WordPress 4.2.5
[autoinstalls/wordpress.git] / wp-includes / class-wp-xmlrpc-server.php
index 10c593d2a49d0e0c3d057d6e7557fea10a2443fa..aac66314937d21376dc42b6bb9da75975b9f63a4 100644 (file)
@@ -1150,6 +1150,56 @@ class wp_xmlrpc_server extends IXR_Server {
                return $count > 1;
        }
 
+       private function _validate_boolean( $var ) {
+               if ( is_bool( $var ) ) {
+                       return $var;
+               }
+
+               if ( is_string( $var ) && 'false' === strtolower( $var ) ) {
+                       return false;
+               }
+
+               return (bool) $var;
+       }
+
+       /**
+        * Encapsulate the logic for sticking a post
+        * and determining if the user has permission to do so
+        *
+        * @since 4.3.0
+        * @access private
+        *
+        * @param array $post_data
+        * @param bool  $update
+        * @return void|IXR_Error
+        */
+       private function _toggle_sticky( $post_data, $update = false ) {
+               $post_type = get_post_type_object( $post_data['post_type'] );
+
+               // Private and password-protected posts cannot be stickied.
+               if ( 'private' === $post_data['post_status'] || ! empty( $post_data['post_password'] ) ) {
+                       // Error if the client tried to stick the post, otherwise, silently unstick.
+                       if ( ! empty( $post_data['sticky'] ) ) {
+                               return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) );
+                       }
+
+                       if ( $update ) {
+                               unstick_post( $post_data['ID'] );
+                       }
+               } elseif ( isset( $post_data['sticky'] ) )  {
+                       if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) {
+                               return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) );
+                       }
+
+                       $sticky = $this->_validate_boolean( $post_data['sticky'] );
+                       if ( $sticky ) {
+                               stick_post( $post_data['ID'] );
+                       } else {
+                               unstick_post( $post_data['ID'] );
+                       }
+               }
+       }
+
        /**
         * Helper method for wp_newPost and wp_editPost, containing shared logic.
         *
@@ -1242,20 +1292,9 @@ class wp_xmlrpc_server extends IXR_Server {
                $post_ID = $post_data['ID'];
 
                if ( $post_data['post_type'] == 'post' ) {
-                       // Private and password-protected posts cannot be stickied.
-                       if ( $post_data['post_status'] == 'private' || ! empty( $post_data['post_password'] ) ) {
-                               // Error if the client tried to stick the post, otherwise, silently unstick.
-                               if ( ! empty( $post_data['sticky'] ) )
-                                       return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) );
-                               if ( $update )
-                                       unstick_post( $post_ID );
-                       } elseif ( isset( $post_data['sticky'] ) )  {
-                               if ( ! current_user_can( $post_type->cap->edit_others_posts ) )
-                                       return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) );
-                               if ( $post_data['sticky'] )
-                                       stick_post( $post_ID );
-                               else
-                                       unstick_post( $post_ID );
+                       $error = $this->_toggle_sticky( $post_data, $update );
+                       if ( $error ) {
+                               return $error;
                        }
                }
 
@@ -4580,10 +4619,12 @@ class wp_xmlrpc_server extends IXR_Server {
 
                // Only posts can be sticky
                if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) {
-                       if ( $content_struct['sticky'] == true )
-                               stick_post( $post_ID );
-                       elseif ( $content_struct['sticky'] == false )
-                               unstick_post( $post_ID );
+                       $data = $postdata;
+                       $data['sticky'] = $content_struct['sticky'];
+                       $error = $this->_toggle_sticky( $data );
+                       if ( $error ) {
+                               return $error;
+                       }
                }
 
                if ( isset($content_struct['custom_fields']) )
@@ -4873,8 +4914,8 @@ class wp_xmlrpc_server extends IXR_Server {
 
                $tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : null;
 
-               if ( ('publish' == $post_status) ) {
-                       if ( ( 'page' == $post_type ) && ! current_user_can( 'publish_pages' ) ) {
+               if ( 'publish' == $post_status || 'private' == $post_status ) {
+                       if ( 'page' == $post_type && ! current_user_can( 'publish_pages' ) ) {
                                return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this page.' ) );
                        } elseif ( ! current_user_can( 'publish_posts' ) ) {
                                return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this post.' ) );
@@ -4918,10 +4959,13 @@ class wp_xmlrpc_server extends IXR_Server {
 
                // Only posts can be sticky
                if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) {
-                       if ( $content_struct['sticky'] == true )
-                               stick_post( $post_ID );
-                       elseif ( $content_struct['sticky'] == false )
-                               unstick_post( $post_ID );
+                       $data = $newpost;
+                       $data['sticky'] = $content_struct['sticky'];
+                       $data['post_type'] = 'post';
+                       $error = $this->_toggle_sticky( $data, true );
+                       if ( $error ) {
+                               return $error;
+                       }
                }
 
                if ( isset($content_struct['custom_fields']) )