WordPress 4.4
[autoinstalls/wordpress.git] / wp-includes / class-wp-xmlrpc-server.php
index 9121c07a17237578a52b71ff5999b3d4df02826e..08897dc032f12ab4ecca726f38647beea0c412bf 100644 (file)
@@ -45,6 +45,14 @@ class wp_xmlrpc_server extends IXR_Server {
         */
        public $error;
 
+       /**
+        * Flags that the user authentication has failed in this instance of wp_xmlrpc_server.
+        *
+        * @access protected
+        * @var bool
+        */
+       protected $auth_failed = false;
+
        /**
         * Register all of the XMLRPC methods that XMLRPC server understands.
         *
@@ -251,11 +259,18 @@ class wp_xmlrpc_server extends IXR_Server {
                        return false;
                }
 
-               $user = wp_authenticate($username, $password);
+               if ( $this->auth_failed ) {
+                       $user = new WP_Error( 'login_prevented' );
+               } else {
+                       $user = wp_authenticate( $username, $password );
+               }
 
-               if (is_wp_error($user)) {
+               if ( is_wp_error( $user ) ) {
                        $this->error = new IXR_Error( 403, __( 'Incorrect username or password.' ) );
 
+                       // Flag that authentication has failed once on this wp_xmlrpc_server instance
+                       $this->auth_failed = true;
+
                        /**
                         * Filter the XML-RPC user login error message.
                         *
@@ -276,9 +291,8 @@ class wp_xmlrpc_server extends IXR_Server {
         * Check user's credentials. Deprecated.
         *
         * @since 1.5.0
-        * @deprecated 2.8.0
-        * @deprecated use wp_xmlrpc_server::login
-        * @see wp_xmlrpc_server::login
+        * @deprecated 2.8.0 Use wp_xmlrpc_server::login()
+        * @see wp_xmlrpc_server::login()
         *
         * @param string $username User's username.
         * @param string $password User's password.
@@ -499,6 +513,16 @@ class wp_xmlrpc_server extends IXR_Server {
                                'readonly'      => false,
                                'option'        => 'medium_size_h'
                        ),
+                       'medium_large_size_w'   => array(
+                               'desc'          => __( 'Medium-Large size image width' ),
+                               'readonly'      => false,
+                               'option'        => 'medium_large_size_w'
+                       ),
+                       'medium_large_size_h'   => array(
+                               'desc'          => __( 'Medium-Large size image height' ),
+                               'readonly'      => false,
+                               'option'        => 'medium_large_size_h'
+                       ),
                        'large_size_w'      => array(
                                'desc'          => __( 'Large size image width' ),
                                'readonly'      => false,
@@ -544,6 +568,7 @@ class wp_xmlrpc_server extends IXR_Server {
         * }
         * @return array|IXR_Error Array contains:
         *  - 'isAdmin'
+        *  - 'isPrimary' - whether the blog is the user's primary blog
         *  - 'url'
         *  - 'blogid'
         *  - 'blogName'
@@ -579,6 +604,11 @@ class wp_xmlrpc_server extends IXR_Server {
 
                $blogs = (array) get_blogs_of_user( $user->ID );
                $struct = array();
+               $primary_blog_id = 0;
+               $active_blog = get_active_blog_for_user( $user->ID );
+               if ( $active_blog ) {
+                       $primary_blog_id = (int) $active_blog->blog_id;
+               }
 
                foreach ( $blogs as $blog ) {
                        // Don't include blogs that aren't hosted at this site.
@@ -590,13 +620,15 @@ class wp_xmlrpc_server extends IXR_Server {
                        switch_to_blog( $blog_id );
 
                        $is_admin = current_user_can( 'manage_options' );
+                       $is_primary = ( (int) $blog_id === $primary_blog_id );
 
                        $struct[] = array(
-                               'isAdmin'               => $is_admin,
-                               'url'                   => home_url( '/' ),
-                               'blogid'                => (string) $blog_id,
-                               'blogName'              => get_option( 'blogname' ),
-                               'xmlrpc'                => site_url( 'xmlrpc.php', 'rpc' ),
+                               'isAdmin'   => $is_admin,
+                               'isPrimary' => $is_primary,
+                               'url'       => home_url( '/' ),
+                               'blogid'    => (string) $blog_id,
+                               'blogName'  => get_option( 'blogname' ),
+                               'xmlrpc'    => site_url( 'xmlrpc.php', 'rpc' ),
                        );
 
                        restore_current_blog();
@@ -760,7 +792,7 @@ class wp_xmlrpc_server extends IXR_Server {
                        'post_content'      => $post['post_content'],
                        'post_parent'       => strval( $post['post_parent'] ),
                        'post_mime_type'    => $post['post_mime_type'],
-                       'link'              => post_permalink( $post['ID'] ),
+                       'link'              => get_permalink( $post['ID'] ),
                        'guid'              => $post['guid'],
                        'menu_order'        => intval( $post['menu_order'] ),
                        'comment_status'    => $post['comment_status'],
@@ -899,6 +931,7 @@ class wp_xmlrpc_server extends IXR_Server {
                        'caption'          => $media_item->post_excerpt,
                        'description'      => $media_item->post_content,
                        'metadata'         => wp_get_attachment_metadata( $media_item->ID ),
+                       'type'             => $media_item->post_mime_type
                );
 
                $thumbnail_src = image_downsize( $media_item->ID, $thumbnail_size );
@@ -930,7 +963,7 @@ class wp_xmlrpc_server extends IXR_Server {
        protected function _prepare_page( $page ) {
                // Get all of the page content and link.
                $full_page = get_extended( $page->post_content );
-               $link = post_permalink( $page->ID );
+               $link = get_permalink( $page->ID );
 
                // Get info the page parent if there is one.
                $parent_title = "";
@@ -1043,8 +1076,8 @@ class wp_xmlrpc_server extends IXR_Server {
                 *
                 * @since 3.4.0
                 *
-                * @param array  $_comment An array of prepared comment data.
-                * @param object $comment  Comment object.
+                * @param array      $_comment An array of prepared comment data.
+                * @param WP_Comment $comment  Comment object.
                 */
                return apply_filters( 'xmlrpc_prepare_comment', $_comment, $comment );
        }
@@ -1316,8 +1349,8 @@ class wp_xmlrpc_server extends IXR_Server {
                }
 
                if ( ! empty( $dateCreated ) ) {
-                       $post_data['post_date'] = get_date_from_gmt( iso8601_to_datetime( $dateCreated ) );
-                       $post_data['post_date_gmt'] = iso8601_to_datetime( $dateCreated, 'GMT' );
+                       $post_data['post_date'] = iso8601_to_datetime( $dateCreated );
+                       $post_data['post_date_gmt'] = get_gmt_from_date( $post_data['post_date'] );
                }
 
                if ( ! isset( $post_data['ID'] ) )
@@ -1574,16 +1607,19 @@ class wp_xmlrpc_server extends IXR_Server {
                do_action( 'xmlrpc_call', 'wp.deletePost' );
 
                $post = get_post( $post_id, ARRAY_A );
-               if ( empty( $post['ID'] ) )
+               if ( empty( $post['ID'] ) ) {
                        return new IXR_Error( 404, __( 'Invalid post ID.' ) );
+               }
 
-               if ( ! current_user_can( 'delete_post', $post_id ) )
-                       return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) );
+               if ( ! current_user_can( 'delete_post', $post_id ) ) {
+                       return new IXR_Error( 401, __( 'Sorry, you do not have the right to delete this post.' ) );
+               }
 
                $result = wp_delete_post( $post_id );
 
-               if ( ! $result )
+               if ( ! $result ) {
                        return new IXR_Error( 500, __( 'The post cannot be deleted.' ) );
+               }
 
                return true;
        }
@@ -1694,7 +1730,7 @@ class wp_xmlrpc_server extends IXR_Server {
         *     @type string $username Username.
         *     @type string $password Password.
         *     @type array  $filter   Optional. Modifies the query used to retrieve posts. Accepts 'post_type',
-        *                            'post_status', 'number', 'offset', 'orderby', and 'order'.
+        *                            'post_status', 'number', 'offset', 'orderby', 's', and 'order'.
         *                            Default empty array.
         *     @type array  $fields   Optional. The subset of post type fields to return in the response array.
         * }
@@ -1734,7 +1770,7 @@ class wp_xmlrpc_server extends IXR_Server {
                }
 
                if ( ! current_user_can( $post_type->cap->edit_posts ) )
-                       return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type' ));
+                       return new IXR_Error( 401, __( 'You are not allowed to edit posts in this post type.' ));
 
                $query['post_type'] = $post_type->name;
 
@@ -1926,7 +1962,7 @@ class wp_xmlrpc_server extends IXR_Server {
                                return new IXR_Error( 403, __( 'The term name cannot be empty.' ) );
                }
 
-               if ( isset( $content_struct['parent'] ) ) {
+               if ( ! empty( $content_struct['parent'] ) ) {
                        if ( ! $taxonomy['hierarchical'] )
                                return new IXR_Error( 403, __( "This taxonomy is not hierarchical so you can't set a parent." ) );
 
@@ -2412,7 +2448,7 @@ class wp_xmlrpc_server extends IXR_Server {
                do_action( 'xmlrpc_call', 'wp.getUsers' );
 
                if ( ! current_user_can( 'list_users' ) )
-                       return new IXR_Error( 401, __( 'Sorry, you cannot list users.' ) );
+                       return new IXR_Error( 401, __( 'You are not allowed to browse users.' ) );
 
                $query = array( 'fields' => 'all_with_meta' );
 
@@ -2821,7 +2857,7 @@ class wp_xmlrpc_server extends IXR_Server {
         *
         * @since 2.2.0
         *
-        * @global wpdb $wpdb
+        * @global wpdb $wpdb WordPress database abstraction object.
         *
         * @param array  $args {
         *     Method arguments. Note: arguments must be ordered as documented.
@@ -2949,7 +2985,7 @@ class wp_xmlrpc_server extends IXR_Server {
                $tags = array();
 
                if ( $all_tags = get_tags() ) {
-                       foreach( (array) $all_tags as $tag ) {
+                       foreach ( (array) $all_tags as $tag ) {
                                $struct = array();
                                $struct['tag_id']                       = $tag->term_id;
                                $struct['name']                         = $tag->name;
@@ -3156,17 +3192,20 @@ class wp_xmlrpc_server extends IXR_Server {
                $password       = $args[2];
                $comment_id     = (int) $args[3];
 
-               if ( !$user = $this->login($username, $password) )
+               if ( ! $user = $this->login( $username, $password ) ) {
                        return $this->error;
-
-               if ( !current_user_can( 'moderate_comments' ) )
-                       return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
+               }
 
                /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
                do_action( 'xmlrpc_call', 'wp.getComment' );
 
-               if ( ! $comment = get_comment($comment_id) )
+               if ( ! $comment = get_comment( $comment_id ) ) {
                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
+               }
+
+               if ( ! current_user_can( 'edit_comment', $comment_id ) ) {
+                       return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) );
+               }
 
                return $this->_prepare_comment( $comment );
        }
@@ -3204,33 +3243,54 @@ class wp_xmlrpc_server extends IXR_Server {
                $password = $args[2];
                $struct   = isset( $args[3] ) ? $args[3] : array();
 
-               if ( !$user = $this->login($username, $password) )
+               if ( ! $user = $this->login( $username, $password ) ) {
                        return $this->error;
-
-               if ( !current_user_can( 'moderate_comments' ) )
-                       return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) );
+               }
 
                /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
                do_action( 'xmlrpc_call', 'wp.getComments' );
 
-               if ( isset($struct['status']) )
+               if ( isset( $struct['status'] ) ) {
                        $status = $struct['status'];
-               else
+               } else {
                        $status = '';
+               }
+
+               if ( ! current_user_can( 'moderate_comments' ) && 'approve' !== $status ) {
+                       return new IXR_Error( 401, __( 'Invalid comment status.' ) );
+               }
 
                $post_id = '';
-               if ( isset($struct['post_id']) )
-                       $post_id = absint($struct['post_id']);
+               if ( isset( $struct['post_id'] ) ) {
+                       $post_id = absint( $struct['post_id'] );
+               }
+
+               $post_type = '';
+               if ( isset( $struct['post_type'] ) ) {
+                       $post_type_object = get_post_type_object( $struct['post_type'] );
+                       if ( ! $post_type_object || ! post_type_supports( $post_type_object->name, 'comments' ) ) {
+                               return new IXR_Error( 404, __( 'Invalid post type.' ) );
+                       }
+                       $post_type = $struct['post_type'];
+               }
 
                $offset = 0;
-               if ( isset($struct['offset']) )
-                       $offset = absint($struct['offset']);
+               if ( isset( $struct['offset'] ) ) {
+                       $offset = absint( $struct['offset'] );
+               }
 
                $number = 10;
-               if ( isset($struct['number']) )
-                       $number = absint($struct['number']);
+               if ( isset( $struct['number'] ) ) {
+                       $number = absint( $struct['number'] );
+               }
 
-               $comments = get_comments( array( 'status' => $status, 'post_id' => $post_id, 'offset' => $offset, 'number' => $number ) );
+               $comments = get_comments( array(
+                       'status' => $status,
+                       'post_id' => $post_id,
+                       'offset' => $offset,
+                       'number' => $number,
+                       'post_type' => $post_type,
+               ) );
 
                $comments_struct = array();
                if ( is_array( $comments ) ) {
@@ -3261,24 +3321,24 @@ class wp_xmlrpc_server extends IXR_Server {
         * }
         * @return bool|IXR_Error {@link wp_delete_comment()}
         */
-       public function wp_deleteComment($args) {
+       public function wp_deleteComment( $args ) {
                $this->escape($args);
 
                $username       = $args[1];
                $password       = $args[2];
                $comment_ID     = (int) $args[3];
 
-               if ( !$user = $this->login($username, $password) )
+               if ( ! $user = $this->login( $username, $password ) ) {
                        return $this->error;
+               }
 
-               if ( !current_user_can( 'moderate_comments' ) )
-                       return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
-
-               if ( ! get_comment($comment_ID) )
+               if ( ! get_comment( $comment_ID ) ) {
                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
+               }
 
-               if ( !current_user_can( 'edit_comment', $comment_ID ) )
-                       return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
+               if ( !current_user_can( 'edit_comment', $comment_ID ) ) {
+                       return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) );
+               }
 
                /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
                do_action( 'xmlrpc_call', 'wp.deleteComment' );
@@ -3335,17 +3395,17 @@ class wp_xmlrpc_server extends IXR_Server {
                $comment_ID     = (int) $args[3];
                $content_struct = $args[4];
 
-               if ( !$user = $this->login($username, $password) )
+               if ( !$user = $this->login( $username, $password ) ) {
                        return $this->error;
+               }
 
-               if ( !current_user_can( 'moderate_comments' ) )
-                       return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
-
-               if ( ! get_comment($comment_ID) )
+               if ( ! get_comment( $comment_ID ) ) {
                        return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
+               }
 
-               if ( !current_user_can( 'edit_comment', $comment_ID ) )
-                       return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
+               if ( ! current_user_can( 'edit_comment', $comment_ID ) ) {
+                       return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) );
+               }
 
                /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
                do_action( 'xmlrpc_call', 'wp.editComment' );
@@ -3363,8 +3423,8 @@ class wp_xmlrpc_server extends IXR_Server {
                if ( !empty( $content_struct['date_created_gmt'] ) ) {
                        // We know this is supposed to be GMT, so we're going to slap that Z on there by force
                        $dateCreated = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z';
-                       $comment_date = get_date_from_gmt(iso8601_to_datetime($dateCreated));
-                       $comment_date_gmt = iso8601_to_datetime($dateCreated, 'GMT');
+                       $comment_date = iso8601_to_datetime( $dateCreated );
+                       $comment_date_gmt = get_gmt_from_date( $comment_date );
                }
 
                if ( isset($content_struct['content']) )
@@ -3454,19 +3514,29 @@ class wp_xmlrpc_server extends IXR_Server {
                else
                        $post_id = url_to_postid($post);
 
-               if ( ! $post_id )
+               if ( ! $post_id ) {
                        return new IXR_Error( 404, __( 'Invalid post ID.' ) );
+               }
 
-               if ( ! get_post($post_id) )
+               if ( ! get_post( $post_id ) ) {
                        return new IXR_Error( 404, __( 'Invalid post ID.' ) );
+               }
+
+               if ( ! comments_open( $post_id ) ) {
+                       return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) );
+               }
 
                $comment = array();
                $comment['comment_post_ID'] = $post_id;
 
                if ( $logged_in ) {
-                       $comment['comment_author'] = $this->escape( $user->display_name );
-                       $comment['comment_author_email'] = $this->escape( $user->user_email );
-                       $comment['comment_author_url'] = $this->escape( $user->user_url );
+                       $display_name = $user->display_name;
+                       $user_email = $user->user_email;
+                       $user_url = $user->user_url;
+
+                       $comment['comment_author'] = $this->escape( $display_name );
+                       $comment['comment_author_email'] = $this->escape( $user_email );
+                       $comment['comment_author_url'] = $this->escape( $user_url );
                        $comment['user_ID'] = $user->ID;
                } else {
                        $comment['comment_author'] = '';
@@ -3527,17 +3597,19 @@ class wp_xmlrpc_server extends IXR_Server {
         * }
         * @return array|IXR_Error
         */
-       public function wp_getCommentStatusList($args) {
+       public function wp_getCommentStatusList( $args ) {
                $this->escape( $args );
 
                $username = $args[1];
                $password = $args[2];
 
-               if ( !$user = $this->login($username, $password) )
+               if ( ! $user = $this->login( $username, $password ) ) {
                        return $this->error;
+               }
 
-               if ( !current_user_can( 'moderate_comments' ) )
+               if ( ! current_user_can( 'publish_posts' ) ) {
                        return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) );
+               }
 
                /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
                do_action( 'xmlrpc_call', 'wp.getCommentStatusList' );
@@ -3567,16 +3639,24 @@ class wp_xmlrpc_server extends IXR_Server {
                $password       = $args[2];
                $post_id        = (int) $args[3];
 
-               if ( !$user = $this->login($username, $password) )
+               if ( ! $user = $this->login( $username, $password ) ) {
                        return $this->error;
+               }
 
-               if ( !current_user_can( 'edit_posts' ) )
-                       return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) );
+               $post = get_post( $post_id, ARRAY_A );
+               if ( empty( $post['ID'] ) ) {
+                       return new IXR_Error( 404, __( 'Invalid post ID.' ) );
+               }
+
+               if ( ! current_user_can( 'edit_post', $post_id ) ) {
+                       return new IXR_Error( 403, __( 'You are not allowed access to details of this post.' ) );
+               }
 
                /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
                do_action( 'xmlrpc_call', 'wp.getCommentCount' );
 
                $count = wp_count_comments( $post_id );
+
                return array(
                        'approved' => $count->approved,
                        'awaiting_moderation' => $count->moderated,
@@ -4049,7 +4129,7 @@ class wp_xmlrpc_server extends IXR_Server {
 
                $struct = array();
 
-               foreach( $post_types as $post_type ) {
+               foreach ( $post_types as $post_type ) {
                        if ( ! current_user_can( $post_type->cap->edit_posts ) )
                                continue;
 
@@ -4540,6 +4620,7 @@ class wp_xmlrpc_server extends IXR_Server {
         *     @type string $username
         *     @type string $password
         *     @type string $content
+        *     @type bool   $publish
         * }
         * @return true|IXR_Error true when done.
         */
@@ -4551,6 +4632,7 @@ class wp_xmlrpc_server extends IXR_Server {
                $username = $args[2];
                $password = $args[3];
                $content  = $args[4];
+               $publish  = $args[5];
 
                if ( ! $user = $this->login( $username, $password ) ) {
                        return $this->error;
@@ -4581,6 +4663,7 @@ class wp_xmlrpc_server extends IXR_Server {
                $postdata['post_category'] = xmlrpc_getpostcategory( $content );
                $postdata['post_status'] = $actual_post['post_status'];
                $postdata['post_excerpt'] = $actual_post['post_excerpt'];
+               $postdata['post_status'] = $publish ? 'publish' : 'draft';
 
                $result = wp_update_post( $postdata );
 
@@ -4630,18 +4713,21 @@ class wp_xmlrpc_server extends IXR_Server {
                /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
                do_action( 'xmlrpc_call', 'blogger.deletePost' );
 
-               $actual_post = get_post($post_ID,ARRAY_A);
+               $actual_post = get_post( $post_ID, ARRAY_A );
 
-               if ( !$actual_post || $actual_post['post_type'] != 'post' )
-                       return new IXR_Error(404, __('Sorry, no such post.'));
+               if ( ! $actual_post || $actual_post['post_type'] != 'post' ) {
+                       return new IXR_Error( 404, __( 'Sorry, no such post.' ) );
+               }
 
-               if ( !current_user_can('delete_post', $post_ID) )
-                       return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.'));
+               if ( ! current_user_can( 'delete_post', $post_ID ) ) {
+                       return new IXR_Error( 401, __( 'Sorry, you do not have the right to delete this post.' ) );
+               }
 
-               $result = wp_delete_post($post_ID);
+               $result = wp_delete_post( $post_ID );
 
-               if ( !$result )
-                       return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be deleted.'));
+               if ( ! $result ) {
+                       return new IXR_Error( 500, __( 'The post cannot be deleted.' ) );
+               }
 
                /**
                 * Fires after a post has been successfully deleted via the XML-RPC Blogger API.
@@ -4905,11 +4991,11 @@ class wp_xmlrpc_server extends IXR_Server {
                        $dateCreated = $content_struct['dateCreated']->getIso();
 
                if ( !empty( $dateCreated ) ) {
-                       $post_date = get_date_from_gmt(iso8601_to_datetime($dateCreated));
-                       $post_date_gmt = iso8601_to_datetime($dateCreated, 'GMT');
+                       $post_date = iso8601_to_datetime( $dateCreated );
+                       $post_date_gmt = get_gmt_from_date( $post_date );
                } else {
-                       $post_date = current_time('mysql');
-                       $post_date_gmt = current_time('mysql', 1);
+                       $post_date = '';
+                       $post_date_gmt = '';
                }
 
                $post_category = array();
@@ -5005,7 +5091,7 @@ class wp_xmlrpc_server extends IXR_Server {
         *
         * @since 2.1.0
         *
-        * @global wpdb $wpdb
+        * @global wpdb $wpdb WordPress database abstraction object.
         *
         * @param int $post_ID Post ID.
         * @param string $post_content Post Content for attachment.
@@ -5133,7 +5219,6 @@ class wp_xmlrpc_server extends IXR_Server {
                                                break;
                                        default:
                                                return new IXR_Error( 401, __( 'Invalid post type' ) );
-                                               break;
                                }
                                $post_author = $content_struct['wp_author_id'];
                        }
@@ -5260,8 +5345,8 @@ class wp_xmlrpc_server extends IXR_Server {
                        $dateCreated = $content_struct['dateCreated']->getIso();
 
                if ( !empty( $dateCreated ) ) {
-                       $post_date = get_date_from_gmt(iso8601_to_datetime($dateCreated));
-                       $post_date_gmt = iso8601_to_datetime($dateCreated, 'GMT');
+                       $post_date = iso8601_to_datetime( $dateCreated );
+                       $post_date_gmt = get_gmt_from_date( $post_date, 'GMT' );
                } else {
                        $post_date     = $postdata['post_date'];
                        $post_date_gmt = $postdata['post_date_gmt'];
@@ -5369,7 +5454,7 @@ class wp_xmlrpc_server extends IXR_Server {
 
                        $categories = array();
                        $catids = wp_get_post_categories($post_ID);
-                       foreach($catids as $catid)
+                       foreach ($catids as $catid)
                                $categories[] = get_cat_name($catid);
 
                        $tagnames = array();
@@ -5383,7 +5468,7 @@ class wp_xmlrpc_server extends IXR_Server {
                        }
 
                        $post = get_extended($postdata['post_content']);
-                       $link = post_permalink($postdata['ID']);
+                       $link = get_permalink($postdata['ID']);
 
                        // Get the author info.
                        $author = get_userdata($postdata['post_author']);
@@ -5508,7 +5593,7 @@ class wp_xmlrpc_server extends IXR_Server {
 
                        $categories = array();
                        $catids = wp_get_post_categories($entry['ID']);
-                       foreach( $catids as $catid )
+                       foreach ( $catids as $catid )
                                $categories[] = get_cat_name($catid);
 
                        $tagnames = array();
@@ -5523,7 +5608,7 @@ class wp_xmlrpc_server extends IXR_Server {
                        }
 
                        $post = get_extended($entry['post_content']);
-                       $link = post_permalink($entry['ID']);
+                       $link = get_permalink($entry['ID']);
 
                        // Get the post author info.
                        $author = get_userdata($entry['post_author']);
@@ -5633,7 +5718,7 @@ class wp_xmlrpc_server extends IXR_Server {
         *
         * @since 1.5.0
         *
-        * @global wpdb $wpdb
+        * @global wpdb $wpdb WordPress database abstraction object.
         *
         * @param array  $args {
         *     Method arguments. Note: arguments must be ordered as documented.
@@ -5667,6 +5752,11 @@ class wp_xmlrpc_server extends IXR_Server {
                        return $this->error;
                }
 
+               if ( is_multisite() && upload_is_user_over_quota( false ) ) {
+                       $this->error = new IXR_Error( 401, __( 'Sorry, you have used your space allocation.' ) );
+                       return $this->error;
+               }
+
                /**
                 * Filter whether to preempt the XML-RPC media upload.
                 *
@@ -5681,24 +5771,6 @@ class wp_xmlrpc_server extends IXR_Server {
                        return new IXR_Error( 500, $upload_err );
                }
 
-               if ( !empty($data['overwrite']) && ($data['overwrite'] == true) ) {
-                       // Get postmeta info on the object.
-                       $old_file = $wpdb->get_row("
-                               SELECT ID
-                               FROM {$wpdb->posts}
-                               WHERE post_title = '{$name}'
-                                       AND post_type = 'attachment'
-                       ");
-
-                       // Delete previous file.
-                       wp_delete_attachment($old_file->ID);
-
-                       // Make sure the new name is different by pre-pending the
-                       // previous post id.
-                       $filename = preg_replace('/^wpid\d+-/', '', $name);
-                       $name = "wpid{$old_file->ID}-{$filename}";
-               }
-
                $upload = wp_upload_bits($name, null, $bits);
                if ( ! empty($upload['error']) ) {
                        $errorString = sprintf(__('Could not write file %1$s (%2$s)'), $name, $upload['error']);
@@ -5735,15 +5807,14 @@ class wp_xmlrpc_server extends IXR_Server {
                 */
                do_action( 'xmlrpc_call_success_mw_newMediaObject', $id, $args );
 
-               $struct = array(
-                       'id'   => strval( $id ),
-                       'file' => $name,
-                       'url'  => $upload[ 'url' ],
-                       'type' => $type
-               );
+               $struct = $this->_prepare_media_item( get_post( $id ) );
 
-               /** This filter is documented in wp-admin/includes/file.php */
-               return apply_filters( 'wp_handle_upload', $struct, 'upload' );
+               // Deprecated values
+               $struct['id']   = $struct['attachment_id'];
+               $struct['file'] = $struct['title'];
+               $struct['url']  = $struct['link'];
+
+               return $struct;
        }
 
        /* MovableType API functions
@@ -5986,7 +6057,7 @@ class wp_xmlrpc_server extends IXR_Server {
         *
         * @since 1.5.0
         *
-        * @global wpdb $wpdb
+        * @global wpdb $wpdb WordPress database abstraction object.
         *
         * @param int $post_ID
         * @return array|IXR_Error
@@ -6076,7 +6147,7 @@ class wp_xmlrpc_server extends IXR_Server {
         *
         * @since 1.5.0
         *
-        * @global wpdb $wpdb
+        * @global wpdb $wpdb WordPress database abstraction object.
         * @global string $wp_version
         *
         * @param array  $args {
@@ -6287,7 +6358,7 @@ class wp_xmlrpc_server extends IXR_Server {
         *
         * @since 1.5.0
         *
-        * @global wpdb $wpdb
+        * @global wpdb $wpdb WordPress database abstraction object.
         *
         * @param string $url
         * @return array|IXR_Error