return str_repeat('*', $i);
}
-logIO("I", $HTTP_RAW_POST_DATA);
-
-
-function mkdir_p($target) {
- // from php.net/mkdir user contributed notes
- if (file_exists($target)) {
- if (!is_dir($target)) {
- return false;
- } else {
- return true;
- }
- }
-
- // Attempting to create the directory may clutter up our display.
- if (@mkdir($target)) {
- return true;
- }
-
- // If the above failed, attempt to create the parent node, then try again.
- if (mkdir_p(dirname($target))) {
- return mkdir_p($target);
- }
-
- return false;
-}
+if ( isset($HTTP_RAW_POST_DATA) )
+ logIO("I", $HTTP_RAW_POST_DATA);
class wp_xmlrpc_server extends IXR_Server {
function escape(&$array) {
global $wpdb;
- foreach ($array as $k => $v) {
+ foreach ( (array) $array as $k => $v ) {
if (is_array($v)) {
$this->escape($array[$k]);
} else if (is_object($v)) {
$this->escape($args);
- $post_ID = $args[1];
- $user_login = $args[2];
- $user_pass = $args[3];
+ $post_ID = (int) $args[1];
+ $user_login = $args[2];
+ $user_pass = $args[3];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $blog_ID = $args[1]; /* though we don't use it yet */
- $user_login = $args[2];
- $user_pass = $args[3];
- $num_posts = $args[4];
+ $blog_ID = (int) $args[1]; /* though we don't use it yet */
+ $user_login = $args[2];
+ $user_pass = $args[3];
+ $num_posts = $args[4];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $blog_ID = $args[1];
+ $blog_ID = (int) $args[1];
$user_login = $args[2];
$user_pass = $args[3];
$template = $args[4]; /* could be 'main' or 'archiveIndex', but we don't use it */
$this->escape($args);
- $blog_ID = $args[1];
+ $blog_ID = (int) $args[1];
$user_login = $args[2];
$user_pass = $args[3];
$content = $args[4];
$this->escape($args);
- $blog_ID = $args[1]; /* though we don't use it yet */
+ $blog_ID = (int) $args[1]; /* though we don't use it yet */
$user_login = $args[2];
$user_pass = $args[3];
$content = $args[4];
$this->escape($args);
- $post_ID = $args[1];
+ $post_ID = (int) $args[1];
$user_login = $args[2];
$user_pass = $args[3];
$content = $args[4];
if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.');
- extract($actual_post);
+ extract($actual_post, EXTR_SKIP);
+
+ if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
+ return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.');
$post_title = xmlrpc_getposttitle($content);
$post_category = xmlrpc_getpostcategory($content);
$this->escape($args);
- $post_ID = $args[1];
+ $post_ID = (int) $args[1];
$user_login = $args[2];
$user_pass = $args[3];
$publish = $args[4];
$this->escape($args);
- $blog_ID = $args[0]; // we will support this in the near future
+ $blog_ID = (int) $args[0]; // we will support this in the near future
$user_login = $args[1];
$user_pass = $args[2];
$content_struct = $args[3];
$post_content = $post_content . "\n<!--more-->\n" . $post_more;
}
- $to_ping = $content_struct['mt_tb_ping_urls'];
+ $to_ping = $content_struct['mt_tb_ping_urls'];
+ if ( is_array($to_ping) )
+ $to_ping = implode(' ', $to_ping);
// Do some timestamp voodoo
$dateCreatedd = $content_struct['dateCreated'];
$this->escape($args);
- $post_ID = $args[0];
+ $post_ID = (int) $args[0];
$user_login = $args[1];
$user_pass = $args[2];
$content_struct = $args[3];
return new IXR_Error(401, 'Sorry, you can not edit this post.');
$postdata = wp_get_single_post($post_ID, ARRAY_A);
- extract($postdata);
$this->escape($postdata);
+ extract($postdata, EXTR_SKIP);
$post_title = $content_struct['title'];
$post_content = apply_filters( 'content_save_pre', $content_struct['description'] );
$post_more = $content_struct['mt_text_more'];
$post_status = $publish ? 'publish' : 'draft';
+
+ if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
+ return new IXR_Error(401, 'Sorry, you do not have the right to publish this post.');
+
if ($post_more) {
$post_content = $post_content . "\n<!--more-->\n" . $post_more;
}
- $to_ping = $content_struct['mt_tb_ping_urls'];
-
+ $to_ping = $content_struct['mt_tb_ping_urls'];
+ if ( is_array($to_ping) )
+ $to_ping = implode(' ', $to_ping);
+
$comment_status = (empty($content_struct['mt_allow_comments'])) ?
get_settings('default_comment_status')
: $content_struct['mt_allow_comments'];
$this->escape($args);
- $post_ID = $args[0];
+ $post_ID = (int) $args[0];
$user_login = $args[1];
$user_pass = $args[2];
$this->escape($args);
- $blog_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
- $num_posts = $args[3];
+ $blog_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
+ $num_posts = (int) $args[3];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $blog_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
+ $blog_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
global $wpdb;
- $blog_ID = $wpdb->escape($args[0]);
+ $blog_ID = (int) $args[0];
$user_login = $wpdb->escape($args[1]);
$user_pass = $wpdb->escape($args[2]);
$data = $args[3];
$this->escape($args);
- $blog_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
- $num_posts = $args[3];
+ $blog_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
+ $num_posts = (int) $args[3];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $blog_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
+ $blog_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $post_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
+ $post_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $post_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
- $categories = $args[3];
+ $post_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
+ $categories = $args[3];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
$this->escape($args);
- $post_ID = $args[0];
- $user_login = $args[1];
- $user_pass = $args[2];
+ $post_ID = (int) $args[0];
+ $user_login = $args[1];
+ $user_pass = $args[2];
if (!$this->login_pass_ok($user_login, $user_pass)) {
return $this->error;
} elseif (preg_match('#p/[0-9]{1,}#', $urltest['path'], $match)) {
// the path defines the post_ID (archives/p/XXXX)
$blah = explode('/', $match[0]);
- $post_ID = $blah[1];
+ $post_ID = (int) $blah[1];
$way = 'from the path';
} elseif (preg_match('#p=[0-9]{1,}#', $urltest['query'], $match)) {
// the querystring defines the post_ID (?p=XXXX)
$blah = explode('=', $match[0]);
- $post_ID = $blah[1];
+ $post_ID = (int) $blah[1];
$way = 'from the querystring';
} elseif (isset($urltest['fragment'])) {
// an #anchor is there, it's either...
if (intval($urltest['fragment'])) {
// ...an integer #XXXX (simpliest case)
- $post_ID = $urltest['fragment'];
+ $post_ID = (int) $urltest['fragment'];
$way = 'from the fragment (numeric)';
} elseif (preg_match('/post-[0-9]+/',$urltest['fragment'])) {
// ...a post id in the form 'post-###'