X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/7688c6ba71852cd89123b62b2d57683535e4702a..177fd6fefd2e3d5a0ea6591c71d660cabdb3c1a4:/xmlrpc.php diff --git a/xmlrpc.php b/xmlrpc.php index 00fbc384..c04abed0 100644 --- a/xmlrpc.php +++ b/xmlrpc.php @@ -19,7 +19,6 @@ include('./wp-config.php'); if ( isset( $_GET['rsd'] ) ) { // http://archipelago.phrasewise.com/rsd header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true); - ?> '; ?> @@ -32,6 +31,7 @@ header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true); + " /> @@ -69,7 +69,6 @@ function starify($string) { if ( isset($HTTP_RAW_POST_DATA) ) logIO("I", $HTTP_RAW_POST_DATA); - class wp_xmlrpc_server extends IXR_Server { function wp_xmlrpc_server() { @@ -84,8 +83,12 @@ class wp_xmlrpc_server extends IXR_Server { 'wp.getAuthors' => 'this:wp_getAuthors', 'wp.getCategories' => 'this:mw_getCategories', // Alias 'wp.newCategory' => 'this:wp_newCategory', + 'wp.deleteCategory' => 'this:wp_deleteCategory', 'wp.suggestCategories' => 'this:wp_suggestCategories', 'wp.uploadFile' => 'this:mw_newMediaObject', // Alias + 'wp.getCommentCount' => 'this:wp_getCommentCount', + 'wp.getPostStatusList' => 'this:wp_getPostStatusList', + 'wp.getPageStatusList' => 'this:wp_getPageStatusList', // Blogger API 'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs', @@ -171,6 +174,49 @@ class wp_xmlrpc_server extends IXR_Server { } } + function get_custom_fields($post_id) { + $post_id = (int) $post_id; + + $custom_fields = array(); + + foreach ( (array) has_meta($post_id) as $meta ) { + // Don't expose protected fields. + if ( strpos($meta['meta_key'], '_wp_') === 0 ) { + continue; + } + + $custom_fields[] = array( + "id" => $meta['meta_id'], + "key" => $meta['meta_key'], + "value" => $meta['meta_value'] + ); + } + + return $custom_fields; + } + + function set_custom_fields($post_id, $fields) { + $post_id = (int) $post_id; + + foreach ( (array) $fields as $meta ) { + if ( isset($meta['id']) ) { + $meta['id'] = (int) $meta['id']; + + if ( isset($meta['key']) ) { + update_meta($meta['id'], $meta['key'], $meta['value']); + } + else { + delete_meta($meta['id']); + } + } + else { + $_POST['metakeyinput'] = $meta['key']; + $_POST['metavalue'] = $meta['value']; + add_meta($post_id); + } + } + } + /** * WordPress XML-RPC API * wp_getPage @@ -248,7 +294,8 @@ class wp_xmlrpc_server extends IXR_Server { "wp_page_order" => $page->menu_order, "wp_author_id" => $author->ID, "wp_author_display_name" => $author->display_name, - "date_created_gmt" => new IXR_Date($page_date_gmt) + "date_created_gmt" => new IXR_Date($page_date_gmt), + "custom_fields" => $this->get_custom_fields($page_id) ); return($page_struct); @@ -318,6 +365,8 @@ class wp_xmlrpc_server extends IXR_Server { return($this->error); } + do_action('xmlrpc_call', 'wp.newPage'); + // Set the user context and check if they are allowed // to add new pages. $user = set_current_user(0, $username); @@ -348,6 +397,8 @@ class wp_xmlrpc_server extends IXR_Server { return($this->error); } + do_action('xmlrpc_call', 'wp.deletePage'); + // Get the current page based on the page_id and // make sure it is a page and not a post. $actual_page = wp_get_single_post($page_id, ARRAY_A); @@ -390,6 +441,8 @@ class wp_xmlrpc_server extends IXR_Server { return($this->error); } + do_action('xmlrpc_call', 'wp.editPage'); + // Get the page data and make sure it is a page. $actual_page = wp_get_single_post($page_id, ARRAY_A); if( @@ -523,6 +576,8 @@ class wp_xmlrpc_server extends IXR_Server { return($this->error); } + do_action('xmlrpc_call', 'wp.newCategory'); + // Set the user context and make sure they are // allowed to add a category. set_current_user(0, $username); @@ -561,13 +616,38 @@ class wp_xmlrpc_server extends IXR_Server { return($cat_id); } + /** + * WordPress XML-RPC API + * wp_deleteCategory + */ + function wp_deleteCategory($args) { + $this->escape($args); + + $blog_id = (int) $args[0]; + $username = $args[1]; + $password = $args[2]; + $category_id = (int) $args[3]; + + if( !$this->login_pass_ok( $username, $password ) ) { + return $this->error; + } + + do_action('xmlrpc_call', 'wp.deleteCategory'); + + set_current_user(0, $username); + if( !current_user_can("manage_categories") ) { + return new IXR_Error( 401, __( "Sorry, you do not have the right to delete a category." ) ); + } + + return wp_delete_category( $category_id ); + } + + /** * WordPress XML-RPC API * wp_suggestCategories */ function wp_suggestCategories($args) { - global $wpdb; - $this->escape($args); $blog_id = (int) $args[0]; @@ -581,17 +661,89 @@ class wp_xmlrpc_server extends IXR_Server { } set_current_user(0, $username); - if( !current_user_can( 'edit_posts' ) ) - return new IXR_Error( 401, __( 'Sorry, you must be able to publish to this blog in order to view categories.' ) ); + if( !current_user_can( 'edit_posts' ) ) + return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts to this blog in order to view categories.' ) ); do_action('xmlrpc_call', 'wp.suggestCategories'); + $category_suggestions = array(); $args = array('get' => 'all', 'number' => $max_results, 'name__like' => $category); - $category_suggestions = get_categories($args); + foreach ( (array) get_categories($args) as $cat ) { + $category_suggestions[] = array( + "category_id" => $cat->cat_ID, + "category_name" => $cat->cat_name + ); + } return($category_suggestions); } + function wp_getCommentCount( $args ) { + $this->escape($args); + + $blog_id = (int) $args[0]; + $username = $args[1]; + $password = $args[2]; + $post_id = (int) $args[3]; + + if( !$this->login_pass_ok( $username, $password ) ) { + return new IXR_Error( 403, __( 'Bad login/pass combination.' ) ); + } + + set_current_user( 0, $username ); + if( !current_user_can( 'edit_posts' ) ) { + return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) ); + } + + do_action('xmlrpc_call', 'wp.getCommentCount'); + + return get_comment_count( $post_id ); + } + + + function wp_getPostStatusList( $args ) { + $this->escape( $args ); + + $blog_id = (int) $args[0]; + $username = $args[1]; + $password = $args[2]; + + if( !$this->login_pass_ok( $username, $password ) ) { + return new IXR_Error( 403, __( 'Bad login/pass combination.' ) ); + } + + set_current_user( 0, $username ); + if( !current_user_can( 'edit_posts' ) ) { + return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); + } + + do_action('xmlrpc_call', 'wp.getPostStatusList'); + + return get_post_statuses( ); + } + + + function wp_getPageStatusList( $args ) { + $this->escape( $args ); + + $blog_id = (int) $args[0]; + $username = $args[1]; + $password = $args[2]; + + if( !$this->login_pass_ok( $username, $password ) ) { + return new IXR_Error( 403, __( 'Bad login/pass combination.' ) ); + } + + set_current_user( 0, $username ); + if( !current_user_can( 'edit_posts' ) ) { + return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); + } + + do_action('xmlrpc_call', 'wp.getPageStatusList'); + + return get_page_statuses( ); + } + /* Blogger API functions * specs on http://plant.blogger.com/api and http://groups.yahoo.com/group/bloggerDev/ @@ -610,6 +762,8 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + do_action('xmlrpc_call', 'blogger.getUsersBlogs'); + set_current_user(0, $user_login); $is_admin = current_user_can('level_8'); @@ -637,7 +791,7 @@ class wp_xmlrpc_server extends IXR_Server { } set_current_user( 0, $user_login ); - if( !current_user_can( 'edit_posts' ) ) + if( !current_user_can( 'edit_posts' ) ) return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) ); do_action('xmlrpc_call', 'blogger.getUserInfo'); @@ -670,7 +824,7 @@ class wp_xmlrpc_server extends IXR_Server { } set_current_user( 0, $user_login ); - if( !current_user_can( 'edit_post', $post_ID ) ) + if( !current_user_can( 'edit_post', $post_ID ) ) return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); do_action('xmlrpc_call', 'blogger.getPost'); @@ -697,8 +851,6 @@ class wp_xmlrpc_server extends IXR_Server { /* blogger.getRecentPosts ...gets recent posts */ function blogger_getRecentPosts($args) { - global $wpdb; - $this->escape($args); $blog_ID = (int) $args[1]; /* though we don't use it yet */ @@ -710,6 +862,8 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + do_action('xmlrpc_call', 'blogger.getRecentPosts'); + $posts_list = wp_get_recent_posts($num_posts); set_current_user( 0, $user_login ); @@ -762,6 +916,8 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + do_action('xmlrpc_call', 'blogger.getTemplate'); + set_current_user(0, $user_login); if ( !current_user_can('edit_themes') ) { return new IXR_Error(401, __('Sorry, this user can not edit the template.')); @@ -787,170 +943,170 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($args); - $blog_ID = (int) $args[1]; - $user_login = $args[2]; - $user_pass = $args[3]; - $content = $args[4]; - $template = $args[5]; /* could be 'main' or 'archiveIndex', but we don't use it */ + $blog_ID = (int) $args[1]; + $user_login = $args[2]; + $user_pass = $args[3]; + $content = $args[4]; + $template = $args[5]; /* could be 'main' or 'archiveIndex', but we don't use it */ - if (!$this->login_pass_ok($user_login, $user_pass)) { - return $this->error; - } + if (!$this->login_pass_ok($user_login, $user_pass)) { + return $this->error; + } - set_current_user(0, $user_login); - if ( !current_user_can('edit_themes') ) { - return new IXR_Error(401, __('Sorry, this user can not edit the template.')); - } + do_action('xmlrpc_call', 'blogger.setTemplate'); - /* warning: here we make the assumption that the blog's URL is on the same server */ - $filename = get_option('home') . '/'; - $filename = preg_replace('#https?://.+?/#', $_SERVER['DOCUMENT_ROOT'].'/', $filename); + set_current_user(0, $user_login); + if ( !current_user_can('edit_themes') ) { + return new IXR_Error(401, __('Sorry, this user can not edit the template.')); + } - if ($f = fopen($filename, 'w+')) { - fwrite($f, $content); - fclose($f); - } else { - return new IXR_Error(500, __('Either the file is not writable, or something wrong happened. The file has not been updated.')); - } + /* warning: here we make the assumption that the blog's URL is on the same server */ + $filename = get_option('home') . '/'; + $filename = preg_replace('#https?://.+?/#', $_SERVER['DOCUMENT_ROOT'].'/', $filename); - return true; + if ($f = fopen($filename, 'w+')) { + fwrite($f, $content); + fclose($f); + } else { + return new IXR_Error(500, __('Either the file is not writable, or something wrong happened. The file has not been updated.')); + } + + return true; } /* blogger.newPost ...creates a new post */ function blogger_newPost($args) { - global $wpdb; - $this->escape($args); - $blog_ID = (int) $args[1]; /* though we don't use it yet */ - $user_login = $args[2]; - $user_pass = $args[3]; - $content = $args[4]; - $publish = $args[5]; + $blog_ID = (int) $args[1]; /* though we don't use it yet */ + $user_login = $args[2]; + $user_pass = $args[3]; + $content = $args[4]; + $publish = $args[5]; - if (!$this->login_pass_ok($user_login, $user_pass)) { - return $this->error; - } + if (!$this->login_pass_ok($user_login, $user_pass)) { + return $this->error; + } - $cap = ($publish) ? 'publish_posts' : 'edit_posts'; - $user = set_current_user(0, $user_login); - if ( !current_user_can($cap) ) - return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.')); + do_action('xmlrpc_call', 'blogger.newPost'); - $post_status = ($publish) ? 'publish' : 'draft'; + $cap = ($publish) ? 'publish_posts' : 'edit_posts'; + $user = set_current_user(0, $user_login); + if ( !current_user_can($cap) ) + return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.')); - $post_author = $user->ID; + $post_status = ($publish) ? 'publish' : 'draft'; - $post_title = xmlrpc_getposttitle($content); - $post_category = xmlrpc_getpostcategory($content); - $post_content = xmlrpc_removepostdata($content); + $post_author = $user->ID; - $post_date = current_time('mysql'); - $post_date_gmt = current_time('mysql', 1); + $post_title = xmlrpc_getposttitle($content); + $post_category = xmlrpc_getpostcategory($content); + $post_content = xmlrpc_removepostdata($content); - $post_data = compact('blog_ID', 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status'); + $post_date = current_time('mysql'); + $post_date_gmt = current_time('mysql', 1); - $post_ID = wp_insert_post($post_data); - if ( is_wp_error( $post_ID ) ) - return new IXR_Error(500, $post_ID->get_error_message()); + $post_data = compact('blog_ID', 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status'); - if (!$post_ID) { - return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.')); - } - $this->attach_uploads( $post_ID, $post_content ); + $post_ID = wp_insert_post($post_data); + if ( is_wp_error( $post_ID ) ) + return new IXR_Error(500, $post_ID->get_error_message()); - logIO('O', "Posted ! ID: $post_ID"); + if (!$post_ID) + return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.')); - return $post_ID; - } + $this->attach_uploads( $post_ID, $post_content ); + + logIO('O', "Posted ! ID: $post_ID"); + return $post_ID; + } /* blogger.editPost ...edits a post */ function blogger_editPost($args) { - global $wpdb; - $this->escape($args); - $post_ID = (int) $args[1]; - $user_login = $args[2]; - $user_pass = $args[3]; - $content = $args[4]; - $publish = $args[5]; + $post_ID = (int) $args[1]; + $user_login = $args[2]; + $user_pass = $args[3]; + $content = $args[4]; + $publish = $args[5]; - if (!$this->login_pass_ok($user_login, $user_pass)) { - return $this->error; - } + if (!$this->login_pass_ok($user_login, $user_pass)) { + return $this->error; + } - $actual_post = wp_get_single_post($post_ID,ARRAY_A); + do_action('xmlrpc_call', 'blogger.editPost'); - if (!$actual_post) { - return new IXR_Error(404, __('Sorry, no such post.')); - } + $actual_post = wp_get_single_post($post_ID,ARRAY_A); + + if (!$actual_post) { + return new IXR_Error(404, __('Sorry, no such post.')); + } $this->escape($actual_post); - set_current_user(0, $user_login); - if ( !current_user_can('edit_post', $post_ID) ) - return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); + set_current_user(0, $user_login); + if ( !current_user_can('edit_post', $post_ID) ) + return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); - extract($actual_post, EXTR_SKIP); + extract($actual_post, EXTR_SKIP); - if ( ('publish' == $post_status) && !current_user_can('publish_posts') ) - return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); + if ( ('publish' == $post_status) && !current_user_can('publish_posts') ) + return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); - $post_title = xmlrpc_getposttitle($content); - $post_category = xmlrpc_getpostcategory($content); - $post_content = xmlrpc_removepostdata($content); + $post_title = xmlrpc_getposttitle($content); + $post_category = xmlrpc_getpostcategory($content); + $post_content = xmlrpc_removepostdata($content); - $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt'); + $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt'); - $result = wp_update_post($postdata); + $result = wp_update_post($postdata); - if (!$result) { - return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be edited.')); - } - $this->attach_uploads( $ID, $post_content ); + if (!$result) { + return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be edited.')); + } + $this->attach_uploads( $ID, $post_content ); - return true; + return true; } /* blogger.deletePost ...deletes a post */ function blogger_deletePost($args) { - - global $wpdb; - $this->escape($args); - $post_ID = (int) $args[1]; - $user_login = $args[2]; - $user_pass = $args[3]; - $publish = $args[4]; + $post_ID = (int) $args[1]; + $user_login = $args[2]; + $user_pass = $args[3]; + $publish = $args[4]; - if (!$this->login_pass_ok($user_login, $user_pass)) { - return $this->error; - } + if (!$this->login_pass_ok($user_login, $user_pass)) { + return $this->error; + } - $actual_post = wp_get_single_post($post_ID,ARRAY_A); + do_action('xmlrpc_call', 'blogger.deletePost'); - if (!$actual_post) { - return new IXR_Error(404, __('Sorry, no such post.')); - } + $actual_post = wp_get_single_post($post_ID,ARRAY_A); - set_current_user(0, $user_login); - if ( !current_user_can('edit_post', $post_ID) ) - return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.')); + if (!$actual_post) { + return new IXR_Error(404, __('Sorry, no such post.')); + } - $result = wp_delete_post($post_ID); + set_current_user(0, $user_login); + if ( !current_user_can('edit_post', $post_ID) ) + return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.')); - if (!$result) { - return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be deleted.')); - } + $result = wp_delete_post($post_ID); + + if (!$result) { + return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be deleted.')); + } - return true; + return true; } @@ -961,33 +1117,41 @@ class wp_xmlrpc_server extends IXR_Server { /* metaweblog.newPost creates a post */ function mw_newPost($args) { - - global $wpdb, $post_default_category; - $this->escape($args); - $blog_ID = (int) $args[0]; // we will support this in the near future - $user_login = $args[1]; - $user_pass = $args[2]; - $content_struct = $args[3]; - $publish = $args[4]; + $blog_ID = (int) $args[0]; // we will support this in the near future + $user_login = $args[1]; + $user_pass = $args[2]; + $content_struct = $args[3]; + $publish = $args[4]; - if (!$this->login_pass_ok($user_login, $user_pass)) { - return $this->error; - } + if (!$this->login_pass_ok($user_login, $user_pass)) { + return $this->error; + } + $user = set_current_user(0, $user_login); - $cap = ($publish) ? 'publish_posts' : 'edit_posts'; - $user = set_current_user(0, $user_login); - if ( !current_user_can($cap) ) - return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.')); + do_action('xmlrpc_call', 'metaWeblog.newPost'); - // The post_type defaults to post, but could also be page. - $post_type = "post"; - if( - !empty($content_struct["post_type"]) - && ($content_struct["post_type"] == "page") - ) { - $post_type = "page"; + $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; + $error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' ); + $post_type = 'post'; + if( !empty( $content_struct['post_type'] ) ) { + if( $content_struct['post_type'] == 'page' ) { + $cap = ( $publish ) ? 'publish_pages' : 'edit_pages'; + $error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' ); + $post_type = 'page'; + } + elseif( $content_struct['post_type'] == 'post' ) { + // This is the default, no changes needed + } + else { + // No other post_type values are allowed here + return new IXR_Error( 401, __( 'Invalid post type.' ) ); + } + } + + if( !current_user_can( $cap ) ) { + return new IXR_Error( 401, $error_message ); } // Let WordPress generate the post_name (slug) unless @@ -1012,7 +1176,7 @@ class wp_xmlrpc_server extends IXR_Server { $menu_order = $content_struct["wp_page_order"]; } - $post_author = $user->ID; + $post_author = $user->ID; // If an author id was provided then use it instead. if( @@ -1037,12 +1201,32 @@ class wp_xmlrpc_server extends IXR_Server { $post_author = $content_struct["wp_author_id"]; } - $post_title = $content_struct['title']; - $post_content = apply_filters( 'content_save_pre', $content_struct['description'] ); - $post_status = $publish ? 'publish' : 'draft'; + $post_title = $content_struct['title']; + $post_content = apply_filters( 'content_save_pre', $content_struct['description'] ); + + $post_status = $publish ? 'publish' : 'draft'; + + if( isset( $content_struct["{$post_type}_status"] ) ) { + switch( $content_struct["{$post_type}_status"] ) { + case 'draft': + case 'private': + case 'publish': + $post_status = $content_struct["{$post_type}_status"]; + break; + case 'pending': + // Pending is only valid for posts, not pages. + if( $post_type === 'post' ) { + $post_status = $content_struct["{$post_type}_status"]; + } + break; + default: + $post_status = $publish ? 'publish' : 'draft'; + break; + } + } - $post_excerpt = $content_struct['mt_excerpt']; - $post_more = $content_struct['mt_text_more']; + $post_excerpt = $content_struct['mt_excerpt']; + $post_more = $content_struct['mt_text_more']; $tags_input = $content_struct['mt_keywords']; @@ -1063,6 +1247,7 @@ class wp_xmlrpc_server extends IXR_Server { else { switch((int) $content_struct["mt_allow_comments"]) { case 0: + case 2: $comment_status = "closed"; break; case 1: @@ -1110,18 +1295,21 @@ class wp_xmlrpc_server extends IXR_Server { $ping_status = get_option("default_ping_status"); } - if ($post_more) { - $post_content = $post_content . "\n\n" . $post_more; - } + if ($post_more) { + $post_content = $post_content . "\n\n" . $post_more; + } - $to_ping = $content_struct['mt_tb_ping_urls']; - if ( is_array($to_ping) ) - $to_ping = implode(' ', $to_ping); + $to_ping = $content_struct['mt_tb_ping_urls']; + if ( is_array($to_ping) ) + $to_ping = implode(' ', $to_ping); // Do some timestamp voodoo - $dateCreatedd = $content_struct['dateCreated']; - if (!empty($dateCreatedd)) { - $dateCreated = $dateCreatedd->getIso(); + if ( !empty( $content_struct['date_created_gmt'] ) ) + $dateCreated = str_replace( 'Z', '', $content_struct['date_created_gmt']->getIso() ) . 'Z'; // We know this is supposed to be GMT, so we're going to slap that Z on there by force + elseif ( !empty( $content_struct['dateCreated']) ) + $dateCreated = $content_struct['dateCreated']->getIso(); + + if ( !empty( $dateCreated ) ) { $post_date = get_date_from_gmt(iso8601_to_datetime($dateCreated)); $post_date_gmt = iso8601_to_datetime($dateCreated, GMT); } else { @@ -1129,32 +1317,36 @@ class wp_xmlrpc_server extends IXR_Server { $post_date_gmt = current_time('mysql', 1); } - $catnames = $content_struct['categories']; - logIO('O', 'Post cats: ' . printr($catnames,true)); - $post_category = array(); + $catnames = $content_struct['categories']; + logIO('O', 'Post cats: ' . var_export($catnames,true)); + $post_category = array(); - if (is_array($catnames)) { - foreach ($catnames as $cat) { - $post_category[] = get_cat_ID($cat); - } - } + if (is_array($catnames)) { + foreach ($catnames as $cat) { + $post_category[] = get_cat_ID($cat); + } + } - // We've got all the data -- post it: - $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping', 'post_type', 'post_name', 'post_password', 'post_parent', 'menu_order', 'tags_input'); + // We've got all the data -- post it: + $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping', 'post_type', 'post_name', 'post_password', 'post_parent', 'menu_order', 'tags_input'); - $post_ID = wp_insert_post($postdata); - if ( is_wp_error( $post_ID ) ) - return new IXR_Error(500, $post_ID->get_error_message()); + $post_ID = wp_insert_post($postdata); + if ( is_wp_error( $post_ID ) ) + return new IXR_Error(500, $post_ID->get_error_message()); - if (!$post_ID) { - return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.')); - } + if (!$post_ID) { + return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.')); + } - $this->attach_uploads( $post_ID, $post_content ); + if ( isset($content_struct['custom_fields']) ) { + $this->set_custom_fields($post_ID, $content_struct['custom_fields']); + } + + $this->attach_uploads( $post_ID, $post_content ); - logIO('O', "Posted ! ID: $post_ID"); + logIO('O', "Posted ! ID: $post_ID"); - return strval($post_ID); + return strval($post_ID); } function attach_uploads( $post_ID, $post_content ) { @@ -1174,36 +1366,44 @@ class wp_xmlrpc_server extends IXR_Server { /* metaweblog.editPost ...edits a post */ function mw_editPost($args) { - global $wpdb, $post_default_category; - $this->escape($args); - $post_ID = (int) $args[0]; - $user_login = $args[1]; - $user_pass = $args[2]; - $content_struct = $args[3]; - $publish = $args[4]; - - if (!$this->login_pass_ok($user_login, $user_pass)) { - return $this->error; - } + $post_ID = (int) $args[0]; + $user_login = $args[1]; + $user_pass = $args[2]; + $content_struct = $args[3]; + $publish = $args[4]; + if (!$this->login_pass_ok($user_login, $user_pass)) { + return $this->error; + } $user = set_current_user(0, $user_login); - // The post_type defaults to post, but could also be page. - $post_type = "post"; - if( - !empty($content_struct["post_type"]) - && ($content_struct["post_type"] == "page") - ) { - $post_type = "page"; + do_action('xmlrpc_call', 'metaWeblog.editPost'); + + $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; + $error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' ); + $post_type = 'post'; + if( !empty( $content_struct['post_type'] ) ) { + if( $content_struct['post_type'] == 'page' ) { + $cap = ( $publish ) ? 'publish_pages' : 'edit_pages'; + $error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' ); + $post_type = 'page'; + } + elseif( $content_struct['post_type'] == 'post' ) { + // This is the default, no changes needed + } + else { + // No other post_type values are allowed here + return new IXR_Error( 401, __( 'Invalid post type.' ) ); + } } - // Edit page caps are checked in editPage. Just check post here. - if ( ( 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) ) - return new IXR_Error(401, __('Sorry, you can not edit this post.')); + if( !current_user_can( $cap ) ) { + return new IXR_Error( 401, $error_message ); + } - $postdata = wp_get_single_post($post_ID, ARRAY_A); + $postdata = wp_get_single_post($post_ID, ARRAY_A); // If there is no post data for the give post id, stop // now and return an error. Other wise a new post will be @@ -1278,6 +1478,7 @@ class wp_xmlrpc_server extends IXR_Server { else { switch((int) $content_struct["mt_allow_comments"]) { case 0: + case 2: $comment_status = "closed"; break; case 1: @@ -1319,70 +1520,95 @@ class wp_xmlrpc_server extends IXR_Server { } } - $post_title = $content_struct['title']; - $post_content = apply_filters( 'content_save_pre', $content_struct['description'] ); - $catnames = $content_struct['categories']; + $post_title = $content_struct['title']; + $post_content = apply_filters( 'content_save_pre', $content_struct['description'] ); + $catnames = $content_struct['categories']; - $post_category = array(); + $post_category = array(); - if (is_array($catnames)) { - foreach ($catnames as $cat) { - $post_category[] = get_cat_ID($cat); - } - } + if (is_array($catnames)) { + foreach ($catnames as $cat) { + $post_category[] = get_cat_ID($cat); + } + } - $post_excerpt = $content_struct['mt_excerpt']; - $post_more = $content_struct['mt_text_more']; - $post_status = $publish ? 'publish' : 'draft'; + $post_excerpt = $content_struct['mt_excerpt']; + $post_more = $content_struct['mt_text_more']; - $tags_input = $content_struct['mt_keywords']; + $post_status = $publish ? 'publish' : 'draft'; + if( isset( $content_struct["{$post_type}_status"] ) ) { + switch( $content_struct["{$post_type}_status"] ) { + case 'draft': + case 'private': + case 'publish': + $post_status = $content_struct["{$post_type}_status"]; + break; + case 'pending': + // Pending is only valid for posts, not pages. + if( $post_type === 'post' ) { + $post_status = $content_struct["{$post_type}_status"]; + } + break; + default: + $post_status = $publish ? 'publish' : 'draft'; + break; + } + } - if ( ('publish' == $post_status) ) { - if ( ( 'page' == $post_type ) && !current_user_can('publish_pages') ) - return new IXR_Error(401, __('Sorry, you do not have the right to publish this page.')); - else if ( !current_user_can('publish_posts') ) - return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); - } + $tags_input = $content_struct['mt_keywords']; - if ($post_more) { - $post_content = $post_content . "\n\n" . $post_more; - } + if ( ('publish' == $post_status) ) { + if ( ( 'page' == $post_type ) && !current_user_can('publish_pages') ) + return new IXR_Error(401, __('Sorry, you do not have the right to publish this page.')); + else if ( !current_user_can('publish_posts') ) + return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); + } - $to_ping = $content_struct['mt_tb_ping_urls']; - if ( is_array($to_ping) ) - $to_ping = implode(' ', $to_ping); - - // Do some timestamp voodoo - $dateCreatedd = $content_struct['dateCreated']; - if (!empty($dateCreatedd)) { - $dateCreated = $dateCreatedd->getIso(); - $post_date = get_date_from_gmt(iso8601_to_datetime($dateCreated)); - $post_date_gmt = iso8601_to_datetime($dateCreated . "Z", GMT); - } else { - $post_date = $postdata['post_date']; - $post_date_gmt = $postdata['post_date_gmt']; - } + if ($post_more) { + $post_content = $post_content . "\n\n" . $post_more; + } - // We've got all the data -- post it: - $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt', 'to_ping', 'post_name', 'post_password', 'post_parent', 'menu_order', 'post_author', 'tags_input'); + $to_ping = $content_struct['mt_tb_ping_urls']; + if ( is_array($to_ping) ) + $to_ping = implode(' ', $to_ping); - $result = wp_update_post($newpost); - if (!$result) { - return new IXR_Error(500, __('Sorry, your entry could not be edited. Something wrong happened.')); - } - $this->attach_uploads( $ID, $post_content ); + // Do some timestamp voodoo + if ( !empty( $content_struct['date_created_gmt'] ) ) + $dateCreated = str_replace( 'Z', '', $content_struct['date_created_gmt']->getIso() ) . 'Z'; // We know this is supposed to be GMT, so we're going to slap that Z on there by force + elseif ( !empty( $content_struct['dateCreated']) ) + $dateCreated = $content_struct['dateCreated']->getIso(); - logIO('O',"(MW) Edited ! ID: $post_ID"); + if ( !empty( $dateCreated ) ) { + $post_date = get_date_from_gmt(iso8601_to_datetime($dateCreated)); + $post_date_gmt = iso8601_to_datetime($dateCreated, GMT); + } else { + $post_date = $postdata['post_date']; + $post_date_gmt = $postdata['post_date_gmt']; + } - return true; + // We've got all the data -- post it: + $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt', 'to_ping', 'post_name', 'post_password', 'post_parent', 'menu_order', 'post_author', 'tags_input'); + + $result = wp_update_post($newpost); + if (!$result) { + return new IXR_Error(500, __('Sorry, your entry could not be edited. Something wrong happened.')); + } + + if ( isset($content_struct['custom_fields']) ) { + $this->set_custom_fields($post_ID, $content_struct['custom_fields']); + } + + $this->attach_uploads( $ID, $post_content ); + + logIO('O',"(MW) Edited ! ID: $post_ID"); + + return true; } /* metaweblog.getPost ...returns a post */ function mw_getPost($args) { - global $wpdb; - $this->escape($args); $post_ID = (int) $args[0]; @@ -1407,16 +1633,14 @@ class wp_xmlrpc_server extends IXR_Server { $categories = array(); $catids = wp_get_post_categories($post_ID); - foreach($catids as $catid) { + foreach($catids as $catid) $categories[] = get_cat_name($catid); - } $tagnames = array(); $tags = wp_get_post_tags( $post_ID ); if ( !empty( $tags ) ) { - foreach ( $tags as $tag ) { + foreach ( $tags as $tag ) $tagnames[] = $tag->name; - } $tagnames = implode( ', ', $tagnames ); } else { $tagnames = ''; @@ -1431,8 +1655,13 @@ class wp_xmlrpc_server extends IXR_Server { $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; + // Consider future posts as published + if( $postdata['post_status'] === 'future' ) { + $postdata['post_status'] = 'publish'; + } + $resp = array( - 'dateCreated' => new IXR_Date($post_date), + 'dateCreated' => new IXR_Date($post_date), 'userid' => $postdata['post_author'], 'postid' => $postdata['ID'], 'description' => $post['main'], @@ -1451,7 +1680,9 @@ class wp_xmlrpc_server extends IXR_Server { 'wp_password' => $postdata['post_password'], 'wp_author_id' => $author->ID, 'wp_author_display_name' => $author->display_name, - 'date_created_gmt' => new IXR_Date($post_date_gmt) + 'date_created_gmt' => new IXR_Date($post_date_gmt), + 'post_status' => $postdata['post_status'], + 'custom_fields' => $this->get_custom_fields($post_ID) ); return $resp; @@ -1475,6 +1706,8 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + do_action('xmlrpc_call', 'metaWeblog.getRecentPosts'); + $posts_list = wp_get_recent_posts($num_posts); if (!$posts_list) { @@ -1517,6 +1750,11 @@ class wp_xmlrpc_server extends IXR_Server { $allow_comments = ('open' == $entry['comment_status']) ? 1 : 0; $allow_pings = ('open' == $entry['ping_status']) ? 1 : 0; + // Consider future posts as published + if( $entry['post_status'] === 'future' ) { + $entry['post_status'] = 'publish'; + } + $struct[] = array( 'dateCreated' => new IXR_Date($post_date), 'userid' => $entry['post_author'], @@ -1537,7 +1775,9 @@ class wp_xmlrpc_server extends IXR_Server { 'wp_password' => $entry['post_password'], 'wp_author_id' => $author->ID, 'wp_author_display_name' => $author->display_name, - 'date_created_gmt' => new IXR_Date($post_date_gmt) + 'date_created_gmt' => new IXR_Date($post_date_gmt), + 'post_status' => $entry['post_status'], + 'custom_fields' => $this->get_custom_fields($entry['ID']) ); } @@ -1554,8 +1794,6 @@ class wp_xmlrpc_server extends IXR_Server { /* metaweblog.getCategories ...returns the list of categories on a given blog */ function mw_getCategories($args) { - global $wpdb; - $this->escape($args); $blog_ID = (int) $args[0]; @@ -1612,6 +1850,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !$this->login_pass_ok($user_login, $user_pass) ) return $this->error; + do_action('xmlrpc_call', 'metaWeblog.newMediaObject'); + set_current_user(0, $user_login); if ( !current_user_can('upload_files') ) { logIO('O', '(MW) User does not have upload_files capability'); @@ -1640,7 +1880,7 @@ class wp_xmlrpc_server extends IXR_Server { $name = "wpid{$old_file->ID}-{$filename}"; } - $upload = wp_upload_bits($name, $type, $bits, $overwrite); + $upload = wp_upload_bits($name, $type, $bits); if ( ! empty($upload['error']) ) { $errorString = sprintf(__('Could not write file %1$s (%2$s)'), $name, $upload['error']); logIO('O', '(MW) ' . $errorString); @@ -1684,6 +1924,8 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + do_action('xmlrpc_call', 'mt.getRecentPostTitles'); + $posts_list = wp_get_recent_posts($num_posts); if (!$posts_list) { @@ -1694,7 +1936,7 @@ class wp_xmlrpc_server extends IXR_Server { set_current_user( 0, $user_login ); foreach ($posts_list as $entry) { - if( !current_user_can( 'edit_post', $entry['ID'] ) ) + if( !current_user_can( 'edit_post', $entry['ID'] ) ) continue; $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); @@ -1722,8 +1964,6 @@ class wp_xmlrpc_server extends IXR_Server { /* mt.getCategoryList ...returns the list of categories on a given blog */ function mt_getCategoryList($args) { - global $wpdb; - $this->escape($args); $blog_ID = (int) $args[0]; @@ -1805,6 +2045,8 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + do_action('xmlrpc_call', 'mt.setPostCategories'); + set_current_user(0, $user_login); if ( !current_user_can('edit_post', $post_ID) ) return new IXR_Error(401, __('Sorry, you can not edit this post.')); @@ -1822,6 +2064,8 @@ class wp_xmlrpc_server extends IXR_Server { /* mt.supportedMethods ...returns an array of methods supported by this server */ function mt_supportedMethods($args) { + do_action('xmlrpc_call', 'mt.supportedMethods'); + $supported_methods = array(); foreach($this->methods as $key=>$value) { $supported_methods[] = $key; @@ -1834,6 +2078,7 @@ class wp_xmlrpc_server extends IXR_Server { /* mt.supportedTextFilters ...returns an empty array because we don't support per-post text filters yet */ function mt_supportedTextFilters($args) { + do_action('xmlrpc_call', 'mt.supportedTextFilters'); return apply_filters('xmlrpc_text_filters', array()); } @@ -1845,6 +2090,8 @@ class wp_xmlrpc_server extends IXR_Server { $post_ID = intval($args); + do_action('xmlrpc_call', 'mt.getTrackbackPings'); + $actual_post = wp_get_single_post($post_ID, ARRAY_A); if (!$actual_post) { @@ -1887,6 +2134,8 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } + do_action('xmlrpc_call', 'mt.publishPost'); + set_current_user(0, $user_login); if ( !current_user_can('edit_post', $post_ID) ) return new IXR_Error(401, __('Sorry, you can not edit this post.')); @@ -1913,7 +2162,9 @@ class wp_xmlrpc_server extends IXR_Server { /* pingback.ping gets a pingback and registers it */ function pingback_ping($args) { - global $wpdb, $wp_version; + global $wpdb; + + do_action('xmlrpc_call', 'pingback.ping'); $this->escape($args); @@ -1926,12 +2177,10 @@ class wp_xmlrpc_server extends IXR_Server { $pagelinkedto = str_replace('&', '&', $pagelinkedto); $pagelinkedto = str_replace('&', '&', $pagelinkedto); - $error_code = -1; - // Check if the page linked to is in our site $pos1 = strpos($pagelinkedto, str_replace(array('http://www.','http://','https://www.','https://'), '', get_option('home'))); if( !$pos1 ) - return new IXR_Error(0, __('Is there no link to us?')); + return new IXR_Error(0, __('Is there no link to us?')); // let's find which post is linked to // FIXME: does url_to_postid() cover all these cases already? @@ -1991,7 +2240,7 @@ class wp_xmlrpc_server extends IXR_Server { return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); // Let's check that the remote site didn't already pingback this entry - $result = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_ID' AND comment_author_url = '$pagelinkedfrom'"); + $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_ID' AND comment_author_url = '$pagelinkedfrom'"); if ( $wpdb->num_rows ) // We already have a Pingback from this URL return new IXR_Error(48, __('The pingback has already been registered.')); @@ -2004,6 +2253,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !$linea ) return new IXR_Error(16, __('The source URL does not exist.')); + $linea = apply_filters('pre_remote_source', $linea, $pagelinkedto); + // Work around bug in strip_tags(): $linea = str_replace('escape( $pagelinkedfrom ); - $original_title = $title; $comment_post_ID = (int) $post_ID; $comment_author = $title; @@ -2081,6 +2330,8 @@ class wp_xmlrpc_server extends IXR_Server { global $wpdb; + do_action('xmlrpc_call', 'pingback.extensions.getPingsbacks'); + $this->escape($args); $url = $args;