieve Pages.
2492          *
2493          * @since 2.2.0
2494          *
2495          * @param array $args Method parameters. Contains:
2496          *  - blog_id (unused)
2497          *  - username
2498          *  - password
2499          *  - num_pages
2500          * @return array|IXR_Error
2501          */
2502         public function wp_getPages($args) {
2503                 $this->escape($args);
2504
2505                 $username       = $args[1];
2506                 $password       = $args[2];
2507                 $num_pages      = isset($args[3]) ? (int) $args[3] : 10;
2508
2509                 if ( !$user = $this->login($username, $password) )
2510                         return $this->error;
2511
2512                 if ( !current_user_can( 'edit_pages' ) )
2513                         return new IXR_Error( 401, __( 'Sorry, you cannot edit pages.' ) );
2514
2515                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2516                 do_action( 'xmlrpc_call', 'wp.getPages' );
2517
2518                 $pages = get_posts( array('post_type' => 'page', 'post_status' => 'any', 'numberposts' => $num_pages) );
2519                 $num_pages = count($pages);
2520
2521                 // If we have pages, put together their info.
2522                 if ( $num_pages >= 1 ) {
2523                         $pages_struct = array();
2524
2525                         foreach ($pages as $page) {
2526                                 if ( current_user_can( 'edit_page', $page->ID ) )
2527                                         $pages_struct[] = $this->_prepare_page( $page );
2528                         }
2529
2530                         return $pages_struct;
2531                 }
2532
2533                 return array();
2534         }
2535
2536         /**
2537          * Create new page.
2538          *
2539          * @since 2.2.0
2540          *
2541          * @param array $args Method parameters. See {@link wp_xmlrpc_server::mw_newPost()}
2542          * @return int|IXR_Error
2543          */
2544         public function wp_newPage($args) {
2545                 // Items not escaped here will be escaped in newPost.
2546                 $username       = $this->escape($args[1]);
2547                 $password       = $this->escape($args[2]);
2548                 $page           = $args[3];
2549                 $publish        = $args[4];
2550
2551                 if ( !$user = $this->login($username, $password) )
2552                         return $this->error;
2553
2554                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2555                 do_action( 'xmlrpc_call', 'wp.newPage' );
2556
2557                 // Mark this as content for a page.
2558                 $args[3]["post_type"] = 'page';
2559
2560                 // Let mw_newPost do all of the heavy lifting.
2561                 return $this->mw_newPost( $args );
2562         }
2563
2564         /**
2565          * Delete page.
2566          *
2567          * @since 2.2.0
2568          *
2569          * @param array $args Method parameters.
2570          * @return bool|IXR_Error True, if success.
2571          */
2572         public function wp_deletePage($args) {
2573                 $this->escape($args);
2574
2575                 $username       = $args[1];
2576                 $password       = $args[2];
2577                 $page_id        = (int) $args[3];
2578
2579                 if ( !$user = $this->login($username, $password) )
2580                         return $this->error;
2581
2582                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2583                 do_action( 'xmlrpc_call', 'wp.deletePage' );
2584
2585                 // Get the current page based on the page_id and
2586                 // make sure it is a page and not a post.
2587                 $actual_page = get_post($page_id, ARRAY_A);
2588                 if ( !$actual_page || ($actual_page['post_type'] != 'page') )
2589                         return new IXR_Error( 404, __( 'Sorry, no such page.' ) );
2590
2591                 // Make sure the user can delete pages.
2592                 if ( !current_user_can('delete_page', $page_id) )
2593                         return new IXR_Error( 401, __( 'Sorry, you do not have the right to delete this page.' ) );
2594
2595                 // Attempt to delete the page.
2596                 $result = wp_delete_post($page_id);
2597                 if ( !$result )
2598                         return new IXR_Error( 500, __( 'Failed to delete the page.' ) );
2599
2600                 /**
2601                  * Fires after a page has been successfully deleted via XML-RPC.
2602                  *
2603                  * @since 3.4.0
2604                  *
2605                  * @param int   $page_id ID of the deleted page.
2606                  * @param array $args    An array of arguments to delete the page.
2607                  */
2608                 do_action( 'xmlrpc_call_success_wp_deletePage', $page_id, $args );
2609
2610                 return true;
2611         }
2612
2613         /**
2614          * Edit page.
2615          *
2616          * @since 2.2.0
2617          *
2618          * @param array $args Method parameters.
2619          * @return array|IXR_Error
2620          */
2621         public function wp_editPage($args) {
2622                 // Items not escaped here will be escaped in editPost.
2623                 $page_id        = (int) $this->escape($args[1]);
2624                 $username       = $this->escape($args[2]);
2625                 $password       = $this->escape($args[3]);
2626                 $content        = $args[4];
2627                 $publish        = $args[5];
2628
2629                 if ( !$user = $this->login($username, $password) )
2630                         return $this->error;
2631
2632                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2633                 do_action( 'xmlrpc_call', 'wp.editPage' );
2634
2635                 // Get the page data and make sure it is a page.
2636                 $actual_page = get_post($page_id, ARRAY_A);
2637                 if ( !$actual_page || ($actual_page['post_type'] != 'page') )
2638                         return new IXR_Error( 404, __( 'Sorry, no such page.' ) );
2639
2640                 // Make sure the user is allowed to edit pages.
2641                 if ( !current_user_can('edit_page', $page_id) )
2642                         return new IXR_Error( 401, __( 'Sorry, you do not have the right to edit this page.' ) );
2643
2644                 // Mark this as content for a page.
2645                 $content['post_type'] = 'page';
2646
2647                 // Arrange args in the way mw_editPost understands.
2648                 $args = array(
2649                         $page_id,
2650                         $username,
2651                         $password,
2652                         $content,
2653                         $publish
2654                 );
2655
2656                 // Let mw_editPost do all of the heavy lifting.
2657                 return $this->mw_editPost( $args );
2658         }
2659
2660         /**
2661          * Retrieve page list.
2662          *
2663          * @since 2.2.0
2664          *
2665          * @param array $args Method parameters.
2666          * @return array|IXR_Error
2667          */
2668         public function wp_getPageList($args) {
2669                 global $wpdb;
2670
2671                 $this->escape($args);
2672
2673                 $username                               = $args[1];
2674                 $password                               = $args[2];
2675
2676                 if ( !$user = $this->login($username, $password) )
2677                         return $this->error;
2678
2679                 if ( !current_user_can( 'edit_pages' ) )
2680                         return new IXR_Error( 401, __( 'Sorry, you cannot edit pages.' ) );
2681
2682                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2683                 do_action( 'xmlrpc_call', 'wp.getPageList' );
2684
2685                 // Get list of pages ids and titles
2686                 $page_list = $wpdb->get_results("
2687                         SELECT ID page_id,
2688                                 post_title page_title,
2689                                 post_parent page_parent_id,
2690                                 post_date_gmt,
2691                                 post_date,
2692                                 post_status
2693                         FROM {$wpdb->posts}
2694                         WHERE post_type = 'page'
2695                         ORDER BY ID
2696                 ");
2697
2698                 // The date needs to be formatted properly.
2699                 $num_pages = count($page_list);
2700                 for ( $i = 0; $i < $num_pages; $i++ ) {
2701                         $page_list[$i]->dateCreated = $this->_convert_date(  $page_list[$i]->post_date );
2702                         $page_list[$i]->date_created_gmt = $this->_convert_date_gmt( $page_list[$i]->post_date_gmt, $page_list[$i]->post_date );
2703
2704                         unset($page_list[$i]->post_date_gmt);
2705                         unset($page_list[$i]->post_date);
2706                         unset($page_list[$i]->post_status);
2707                 }
2708
2709                 return $page_list;
2710         }
2711
2712         /**
2713          * Retrieve authors list.
2714          *
2715          * @since 2.2.0
2716          *
2717          * @param array $args Method parameters.
2718          * @return array|IXR_Error
2719          */
2720         public function wp_getAuthors($args) {
2721
2722                 $this->escape($args);
2723
2724                 $username       = $args[1];
2725                 $password       = $args[2];
2726
2727                 if ( !$user = $this->login($username, $password) )
2728                         return $this->error;
2729
2730                 if ( !current_user_can('edit_posts') )
2731                         return new IXR_Error( 401, __( 'Sorry, you cannot edit posts on this site.' ) );
2732
2733                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2734                 do_action( 'xmlrpc_call', 'wp.getAuthors' );
2735
2736                 $authors = array();
2737                 foreach ( get_users( array( 'fields' => array('ID','user_login','display_name') ) ) as $user ) {
2738                         $authors[] = array(
2739                                 'user_id'       => $user->ID,
2740                                 'user_login'    => $user->user_login,
2741                                 'display_name'  => $user->display_name
2742                         );
2743                 }
2744
2745                 return $authors;
2746         }
2747
2748         /**
2749          * Get list of all tags
2750          *
2751          * @since 2.7.0
2752          *
2753          * @param array $args Method parameters.
2754          * @return array|IXR_Error
2755          */
2756         public function wp_getTags( $args ) {
2757                 $this->escape( $args );
2758
2759                 $username               = $args[1];
2760                 $password               = $args[2];
2761
2762                 if ( !$user = $this->login($username, $password) )
2763                         return $this->error;
2764
2765                 if ( !current_user_can( 'edit_posts' ) )
2766                         return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view tags.' ) );
2767
2768                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2769                 do_action( 'xmlrpc_call', 'wp.getKeywords' );
2770
2771                 $tags = array();
2772
2773                 if ( $all_tags = get_tags() ) {
2774                         foreach( (array) $all_tags as $tag ) {
2775                                 $struct = array();
2776                                 $struct['tag_id']                       = $tag->term_id;
2777                                 $struct['name']                         = $tag->name;
2778                                 $struct['count']                        = $tag->count;
2779                                 $struct['slug']                         = $tag->slug;
2780                                 $struct['html_url']                     = esc_html( get_tag_link( $tag->term_id ) );
2781                                 $struct['rss_url']                      = esc_html( get_tag_feed_link( $tag->term_id ) );
2782
2783                                 $tags[] = $struct;
2784                         }
2785                 }
2786
2787                 return $tags;
2788         }
2789
2790         /**
2791          * Create new category.
2792          *
2793          * @since 2.2.0
2794          *
2795          * @param array $args Method parameters.
2796          * @return int|IXR_Error Category ID.
2797          */
2798         public function wp_newCategory($args) {
2799                 $this->escape($args);
2800
2801                 $username                               = $args[1];
2802                 $password                               = $args[2];
2803                 $category                               = $args[3];
2804
2805                 if ( !$user = $this->login($username, $password) )
2806                         return $this->error;
2807
2808                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2809                 do_action( 'xmlrpc_call', 'wp.newCategory' );
2810
2811                 // Make sure the user is allowed to add a category.
2812                 if ( !current_user_can('manage_categories') )
2813                         return new IXR_Error(401, __('Sorry, you do not have the right to add a category.'));
2814
2815                 // If no slug was provided make it empty so that
2816                 // WordPress will generate one.
2817                 if ( empty($category['slug']) )
2818                         $category['slug'] = '';
2819
2820                 // If no parent_id was provided make it empty
2821                 // so that it will be a top level page (no parent).
2822                 if ( !isset($category['parent_id']) )
2823                         $category['parent_id'] = '';
2824
2825                 // If no description was provided make it empty.
2826                 if ( empty($category["description"]) )
2827                         $category["description"] = "";
2828
2829                 $new_category = array(
2830                         'cat_name'                              => $category['name'],
2831                         'category_nicename'             => $category['slug'],
2832                         'category_parent'               => $category['parent_id'],
2833                         'category_description'  => $category['description']
2834                 );
2835
2836                 $cat_id = wp_insert_category($new_category, true);
2837                 if ( is_wp_error( $cat_id ) ) {
2838                         if ( 'term_exists' == $cat_id->get_error_code() )
2839                                 return (int) $cat_id->get_error_data();
2840                         else
2841                                 return new IXR_Error(500, __('Sorry, the new category failed.'));
2842                 } elseif ( ! $cat_id ) {
2843                         return new IXR_Error(500, __('Sorry, the new category failed.'));
2844                 }
2845
2846                 /**
2847                  * Fires after a new category has been successfully created via XML-RPC.
2848                  *
2849                  * @since 3.4.0
2850                  *
2851                  * @param int   $cat_id ID of the new category.
2852                  * @param array $args   An array of new category arguments.
2853                  */
2854                 do_action( 'xmlrpc_call_success_wp_newCategory', $cat_id, $args );
2855
2856                 return $cat_id;
2857         }
2858
2859         /**
2860          * Remove category.
2861          *
2862          * @since 2.5.0
2863          *
2864          * @param array $args Method parameters.
2865          * @return bool|IXR_Error See {@link wp_delete_term()} for return info.
2866          */
2867         public function wp_deleteCategory($args) {
2868                 $this->escape($args);
2869
2870                 $username               = $args[1];
2871                 $password               = $args[2];
2872                 $category_id    = (int) $args[3];
2873
2874                 if ( !$user = $this->login($username, $password) )
2875                         return $this->error;
2876
2877                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2878                 do_action( 'xmlrpc_call', 'wp.deleteCategory' );
2879
2880                 if ( !current_user_can('manage_categories') )
2881                         return new IXR_Error( 401, __( 'Sorry, you do not have the right to delete a category.' ) );
2882
2883                 $status = wp_delete_term( $category_id, 'category' );
2884
2885                 if ( true == $status ) {
2886                         /**
2887                          * Fires after a category has been successfully deleted via XML-RPC.
2888                          *
2889                          * @since 3.4.0
2890                          *
2891                          * @param int   $category_id ID of the deleted category.
2892                          * @param array $args        An array of arguments to delete the category.
2893                          */
2894                         do_action( 'xmlrpc_call_success_wp_deleteCategory', $category_id, $args );
2895                 }
2896
2897                 return $status;
2898         }
2899
2900         /**
2901          * Retrieve category list.
2902          *
2903          * @since 2.2.0
2904          *
2905          * @param array $args Method parameters.
2906          * @return array|IXR_Error
2907          */
2908         public function wp_suggestCategories($args) {
2909                 $this->escape($args);
2910
2911                 $username                               = $args[1];
2912                 $password                               = $args[2];
2913                 $category                               = $args[3];
2914                 $max_results                    = (int) $args[4];
2915
2916                 if ( !$user = $this->login($username, $password) )
2917                         return $this->error;
2918
2919                 if ( !current_user_can( 'edit_posts' ) )
2920                         return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts to this site in order to view categories.' ) );
2921
2922                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2923                 do_action( 'xmlrpc_call', 'wp.suggestCategories' );
2924
2925                 $category_suggestions = array();
2926                 $args = array('get' => 'all', 'number' => $max_results, 'name__like' => $category);
2927                 foreach ( (array) get_categories($args) as $cat ) {
2928                         $category_suggestions[] = array(
2929                                 'category_id'   => $cat->term_id,
2930                                 'category_name' => $cat->name
2931                         );
2932                 }
2933
2934                 return $category_suggestions;
2935         }
2936
2937         /**
2938          * Retrieve comment.
2939          *
2940          * @since 2.7.0
2941          *
2942          * @param array $args Method parameters.
2943          * @return array|IXR_Error
2944          */
2945         public function wp_getComment($args) {
2946                 $this->escape($args);
2947
2948                 $username       = $args[1];
2949                 $password       = $args[2];
2950                 $comment_id     = (int) $args[3];
2951
2952                 if ( !$user = $this->login($username, $password) )
2953                         return $this->error;
2954
2955                 if ( !current_user_can( 'moderate_comments' ) )
2956                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
2957
2958                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
2959                 do_action( 'xmlrpc_call', 'wp.getComment' );
2960
2961                 if ( ! $comment = get_comment($comment_id) )
2962                         return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
2963
2964                 return $this->_prepare_comment( $comment );
2965         }
2966
2967         /**
2968          * Retrieve comments.
2969          *
2970          * Besides the common blog_id (unused), username, and password arguments, it takes a filter
2971          * array as last argument.
2972          *
2973          * Accepted 'filter' keys are 'status', 'post_id', 'offset', and 'number'.
2974          *
2975          * The defaults are as follows:
2976          * - 'status' - Default is ''. Filter by status (e.g., 'approve', 'hold')
2977          * - 'post_id' - Default is ''. The post where the comment is posted. Empty string shows all comments.
2978          * - 'number' - Default is 10. Total number of media items to retrieve.
2979          * - 'offset' - Default is 0. See {@link WP_Query::query()} for more.
2980          *
2981          * @since 2.7.0
2982          *
2983          * @param array $args Method parameters.
2984          * @return array|IXR_Error Contains a collection of comments. See {@link wp_xmlrpc_server::wp_getComment()} for a description of each item contents
2985          */
2986         public function wp_getComments($args) {
2987                 $this->escape($args);
2988
2989                 $username       = $args[1];
2990                 $password       = $args[2];
2991                 $struct         = isset( $args[3] ) ? $args[3] : array();
2992
2993                 if ( !$user = $this->login($username, $password) )
2994                         return $this->error;
2995
2996                 if ( !current_user_can( 'moderate_comments' ) )
2997                         return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) );
2998
2999                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
3000                 do_action( 'xmlrpc_call', 'wp.getComments' );
3001
3002                 if ( isset($struct['status']) )
3003                         $status = $struct['status'];
3004                 else
3005                         $status = '';
3006
3007                 $post_id = '';
3008                 if ( isset($struct['post_id']) )
3009                         $post_id = absint($struct['post_id']);
3010
3011                 $offset = 0;
3012                 if ( isset($struct['offset']) )
3013                         $offset = absint($struct['offset']);
3014
3015                 $number = 10;
3016                 if ( isset($struct['number']) )
3017                         $number = absint($struct['number']);
3018
3019                 $comments = get_comments( array('status' => $status, 'post_id' => $post_id, 'offset' => $offset, 'number' => $number ) );
3020
3021                 $comments_struct = array();
3022
3023                 foreach ( $comments as $comment ) {
3024                         $comments_struct[] = $this->_prepare_comment( $comment );
3025                 }
3026
3027                 return $comments_struct;
3028         }
3029
3030         /**
3031          * Delete a comment.
3032          *
3033          * By default, the comment will be moved to the trash instead of deleted.
3034          * See {@link wp_delete_comment()} for more information on
3035          * this behavior.
3036          *
3037          * @since 2.7.0
3038          *
3039          * @param array $args Method parameters. Contains:
3040          *  - blog_id (unused)
3041          *  - username
3042          *  - password
3043          *  - comment_id
3044          * @return bool|IXR_Error {@link wp_delete_comment()}
3045          */
3046         public function wp_deleteComment($args) {
3047                 $this->escape($args);
3048
3049                 $username       = $args[1];
3050                 $password       = $args[2];
3051                 $comment_ID     = (int) $args[3];
3052
3053                 if ( !$user = $this->login($username, $password) )
3054                         return $this->error;
3055
3056                 if ( !current_user_can( 'moderate_comments' ) )
3057                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
3058
3059                 if ( ! get_comment($comment_ID) )
3060                         return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
3061
3062                 if ( !current_user_can( 'edit_comment', $comment_ID ) )
3063                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
3064
3065                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
3066                 do_action( 'xmlrpc_call', 'wp.deleteComment' );
3067
3068                 $status = wp_delete_comment( $comment_ID );
3069
3070                 if ( true == $status ) {
3071                         /**
3072                          * Fires after a comment has been successfully deleted via XML-RPC.
3073                          *
3074                          * @since 3.4.0
3075                          *
3076                          * @param int   $comment_ID ID of the deleted comment.
3077                          * @param array $args       An array of arguments to delete the comment.
3078                          */
3079                         do_action( 'xmlrpc_call_success_wp_deleteComment', $comment_ID, $args );
3080                 }
3081
3082                 return $status;
3083         }
3084
3085         /**
3086          * Edit comment.
3087          *
3088          * Besides the common blog_id (unused), username, and password arguments, it takes a
3089          * comment_id integer and a content_struct array as last argument.
3090          *
3091          * The allowed keys in the content_struct array are:
3092          *  - 'author'
3093          *  - 'author_url'
3094          *  - 'author_email'
3095          *  - 'content'
3096          *  - 'date_created_gmt'
3097          *  - 'status'. Common statuses are 'approve', 'hold', 'spam'. See {@link get_comment_statuses()} for more details
3098          *
3099          * @since 2.7.0
3100          *
3101          * @param array $args. Contains:
3102          *  - blog_id (unused)
3103          *  - username
3104          *  - password
3105          *  - comment_id
3106          *  - content_struct
3107          * @return bool|IXR_Error True, on success.
3108          */
3109         public function wp_editComment($args) {
3110                 $this->escape($args);
3111
3112                 $username       = $args[1];
3113                 $password       = $args[2];
3114                 $comment_ID     = (int) $args[3];
3115                 $content_struct = $args[4];
3116
3117                 if ( !$user = $this->login($username, $password) )
3118                         return $this->error;
3119
3120                 if ( !current_user_can( 'moderate_comments' ) )
3121                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
3122
3123                 if ( ! get_comment($comment_ID) )
3124                         return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
3125
3126                 if ( !current_user_can( 'edit_comment', $comment_ID ) )
3127                         return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
3128
3129                 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
3130                 do_action( 'xmlrpc_call', 'wp.editComment' );
3131
3132                 if ( isset($content_struct['status']) ) {
3133                         $statuses = get_comment_statuses();
3134                         $statuses = array_keys($statuses);
3135
3136                         if ( ! in_array($content_struct['status'], $statuses) )
3137                                 return new IXR_Error( 401, __( 'Invalid comment status.' ) );
3138                         $comment_approved = $content_struct['status'];