* options, etc.
*
* As of WordPress 3.5.0, XML-RPC is enabled by default. It can be disabled
- * via the xmlrpc_enabled filter found in wp_xmlrpc_server::login().
+ * via the {@see 'xmlrpc_enabled'} filter found in wp_xmlrpc_server::login().
*
* @package WordPress
* @subpackage Publishing
protected $auth_failed = false;
/**
- * Register all of the XMLRPC methods that XMLRPC server understands.
+ * Registers all of the XMLRPC methods that XMLRPC server understands.
*
* Sets up server and method property. Passes XMLRPC
- * methods through the 'xmlrpc_methods' filter to allow plugins to extend
- * or replace XMLRPC methods.
+ * methods through the {@see 'xmlrpc_methods'} filter to allow plugins to extend
+ * or replace XML-RPC methods.
*
* @since 1.5.0
*/
$this->initialise_blog_option_info();
/**
- * Filter the methods exposed by the XML-RPC server.
+ * Filters the methods exposed by the XML-RPC server.
*
* This filter can be used to add new methods, and remove built-in methods.
*
}
/**
- * Make private/protected methods readable for backwards compatibility.
+ * Make private/protected methods readable for backward compatibility.
*
* @since 4.0.0
* @access public
}
/**
+ * Serves the XML-RPC request.
+ *
+ * @since 2.9.0
* @access public
*/
public function serve_request() {
}
/**
- * Filter whether XML-RPC is enabled.
+ * Filters whether XML-RPC methods requiring authentication are enabled.
+ *
+ * Contrary to the way it's named, this filter does not control whether XML-RPC is *fully*
+ * enabled, rather, it only controls whether XML-RPC methods requiring authentication - such
+ * as for publishing purposes - are enabled.
+ *
+ * Further, the filter does not control whether pingbacks or other custom endpoints that don't
+ * require authentication are enabled. This behavior is expected, and due to how parity was matched
+ * with the `enable_xmlrpc` UI option the filter replaced when it was introduced in 3.5.
+ *
+ * To disable XML-RPC methods that require authentication, use:
+ *
+ * add_filter( 'xmlrpc_enabled', '__return_false' );
*
- * This is the proper filter for turning off XML-RPC.
+ * For more granular control over all XML-RPC methods and requests, see the {@see 'xmlrpc_methods'}
+ * and {@see 'xmlrpc_element_limit'} hooks.
*
* @since 3.5.0
*
$this->auth_failed = true;
/**
- * Filter the XML-RPC user login error message.
+ * Filters the XML-RPC user login error message.
*
* @since 3.5.0
*
);
/**
- * Filter the XML-RPC blog options property.
+ * Filters the XML-RPC blog options property.
*
* @since 2.6.0
*
$_taxonomy['object_type'] = array_unique( (array) $taxonomy->object_type );
/**
- * Filter XML-RPC-prepared data for the given taxonomy.
+ * Filters XML-RPC-prepared data for the given taxonomy.
*
* @since 3.4.0
*
$_term['count'] = intval( $_term['count'] );
/**
- * Filter XML-RPC-prepared data for the given term.
+ * Filters XML-RPC-prepared data for the given term.
*
* @since 3.4.0
*
}
/**
- * Filter XML-RPC-prepared date for the given post.
+ * Filters XML-RPC-prepared date for the given post.
*
* @since 3.4.0
*
/**
* Prepares post data for return in an XML-RPC object.
*
+ * @since 3.4.0
+ * @since 4.6.0 Converted the `$post_type` parameter to accept a WP_Post_Type object.
* @access protected
*
- * @param object $post_type Post type object.
- * @param array $fields The subset of post fields to return.
+ * @param WP_Post_Type $post_type Post type object.
+ * @param array $fields The subset of post fields to return.
* @return array The prepared post type data.
*/
protected function _prepare_post_type( $post_type, $fields ) {
$_post_type['taxonomies'] = get_object_taxonomies( $post_type->name, 'names' );
/**
- * Filter XML-RPC-prepared date for the given post type.
+ * Filters XML-RPC-prepared date for the given post type.
*
* @since 3.4.0
+ * @since 4.6.0 Converted the `$post_type` parameter to accept a WP_Post_Type object.
*
- * @param array $_post_type An array of post type data.
- * @param object $post_type Post type object.
+ * @param array $_post_type An array of post type data.
+ * @param WP_Post_Type $post_type Post type object.
*/
return apply_filters( 'xmlrpc_prepare_post_type', $_post_type, $post_type );
}
$_media_item['thumbnail'] = $_media_item['link'];
/**
- * Filter XML-RPC-prepared data for the given media item.
+ * Filters XML-RPC-prepared data for the given media item.
*
* @since 3.4.0
*
);
/**
- * Filter XML-RPC-prepared data for the given page.
+ * Filters XML-RPC-prepared data for the given page.
*
* @since 3.4.0
*
);
/**
- * Filter XML-RPC-prepared data for the given comment.
+ * Filters XML-RPC-prepared data for the given comment.
*
* @since 3.4.0
*
}
/**
- * Filter XML-RPC-prepared data for the given user.
+ * Filters XML-RPC-prepared data for the given user.
*
* @since 3.5.0
*
*
* @since 3.4.0
*
- * @link http://en.wikipedia.org/wiki/RSS_enclosure for information on RSS enclosures.
+ * @link https://en.wikipedia.org/wiki/RSS_enclosure for information on RSS enclosures.
*
* @param array $args {
* Method arguments. Note: top-level arguments must be ordered as documented.
$post_type = get_post_type_object( $post_data['post_type'] );
if ( ! $post_type )
- return new IXR_Error( 403, __( 'Invalid post type' ) );
+ return new IXR_Error( 403, __( 'Invalid post type.' ) );
$update = ! empty( $post_data['ID'] );
$post_data['post_author'] = absint( $post_data['post_author'] );
if ( ! empty( $post_data['post_author'] ) && $post_data['post_author'] != $user->ID ) {
if ( ! current_user_can( $post_type->cap->edit_others_posts ) )
- return new IXR_Error( 401, __( 'You are not allowed to create posts as this user.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to create posts as this user.' ) );
$author = get_userdata( $post_data['post_author'] );
$dateCreated = $post_data['post_date']->getIso();
}
+ // Default to not flagging the post date to be edited unless it's intentional.
+ $post_data['edit_date'] = false;
+
if ( ! empty( $dateCreated ) ) {
$post_data['post_date'] = get_date_from_gmt( iso8601_to_datetime( $dateCreated ) );
$post_data['post_date_gmt'] = iso8601_to_datetime( $dateCreated, 'GMT' );
+
+ // Flag the post date to be edited.
+ $post_data['edit_date'] = true;
}
if ( ! isset( $post_data['ID'] ) )
$term = get_term_by( 'id', $term_id, $taxonomy );
if ( ! $term )
- return new IXR_Error( 403, __( 'Invalid term ID' ) );
+ return new IXR_Error( 403, __( 'Invalid term ID.' ) );
$terms[$taxonomy][] = (int) $term_id;
}
$this->attach_uploads( $post_ID, $post_data['post_content'] );
/**
- * Filter post data array to be inserted via XML-RPC.
+ * Filters post data array to be inserted via XML-RPC.
*
* @since 3.4.0
*
}
if ( ! current_user_can( 'delete_post', $post_id ) ) {
- return new IXR_Error( 401, __( 'Sorry, you do not have the right to delete this post.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) );
}
$result = wp_delete_post( $post_id );
$fields = $args[4];
} else {
/**
- * Filter the list of post query fields used by the given XML-RPC method.
+ * Filters the list of post query fields used by the given XML-RPC method.
*
* @since 3.4.0
*
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
if ( ! current_user_can( 'edit_post', $post_id ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
return $this->_prepare_post( $post, $fields );
}
}
if ( ! current_user_can( $post_type->cap->edit_posts ) )
- return new IXR_Error( 401, __( 'You are not allowed to edit posts in this post type.' ));
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ));
$query['post_type'] = $post_type->name;
do_action( 'xmlrpc_call', 'wp.newTerm' );
if ( ! taxonomy_exists( $content_struct['taxonomy'] ) )
- return new IXR_Error( 403, __( 'Invalid taxonomy' ) );
+ return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
$taxonomy = get_taxonomy( $content_struct['taxonomy'] );
if ( ! current_user_can( $taxonomy->cap->manage_terms ) )
- return new IXR_Error( 401, __( 'You are not allowed to create terms in this taxonomy.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to create terms in this taxonomy.' ) );
$taxonomy = (array) $taxonomy;
do_action( 'xmlrpc_call', 'wp.editTerm' );
if ( ! taxonomy_exists( $content_struct['taxonomy'] ) )
- return new IXR_Error( 403, __( 'Invalid taxonomy' ) );
+ return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
$taxonomy = get_taxonomy( $content_struct['taxonomy'] );
if ( ! current_user_can( $taxonomy->cap->edit_terms ) )
- return new IXR_Error( 401, __( 'You are not allowed to edit terms in this taxonomy.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ) );
$taxonomy = (array) $taxonomy;
return new IXR_Error( 500, $term->get_error_message() );
if ( ! $term )
- return new IXR_Error( 404, __( 'Invalid term ID' ) );
+ return new IXR_Error( 404, __( 'Invalid term ID.' ) );
if ( isset( $content_struct['name'] ) ) {
$term_data['name'] = trim( $content_struct['name'] );
do_action( 'xmlrpc_call', 'wp.deleteTerm' );
if ( ! taxonomy_exists( $taxonomy ) )
- return new IXR_Error( 403, __( 'Invalid taxonomy' ) );
+ return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
$taxonomy = get_taxonomy( $taxonomy );
if ( ! current_user_can( $taxonomy->cap->delete_terms ) )
- return new IXR_Error( 401, __( 'You are not allowed to delete terms in this taxonomy.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete terms in this taxonomy.' ) );
$term = get_term( $term_id, $taxonomy->name );
return new IXR_Error( 500, $term->get_error_message() );
if ( ! $term )
- return new IXR_Error( 404, __( 'Invalid term ID' ) );
+ return new IXR_Error( 404, __( 'Invalid term ID.' ) );
$result = wp_delete_term( $term_id, $taxonomy->name );
do_action( 'xmlrpc_call', 'wp.getTerm' );
if ( ! taxonomy_exists( $taxonomy ) )
- return new IXR_Error( 403, __( 'Invalid taxonomy' ) );
+ return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
$taxonomy = get_taxonomy( $taxonomy );
if ( ! current_user_can( $taxonomy->cap->assign_terms ) )
- return new IXR_Error( 401, __( 'You are not allowed to assign terms in this taxonomy.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) );
$term = get_term( $term_id , $taxonomy->name, ARRAY_A );
return new IXR_Error( 500, $term->get_error_message() );
if ( ! $term )
- return new IXR_Error( 404, __( 'Invalid term ID' ) );
+ return new IXR_Error( 404, __( 'Invalid term ID.' ) );
return $this->_prepare_term( $term );
}
do_action( 'xmlrpc_call', 'wp.getTerms' );
if ( ! taxonomy_exists( $taxonomy ) )
- return new IXR_Error( 403, __( 'Invalid taxonomy' ) );
+ return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
$taxonomy = get_taxonomy( $taxonomy );
if ( ! current_user_can( $taxonomy->cap->assign_terms ) )
- return new IXR_Error( 401, __( 'You are not allowed to assign terms in this taxonomy.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) );
$query = array();
$fields = $args[4];
} else {
/**
- * Filter the taxonomy query fields used by the given XML-RPC method.
+ * Filters the taxonomy query fields used by the given XML-RPC method.
*
* @since 3.4.0
*
do_action( 'xmlrpc_call', 'wp.getTaxonomy' );
if ( ! taxonomy_exists( $taxonomy ) )
- return new IXR_Error( 403, __( 'Invalid taxonomy' ) );
+ return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
$taxonomy = get_taxonomy( $taxonomy );
if ( ! current_user_can( $taxonomy->cap->assign_terms ) )
- return new IXR_Error( 401, __( 'You are not allowed to assign terms in this taxonomy.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) );
return $this->_prepare_taxonomy( $taxonomy, $fields );
}
$fields = $args[4];
} else {
/**
- * Filter the default user query fields used by the given XML-RPC method.
+ * Filters the default user query fields used by the given XML-RPC method.
*
* @since 3.5.0
*
do_action( 'xmlrpc_call', 'wp.getUser' );
if ( ! current_user_can( 'edit_user', $user_id ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit users.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this user.' ) );
$user_data = get_userdata( $user_id );
do_action( 'xmlrpc_call', 'wp.getUsers' );
if ( ! current_user_can( 'list_users' ) )
- return new IXR_Error( 401, __( 'You are not allowed to browse users.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to browse users.' ) );
$query = array( 'fields' => 'all_with_meta' );
do_action( 'xmlrpc_call', 'wp.getProfile' );
if ( ! current_user_can( 'edit_user', $user->ID ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit your profile.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) );
$user_data = get_userdata( $user->ID );
do_action( 'xmlrpc_call', 'wp.editProfile' );
if ( ! current_user_can( 'edit_user', $user->ID ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit your profile.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) );
// holds data of the user
$user_data = array();
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
if ( !current_user_can( 'edit_page', $page_id ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit this page.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this page.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPage' );
return $this->error;
if ( !current_user_can( 'edit_pages' ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit pages.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit pages.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPages' );
// Make sure the user can delete pages.
if ( !current_user_can('delete_page', $page_id) )
- return new IXR_Error( 401, __( 'Sorry, you do not have the right to delete this page.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this page.' ) );
// Attempt to delete the page.
$result = wp_delete_post($page_id);
// Make sure the user is allowed to edit pages.
if ( !current_user_can('edit_page', $page_id) )
- return new IXR_Error( 401, __( 'Sorry, you do not have the right to edit this page.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this page.' ) );
// Mark this as content for a page.
$content['post_type'] = 'page';
return $this->error;
if ( !current_user_can( 'edit_pages' ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit pages.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit pages.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPageList' );
return $this->error;
if ( !current_user_can('edit_posts') )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit posts on this site.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getAuthors' );
// Make sure the user is allowed to add a category.
if ( !current_user_can('manage_categories') )
- return new IXR_Error(401, __('Sorry, you do not have the right to add a category.'));
+ return new IXR_Error(401, __('Sorry, you are not allowed to add a category.'));
// If no slug was provided make it empty so that
// WordPress will generate one.
* @type string $password
* @type int $category_id
* }
- * @return bool|IXR_Error See {@link wp_delete_term()} for return info.
+ * @return bool|IXR_Error See wp_delete_term() for return info.
*/
public function wp_deleteCategory( $args ) {
$this->escape( $args );
do_action( 'xmlrpc_call', 'wp.deleteCategory' );
if ( !current_user_can('manage_categories') )
- return new IXR_Error( 401, __( 'Sorry, you do not have the right to delete a category.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete a category.' ) );
$status = wp_delete_term( $category_id, 'category' );
}
if ( ! current_user_can( 'edit_comment', $comment_id ) ) {
- return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) );
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) );
}
return $this->_prepare_comment( $comment );
* - 'status' - Default is ''. Filter by status (e.g., 'approve', 'hold')
* - 'post_id' - Default is ''. The post where the comment is posted. Empty string shows all comments.
* - 'number' - Default is 10. Total number of media items to retrieve.
- * - 'offset' - Default is 0. See {@link WP_Query::query()} for more.
+ * - 'offset' - Default is 0. See WP_Query::query() for more.
*
* @since 2.7.0
*
* @type string $password
* @type array $struct
* }
- * @return array|IXR_Error Contains a collection of comments. See {@link wp_xmlrpc_server::wp_getComment()} for a description of each item contents
+ * @return array|IXR_Error Contains a collection of comments. See wp_xmlrpc_server::wp_getComment() for a description of each item contents
*/
public function wp_getComments( $args ) {
$this->escape( $args );
* Delete a comment.
*
* By default, the comment will be moved to the trash instead of deleted.
- * See {@link wp_delete_comment()} for more information on
- * this behavior.
+ * See wp_delete_comment() for more information on this behavior.
*
* @since 2.7.0
*
* @type string $password
* @type int $comment_ID
* }
- * @return bool|IXR_Error {@link wp_delete_comment()}
+ * @return bool|IXR_Error See wp_delete_comment().
*/
public function wp_deleteComment( $args ) {
$this->escape($args);
}
if ( !current_user_can( 'edit_comment', $comment_ID ) ) {
- return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) );
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
}
if ( ! current_user_can( 'edit_comment', $comment_ID ) ) {
- return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) );
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
* @type string|int $post
* @type array $content_struct
* }
- * @return int|IXR_Error {@link wp_new_comment()}
+ * @return int|IXR_Error See wp_new_comment().
*/
public function wp_newComment($args) {
$this->escape($args);
$content_struct = $args[4];
/**
- * Filter whether to allow anonymous comments over XML-RPC.
+ * Filters whether to allow anonymous comments over XML-RPC.
*
* @since 2.7.0
*
}
if ( ! current_user_can( 'publish_posts' ) ) {
- return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) );
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed access to details about this site.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
- return new IXR_Error( 403, __( 'You are not allowed access to details of this post.' ) );
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed access to details of this post.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
return $this->error;
if ( !current_user_can( 'edit_posts' ) )
- return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) );
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed access to details about this site.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPostStatusList' );
return $this->error;
if ( !current_user_can( 'edit_pages' ) )
- return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) );
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed access to details about this site.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPageStatusList' );
return $this->error;
if ( !current_user_can( 'edit_pages' ) )
- return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) );
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed access to details about this site.' ) );
$templates = get_page_templates();
$templates['Default'] = 'default';
return $this->error;
if ( !current_user_can( 'manage_options' ) )
- return new IXR_Error( 403, __( 'You are not allowed to update options.' ) );
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed to update options.' ) );
$option_names = array();
foreach ( $options as $o_name => $o_value ) {
return $this->error;
if ( !current_user_can( 'upload_files' ) )
- return new IXR_Error( 403, __( 'You do not have permission to upload files.' ) );
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed to upload files.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getMediaItem' );
return $this->error;
if ( !current_user_can( 'upload_files' ) )
- return new IXR_Error( 401, __( 'You do not have permission to upload files.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to upload files.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getMediaLibrary' );
return $this->error;
if ( !current_user_can( 'edit_posts' ) )
- return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) );
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed access to details about this site.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPostFormats' );
$fields = $args[4];
} else {
/**
- * Filter the default query fields used by the given XML-RPC method.
+ * Filters the default query fields used by the given XML-RPC method.
*
* @since 3.4.0
*
do_action( 'xmlrpc_call', 'wp.getPostType' );
if ( ! post_type_exists( $post_type_name ) )
- return new IXR_Error( 403, __( 'Invalid post type' ) );
+ return new IXR_Error( 403, __( 'Invalid post type.' ) );
$post_type = get_post_type_object( $post_type_name );
$fields = $args[4];
} else {
/**
- * Filter the default revision query fields used by the given XML-RPC method.
+ * Filters the default revision query fields used by the given XML-RPC method.
*
* @since 3.5.0
*
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
if ( ! current_user_can( 'edit_post', $revision->post_parent ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
// Check if revisions are disabled.
if ( ! wp_revisions_enabled( $post ) )
}
/* Blogger API functions.
- * specs on http://plant.blogger.com/api and http://groups.yahoo.com/group/bloggerDev/
+ * specs on http://plant.blogger.com/api and https://groups.yahoo.com/group/bloggerDev/
*/
/**
/**
* Private function for retrieving a users blogs for multisite setups
*
+ * @since 3.0.0
* @access protected
*
+ * @param array $args {
+ * Method arguments. Note: arguments must be ordered as documented.
+ *
+ * @type string $username Username.
+ * @type string $password Password.
+ * }
* @return array|IXR_Error
*/
- protected function _multisite_getUsersBlogs($args) {
+ protected function _multisite_getUsersBlogs( $args ) {
$current_blog = get_blog_details();
$domain = $current_blog->domain;
return $this->error;
if ( !current_user_can( 'edit_posts' ) )
- return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this site.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to access user data on this site.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.getUserInfo' );
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
if ( !current_user_can( 'edit_post', $post_ID ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.getPost' );
return $this->error;
if ( ! current_user_can( 'edit_posts' ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit posts on this site.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.getRecentPosts' );
*
* @since 1.5.0
* @deprecated 3.5.0
- * @return IXR_Error
+ *
+ * @param array $args Unused.
+ * @return IXR_Error Error object.
*/
public function blogger_getTemplate($args) {
return new IXR_Error( 403, __('Sorry, that file cannot be edited.' ) );
*
* @since 1.5.0
* @deprecated 3.5.0
- * @return IXR_Error
+ *
+ * @param array $args Unused.
+ * @return IXR_Error Error object.
*/
public function blogger_setTemplate($args) {
return new IXR_Error( 403, __('Sorry, that file cannot be edited.' ) );
}
/**
- * Create new post.
+ * Creates new post.
*
* @since 1.5.0
*
- * @param array $args {
+ * @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type string $appkey (unused)
$this->escape($actual_post);
if ( ! current_user_can( 'edit_post', $post_ID ) ) {
- return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
+ return new IXR_Error(401, __('Sorry, you are not allowed to edit this post.'));
}
if ( 'publish' == $actual_post['post_status'] && ! current_user_can( 'publish_posts' ) ) {
- return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this post.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) );
}
$postdata = array();
}
if ( ! current_user_can( 'delete_post', $post_ID ) ) {
- return new IXR_Error( 401, __( 'Sorry, you do not have the right to delete this post.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) );
}
$result = wp_delete_post( $post_ID );
$post_type = 'post';
} else {
// No other post_type values are allowed here
- return new IXR_Error( 401, __( 'Invalid post type' ) );
+ return new IXR_Error( 401, __( 'Invalid post type.' ) );
}
} else {
if ( $publish )
switch ( $post_type ) {
case "post":
if ( !current_user_can( 'edit_others_posts' ) )
- return new IXR_Error( 401, __( 'You are not allowed to create posts as this user.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to create posts as this user.' ) );
break;
case "page":
if ( !current_user_can( 'edit_others_pages' ) )
- return new IXR_Error( 401, __( 'You are not allowed to create pages as this user.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to create pages as this user.' ) );
break;
default:
- return new IXR_Error( 401, __( 'Invalid post type' ) );
+ return new IXR_Error( 401, __( 'Invalid post type.' ) );
}
$author = get_userdata( $content_struct['wp_author_id'] );
if ( ! $author )
}
/**
- * @param integer $post_ID
- * @param array $enclosure
+ * Adds an enclosure to a post if it's new.
+ *
+ * @since 2.8.0
+ *
+ * @param integer $post_ID Post ID.
+ * @param array $enclosure Enclosure data.
*/
public function add_enclosure_if_new( $post_ID, $enclosure ) {
if ( is_array( $enclosure ) && isset( $enclosure['url'] ) && isset( $enclosure['length'] ) && isset( $enclosure['type'] ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
if ( ! current_user_can( 'edit_post', $post_ID ) )
- return new IXR_Error( 401, __( 'Sorry, you do not have the right to edit this post.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
// Use wp.editPost to edit post types other than post and page.
if ( ! in_array( $postdata[ 'post_type' ], array( 'post', 'page' ) ) )
- return new IXR_Error( 401, __( 'Invalid post type' ) );
+ return new IXR_Error( 401, __( 'Invalid post type.' ) );
// Thwart attempt to change the post type.
if ( ! empty( $content_struct[ 'post_type' ] ) && ( $content_struct['post_type'] != $postdata[ 'post_type' ] ) )
switch ( $post_type ) {
case 'post':
if ( ! current_user_can( 'edit_others_posts' ) ) {
- return new IXR_Error( 401, __( 'You are not allowed to change the post author as this user.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to change the post author as this user.' ) );
}
break;
case 'page':
if ( ! current_user_can( 'edit_others_pages' ) ) {
- return new IXR_Error( 401, __( 'You are not allowed to change the page author as this user.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to change the page author as this user.' ) );
}
break;
default:
- return new IXR_Error( 401, __( 'Invalid post type' ) );
+ return new IXR_Error( 401, __( 'Invalid post type.' ) );
}
$post_author = $content_struct['wp_author_id'];
}
if ( 'publish' == $post_status || 'private' == $post_status ) {
if ( 'page' == $post_type && ! current_user_can( 'publish_pages' ) ) {
- return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this page.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this page.' ) );
} elseif ( ! current_user_can( 'publish_posts' ) ) {
- return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this post.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) );
}
}
elseif ( !empty( $content_struct['dateCreated']) )
$dateCreated = $content_struct['dateCreated']->getIso();
+ // Default to not flagging the post date to be edited unless it's intentional.
+ $edit_date = false;
+
if ( !empty( $dateCreated ) ) {
$post_date = get_date_from_gmt(iso8601_to_datetime($dateCreated));
$post_date_gmt = iso8601_to_datetime($dateCreated, 'GMT');
+
+ // Flag the post date to be edited.
+ $edit_date = true;
} else {
$post_date = $postdata['post_date'];
$post_date_gmt = $postdata['post_date_gmt'];
}
// We've got all the data -- post it.
- $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt', 'to_ping', 'post_name', 'post_password', 'post_parent', 'menu_order', 'post_author', 'tags_input', 'page_template');
+ $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'edit_date', 'post_date', 'post_date_gmt', 'to_ping', 'post_name', 'post_password', 'post_parent', 'menu_order', 'post_author', 'tags_input', 'page_template');
$result = wp_update_post($newpost, true);
if ( is_wp_error( $result ) )
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
if ( !current_user_can( 'edit_post', $post_ID ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.getPost' );
return $this->error;
if ( ! current_user_can( 'edit_posts' ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit posts on this site.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.getRecentPosts' );
do_action( 'xmlrpc_call', 'metaWeblog.newMediaObject' );
if ( !current_user_can('upload_files') ) {
- $this->error = new IXR_Error( 401, __( 'You do not have permission to upload files.' ) );
+ $this->error = new IXR_Error( 401, __( 'Sorry, you are not allowed to upload files.' ) );
return $this->error;
}
}
/**
- * Filter whether to preempt the XML-RPC media upload.
+ * Filters whether to preempt the XML-RPC media upload.
*
* Passing a truthy value will effectively short-circuit the media upload,
* returning that value as a 500 error instead.
$post_id = (int) $data['post_id'];
if ( ! current_user_can( 'edit_post', $post_id ) )
- return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
$attachment = array(
'post_title' => $name,
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
if ( !current_user_can( 'edit_post', $post_ID ) )
- return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.getPostCategories' );
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
if ( !current_user_can('edit_post', $post_ID) )
- return new IXR_Error(401, __('Sorry, you cannot edit this post.'));
+ return new IXR_Error(401, __('Sorry, you are not allowed to edit this post.'));
$catids = array();
foreach ( $categories as $cat ) {
do_action( 'xmlrpc_call', 'mt.supportedTextFilters' );
/**
- * Filter the MoveableType text filters list for XML-RPC.
+ * Filters the MoveableType text filters list for XML-RPC.
*
* @since 2.2.0
*
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
if ( !current_user_can('publish_posts') || !current_user_can('edit_post', $post_ID) )
- return new IXR_Error(401, __('Sorry, you cannot publish this post.'));
+ return new IXR_Error(401, __('Sorry, you are not allowed to publish this post.'));
$postdata['post_status'] = 'publish';
$pagelinkedto = str_replace( '&', '&', $pagelinkedto );
/**
- * Filter the pingback source URI.
+ * Filters the pingback source URI.
*
* @since 3.6.0
*
'X-Pingback-Forwarded-For' => $remote_ip,
),
);
+
$request = wp_safe_remote_get( $pagelinkedfrom, $http_api_args );
- $linea = wp_remote_retrieve_body( $request );
+ $remote_source = $remote_source_original = wp_remote_retrieve_body( $request );
- if ( !$linea )
+ if ( ! $remote_source ) {
return $this->pingback_error( 16, __( 'The source URL does not exist.' ) );
+ }
/**
- * Filter the pingback remote source.
+ * Filters the pingback remote source.
*
* @since 2.5.0
*
- * @param string $linea Response object for the page linked from.
- * @param string $pagelinkedto URL of the page linked to.
+ * @param string $remote_source Response source for the page linked from.
+ * @param string $pagelinkedto URL of the page linked to.
*/
- $linea = apply_filters( 'pre_remote_source', $linea, $pagelinkedto );
+ $remote_source = apply_filters( 'pre_remote_source', $remote_source, $pagelinkedto );
// Work around bug in strip_tags():
- $linea = str_replace('<!DOC', '<DOC', $linea);
- $linea = preg_replace( '/[\r\n\t ]+/', ' ', $linea ); // normalize spaces
- $linea = preg_replace( "/<\/*(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $linea );
+ $remote_source = str_replace( '<!DOC', '<DOC', $remote_source );
+ $remote_source = preg_replace( '/[\r\n\t ]+/', ' ', $remote_source ); // normalize spaces
+ $remote_source = preg_replace( "/<\/*(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $remote_source );
- preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle);
+ preg_match( '|<title>([^<]*?)</title>|is', $remote_source, $matchtitle );
$title = $matchtitle[1];
if ( empty( $title ) )
return $this->pingback_error( 32, __('We cannot find a title on that page.' ) );
- $
linea = strip_tags( $linea, '<a>' ); // just keep the tag we need
+ $
remote_source = strip_tags( $remote_source, '<a>' ); // just keep the tag we need
- $p = explode( "\n\n", $linea );
+ $p = explode( "\n\n", $remote_source );
$preg_target = preg_quote($pagelinkedto, '|');
$this->escape($comment_content);
$comment_type = 'pingback';
- $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type');
+ $commentdata = compact(
+ 'comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email',
+ 'comment_content', 'comment_type', 'remote_source', 'remote_source_original'
+ );
$comment_ID = wp_new_comment($commentdata);
}
/**
- * @param integer $code
- * @param string $message
- * @return IXR_Error
+ * Sends a pingback error based on the given error code and message.
+ *
+ * @since 3.6.0
+ *
+ * @param int $code Error code.
+ * @param string $message Error message.
+ * @return IXR_Error Error object.
*/
protected function pingback_error( $code, $message ) {
/**
- * Filter the XML-RPC pingback error return.
+ * Filters the XML-RPC pingback error return.
*
* @since 3.5.1
*
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff