X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/00dbffaf1593b0ac719d98f00839221a9ca52133..7f1521bf193b382565eb753043c161f4cb3fcda7:/wp-includes/class-wp-xmlrpc-server.php diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php index a0827cac..10c593d2 100644 --- a/wp-includes/class-wp-xmlrpc-server.php +++ b/wp-includes/class-wp-xmlrpc-server.php @@ -3,6 +3,7 @@ * XML-RPC protocol support for WordPress * * @package WordPress + * @subpackage Publishing */ /** @@ -12,15 +13,26 @@ * pingback. Additional WordPress API for managing comments, pages, posts, * options, etc. * - * Since WordPress 2.6.0, WordPress XMLRPC server can be disabled in the - * administration panels. + * As of WordPress 3.5.0, XML-RPC is enabled by default. It can be disabled + * via the xmlrpc_enabled filter found in wp_xmlrpc_server::login(). * * @package WordPress * @subpackage Publishing * @since 1.5.0 */ class wp_xmlrpc_server extends IXR_Server { - + /** + * @var array + */ + public $methods; + /** + * @var array + */ + public $blog_options; + /** + * @var IXR_Error + */ + public $error; /** * Register all of the XMLRPC methods that XMLRPC server understands. * @@ -29,10 +41,8 @@ class wp_xmlrpc_server extends IXR_Server { * or replace XMLRPC methods. * * @since 1.5.0 - * - * @return wp_xmlrpc_server */ - function __construct() { + public function __construct() { $this->methods = array( // WordPress API 'wp.getUsersBlogs' => 'this:wp_getUsersBlogs', @@ -65,6 +75,7 @@ class wp_xmlrpc_server extends IXR_Server { 'wp.deleteCategory' => 'this:wp_deleteCategory', 'wp.suggestCategories' => 'this:wp_suggestCategories', 'wp.uploadFile' => 'this:mw_newMediaObject', // Alias + 'wp.deleteFile' => 'this:wp_deletePost', // Alias 'wp.getCommentCount' => 'this:wp_getCommentCount', 'wp.getPostStatusList' => 'this:wp_getPostStatusList', 'wp.getPageStatusList' => 'this:wp_getPageStatusList', @@ -126,10 +137,37 @@ class wp_xmlrpc_server extends IXR_Server { ); $this->initialise_blog_option_info(); - $this->methods = apply_filters('xmlrpc_methods', $this->methods); + + /** + * Filter the methods exposed by the XML-RPC server. + * + * This filter can be used to add new methods, and remove built-in methods. + * + * @since 1.5.0 + * + * @param array $methods An array of XML-RPC methods. + */ + $this->methods = apply_filters( 'xmlrpc_methods', $this->methods ); } - function serve_request() { + /** + * Make private/protected methods readable for backwards compatibility. + * + * @since 4.0.0 + * @access public + * + * @param callable $name Method to call. + * @param array $arguments Arguments to pass when calling. + * @return mixed|bool Return value of the callback, false otherwise. + */ + public function __call( $name, $arguments ) { + if ( '_multisite_getUsersBlogs' === $name ) { + return call_user_func_array( array( $this, $name ), $arguments ); + } + return false; + } + + public function serve_request() { $this->IXR_Server($this->methods); } @@ -141,7 +179,7 @@ class wp_xmlrpc_server extends IXR_Server { * @param array $args Method Parameters. * @return string */ - function sayHello($args) { + public function sayHello($args) { return 'Hello!'; } @@ -153,7 +191,7 @@ class wp_xmlrpc_server extends IXR_Server { * @param array $args Method Parameters. * @return int */ - function addTwoNumbers($args) { + public function addTwoNumbers($args) { $number1 = $args[0]; $number2 = $args[1]; return $number1 + $number2; @@ -166,15 +204,27 @@ class wp_xmlrpc_server extends IXR_Server { * * @param string $username User's username. * @param string $password User's password. - * @return mixed WP_User object if authentication passed, false otherwise + * @return WP_User|bool WP_User object if authentication passed, false otherwise */ - function login( $username, $password ) { - // Respect any old filters against get_option() for 'enable_xmlrpc'. - $enabled = apply_filters( 'pre_option_enable_xmlrpc', false ); // Deprecated - if ( false === $enabled ) - $enabled = apply_filters( 'option_enable_xmlrpc', true ); // Deprecated + public function login( $username, $password ) { + /* + * Respect old get_option() filters left for back-compat when the 'enable_xmlrpc' + * option was deprecated in 3.5.0. Use the 'xmlrpc_enabled' hook instead. + */ + $enabled = apply_filters( 'pre_option_enable_xmlrpc', false ); + if ( false === $enabled ) { + $enabled = apply_filters( 'option_enable_xmlrpc', true ); + } - // Proper filter for turning off XML-RPC. It is on by default. + /** + * Filter whether XML-RPC is enabled. + * + * This is the proper filter for turning off XML-RPC. + * + * @since 3.5.0 + * + * @param bool $enabled Whether XML-RPC is enabled. Default true. + */ $enabled = apply_filters( 'xmlrpc_enabled', $enabled ); if ( ! $enabled ) { @@ -186,6 +236,15 @@ class wp_xmlrpc_server extends IXR_Server { if (is_wp_error($user)) { $this->error = new IXR_Error( 403, __( 'Incorrect username or password.' ) ); + + /** + * Filter the XML-RPC user login error message. + * + * @since 3.5.0 + * + * @param string $error The XML-RPC error message. + * @param WP_User $user WP_User object. + */ $this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user ); return false; } @@ -206,33 +265,27 @@ class wp_xmlrpc_server extends IXR_Server { * @param string $password User's password. * @return bool Whether authentication passed. */ - function login_pass_ok( $username, $password ) { + public function login_pass_ok( $username, $password ) { return (bool) $this->login( $username, $password ); } /** - * Sanitize string or array of strings for database. + * Escape string or array of strings for database. * * @since 1.5.2 * - * @param string|array $array Sanitize single string or array of strings. - * @return string|array Type matches $array and sanitized for the database. + * @param string|array $data Escape single string or array of strings. + * @return string|array Type matches $data and sanitized for the database. */ - function escape(&$array) { - global $wpdb; - - if (!is_array($array)) { - return($wpdb->escape($array)); - } else { - foreach ( (array) $array as $k => $v ) { - if ( is_array($v) ) { - $this->escape($array[$k]); - } else if ( is_object($v) ) { - //skip - } else { - $array[$k] = $wpdb->escape($v); - } - } + public function escape( &$data ) { + if ( ! is_array( $data ) ) + return wp_slash( $data ); + + foreach ( $data as &$v ) { + if ( is_array( $v ) ) + $this->escape( $v ); + elseif ( ! is_object( $v ) ) + $v = wp_slash( $v ); } } @@ -244,7 +297,7 @@ class wp_xmlrpc_server extends IXR_Server { * @param int $post_id Post ID. * @return array Custom fields, if exist. */ - function get_custom_fields($post_id) { + public function get_custom_fields($post_id) { $post_id = (int) $post_id; $custom_fields = array(); @@ -272,7 +325,7 @@ class wp_xmlrpc_server extends IXR_Server { * @param int $post_id Post ID. * @param array $fields Custom fields. */ - function set_custom_fields($post_id, $fields) { + public function set_custom_fields($post_id, $fields) { $post_id = (int) $post_id; foreach ( (array) $fields as $meta ) { @@ -280,16 +333,16 @@ class wp_xmlrpc_server extends IXR_Server { $meta['id'] = (int) $meta['id']; $pmeta = get_metadata_by_mid( 'post', $meta['id'] ); if ( isset($meta['key']) ) { - $meta['key'] = stripslashes( $meta['key'] ); - if ( $meta['key'] != $pmeta->meta_key ) + $meta['key'] = wp_unslash( $meta['key'] ); + if ( $meta['key'] !== $pmeta->meta_key ) continue; - $meta['value'] = stripslashes_deep( $meta['value'] ); + $meta['value'] = wp_unslash( $meta['value'] ); if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) update_metadata_by_mid( 'post', $meta['id'], $meta['value'] ); } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) { delete_metadata_by_mid( 'post', $meta['id'] ); } - } elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) { + } elseif ( current_user_can( 'add_post_meta', $post_id, wp_unslash( $meta['key'] ) ) ) { add_post_meta( $post_id, $meta['key'], $meta['value'] ); } } @@ -302,7 +355,7 @@ class wp_xmlrpc_server extends IXR_Server { * * @since 2.6.0 */ - function initialise_blog_option_info() { + public function initialise_blog_option_info() { global $wp_version; $this->blog_options = array( @@ -318,15 +371,25 @@ class wp_xmlrpc_server extends IXR_Server { 'value' => $wp_version ), 'blog_url' => array( - 'desc' => __( 'Site URL' ), + 'desc' => __( 'WordPress Address (URL)' ), 'readonly' => true, 'option' => 'siteurl' ), 'home_url' => array( - 'desc' => __( 'Home URL' ), + 'desc' => __( 'Site Address (URL)' ), 'readonly' => true, 'option' => 'home' ), + 'login_url' => array( + 'desc' => __( 'Login Address (URL)' ), + 'readonly' => true, + 'value' => wp_login_url( ) + ), + 'admin_url' => array( + 'desc' => __( 'The URL to the admin area' ), + 'readonly' => true, + 'value' => get_admin_url( ) + ), 'image_default_link_type' => array( 'desc' => __( 'Image default link type' ), 'readonly' => true, @@ -436,6 +499,13 @@ class wp_xmlrpc_server extends IXR_Server { ) ); + /** + * Filter the XML-RPC blog options property. + * + * @since 2.6.0 + * + * @param array $blog_options An array of XML-RPC blog options. + */ $this->blog_options = apply_filters( 'xmlrpc_blog_options', $this->blog_options ); } @@ -447,15 +517,14 @@ class wp_xmlrpc_server extends IXR_Server { * @param array $args Method parameters. Contains: * - username * - password - * @return array. Contains: + * @return array|IXR_Error Array contains: * - 'isAdmin' * - 'url' * - 'blogid' * - 'blogName' * - 'xmlrpc' - url of xmlrpc endpoint */ - function wp_getUsersBlogs( $args ) { - global $current_site; + public function wp_getUsersBlogs( $args ) { // If this isn't on WPMU then just use blogger_getUsersBlogs if ( !is_multisite() ) { array_unshift( $args, 1 ); @@ -470,6 +539,17 @@ class wp_xmlrpc_server extends IXR_Server { if ( !$user = $this->login($username, $password) ) return $this->error; + /** + * Fires after the XML-RPC user has been authenticated but before the rest of + * the method logic begins. + * + * All built-in XML-RPC methods use the action xmlrpc_call, with a parameter + * equal to the method's name, e.g., wp.getUsersBlogs, wp.newPost, etc. + * + * @since 2.5.0 + * + * @param method $name The method name. + */ do_action( 'xmlrpc_call', 'wp.getUsersBlogs' ); $blogs = (array) get_blogs_of_user( $user->ID ); @@ -477,7 +557,7 @@ class wp_xmlrpc_server extends IXR_Server { foreach ( $blogs as $blog ) { // Don't include blogs that aren't hosted at this site - if ( $blog->site_id != $current_site->id ) + if ( $blog->site_id != get_current_site()->id ) continue; $blog_id = $blog->userblog_id; @@ -543,9 +623,21 @@ class wp_xmlrpc_server extends IXR_Server { if ( in_array( 'cap', $fields ) ) $_taxonomy['cap'] = (array) $taxonomy->cap; + if ( in_array( 'menu', $fields ) ) + $_taxonomy['show_in_menu'] = (bool) $_taxonomy->show_in_menu; + if ( in_array( 'object_type', $fields ) ) $_taxonomy['object_type'] = array_unique( (array) $taxonomy->object_type ); + /** + * Filter XML-RPC-prepared data for the given taxonomy. + * + * @since 3.4.0 + * + * @param array $_taxonomy An array of taxonomy data. + * @param object $taxonomy Taxonomy object. + * @param array $fields The subset of taxonomy fields to return. + */ return apply_filters( 'xmlrpc_prepare_taxonomy', $_taxonomy, $taxonomy, $fields ); } @@ -562,15 +654,23 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! is_array( $_term) ) $_term = get_object_vars( $_term ); - // For Intergers which may be largeer than XMLRPC supports ensure we return strings. + // For integers which may be larger than XML-RPC supports ensure we return strings. $_term['term_id'] = strval( $_term['term_id'] ); $_term['term_group'] = strval( $_term['term_group'] ); $_term['term_taxonomy_id'] = strval( $_term['term_taxonomy_id'] ); $_term['parent'] = strval( $_term['parent'] ); - // Count we are happy to return as an Integer because people really shouldn't use Terms that much. + // Count we are happy to return as an integer because people really shouldn't use terms that much. $_term['count'] = intval( $_term['count'] ); + /** + * Filter XML-RPC-prepared data for the given term. + * + * @since 3.4.0 + * + * @param array $_term An array of term data. + * @param array|object $term Term object or array. + */ return apply_filters( 'xmlrpc_prepare_term', $_term, $term ); } @@ -692,6 +792,15 @@ class wp_xmlrpc_server extends IXR_Server { } } + /** + * Filter XML-RPC-prepared date for the given post. + * + * @since 3.4.0 + * + * @param array $_post An array of modified post data. + * @param array $post An array of post data. + * @param array $fields An array of post fields. + */ return apply_filters( 'xmlrpc_prepare_post', $_post, $post, $fields ); } @@ -734,6 +843,14 @@ class wp_xmlrpc_server extends IXR_Server { if ( in_array( 'taxonomies', $fields ) ) $_post_type['taxonomies'] = get_object_taxonomies( $post_type->name, 'names' ); + /** + * Filter XML-RPC-prepared date for the given post type. + * + * @since 3.4.0 + * + * @param array $_post_type An array of post type data. + * @param object $post_type Post type object. + */ return apply_filters( 'xmlrpc_prepare_post_type', $_post_type, $post_type ); } @@ -764,6 +881,15 @@ class wp_xmlrpc_server extends IXR_Server { else $_media_item['thumbnail'] = $_media_item['link']; + /** + * Filter XML-RPC-prepared data for the given media item. + * + * @since 3.4.0 + * + * @param array $_media_item An array of media item data. + * @param object $media_item Media item object. + * @param string $thumbnail_size Image size. + */ return apply_filters( 'xmlrpc_prepare_media_item', $_media_item, $media_item, $thumbnail_size ); } @@ -797,8 +923,10 @@ class wp_xmlrpc_server extends IXR_Server { // Pull the categories info together. $categories = array(); - foreach ( wp_get_post_categories( $page->ID ) as $cat_id ) { - $categories[] = get_cat_name( $cat_id ); + if ( is_object_in_taxonomy( 'page', 'category' ) ) { + foreach ( wp_get_post_categories( $page->ID ) as $cat_id ) { + $categories[] = get_cat_name( $cat_id ); + } } // Get the author info. @@ -835,6 +963,14 @@ class wp_xmlrpc_server extends IXR_Server { 'wp_page_template' => $page_template ); + /** + * Filter XML-RPC-prepared data for the given page. + * + * @since 3.4.0 + * + * @param array $_page An array of page data. + * @param WP_Post $page Page object. + */ return apply_filters( 'xmlrpc_prepare_page', $_page, $page ); } @@ -848,18 +984,17 @@ class wp_xmlrpc_server extends IXR_Server { */ protected function _prepare_comment( $comment ) { // Format page date. - $comment_date = $this->_convert_date( $comment->comment_date ); $comment_date_gmt = $this->_convert_date_gmt( $comment->comment_date_gmt, $comment->comment_date ); - if ( '0' == $comment->comment_approved ) + if ( '0' == $comment->comment_approved ) { $comment_status = 'hold'; - else if ( 'spam' == $comment->comment_approved ) + } elseif ( 'spam' == $comment->comment_approved ) { $comment_status = 'spam'; - else if ( '1' == $comment->comment_approved ) + } elseif ( '1' == $comment->comment_approved ) { $comment_status = 'approve'; - else + } else { $comment_status = $comment->comment_approved; - + } $_comment = array( 'date_created_gmt' => $comment_date_gmt, 'user_id' => $comment->user_id, @@ -877,6 +1012,14 @@ class wp_xmlrpc_server extends IXR_Server { 'type' => $comment->comment_type, ); + /** + * Filter XML-RPC-prepared data for the given comment. + * + * @since 3.4.0 + * + * @param array $_comment An array of prepared comment data. + * @param object $comment Comment object. + */ return apply_filters( 'xmlrpc_prepare_comment', $_comment, $comment ); } @@ -917,6 +1060,15 @@ class wp_xmlrpc_server extends IXR_Server { $_user = array_merge( $_user, $requested_fields ); } + /** + * Filter XML-RPC-prepared data for the given user. + * + * @since 3.5.0 + * + * @param array $_user An array of user data. + * @param WP_User $user User object. + * @param array $fields An array of user fields. + */ return apply_filters( 'xmlrpc_prepare_user', $_user, $user, $fields ); } @@ -926,7 +1078,7 @@ class wp_xmlrpc_server extends IXR_Server { * @since 3.4.0 * * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - array $content_struct @@ -949,15 +1101,14 @@ class wp_xmlrpc_server extends IXR_Server { * - terms_names - array, with taxonomy names as keys and arrays of term names as values * - enclosure * - any other fields supported by wp_insert_post() - * @return string post_id + * @return string|IXR_Error post_id */ - function wp_newPost( $args ) { + public function wp_newPost( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; @@ -965,6 +1116,22 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $user = $this->login( $username, $password ) ) return $this->error; + // convert the date field back to IXR form + if ( isset( $content_struct['post_date'] ) && ! ( $content_struct['post_date'] instanceof IXR_Date ) ) { + $content_struct['post_date'] = $this->_convert_date( $content_struct['post_date'] ); + } + + // ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct, + // since _insert_post will ignore the non-GMT date if the GMT date is set + if ( isset( $content_struct['post_date_gmt'] ) && ! ( $content_struct['post_date_gmt'] instanceof IXR_Date ) ) { + if ( $content_struct['post_date_gmt'] == '0000-00-00 00:00:00' || isset( $content_struct['post_date'] ) ) { + unset( $content_struct['post_date_gmt'] ); + } else { + $content_struct['post_date_gmt'] = $this->_convert_date( $content_struct['post_date_gmt'] ); + } + } + + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newPost' ); unset( $content_struct['ID'] ); @@ -990,7 +1157,7 @@ class wp_xmlrpc_server extends IXR_Server { * @uses wp_insert_post() * * @param WP_User $user The post author if post_author isn't set in $content_struct. - * @param array $content_struct Post data to insert. + * @param array|IXR_Error $content_struct Post data to insert. */ protected function _insert_post( $user, $content_struct ) { $defaults = array( 'post_status' => 'draft', 'post_type' => 'post', 'post_author' => 0, @@ -1007,7 +1174,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( $update ) { if ( ! get_post( $post_data['ID'] ) ) return new IXR_Error( 401, __( 'Invalid post ID.' ) ); - if ( ! current_user_can( $post_type->cap->edit_post, $post_data['ID'] ) ) + if ( ! current_user_can( 'edit_post', $post_data['ID'] ) ) return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); if ( $post_data['post_type'] != get_post_type( $post_data['ID'] ) ) return new IXR_Error( 401, __( 'The post type may not be changed.' ) ); @@ -1124,6 +1291,7 @@ class wp_xmlrpc_server extends IXR_Server { return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) ); $term_ids = $post_data['terms'][$taxonomy]; + $terms[ $taxonomy ] = array(); foreach ( $term_ids as $term_id ) { $term = get_term_by( 'id', $term_id, $taxonomy ); @@ -1207,6 +1375,14 @@ class wp_xmlrpc_server extends IXR_Server { $this->attach_uploads( $post_ID, $post_data['post_content'] ); + /** + * Filter post data array to be inserted via XML-RPC. + * + * @since 3.4.0 + * + * @param array $post_data Parsed array of post data. + * @param array $content_struct Post data array. + */ $post_data = apply_filters( 'xmlrpc_wp_insert_post_data', $post_data, $content_struct ); $post_ID = $update ? wp_update_post( $post_data, true ) : wp_insert_post( $post_data, true ); @@ -1228,20 +1404,19 @@ class wp_xmlrpc_server extends IXR_Server { * @since 3.4.0 * * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - int $post_id * - array $content_struct - * @return true on success + * @return bool|IXR_Error true on success */ - function wp_editPost( $args ) { + public function wp_editPost( $args ) { if ( ! $this->minimum_args( $args, 5 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; @@ -1250,6 +1425,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editPost' ); $post = get_post( $post_id, ARRAY_A ); @@ -1291,19 +1467,18 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses wp_delete_post() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - int $post_id - * @return true on success + * @return bool|IXR_Error true on success */ - function wp_deletePost( $args ) { + public function wp_deletePost( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; @@ -1311,14 +1486,14 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deletePost' ); $post = get_post( $post_id, ARRAY_A ); if ( empty( $post['ID'] ) ) return new IXR_Error( 404, __( 'Invalid post ID.' ) ); - $post_type = get_post_type_object( $post['post_type'] ); - if ( ! current_user_can( $post_type->cap->delete_post, $post_id ) ) + if ( ! current_user_can( 'delete_post', $post_id ) ) return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) ); $result = wp_delete_post( $post_id ); @@ -1345,11 +1520,12 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses get_post() * @param array $args Method parameters. Contains: - * - int $post_id + * - int $blog_id (unused) * - string $username * - string $password + * - int $post_id * - array $fields optional - * @return array contains (based on $fields parameter): + * @return array|IXR_Error Array contains (based on $fields parameter): * - 'post_id' * - 'post_title' * - 'post_date' @@ -1373,25 +1549,34 @@ class wp_xmlrpc_server extends IXR_Server { * - 'tags' * - 'enclosure' */ - function wp_getPost( $args ) { + public function wp_getPost( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** + * Filter the list of post query fields used by the given XML-RPC method. + * + * @since 3.4.0 + * + * @param array $fields Array of post fields. + * @param string $method Method name. + */ $fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPost' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPost' ); $post = get_post( $post_id, ARRAY_A ); @@ -1399,8 +1584,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( empty( $post['ID'] ) ) return new IXR_Error( 404, __( 'Invalid post ID.' ) ); - $post_type = get_post_type_object( $post['post_type'] ); - if ( ! current_user_can( $post_type->cap->edit_post, $post_id ) ) + if ( ! current_user_can( 'edit_post', $post_id ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) ); return $this->_prepare_post( $post, $fields ); @@ -1423,32 +1607,34 @@ class wp_xmlrpc_server extends IXR_Server { * @see get_posts() for more on $filter values * * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - array $filter optional * - array $fields optional - * @return array contains a collection of posts. + * @return array|IXR_Error Array contains a collection of posts. */ - function wp_getPosts( $args ) { + public function wp_getPosts( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array(); - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPosts' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPosts' ); $query = array(); @@ -1495,8 +1681,7 @@ class wp_xmlrpc_server extends IXR_Server { $struct = array(); foreach ( $posts_list as $post ) { - $post_type = get_post_type_object( $post['post_type'] ); - if ( ! current_user_can( $post_type->cap->edit_post, $post['ID'] ) ) + if ( ! current_user_can( 'edit_post', $post['ID'] ) ) continue; $struct[] = $this->_prepare_post( $post, $fields ); @@ -1512,7 +1697,7 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses wp_insert_term() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - array $content_struct @@ -1523,15 +1708,14 @@ class wp_xmlrpc_server extends IXR_Server { * - 'parent' * - 'description' * - 'slug' - * @return string term_id + * @return string|IXR_Error term_id */ - function wp_newTerm( $args ) { + public function wp_newTerm( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; @@ -1539,6 +1723,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newTerm' ); if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) @@ -1598,7 +1783,7 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses wp_update_term() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - string $term_id @@ -1610,15 +1795,14 @@ class wp_xmlrpc_server extends IXR_Server { * - 'parent' * - 'description' * - 'slug' - * @return bool True, on success. + * @return bool|IXR_Error True, on success. */ - function wp_editTerm( $args ) { + public function wp_editTerm( $args ) { if ( ! $this->minimum_args( $args, 5 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $term_id = (int) $args[3]; @@ -1627,6 +1811,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editTerm' ); if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) @@ -1697,20 +1882,19 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses wp_delete_term() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - string $taxnomy_name * - string $term_id * @return boolean|IXR_Error If it suceeded true else a reason why not */ - function wp_deleteTerm( $args ) { + public function wp_deleteTerm( $args ) { if ( ! $this->minimum_args( $args, 5 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $taxonomy = $args[3]; @@ -1719,6 +1903,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deleteTerm' ); if ( ! taxonomy_exists( $taxonomy ) ) @@ -1755,12 +1940,12 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses get_term() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - string $taxonomy * - string $term_id - * @return array contains: + * @return array|IXR_Error Array contains: * - 'term_id' * - 'name' * - 'slug' @@ -1771,13 +1956,12 @@ class wp_xmlrpc_server extends IXR_Server { * - 'parent' * - 'count' */ - function wp_getTerm( $args ) { + public function wp_getTerm( $args ) { if ( ! $this->minimum_args( $args, 5 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $taxonomy = $args[3]; @@ -1786,6 +1970,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTerm' ); if ( ! taxonomy_exists( $taxonomy ) ) @@ -1817,20 +2002,19 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses get_terms() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - string $taxonomy * - array $filter optional - * @return array terms + * @return array|IXR_Error terms */ - function wp_getTerms( $args ) { + public function wp_getTerms( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $taxonomy = $args[3]; @@ -1839,6 +2023,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTerms' ); if ( ! taxonomy_exists( $taxonomy ) ) @@ -1893,31 +2078,40 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses get_taxonomy() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - string $taxonomy - * @return array (@see get_taxonomy()) + * @return array|IXR_Error (@see get_taxonomy()) */ - function wp_getTaxonomy( $args ) { + public function wp_getTaxonomy( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $taxonomy = $args[3]; - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** + * Filter the taxonomy query fields used by the given XML-RPC method. + * + * @since 3.4.0 + * + * @param array $fields An array of taxonomy fields to retrieve. + * @param string $method The method name. + */ $fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomy' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTaxonomy' ); if ( ! taxonomy_exists( $taxonomy ) ) @@ -1938,30 +2132,32 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses get_taxonomies() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * @return array taxonomies */ - function wp_getTaxonomies( $args ) { + public function wp_getTaxonomies( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array( 'public' => true ); - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomies' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTaxonomies' ); $taxonomies = get_taxonomies( $filter, 'objects' ); @@ -1993,12 +2189,12 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses get_userdata() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - int $user_id * - array $fields optional - * @return array contains (based on $fields parameter): + * @return array|IXR_Error Array contains (based on $fields parameter): * - 'user_id' * - 'username' * - 'first_name' @@ -2012,25 +2208,34 @@ class wp_xmlrpc_server extends IXR_Server { * - 'display_name' * - 'roles' */ - function wp_getUser( $args ) { + public function wp_getUser( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $user_id = (int) $args[3]; - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** + * Filter the default user query fields used by the given XML-RPC method. + * + * @since 3.5.0 + * + * @param array $fields User query fields for given method. Default 'all'. + * @param string $method The method name. + */ $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUser' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getUser' ); if ( ! current_user_can( 'edit_user', $user_id ) ) @@ -2058,32 +2263,34 @@ class wp_xmlrpc_server extends IXR_Server { * @see wp_getUser() for more on $fields and return values * * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - array $filter optional * - array $fields optional - * @return array users data + * @return array|IXR_Error users data */ - function wp_getUsers( $args ) { + public function wp_getUsers( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array(); - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUsers' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getUsers' ); if ( ! current_user_can( 'list_users' ) ) @@ -2127,30 +2334,32 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses get_userdata() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - array $fields optional - * @return array (@see wp_getUser) + * @return array|IXR_Error (@see wp_getUser) */ - function wp_getProfile( $args ) { + public function wp_getProfile( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; - if ( isset( $args[3] ) ) + if ( isset( $args[3] ) ) { $fields = $args[3]; - else + } else { + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getProfile' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getProfile' ); if ( ! current_user_can( 'edit_user', $user->ID ) ) @@ -2166,7 +2375,7 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses wp_update_user() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - array $content_struct @@ -2178,15 +2387,14 @@ class wp_xmlrpc_server extends IXR_Server { * - 'nickname' * - 'nicename' * - 'bio' - * @return bool True, on success. + * @return bool|IXR_Error True, on success. */ - function wp_editProfile( $args ) { + public function wp_editProfile( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; @@ -2194,6 +2402,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editProfile' ); if ( ! current_user_can( 'edit_user', $user->ID ) ) @@ -2242,16 +2451,15 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.2.0 * * @param array $args Method parameters. Contains: - * - blog_id + * - blog_id (unused) * - page_id * - username * - password - * @return array + * @return array|IXR_Error */ - function wp_getPage($args) { + public function wp_getPage($args) { $this->escape($args); - $blog_id = (int) $args[0]; $page_id = (int) $args[1]; $username = $args[2]; $password = $args[3]; @@ -2267,7 +2475,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'edit_page', $page_id ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit this page.' ) ); - do_action('xmlrpc_call', 'wp.getPage'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getPage' ); // If we found the page then format the data. if ( $page->ID && ($page->post_type == 'page') ) { @@ -2275,7 +2484,7 @@ class wp_xmlrpc_server extends IXR_Server { } // If the page doesn't exist indicate that. else { - return(new IXR_Error(404, __('Sorry, no such page.'))); + return new IXR_Error( 404, __( 'Sorry, no such page.' ) ); } } @@ -2285,16 +2494,15 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.2.0 * * @param array $args Method parameters. Contains: - * - blog_id + * - blog_id (unused) * - username * - password * - num_pages - * @return array + * @return array|IXR_Error */ - function wp_getPages($args) { + public function wp_getPages($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $num_pages = isset($args[3]) ? (int) $args[3] : 10; @@ -2305,7 +2513,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'edit_pages' ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit pages.' ) ); - do_action('xmlrpc_call', 'wp.getPages'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getPages' ); $pages = get_posts( array('post_type' => 'page', 'post_status' => 'any', 'numberposts' => $num_pages) ); $num_pages = count($pages); @@ -2319,12 +2528,10 @@ class wp_xmlrpc_server extends IXR_Server { $pages_struct[] = $this->_prepare_page( $page ); } - return($pages_struct); - } - // If no pages were found return an error. - else { - return(array()); + return $pages_struct; } + + return array(); } /** @@ -2333,25 +2540,24 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.2.0 * * @param array $args Method parameters. See {@link wp_xmlrpc_server::mw_newPost()} - * @return unknown + * @return int|IXR_Error */ - function wp_newPage($args) { + public function wp_newPage($args) { // Items not escaped here will be escaped in newPost. $username = $this->escape($args[1]); $password = $this->escape($args[2]); - $page = $args[3]; - $publish = $args[4]; if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'wp.newPage'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.newPage' ); // Mark this as content for a page. $args[3]["post_type"] = 'page'; // Let mw_newPost do all of the heavy lifting. - return($this->mw_newPost($args)); + return $this->mw_newPost( $args ); } /** @@ -2360,12 +2566,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.2.0 * * @param array $args Method parameters. - * @return bool True, if success. + * @return bool|IXR_Error True, if success. */ - function wp_deletePage($args) { + public function wp_deletePage($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $page_id = (int) $args[3]; @@ -2373,26 +2578,35 @@ class wp_xmlrpc_server extends IXR_Server { if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'wp.deletePage'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.deletePage' ); // Get the current page based on the page_id and // make sure it is a page and not a post. $actual_page = get_post($page_id, ARRAY_A); if ( !$actual_page || ($actual_page['post_type'] != 'page') ) - return(new IXR_Error(404, __('Sorry, no such page.'))); + return new IXR_Error( 404, __( 'Sorry, no such page.' ) ); // Make sure the user can delete pages. if ( !current_user_can('delete_page', $page_id) ) - return(new IXR_Error(401, __('Sorry, you do not have the right to delete this page.'))); + return new IXR_Error( 401, __( 'Sorry, you do not have the right to delete this page.' ) ); // Attempt to delete the page. $result = wp_delete_post($page_id); if ( !$result ) - return(new IXR_Error(500, __('Failed to delete the page.'))); - + return new IXR_Error( 500, __( 'Failed to delete the page.' ) ); + + /** + * Fires after a page has been successfully deleted via XML-RPC. + * + * @since 3.4.0 + * + * @param int $page_id ID of the deleted page. + * @param array $args An array of arguments to delete the page. + */ do_action( 'xmlrpc_call_success_wp_deletePage', $page_id, $args ); - return(true); + return true; } /** @@ -2401,11 +2615,10 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.2.0 * * @param array $args Method parameters. - * @return unknown + * @return array|IXR_Error */ - function wp_editPage($args) { + public function wp_editPage($args) { // Items not escaped here will be escaped in editPost. - $blog_id = (int) $args[0]; $page_id = (int) $this->escape($args[1]); $username = $this->escape($args[2]); $password = $this->escape($args[3]); @@ -2415,16 +2628,17 @@ class wp_xmlrpc_server extends IXR_Server { if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'wp.editPage'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.editPage' ); // Get the page data and make sure it is a page. $actual_page = get_post($page_id, ARRAY_A); if ( !$actual_page || ($actual_page['post_type'] != 'page') ) - return(new IXR_Error(404, __('Sorry, no such page.'))); + return new IXR_Error( 404, __( 'Sorry, no such page.' ) ); // Make sure the user is allowed to edit pages. if ( !current_user_can('edit_page', $page_id) ) - return(new IXR_Error(401, __('Sorry, you do not have the right to edit this page.'))); + return new IXR_Error( 401, __( 'Sorry, you do not have the right to edit this page.' ) ); // Mark this as content for a page. $content['post_type'] = 'page'; @@ -2439,7 +2653,7 @@ class wp_xmlrpc_server extends IXR_Server { ); // Let mw_editPost do all of the heavy lifting. - return($this->mw_editPost($args)); + return $this->mw_editPost( $args ); } /** @@ -2448,14 +2662,13 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.2.0 * * @param array $args Method parameters. - * @return unknown + * @return array|IXR_Error */ - function wp_getPageList($args) { + public function wp_getPageList($args) { global $wpdb; $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2465,7 +2678,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'edit_pages' ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit pages.' ) ); - do_action('xmlrpc_call', 'wp.getPageList'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getPageList' ); // Get list of pages ids and titles $page_list = $wpdb->get_results(" @@ -2491,7 +2705,7 @@ class wp_xmlrpc_server extends IXR_Server { unset($page_list[$i]->post_status); } - return($page_list); + return $page_list; } /** @@ -2500,13 +2714,12 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.2.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function wp_getAuthors($args) { + public function wp_getAuthors($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2514,9 +2727,10 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; if ( !current_user_can('edit_posts') ) - return(new IXR_Error(401, __('Sorry, you cannot edit posts on this site.'))); + return new IXR_Error( 401, __( 'Sorry, you cannot edit posts on this site.' ) ); - do_action('xmlrpc_call', 'wp.getAuthors'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getAuthors' ); $authors = array(); foreach ( get_users( array( 'fields' => array('ID','user_login','display_name') ) ) as $user ) { @@ -2536,12 +2750,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.7.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function wp_getTags( $args ) { + public function wp_getTags( $args ) { $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2551,12 +2764,14 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view tags.' ) ); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getKeywords' ); $tags = array(); if ( $all_tags = get_tags() ) { foreach( (array) $all_tags as $tag ) { + $struct = array(); $struct['tag_id'] = $tag->term_id; $struct['name'] = $tag->name; $struct['count'] = $tag->count; @@ -2577,12 +2792,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.2.0 * * @param array $args Method parameters. - * @return int Category ID. + * @return int|IXR_Error Category ID. */ - function wp_newCategory($args) { + public function wp_newCategory($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $category = $args[3]; @@ -2590,11 +2804,12 @@ class wp_xmlrpc_server extends IXR_Server { if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'wp.newCategory'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.newCategory' ); // Make sure the user is allowed to add a category. if ( !current_user_can('manage_categories') ) - return(new IXR_Error(401, __('Sorry, you do not have the right to add a category.'))); + return new IXR_Error(401, __('Sorry, you do not have the right to add a category.')); // If no slug was provided make it empty so that // WordPress will generate one. @@ -2622,11 +2837,19 @@ class wp_xmlrpc_server extends IXR_Server { if ( 'term_exists' == $cat_id->get_error_code() ) return (int) $cat_id->get_error_data(); else - return(new IXR_Error(500, __('Sorry, the new category failed.'))); + return new IXR_Error(500, __('Sorry, the new category failed.')); } elseif ( ! $cat_id ) { - return(new IXR_Error(500, __('Sorry, the new category failed.'))); + return new IXR_Error(500, __('Sorry, the new category failed.')); } + /** + * Fires after a new category has been successfully created via XML-RPC. + * + * @since 3.4.0 + * + * @param int $cat_id ID of the new category. + * @param array $args An array of new category arguments. + */ do_action( 'xmlrpc_call_success_wp_newCategory', $cat_id, $args ); return $cat_id; @@ -2638,12 +2861,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.5.0 * * @param array $args Method parameters. - * @return mixed See {@link wp_delete_term()} for return info. + * @return bool|IXR_Error See {@link wp_delete_term()} for return info. */ - function wp_deleteCategory($args) { + public function wp_deleteCategory($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $category_id = (int) $args[3]; @@ -2651,15 +2873,25 @@ class wp_xmlrpc_server extends IXR_Server { if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'wp.deleteCategory'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.deleteCategory' ); if ( !current_user_can('manage_categories') ) return new IXR_Error( 401, __( 'Sorry, you do not have the right to delete a category.' ) ); $status = wp_delete_term( $category_id, 'category' ); - if( true == $status ) + if ( true == $status ) { + /** + * Fires after a category has been successfully deleted via XML-RPC. + * + * @since 3.4.0 + * + * @param int $category_id ID of the deleted category. + * @param array $args An array of arguments to delete the category. + */ do_action( 'xmlrpc_call_success_wp_deleteCategory', $category_id, $args ); + } return $status; } @@ -2670,12 +2902,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.2.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function wp_suggestCategories($args) { + public function wp_suggestCategories($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $category = $args[3]; @@ -2685,9 +2916,10 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; if ( !current_user_can( 'edit_posts' ) ) - return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts to this site in order to view categories.' ) ); + return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) ); - do_action('xmlrpc_call', 'wp.suggestCategories'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.suggestCategories' ); $category_suggestions = array(); $args = array('get' => 'all', 'number' => $max_results, 'name__like' => $category); @@ -2698,7 +2930,7 @@ class wp_xmlrpc_server extends IXR_Server { ); } - return($category_suggestions); + return $category_suggestions; } /** @@ -2707,12 +2939,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.7.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function wp_getComment($args) { + public function wp_getComment($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $comment_id = (int) $args[3]; @@ -2723,7 +2954,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'moderate_comments' ) ) return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - do_action('xmlrpc_call', 'wp.getComment'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getComment' ); if ( ! $comment = get_comment($comment_id) ) return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); @@ -2734,7 +2966,7 @@ class wp_xmlrpc_server extends IXR_Server { /** * Retrieve comments. * - * Besides the common blog_id, username, and password arguments, it takes a filter + * Besides the common blog_id (unused), username, and password arguments, it takes a filter * array as last argument. * * Accepted 'filter' keys are 'status', 'post_id', 'offset', and 'number'. @@ -2748,12 +2980,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.7.0 * * @param array $args Method parameters. - * @return array. Contains a collection of comments. See {@link wp_xmlrpc_server::wp_getComment()} for a description of each item contents + * @return array|IXR_Error Contains a collection of comments. See {@link wp_xmlrpc_server::wp_getComment()} for a description of each item contents */ - function wp_getComments($args) { + public function wp_getComments($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $struct = isset( $args[3] ) ? $args[3] : array(); @@ -2764,7 +2995,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'moderate_comments' ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) ); - do_action('xmlrpc_call', 'wp.getComments'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getComments' ); if ( isset($struct['status']) ) $status = $struct['status']; @@ -2804,16 +3036,15 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.7.0 * * @param array $args Method parameters. Contains: - * - blog_id + * - blog_id (unused) * - username * - password * - comment_id - * @return mixed {@link wp_delete_comment()} + * @return bool|IXR_Error {@link wp_delete_comment()} */ - function wp_deleteComment($args) { + public function wp_deleteComment($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $comment_ID = (int) $args[3]; @@ -2830,12 +3061,22 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'edit_comment', $comment_ID ) ) return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - do_action('xmlrpc_call', 'wp.deleteComment'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.deleteComment' ); $status = wp_delete_comment( $comment_ID ); - if( true == $status ) + if ( true == $status ) { + /** + * Fires after a comment has been successfully deleted via XML-RPC. + * + * @since 3.4.0 + * + * @param int $comment_ID ID of the deleted comment. + * @param array $args An array of arguments to delete the comment. + */ do_action( 'xmlrpc_call_success_wp_deleteComment', $comment_ID, $args ); + } return $status; } @@ -2843,7 +3084,7 @@ class wp_xmlrpc_server extends IXR_Server { /** * Edit comment. * - * Besides the common blog_id, username, and password arguments, it takes a + * Besides the common blog_id (unused), username, and password arguments, it takes a * comment_id integer and a content_struct array as last argument. * * The allowed keys in the content_struct array are: @@ -2856,18 +3097,17 @@ class wp_xmlrpc_server extends IXR_Server { * * @since 2.7.0 * - * @param array $args. Contains: - * - blog_id + * @param array $args Contains: + * - blog_id (unused) * - username * - password * - comment_id * - content_struct - * @return bool True, on success. + * @return bool|IXR_Error True, on success. */ - function wp_editComment($args) { + public function wp_editComment($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $comment_ID = (int) $args[3]; @@ -2885,7 +3125,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'edit_comment', $comment_ID ) ) return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); - do_action('xmlrpc_call', 'wp.editComment'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.editComment' ); if ( isset($content_struct['status']) ) { $statuses = get_comment_statuses(); @@ -2926,6 +3167,14 @@ class wp_xmlrpc_server extends IXR_Server { if ( !$result ) return new IXR_Error(500, __('Sorry, the comment could not be edited. Something wrong happened.')); + /** + * Fires after a comment has been successfully updated via XML-RPC. + * + * @since 3.4.0 + * + * @param int $comment_ID ID of the updated comment. + * @param array $args An array of arguments to update the comment. + */ do_action( 'xmlrpc_call_success_wp_editComment', $comment_ID, $args ); return true; @@ -2937,29 +3186,35 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.7.0 * * @param array $args Method parameters. - * @return mixed {@link wp_new_comment()} + * @return int|IXR_Error {@link wp_new_comment()} */ - function wp_newComment($args) { - global $wpdb; - + public function wp_newComment($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $post = $args[3]; $content_struct = $args[4]; - $allow_anon = apply_filters('xmlrpc_allow_anonymous_comments', false); + /** + * Filter whether to allow anonymous comments over XML-RPC. + * + * @since 2.7.0 + * + * @param bool $allow Whether to allow anonymous commenting via XML-RPC. + * Default false. + */ + $allow_anon = apply_filters( 'xmlrpc_allow_anonymous_comments', false ); $user = $this->login($username, $password); if ( !$user ) { $logged_in = false; - if ( $allow_anon && get_option('comment_registration') ) + if ( $allow_anon && get_option('comment_registration') ) { return new IXR_Error( 403, __( 'You must be registered to comment' ) ); - else if ( !$allow_anon ) + } elseif ( ! $allow_anon ) { return $this->error; + } } else { $logged_in = true; } @@ -2975,12 +3230,13 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! get_post($post_id) ) return new IXR_Error( 404, __( 'Invalid post ID.' ) ); + $comment = array(); $comment['comment_post_ID'] = $post_id; if ( $logged_in ) { - $comment['comment_author'] = $wpdb->escape( $user->display_name ); - $comment['comment_author_email'] = $wpdb->escape( $user->user_email ); - $comment['comment_author_url'] = $wpdb->escape( $user->user_url ); + $comment['comment_author'] = $this->escape( $user->display_name ); + $comment['comment_author_email'] = $this->escape( $user->user_email ); + $comment['comment_author_url'] = $this->escape( $user->user_url ); $comment['user_ID'] = $user->ID; } else { $comment['comment_author'] = ''; @@ -3009,10 +3265,19 @@ class wp_xmlrpc_server extends IXR_Server { $comment['comment_content'] = isset($content_struct['content']) ? $content_struct['content'] : null; - do_action('xmlrpc_call', 'wp.newComment'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.newComment' ); $comment_ID = wp_new_comment( $comment ); + /** + * Fires after a new comment has been successfully created via XML-RPC. + * + * @since 3.4.0 + * + * @param int $comment_ID ID of the new comment. + * @param array $args An array of new comment arguments. + */ do_action( 'xmlrpc_call_success_wp_newComment', $comment_ID, $args ); return $comment_ID; @@ -3024,12 +3289,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.7.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function wp_getCommentStatusList($args) { + public function wp_getCommentStatusList($args) { $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3039,7 +3303,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'moderate_comments' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); - do_action('xmlrpc_call', 'wp.getCommentStatusList'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getCommentStatusList' ); return get_comment_statuses(); } @@ -3050,12 +3315,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.5.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function wp_getCommentCount( $args ) { + public function wp_getCommentCount( $args ) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; @@ -3066,7 +3330,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) ); - do_action('xmlrpc_call', 'wp.getCommentCount'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getCommentCount' ); $count = wp_count_comments( $post_id ); return array( @@ -3083,12 +3348,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.5.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function wp_getPostStatusList( $args ) { + public function wp_getPostStatusList( $args ) { $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3098,7 +3362,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); - do_action('xmlrpc_call', 'wp.getPostStatusList'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getPostStatusList' ); return get_post_statuses(); } @@ -3109,12 +3374,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.5.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function wp_getPageStatusList( $args ) { + public function wp_getPageStatusList( $args ) { $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3124,7 +3388,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'edit_pages' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); - do_action('xmlrpc_call', 'wp.getPageStatusList'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getPageStatusList' ); return get_page_statuses(); } @@ -3135,12 +3400,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.6.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function wp_getPageTemplates( $args ) { + public function wp_getPageTemplates( $args ) { $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3162,12 +3426,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.6.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function wp_getOptions( $args ) { + public function wp_getOptions( $args ) { $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $options = isset( $args[3] ) ? (array) $args[3] : array(); @@ -3190,8 +3453,9 @@ class wp_xmlrpc_server extends IXR_Server { * @param array $options Options to retrieve. * @return array */ - function _getOptions($options) { + public function _getOptions($options) { $data = array(); + $can_manage = current_user_can( 'manage_options' ); foreach ( $options as $option ) { if ( array_key_exists( $option, $this->blog_options ) ) { $data[$option] = $this->blog_options[$option]; @@ -3200,6 +3464,9 @@ class wp_xmlrpc_server extends IXR_Server { $data[$option]['value'] = get_option( $data[$option]['option'] ); unset($data[$option]['option']); } + + if ( ! $can_manage ) + $data[$option]['readonly'] = true; } } @@ -3212,12 +3479,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 2.6.0 * * @param array $args Method parameters. - * @return unknown + * @return array|IXR_Error */ - function wp_setOptions( $args ) { + public function wp_setOptions( $args ) { $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $options = (array) $args[3]; @@ -3228,6 +3494,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'manage_options' ) ) return new IXR_Error( 403, __( 'You are not allowed to update options.' ) ); + $option_names = array(); foreach ( $options as $o_name => $o_value ) { $option_names[] = $o_name; if ( !array_key_exists( $o_name, $this->blog_options ) ) @@ -3236,7 +3503,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( $this->blog_options[$o_name]['readonly'] == true ) continue; - update_option( $this->blog_options[$o_name]['option'], $o_value ); + update_option( $this->blog_options[$o_name]['option'], wp_unslash( $o_value ) ); } //Now return the updated values @@ -3249,11 +3516,11 @@ class wp_xmlrpc_server extends IXR_Server { * @since 3.1.0 * * @param array $args Method parameters. Contains: - * - blog_id + * - blog_id (unused) * - username * - password * - attachment_id - * @return array. Associative array containing: + * @return array|IXR_Error Associative array contains: * - 'date_created_gmt' * - 'parent' * - 'link' @@ -3263,10 +3530,9 @@ class wp_xmlrpc_server extends IXR_Server { * - 'description' * - 'metadata' */ - function wp_getMediaItem($args) { + public function wp_getMediaItem($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $attachment_id = (int) $args[3]; @@ -3277,7 +3543,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'upload_files' ) ) return new IXR_Error( 403, __( 'You do not have permission to upload files.' ) ); - do_action('xmlrpc_call', 'wp.getMediaItem'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getMediaItem' ); if ( ! $attachment = get_post($attachment_id) ) return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); @@ -3288,7 +3555,7 @@ class wp_xmlrpc_server extends IXR_Server { /** * Retrieves a collection of media library items (or attachments) * - * Besides the common blog_id, username, and password arguments, it takes a filter + * Besides the common blog_id (unused), username, and password arguments, it takes a filter * array as last argument. * * Accepted 'filter' keys are 'parent_id', 'mime_type', 'offset', and 'number'. @@ -3302,16 +3569,15 @@ class wp_xmlrpc_server extends IXR_Server { * @since 3.1.0 * * @param array $args Method parameters. Contains: - * - blog_id + * - blog_id (unused) * - username * - password * - filter - * @return array. Contains a collection of media items. See {@link wp_xmlrpc_server::wp_getMediaItem()} for a description of each item contents + * @return array|IXR_Error Contains a collection of media items. See {@link wp_xmlrpc_server::wp_getMediaItem()} for a description of each item contents */ - function wp_getMediaLibrary($args) { + public function wp_getMediaLibrary($args) { $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $struct = isset( $args[3] ) ? $args[3] : array() ; @@ -3322,7 +3588,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'upload_files' ) ) return new IXR_Error( 401, __( 'You do not have permission to upload files.' ) ); - do_action('xmlrpc_call', 'wp.getMediaLibrary'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'wp.getMediaLibrary' ); $parent_id = ( isset($struct['parent_id']) ) ? absint($struct['parent_id']) : '' ; $mime_type = ( isset($struct['mime_type']) ) ? $struct['mime_type'] : '' ; @@ -3342,18 +3609,17 @@ class wp_xmlrpc_server extends IXR_Server { /** * Retrieves a list of post formats used by the site * - * @since 3.1 + * @since 3.1.0 * * @param array $args Method parameters. Contains: - * - blog_id + * - blog_id (unused) * - username * - password - * @return array + * @return array|IXR_Error */ - function wp_getPostFormats( $args ) { + public function wp_getPostFormats( $args ) { $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3363,16 +3629,18 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostFormats' ); $formats = get_post_format_strings(); - # find out if they want a list of currently supports formats + // find out if they want a list of currently supports formats if ( isset( $args[3] ) && is_array( $args[3] ) ) { if ( $args[3]['show-supported'] ) { if ( current_theme_supports( 'post-formats' ) ) { $supported = get_theme_support( 'post-formats' ); + $data = array(); $data['all'] = $formats; $data['supported'] = $supported[0]; @@ -3391,12 +3659,12 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses get_post_type_object() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - string $post_type_name * - array $fields - * @return array contains: + * @return array|IXR_Error Array contains: * - 'labels' * - 'description' * - 'capability_type' @@ -3407,25 +3675,34 @@ class wp_xmlrpc_server extends IXR_Server { * - 'taxonomies' * - 'supports' */ - function wp_getPostType( $args ) { + public function wp_getPostType( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $post_type_name = $args[3]; - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** + * Filter the default query fields used by the given XML-RPC method. + * + * @since 3.4.0 + * + * @param array $fields An array of post type query fields for the given method. + * @param string $method The method name. + */ $fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostType' ); + } if ( !$user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostType' ); if( ! post_type_exists( $post_type_name ) ) @@ -3446,32 +3723,34 @@ class wp_xmlrpc_server extends IXR_Server { * * @uses get_post_types() * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - array $filter * - array $fields - * @return array + * @return array|IXR_Error */ - function wp_getPostTypes( $args ) { + public function wp_getPostTypes( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array( 'public' => true ); - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostTypes' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostTypes' ); $post_types = get_post_types( $filter, 'objects' ); @@ -3500,32 +3779,41 @@ class wp_xmlrpc_server extends IXR_Server { * @see wp_getPost() for more on $fields * * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - int $post_id * - array $fields - * @return array contains a collection of posts. + * @return array|IXR_Error contains a collection of posts. */ - function wp_getRevisions( $args ) { + public function wp_getRevisions( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; - if ( isset( $args[4] ) ) + if ( isset( $args[4] ) ) { $fields = $args[4]; - else + } else { + /** + * Filter the default revision query fields used by the given XML-RPC method. + * + * @since 3.5.0 + * + * @param array $field An array of revision query fields. + * @param string $method The method name. + */ $fields = apply_filters( 'xmlrpc_default_revision_fields', array( 'post_date', 'post_date_gmt' ), 'wp.getRevisions' ); + } if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getRevisions' ); if ( ! $post = get_post( $post_id ) ) @@ -3535,7 +3823,7 @@ class wp_xmlrpc_server extends IXR_Server { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) ); // Check if revisions are enabled. - if ( ! WP_POST_REVISIONS || ! post_type_supports( $post->post_type, 'revisions' ) ) + if ( ! wp_revisions_enabled( $post ) ) return new IXR_Error( 401, __( 'Sorry, revisions are disabled.' ) ); $revisions = wp_get_post_revisions( $post_id ); @@ -3567,19 +3855,18 @@ class wp_xmlrpc_server extends IXR_Server { * @uses wp_restore_post_revision() * * @param array $args Method parameters. Contains: - * - int $blog_id + * - int $blog_id (unused) * - string $username * - string $password * - int $post_id - * @return bool false if there was an error restoring, true if success. + * @return bool|IXR_Error false if there was an error restoring, true if success. */ - function wp_restoreRevision( $args ) { + public function wp_restoreRevision( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $revision_id = (int) $args[3]; @@ -3587,6 +3874,7 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $user = $this->login( $username, $password ) ) return $this->error; + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.restoreRevision' ); if ( ! $revision = wp_get_post_revision( $revision_id ) ) @@ -3602,7 +3890,7 @@ class wp_xmlrpc_server extends IXR_Server { return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) ); // Check if revisions are disabled. - if ( ! WP_POST_REVISIONS || ! post_type_supports( $post->post_type, 'revisions' ) ) + if ( ! wp_revisions_enabled( $post ) ) return new IXR_Error( 401, __( 'Sorry, revisions are disabled.' ) ); $post = wp_restore_post_revision( $revision_id ); @@ -3622,9 +3910,9 @@ class wp_xmlrpc_server extends IXR_Server { * @since 1.5.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function blogger_getUsersBlogs($args) { + public function blogger_getUsersBlogs($args) { if ( is_multisite() ) return $this->_multisite_getUsersBlogs($args); @@ -3636,7 +3924,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !$user = $this->login($username, $password) ) return $this->error; - do_action('xmlrpc_call', 'blogger.getUsersBlogs'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'blogger.getUsersBlogs' ); $is_admin = current_user_can('manage_options'); @@ -3655,8 +3944,10 @@ class wp_xmlrpc_server extends IXR_Server { * Private function for retrieving a users blogs for multisite setups * * @access protected + * + * @return array|IXR_Error */ - function _multisite_getUsersBlogs($args) { + protected function _multisite_getUsersBlogs($args) { $current_blog = get_blog_details(); $domain = $current_blog->domain; @@ -3688,9 +3979,9 @@ class wp_xmlrpc_server extends IXR_Server { * @since 1.5.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function blogger_getUserInfo($args) { + public function blogger_getUserInfo($args) { $this->escape($args); @@ -3703,7 +3994,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this site.' ) ); - do_action('xmlrpc_call', 'blogger.getUserInfo'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'blogger.getUserInfo' ); $struct = array( 'nickname' => $user->nickname, @@ -3722,9 +4014,9 @@ class wp_xmlrpc_server extends IXR_Server { * @since 1.5.0 * * @param array $args Method parameters. - * @return array + * @return array|IXR_Error */ - function blogger_getPost($args) { + public function blogger_getPost($args) { $this->escape($args); @@ -3742,13 +4034,14 @@ class wp_xmlrpc_server extends IXR_Server { if ( !current_user_can( 'edit_post', $post_ID ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) ); - do_action('xmlrpc_call', 'blogger.getPost'); + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ + do_action( 'xmlrpc_call', 'blogger.getPost' ); $categories = implode(',', wp_get_post_categories($post_ID)); - $content = '