X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/7688c6ba71852cd89123b62b2d57683535e4702a..38ca813a0e312e2768e5b9519f0415cd0aa84781:/wp-app.php
diff --git a/wp-app.php b/wp-app.php
index e0fdaf32..ec35b412 100644
--- a/wp-app.php
+++ b/wp-app.php
@@ -1,25 +1,56 @@
ID) )
- return $current_user;
-
- $current_user = new WP_User($id, $name);
-
- return $current_user;
-}
-endif;
-
+/**
+ * Filter to add more post statuses.
+ *
+ * @since 2.2.0
+ *
+ * @param string $where SQL statement to filter.
+ * @return string Filtered SQL statement with added post_status for where clause.
+ */
function wa_posts_where_include_drafts_filter($where) {
- $where = str_replace("post_status = 'publish'","post_status = 'publish' OR post_status = 'future' OR post_status = 'draft' OR post_status = 'inherit'", $where);
- return $where;
+ $where = str_replace("post_status = 'publish'","post_status = 'publish' OR post_status = 'future' OR post_status = 'draft' OR post_status = 'inherit'", $where);
+ return $where;
}
add_filter('posts_where', 'wa_posts_where_include_drafts_filter');
+/**
+ * WordPress AtomPub API implementation.
+ *
+ * @package WordPress
+ * @subpackage Publishing
+ * @since 2.2.0
+ */
class AtomServer {
+ /**
+ * ATOM content type.
+ *
+ * @since 2.2.0
+ * @var string
+ */
var $ATOM_CONTENT_TYPE = 'application/atom+xml';
+
+ /**
+ * Categories ATOM content type.
+ *
+ * @since 2.2.0
+ * @var string
+ */
var $CATEGORIES_CONTENT_TYPE = 'application/atomcat+xml';
+
+ /**
+ * Service ATOM content type.
+ *
+ * @since 2.3.0
+ * @var string
+ */
var $SERVICE_CONTENT_TYPE = 'application/atomsvc+xml';
+ /**
+ * ATOM XML namespace.
+ *
+ * @since 2.3.0
+ * @var string
+ */
var $ATOM_NS = 'http://www.w3.org/2005/Atom';
+
+ /**
+ * ATOMPUB XML namespace.
+ *
+ * @since 2.3.0
+ * @var string
+ */
var $ATOMPUB_NS = 'http://www.w3.org/2007/app';
+ /**
+ * Entries path.
+ *
+ * @since 2.2.0
+ * @var string
+ */
var $ENTRIES_PATH = "posts";
+
+ /**
+ * Categories path.
+ *
+ * @since 2.2.0
+ * @var string
+ */
var $CATEGORIES_PATH = "categories";
+
+ /**
+ * Media path.
+ *
+ * @since 2.2.0
+ * @var string
+ */
var $MEDIA_PATH = "attachments";
+
+ /**
+ * Entry path.
+ *
+ * @since 2.2.0
+ * @var string
+ */
var $ENTRY_PATH = "post";
+
+ /**
+ * Service path.
+ *
+ * @since 2.2.0
+ * @var string
+ */
var $SERVICE_PATH = "service";
+
+ /**
+ * Media single path.
+ *
+ * @since 2.2.0
+ * @var string
+ */
var $MEDIA_SINGLE_PATH = "attachment";
+ /**
+ * ATOMPUB parameters.
+ *
+ * @since 2.2.0
+ * @var array
+ */
var $params = array();
- var $script_name = "wp-app.php";
+
+ /**
+ * Supported ATOMPUB media types.
+ *
+ * @since 2.3.0
+ * @var array
+ */
var $media_content_types = array('image/*','audio/*','video/*');
+
+ /**
+ * ATOMPUB content type(s).
+ *
+ * @since 2.2.0
+ * @var array
+ */
var $atom_content_types = array('application/atom+xml');
+ /**
+ * ATOMPUB methods.
+ *
+ * @since 2.2.0
+ * @var unknown_type
+ */
var $selectors = array();
- // support for head
+ /**
+ * Whether to do output.
+ *
+ * Support for head.
+ *
+ * @since 2.2.0
+ * @var bool
+ */
var $do_output = true;
- function AtomServer() {
+ /**
+ * Constructor - Sets up object properties.
+ *
+ * @since 2.2.0
+ * @return AtomServer
+ */
+ function __construct() {
- $this->script_name = array_pop(explode('/',$_SERVER['SCRIPT_NAME']));
+ $this->script_name = array_pop( explode( '/', $_SERVER['SCRIPT_NAME'] ) );
+ $this->app_base = site_url( $this->script_name . '/' );
$this->selectors = array(
'@/service$@' =>
@@ -106,10 +252,19 @@ class AtomServer {
);
}
+ /**
+ * Handle ATOMPUB request.
+ *
+ * @since 2.2.0
+ */
function handle_request() {
global $always_authenticate;
- $path = $_SERVER['PATH_INFO'];
+ if ( !empty( $_SERVER['ORIG_PATH_INFO'] ) )
+ $path = $_SERVER['ORIG_PATH_INFO'];
+ else
+ $path = $_SERVER['PATH_INFO'];
+
$method = $_SERVER['REQUEST_METHOD'];
log_app('REQUEST',"$method $path\n================");
@@ -118,38 +273,38 @@ class AtomServer {
//$this->process_conditionals();
// exception case for HEAD (treat exactly as GET, but don't output)
- if($method == 'HEAD') {
+ if ($method == 'HEAD') {
$this->do_output = false;
$method = 'GET';
}
// redirect to /service in case no path is found.
- if(strlen($path) == 0 || $path == '/') {
+ if (strlen($path) == 0 || $path == '/')
$this->redirect($this->get_service_url());
- }
+
+ // check to see if AtomPub is enabled
+ if ( !get_option( 'enable_app' ) )
+ $this->forbidden( sprintf( __( 'AtomPub services are disabled on this site. An admin user can enable them at %s' ), admin_url('options-writing.php') ) );
// dispatch
- foreach($this->selectors as $regex => $funcs) {
- if(preg_match($regex, $path, $matches)) {
- if(isset($funcs[$method])) {
-
- // authenticate regardless of the operation and set the current
- // user. each handler will decide if auth is required or not.
- $this->authenticate();
- $u = wp_get_current_user();
- if(!isset($u) || $u->ID == 0) {
- if ($always_authenticate) {
- $this->auth_required('Credentials required.');
+ foreach ( $this->selectors as $regex => $funcs ) {
+ if ( preg_match($regex, $path, $matches) ) {
+ if ( isset($funcs[$method]) ) {
+
+ // authenticate regardless of the operation and set the current
+ // user. each handler will decide if auth is required or not.
+ if ( !$this->authenticate() ) {
+ if ( $always_authenticate )
+ $this->auth_required('Credentials required.');
}
- }
- array_shift($matches);
- call_user_func_array(array(&$this,$funcs[$method]), $matches);
- exit();
- } else {
- // only allow what we have handlers for...
- $this->not_allowed(array_keys($funcs));
- }
+ array_shift($matches);
+ call_user_func_array(array(&$this,$funcs[$method]), $matches);
+ exit();
+ } else {
+ // only allow what we have handlers for...
+ $this->not_allowed(array_keys($funcs));
+ }
}
}
@@ -157,30 +312,37 @@ class AtomServer {
$this->not_found();
}
+ /**
+ * Retrieve XML for ATOMPUB service.
+ *
+ * @since 2.2.0
+ */
function get_service() {
log_app('function','get_service()');
- if( !current_user_can( 'edit_posts' ) )
- $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
+ if ( !current_user_can( 'edit_posts' ) )
+ $this->auth_required( __( 'Sorry, you do not have the right to access this site.' ) );
- $entries_url = attribute_escape($this->get_entries_url());
- $categories_url = attribute_escape($this->get_categories_url());
- $media_url = attribute_escape($this->get_attachments_url());
- foreach ($this->media_content_types as $med) {
- $accepted_media_types = $accepted_media_types . "" . $med . "";
- }
+ $entries_url = esc_attr($this->get_entries_url());
+ $categories_url = esc_attr($this->get_categories_url());
+ $media_url = esc_attr($this->get_attachments_url());
+ $accepted_media_types = '';
+ foreach ($this->media_content_types as $med) {
+ $accepted_media_types = $accepted_media_types . "" . $med . "";
+ }
$atom_prefix="atom";
+ $atom_blogname = get_bloginfo('name');
$service_doc = <<
- <$atom_prefix:title>WordPress Workspace
+ <$atom_prefix:title>$atom_blogname Workspace
- <$atom_prefix:title>WordPress Posts
+ <$atom_prefix:title>$atom_blogname Posts
$this->ATOM_CONTENT_TYPE;type=entry
- <$atom_prefix:title>WordPress Media
+ <$atom_prefix:title>$atom_blogname Media
$accepted_media_types
@@ -191,19 +353,24 @@ EOD;
$this->output($service_doc, $this->SERVICE_CONTENT_TYPE);
}
+ /**
+ * Retrieve categories list in XML format.
+ *
+ * @since 2.2.0
+ */
function get_categories_xml() {
log_app('function','get_categories_xml()');
- if( !current_user_can( 'edit_posts' ) )
- $this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
+ if ( !current_user_can( 'edit_posts' ) )
+ $this->auth_required( __( 'Sorry, you do not have the right to access this site.' ) );
- $home = attribute_escape(get_bloginfo_rss('home'));
+ $home = esc_attr(get_bloginfo_rss('url'));
$categories = "";
- $cats = get_categories("hierarchical=0&hide_empty=0");
- foreach ((array) $cats as $cat) {
- $categories .= " name) . "\" />\n";
-}
+ $cats = get_categories(array('hierarchical' => 0, 'hide_empty' => 0));
+ foreach ( (array) $cats as $cat ) {
+ $categories .= " name) . "\" />\n";
+ }
$output = <<
EOD;
- $this->output($output, $this->CATEGORIES_CONTENT_TYPE);
-}
+ $this->output($output, $this->CATEGORIES_CONTENT_TYPE);
+ }
- /*
- * Create Post (No arguments)
+ /**
+ * Create new post.
+ *
+ * @since 2.2.0
*/
function create_post() {
- global $blog_id, $wpdb;
+ global $user_ID;
$this->get_accepted_content_type($this->atom_content_types);
$parser = new AtomParser();
- if(!$parser->parse()) {
+ if ( !$parser->parse() )
$this->client_error();
- }
$entry = array_pop($parser->feed->entries);
log_app('Received entry:', print_r($entry,true));
$catnames = array();
- foreach($entry->categories as $cat)
+ foreach ( $entry->categories as $cat ) {
array_push($catnames, $cat["term"]);
+ }
$wp_cats = get_categories(array('hide_empty' => false));
$post_category = array();
- foreach($wp_cats as $cat) {
- if(in_array($cat->name, $catnames))
+ foreach ( $wp_cats as $cat ) {
+ if ( in_array($cat->name, $catnames) )
array_push($post_category, $cat->term_id);
}
- $publish = (isset($entry->draft) && trim($entry->draft) == 'yes') ? false : true;
+ $publish = ! ( isset( $entry->draft ) && 'yes' == trim( $entry->draft ) );
$cap = ($publish) ? 'publish_posts' : 'edit_posts';
- if(!current_user_can($cap))
+ if ( !current_user_can($cap) )
$this->auth_required(__('Sorry, you do not have the right to edit/publish new posts.'));
- $blog_ID = (int ) $blog_id;
+ $blog_ID = get_current_blog_id();
$post_status = ($publish) ? 'publish' : 'draft';
- $post_author = (int) $user->ID;
+ $post_author = (int) $user_ID;
$post_title = $entry->title[1];
$post_content = $entry->content[1];
$post_excerpt = $entry->summary[1];
- $pubtimes = $this->get_publish_time($entry);
+ $pubtimes = $this->get_publish_time($entry->published);
$post_date = $pubtimes[0];
$post_date_gmt = $pubtimes[1];
@@ -272,9 +441,8 @@ EOD;
if ( is_wp_error( $postID ) )
$this->internal_error($postID->get_error_message());
- if (!$postID) {
+ if ( !$postID )
$this->internal_error(__('Sorry, your entry could not be posted. Something wrong happened.'));
- }
// getting warning here about unable to set headers
// because something in the cache is printing to the buffer
@@ -282,17 +450,26 @@ EOD;
// this could affect our ability to send back the right headers
@wp_set_post_categories($postID, $post_category);
+ do_action( 'atompub_create_post', $postID, $entry );
+
$output = $this->get_entry($postID);
log_app('function',"create_post($postID)");
$this->created($postID, $output);
}
+ /**
+ * Retrieve post.
+ *
+ * @since 2.2.0
+ *
+ * @param int $postID Post ID.
+ */
function get_post($postID) {
global $entry;
- if( !current_user_can( 'edit_post', $postID ) )
- $this->auth_required( __( 'Sorry, you do not have the right to access this post.' ) );
+ if ( !current_user_can( 'edit_post', $postID ) )
+ $this->auth_required( __( 'Sorry, you do not have the right to access this post.' ) );
$this->set_current_entry($postID);
$output = $this->get_entry($postID);
@@ -301,17 +478,21 @@ EOD;
}
+ /**
+ * Update post.
+ *
+ * @since 2.2.0
+ *
+ * @param int $postID Post ID.
+ */
function put_post($postID) {
- global $wpdb;
-
// checked for valid content-types (atom+xml)
// quick check and exit
$this->get_accepted_content_type($this->atom_content_types);
$parser = new AtomParser();
- if(!$parser->parse()) {
+ if ( !$parser->parse() )
$this->bad_request();
- }
$parsed = array_pop($parser->feed->entries);
@@ -319,59 +500,62 @@ EOD;
// check for not found
global $entry;
- $entry = $GLOBALS['entry'];
$this->set_current_entry($postID);
- if(!current_user_can('edit_post', $entry['ID']))
+ if ( !current_user_can('edit_post', $entry['ID']) )
$this->auth_required(__('Sorry, you do not have the right to edit this post.'));
- $publish = (isset($parsed->draft) && trim($parsed->draft) == 'yes') ? false : true;
+ $publish = ! ( isset($parsed->draft) && 'yes' == trim($parsed->draft) );
+ $post_status = ($publish) ? 'publish' : 'draft';
extract($entry);
$post_title = $parsed->title[1];
$post_content = $parsed->content[1];
$post_excerpt = $parsed->summary[1];
- $pubtimes = $this->get_publish_time($entry);
+ $pubtimes = $this->get_publish_time($entry->published);
$post_date = $pubtimes[0];
$post_date_gmt = $pubtimes[1];
+ $pubtimes = $this->get_publish_time($parsed->updated);
+ $post_modified = $pubtimes[0];
+ $post_modified_gmt = $pubtimes[1];
- // let's not go backwards and make something draft again.
- if(!$publish && $post_status == 'draft') {
- $post_status = ($publish) ? 'publish' : 'draft';
- } elseif($publish) {
- $post_status = 'publish';
- }
-
- $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'post_date', 'post_date_gmt');
+ $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'post_date', 'post_date_gmt', 'post_modified', 'post_modified_gmt');
$this->escape($postdata);
$result = wp_update_post($postdata);
- if (!$result) {
+ if ( !$result )
$this->internal_error(__('For some strange yet very annoying reason, this post could not be edited.'));
- }
+
+ do_action( 'atompub_put_post', $ID, $parsed );
log_app('function',"put_post($postID)");
$this->ok();
}
+ /**
+ * Remove post.
+ *
+ * @since 2.2.0
+ *
+ * @param int $postID Post ID.
+ */
function delete_post($postID) {
// check for not found
global $entry;
$this->set_current_entry($postID);
- if(!current_user_can('edit_post', $postID)) {
+ if ( !current_user_can('edit_post', $postID) )
$this->auth_required(__('Sorry, you do not have the right to delete this post.'));
- }
- if ($entry['post_type'] == 'attachment') {
+ if ( $entry['post_type'] == 'attachment' ) {
$this->delete_attachment($postID);
} else {
$result = wp_delete_post($postID);
- if (!$result) {
+ if ( !$result ) {
$this->internal_error(__('For some strange yet very annoying reason, this post could not be deleted.'));
}
@@ -381,11 +565,18 @@ EOD;
}
- function get_attachment($postID = NULL) {
- if( !current_user_can( 'upload_files' ) )
- $this->auth_required( __( 'Sorry, you do not have the right to file uploads on this blog.' ) );
+ /**
+ * Retrieve attachment.
+ *
+ * @since 2.2.0
+ *
+ * @param int $postID Optional. Post ID.
+ */
+ function get_attachment($postID = null) {
+ if ( !current_user_can( 'upload_files' ) )
+ $this->auth_required( __( 'Sorry, you do not have permission to upload files.' ) );
- if (!isset($postID)) {
+ if ( !isset($postID) ) {
$this->get_attachments();
} else {
$this->set_current_entry($postID);
@@ -395,39 +586,42 @@ EOD;
}
}
+ /**
+ * Create new attachment.
+ *
+ * @since 2.2.0
+ */
function create_attachment() {
- global $wp, $wpdb, $wp_query, $blog_id;
$type = $this->get_accepted_content_type();
- if(!current_user_can('upload_files'))
+ if ( !current_user_can('upload_files') )
$this->auth_required(__('You do not have permission to upload files.'));
$fp = fopen("php://input", "rb");
- $bits = NULL;
- while(!feof($fp)) {
+ $bits = null;
+ while ( !feof($fp) ) {
$bits .= fread($fp, 4096);
}
fclose($fp);
$slug = '';
if ( isset( $_SERVER['HTTP_SLUG'] ) )
- $slug = sanitize_file_name( $_SERVER['HTTP_SLUG'] );
+ $slug = $_SERVER['HTTP_SLUG'];
elseif ( isset( $_SERVER['HTTP_TITLE'] ) )
- $slug = sanitize_file_name( $_SERVER['HTTP_TITLE'] );
+ $slug = $_SERVER['HTTP_TITLE'];
elseif ( empty( $slug ) ) // just make a random name
$slug = substr( md5( uniqid( microtime() ) ), 0, 7);
- $ext = preg_replace( '|.*/([a-z]+)|', '$1', $_SERVER['CONTENT_TYPE'] );
- $slug = "$slug.$ext";
+ $ext = preg_replace( '|.*/([a-z0-9]+)|', '$1', $_SERVER['CONTENT_TYPE'] );
+ $slug = sanitize_file_name( "$slug.$ext" );
$file = wp_upload_bits( $slug, NULL, $bits);
log_app('wp_upload_bits returns:',print_r($file,true));
$url = $file['url'];
$file = $file['file'];
- $filename = basename($file);
- $header = apply_filters('wp_create_file_in_uploads', $file); // replicate
+ do_action('wp_create_file_in_uploads', $file); // replicate
// Construct the attachment array
$attachment = array(
@@ -440,11 +634,10 @@ EOD;
);
// Save the data
- $postID = wp_insert_attachment($attachment, $file, $post);
+ $postID = wp_insert_attachment($attachment, $file);
- if (!$postID) {
+ if (!$postID)
$this->internal_error(__('Sorry, your entry could not be posted. Something wrong happened.'));
- }
$output = $this->get_entry($postID, 'attachment');
@@ -452,15 +645,20 @@ EOD;
log_app('function',"create_attachment($postID)");
}
+ /**
+ * Update attachment.
+ *
+ * @since 2.2.0
+ *
+ * @param int $postID Post ID.
+ */
function put_attachment($postID) {
- global $wpdb;
-
// checked for valid content-types (atom+xml)
// quick check and exit
$this->get_accepted_content_type($this->atom_content_types);
$parser = new AtomParser();
- if(!$parser->parse()) {
+ if (!$parser->parse()) {
$this->bad_request();
}
@@ -470,29 +668,36 @@ EOD;
global $entry;
$this->set_current_entry($postID);
- if(!current_user_can('edit_post', $entry['ID']))
+ if ( !current_user_can('edit_post', $entry['ID']) )
$this->auth_required(__('Sorry, you do not have the right to edit this post.'));
- $publish = (isset($parsed->draft) && trim($parsed->draft) == 'yes') ? false : true;
-
extract($entry);
$post_title = $parsed->title[1];
- $post_content = $parsed->content[1];
+ $post_content = $parsed->summary[1];
+ $pubtimes = $this->get_publish_time($parsed->updated);
+ $post_modified = $pubtimes[0];
+ $post_modified_gmt = $pubtimes[1];
- $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt');
+ $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'post_modified', 'post_modified_gmt');
$this->escape($postdata);
$result = wp_update_post($postdata);
- if (!$result) {
+ if ( !$result )
$this->internal_error(__('For some strange yet very annoying reason, this post could not be edited.'));
- }
log_app('function',"put_attachment($postID)");
$this->ok();
}
+ /**
+ * Remove attachment.
+ *
+ * @since 2.2.0
+ *
+ * @param int $postID Post ID.
+ */
function delete_attachment($postID) {
log_app('function',"delete_attachment($postID). File '$location' deleted.");
@@ -500,15 +705,14 @@ EOD;
global $entry;
$this->set_current_entry($postID);
- if(!current_user_can('edit_post', $postID)) {
+ if ( !current_user_can('edit_post', $postID) )
$this->auth_required(__('Sorry, you do not have the right to delete this post.'));
- }
$location = get_post_meta($entry['ID'], '_wp_attached_file', true);
$filetype = wp_check_filetype($location);
- if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
- $this->internal_error(__('Error ocurred while accessing post metadata for file location.'));
+ if ( !isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']) )
+ $this->internal_error(__('Error occurred while accessing post metadata for file location.'));
// delete file
@unlink($location);
@@ -516,14 +720,20 @@ EOD;
// delete attachment
$result = wp_delete_post($postID);
- if (!$result) {
+ if ( !$result )
$this->internal_error(__('For some strange yet very annoying reason, this post could not be deleted.'));
- }
log_app('function',"delete_attachment($postID). File '$location' deleted.");
$this->ok();
}
+ /**
+ * Retrieve attachment from post.
+ *
+ * @since 2.2.0
+ *
+ * @param int $postID Post ID.
+ */
function get_file($postID) {
// check for not found
@@ -531,36 +741,49 @@ EOD;
$this->set_current_entry($postID);
// then whether user can edit the specific post
- if(!current_user_can('edit_post', $postID)) {
+ if ( !current_user_can('edit_post', $postID) )
$this->auth_required(__('Sorry, you do not have the right to edit this post.'));
- }
$location = get_post_meta($entry['ID'], '_wp_attached_file', true);
+ $location = get_option ('upload_path') . '/' . $location;
$filetype = wp_check_filetype($location);
- if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
- $this->internal_error(__('Error ocurred while accessing post metadata for file location.'));
+ if ( !isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']) )
+ $this->internal_error(__('Error occurred while accessing post metadata for file location.'));
status_header('200');
header('Content-Type: ' . $entry['post_mime_type']);
header('Connection: close');
- $fp = fopen($location, "rb");
- while(!feof($fp)) {
- echo fread($fp, 4096);
+ if ( $fp = fopen($location, "rb") ) {
+ status_header('200');
+ header('Content-Type: ' . $entry['post_mime_type']);
+ header('Connection: close');
+
+ while ( !feof($fp) ) {
+ echo fread($fp, 4096);
+ }
+
+ fclose($fp);
+ } else {
+ status_header ('404');
}
- fclose($fp);
log_app('function',"get_file($postID)");
exit;
}
+ /**
+ * Upload file to blog and add attachment to post.
+ *
+ * @since 2.2.0
+ *
+ * @param int $postID Post ID.
+ */
function put_file($postID) {
- $type = $this->get_accepted_content_type();
-
// first check if user can upload
- if(!current_user_can('upload_files'))
+ if ( !current_user_can('upload_files') )
$this->auth_required(__('You do not have permission to upload files.'));
// check for not found
@@ -568,161 +791,276 @@ EOD;
$this->set_current_entry($postID);
// then whether user can edit the specific post
- if(!current_user_can('edit_post', $postID)) {
+ if ( !current_user_can('edit_post', $postID) )
$this->auth_required(__('Sorry, you do not have the right to edit this post.'));
- }
+ $upload_dir = wp_upload_dir( );
$location = get_post_meta($entry['ID'], '_wp_attached_file', true);
$filetype = wp_check_filetype($location);
- if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
- $this->internal_error(__('Error ocurred while accessing post metadata for file location.'));
+ $location = "{$upload_dir['basedir']}/{$location}";
+
+ if (!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
+ $this->internal_error(__('Error occurred while accessing post metadata for file location.'));
$fp = fopen("php://input", "rb");
$localfp = fopen($location, "w+");
- while(!feof($fp)) {
+ while ( !feof($fp) ) {
fwrite($localfp,fread($fp, 4096));
}
fclose($fp);
fclose($localfp);
$ID = $entry['ID'];
- $pubtimes = $this->get_publish_time($entry);
+ $pubtimes = $this->get_publish_time($entry->published);
$post_date = $pubtimes[0];
$post_date_gmt = $pubtimes[1];
+ $pubtimes = $this->get_publish_time($parsed->updated);
+ $post_modified = $pubtimes[0];
+ $post_modified_gmt = $pubtimes[1];
- $post_data = compact('ID', 'post_date', 'post_date_gmt');
+ $post_data = compact('ID', 'post_date', 'post_date_gmt', 'post_modified', 'post_modified_gmt');
$result = wp_update_post($post_data);
- if (!$result) {
+ if ( !$result )
$this->internal_error(__('Sorry, your entry could not be posted. Something wrong happened.'));
- }
+
+ wp_update_attachment_metadata( $postID, wp_generate_attachment_metadata( $postID, $location ) );
log_app('function',"put_file($postID)");
$this->ok();
}
- function get_entries_url($page = NULL) {
- if($GLOBALS['post_type'] == 'attachment') {
+ /**
+ * Retrieve entries URL.
+ *
+ * @since 2.2.0
+ *
+ * @param int $page Page ID.
+ * @return string
+ */
+ function get_entries_url($page = null) {
+ if ( isset($GLOBALS['post_type']) && ( $GLOBALS['post_type'] == 'attachment' ) )
$path = $this->MEDIA_PATH;
- } else {
+ else
$path = $this->ENTRIES_PATH;
- }
- $url = get_bloginfo('url') . '/' . $this->script_name . '/' . $path;
- if(isset($page) && is_int($page)) {
+ $url = $this->app_base . $path;
+ if ( isset($page) && is_int($page) )
$url .= "/$page";
- }
return $url;
}
- function the_entries_url($page = NULL) {
- $url = $this->get_entries_url($page);
- echo $url;
+ /**
+ * Display entries URL.
+ *
+ * @since 2.2.0
+ *
+ * @param int $page Page ID.
+ */
+ function the_entries_url($page = null) {
+ echo $this->get_entries_url($page);
}
- function get_categories_url($page = NULL) {
- return get_bloginfo('url') . '/' . $this->script_name . '/' . $this->CATEGORIES_PATH;
+ /**
+ * Retrieve categories URL.
+ *
+ * @since 2.2.0
+ *
+ * @param mixed $deprecated Not used.
+ * @return string
+ */
+ function get_categories_url($deprecated = '') {
+ if ( !empty( $deprecated ) )
+ _deprecated_argument( __FUNCTION__, '2.5' );
+ return $this->app_base . $this->CATEGORIES_PATH;
}
+ /**
+ * Display category URL.
+ *
+ * @since 2.2.0
+ */
function the_categories_url() {
- $url = $this->get_categories_url();
- echo $url;
+ echo $this->get_categories_url();
}
- function get_attachments_url($page = NULL) {
- $url = get_bloginfo('url') . '/' . $this->script_name . '/' . $this->MEDIA_PATH;
- if(isset($page) && is_int($page)) {
+ /**
+ * Retrieve attachment URL.
+ *
+ * @since 2.2.0
+ *
+ * @param int $page Page ID.
+ * @return string
+ */
+ function get_attachments_url($page = null) {
+ $url = $this->app_base . $this->MEDIA_PATH;
+ if (isset($page) && is_int($page)) {
$url .= "/$page";
}
return $url;
}
- function the_attachments_url($page = NULL) {
- $url = $this->get_attachments_url($page);
- echo $url;
+ /**
+ * Display attachment URL.
+ *
+ * @since 2.2.0
+ *
+ * @param int $page Page ID.
+ */
+ function the_attachments_url($page = null) {
+ echo $this->get_attachments_url($page);
}
+ /**
+ * Retrieve service URL.
+ *
+ * @since 2.3.0
+ *
+ * @return string
+ */
function get_service_url() {
- return get_bloginfo('url') . '/' . $this->script_name . '/' . $this->SERVICE_PATH;
+ return $this->app_base . $this->SERVICE_PATH;
}
- function get_entry_url($postID = NULL) {
- if(!isset($postID)) {
+ /**
+ * Retrieve entry URL.
+ *
+ * @since 2.7.0
+ *
+ * @param int $postID Post ID.
+ * @return string
+ */
+ function get_entry_url($postID = null) {
+ if (!isset($postID)) {
global $post;
- $postID = (int) $GLOBALS['post']->ID;
+ $postID = (int) $post->ID;
}
- $url = get_bloginfo('url') . '/' . $this->script_name . '/' . $this->ENTRY_PATH . "/$postID";
+ $url = $this->app_base . $this->ENTRY_PATH . "/$postID";
log_app('function',"get_entry_url() = $url");
return $url;
}
- function the_entry_url($postID = NULL) {
- $url = $this->get_entry_url($postID);
- echo $url;
+ /**
+ * Display entry URL.
+ *
+ * @since 2.7.0
+ *
+ * @param int $postID Post ID.
+ */
+ function the_entry_url($postID = null) {
+ echo $this->get_entry_url($postID);
}
- function get_media_url($postID = NULL) {
- if(!isset($postID)) {
+ /**
+ * Retrieve media URL.
+ *
+ * @since 2.2.0
+ *
+ * @param int $postID Post ID.
+ * @return string
+ */
+ function get_media_url($postID = null) {
+ if (!isset($postID)) {
global $post;
- $postID = (int) $GLOBALS['post']->ID;
+ $postID = (int) $post->ID;
}
- $url = get_bloginfo('url') . '/' . $this->script_name . '/' . $this->MEDIA_SINGLE_PATH ."/file/$postID";
+ $url = $this->app_base . $this->MEDIA_SINGLE_PATH ."/file/$postID";
log_app('function',"get_media_url() = $url");
return $url;
}
- function the_media_url($postID = NULL) {
- $url = $this->get_media_url($postID);
- echo $url;
+ /**
+ * Display the media URL.
+ *
+ * @since 2.2.0
+ *
+ * @param int $postID Post ID.
+ */
+ function the_media_url($postID = null) {
+ echo $this->get_media_url($postID);
}
+ /**
+ * Set the current entry to post ID.
+ *
+ * @since 2.2.0
+ *
+ * @param int $postID Post ID.
+ */
function set_current_entry($postID) {
global $entry;
log_app('function',"set_current_entry($postID)");
- if(!isset($postID)) {
+ if (!isset($postID)) {
// $this->bad_request();
$this->not_found();
}
$entry = wp_get_single_post($postID,ARRAY_A);
- if(!isset($entry) || !isset($entry['ID']))
+ if (!isset($entry) || !isset($entry['ID']))
$this->not_found();
return;
}
+ /**
+ * Display posts XML.
+ *
+ * @since 2.2.0
+ *
+ * @param int $page Optional. Page ID.
+ * @param string $post_type Optional, default is 'post'. Post Type.
+ */
function get_posts($page = 1, $post_type = 'post') {
log_app('function',"get_posts($page, '$post_type')");
$feed = $this->get_feed($page, $post_type);
$this->output($feed);
}
+ /**
+ * Display attachment XML.
+ *
+ * @since 2.2.0
+ *
+ * @param int $page Page ID.
+ * @param string $post_type Optional, default is 'attachment'. Post type.
+ */
function get_attachments($page = 1, $post_type = 'attachment') {
- log_app('function',"get_attachments($page, '$post_type')");
- $GLOBALS['post_type'] = $post_type;
- $feed = $this->get_feed($page, $post_type);
- $this->output($feed);
+ log_app('function',"get_attachments($page, '$post_type')");
+ $GLOBALS['post_type'] = $post_type;
+ $feed = $this->get_feed($page, $post_type);
+ $this->output($feed);
}
+ /**
+ * Retrieve feed XML.
+ *
+ * @since 2.2.0
+ *
+ * @param int $page Page ID.
+ * @param string $post_type Optional, default is post. Post type.
+ * @return string
+ */
function get_feed($page = 1, $post_type = 'post') {
- global $post, $wp, $wp_query, $posts, $wpdb, $blog_id, $post_cache;
+ global $post, $wp, $wp_query, $posts, $wpdb, $blog_id;
log_app('function',"get_feed($page, '$post_type')");
ob_start();
- if(!isset($page)) {
+ $this->ENTRY_PATH = $post_type;
+
+ if (!isset($page)) {
$page = 1;
}
$page = (int) $page;
$count = get_option('posts_per_rss');
- wp('what_to_show=posts&posts_per_page=' . $count . '&offset=' . ($count * ($page-1) ));
+ wp('posts_per_page=' . $count . '&offset=' . ($count * ($page-1) . '&orderby=modified'));
$post = $GLOBALS['post'];
$posts = $GLOBALS['posts'];
@@ -730,7 +1068,6 @@ EOD;
$wp_query = $GLOBALS['wp_query'];
$wpdb = $GLOBALS['wpdb'];
$blog_id = (int) $GLOBALS['blog_id'];
- $post_cache = $GLOBALS['post_cache'];
log_app('function',"query_posts(# " . print_r($wp_query, true) . "#)");
log_app('function',"total_count(# $wp_query->max_num_pages #)");
@@ -739,22 +1076,22 @@ EOD;
$prev_page = ($page - 1) < 1 ? NULL : $page - 1;
$last_page = ((int)$last_page == 1 || (int)$last_page == 0) ? NULL : (int) $last_page;
$self_page = $page > 1 ? $page : NULL;
-?>
+?> >
the_entries_url() ?>
-
+
<?php bloginfo_rss('name') ?>
-
+
-
+
-Copyright
-WordPress.com Atom API
+Copyright
+
ENTRY_PATH = 'attachment';
$varname = 'attachment_id';
break;
}
@@ -796,11 +1142,16 @@ EOD;
return $entry;
}
+ /**
+ * Display post content XML.
+ *
+ * @since 2.3.0
+ */
function echo_entry() { ?>
- ID); ?>
-prep_content(get_the_title()); ?>
+ ID ); ?>
+
<?php echo $content ?>
@@ -810,55 +1161,33 @@ EOD;
-
-
+
+
-post_type == 'attachment') { ?>
+post_type == 'attachment') { ?>
-
+
post_content ) ) :
-list($content_type, $content) = $this->prep_content(get_the_content()); ?>
+list($content_type, $content) = prep_atom_text_construct(get_the_content()); ?>
-
-
-
-prep_content(get_the_excerpt()); ?>
+
+
+
' . $data . '', true);
- $code = xml_get_error_code($parser);
- xml_parser_free($parser);
-
- if (!$code) {
- if (strpos($data, '<') === false) {
- return array('text', $data);
- } else {
- $data = "$data
";
- return array('xhtml', $data);
- }
- }
-
- if (strpos($data, ']]>') == false) {
- return array('html', "");
- } else {
- return array('html', htmlspecialchars($data));
- }
- }
-
+ /**
+ * Set 'OK' (200) status header.
+ *
+ * @since 2.2.0
+ */
function ok() {
log_app('Status','200: OK');
header('Content-Type: text/plain');
@@ -866,14 +1195,26 @@ list($content_type, $content) = $this->prep_content(get_the_content()); ?>
exit;
}
+ /**
+ * Set 'No Content' (204) status header.
+ *
+ * @since 2.2.0
+ */
function no_content() {
log_app('Status','204: No Content');
header('Content-Type: text/plain');
status_header('204');
- echo "Deleted.";
+ echo "Moved to Trash.";
exit;
}
+ /**
+ * Display 'Internal Server Error' (500) status header.
+ *
+ * @since 2.2.0
+ *
+ * @param string $msg Optional. Status string.
+ */
function internal_error($msg = 'Internal Server Error') {
log_app('Status','500: Server Error');
header('Content-Type: text/plain');
@@ -882,6 +1223,11 @@ list($content_type, $content) = $this->prep_content(get_the_content()); ?>
exit;
}
+ /**
+ * Set 'Bad Request' (400) status header.
+ *
+ * @since 2.2.0
+ */
function bad_request() {
log_app('Status','400: Bad Request');
header('Content-Type: text/plain');
@@ -889,6 +1235,11 @@ list($content_type, $content) = $this->prep_content(get_the_content()); ?>
exit;
}
+ /**
+ * Set 'Length Required' (411) status header.
+ *
+ * @since 2.2.0
+ */
function length_required() {
log_app('Status','411: Length Required');
header("HTTP/1.1 411 Length Required");
@@ -897,6 +1248,11 @@ list($content_type, $content) = $this->prep_content(get_the_content()); ?>
exit;
}
+ /**
+ * Set 'Unsupported Media Type' (415) status header.
+ *
+ * @since 2.2.0
+ */
function invalid_media() {
log_app('Status','415: Unsupported Media Type');
header("HTTP/1.1 415 Unsupported Media Type");
@@ -904,6 +1260,24 @@ list($content_type, $content) = $this->prep_content(get_the_content()); ?>
exit;
}
+ /**
+ * Set 'Forbidden' (403) status header.
+ *
+ * @since 2.6.0
+ */
+ function forbidden($reason='') {
+ log_app('Status','403: Forbidden');
+ header('Content-Type: text/plain');
+ status_header('403');
+ echo $reason;
+ exit;
+ }
+
+ /**
+ * Set 'Not Found' (404) status header.
+ *
+ * @since 2.2.0
+ */
function not_found() {
log_app('Status','404: Not Found');
header('Content-Type: text/plain');
@@ -911,6 +1285,11 @@ list($content_type, $content) = $this->prep_content(get_the_content()); ?>
exit;
}
+ /**
+ * Set 'Not Allowed' (405) status header.
+ *
+ * @since 2.2.0
+ */
function not_allowed($allow) {
log_app('Status','405: Not Allowed');
header('Allow: ' . join(',', $allow));
@@ -918,10 +1297,15 @@ list($content_type, $content) = $this->prep_content(get_the_content()); ?>
exit;
}
+ /**
+ * Display Redirect (302) content and set status headers.
+ *
+ * @since 2.3.0
+ */
function redirect($url) {
log_app('Status','302: Redirect');
- $escaped_url = attribute_escape($url);
+ $escaped_url = esc_attr($url);
$content = <<
@@ -943,7 +1327,11 @@ EOD;
}
-
+ /**
+ * Set 'Client Error' (400) status header.
+ *
+ * @since 2.2.0
+ */
function client_error($msg = 'Client Error') {
log_app('Status','400: Client Error');
header('Content-Type: text/plain');
@@ -951,6 +1339,13 @@ EOD;
exit;
}
+ /**
+ * Set created status headers (201).
+ *
+ * Sets the 'content-type', 'content-location', and 'location'.
+ *
+ * @since 2.2.0
+ */
function created($post_ID, $content, $post_type = 'post') {
log_app('created()::$post_ID',"$post_ID, $post_type");
$edit = $this->get_entry_url($post_ID);
@@ -959,11 +1354,11 @@ EOD;
$ctloc = $this->get_entry_url($post_ID);
break;
case 'attachment':
- $edit = get_bloginfo('url') . '/' . $this->script_name . "/attachments/$post_ID";
+ $edit = $this->app_base . "attachments/$post_ID";
break;
}
header("Content-Type: $this->ATOM_CONTENT_TYPE");
- if(isset($ctloc))
+ if (isset($ctloc))
header('Content-Location: ' . $ctloc);
header('Location: ' . $edit);
status_header('201');
@@ -971,12 +1366,19 @@ EOD;
exit;
}
+ /**
+ * Set 'Auth Required' (401) headers.
+ *
+ * @since 2.2.0
+ *
+ * @param string $msg Status header content and HTML content.
+ */
function auth_required($msg) {
log_app('Status','401: Auth Required');
nocache_headers();
header('WWW-Authenticate: Basic realm="WordPress Atom Protocol"');
header("HTTP/1.1 401 $msg");
- header('Status: ' . $msg);
+ header('Status: 401 ' . $msg);
header('Content-Type: text/html');
$content = <<
@@ -995,6 +1397,14 @@ EOD;
exit;
}
+ /**
+ * Display XML and set headers with content type.
+ *
+ * @since 2.2.0
+ *
+ * @param string $xml Display feed content.
+ * @param string $ctype Optional, default is 'atom+xml'. Feed content type.
+ */
function output($xml, $ctype = 'application/atom+xml') {
status_header('200');
$xml = ''."\n".$xml;
@@ -1003,12 +1413,19 @@ EOD;
header('Content-Type: ' . $ctype);
header('Content-Disposition: attachment; filename=atom.xml');
header('Date: '. date('r'));
- if($this->do_output)
+ if ($this->do_output)
echo $xml;
log_app('function', "output:\n$xml");
exit;
}
+ /**
+ * Sanitize content for database usage.
+ *
+ * @since 2.2.0
+ *
+ * @param array $array Sanitize array and multi-dimension array.
+ */
function escape(&$array) {
global $wpdb;
@@ -1023,49 +1440,58 @@ EOD;
}
}
- /*
- * Access credential through various methods and perform login
+ /**
+ * Access credential through various methods and perform login.
+ *
+ * @since 2.2.0
+ *
+ * @return bool
*/
function authenticate() {
- $login_data = array();
- $already_md5 = false;
-
log_app("authenticate()",print_r($_ENV, true));
// if using mod_rewrite/ENV hack
// http://www.besthostratings.com/articles/http-auth-php-cgi.html
- if(isset($_SERVER['HTTP_AUTHORIZATION'])) {
+ if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) =
explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
+ } else if (isset($_SERVER['REDIRECT_REMOTE_USER'])) {
+ // Workaround for setups that do not forward HTTP_AUTHORIZATION
+ // See http://trac.wordpress.org/ticket/7361
+ list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) =
+ explode(':', base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));
}
// If Basic Auth is working...
- if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
- $login_data = array('login' => $_SERVER['PHP_AUTH_USER'], 'password' => $_SERVER['PHP_AUTH_PW']);
- log_app("Basic Auth",$login_data['login']);
- } else {
- // else, do cookie-based authentication
- if (function_exists('wp_get_cookie_login')) {
- $login_data = wp_get_cookie_login();
- $already_md5 = true;
+ if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+ log_app("Basic Auth",$_SERVER['PHP_AUTH_USER']);
+
+ $user = wp_authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+ if ( $user && !is_wp_error($user) ) {
+ wp_set_current_user($user->ID);
+ log_app("authenticate()", $user->user_login);
+ return true;
}
}
- // call wp_login and set current user
- if (!empty($login_data) && wp_login($login_data['login'], $login_data['password'], $already_md5)) {
- $current_user = new WP_User(0, $login_data['login']);
- wp_set_current_user($current_user->ID);
- log_app("authenticate()",$login_data['login']);
- }
+ return false;
}
- function get_accepted_content_type($types = NULL) {
+ /**
+ * Retrieve accepted content types.
+ *
+ * @since 2.2.0
+ *
+ * @param array $types Optional. Content Types.
+ * @return string
+ */
+ function get_accepted_content_type($types = null) {
- if(!isset($types)) {
+ if (!isset($types)) {
$types = $this->media_content_types;
}
- if(!isset($_SERVER['CONTENT_LENGTH']) || !isset($_SERVER['CONTENT_TYPE'])) {
+ if (!isset($_SERVER['CONTENT_LENGTH']) || !isset($_SERVER['CONTENT_TYPE'])) {
$this->length_required();
}
@@ -1076,8 +1502,8 @@ EOD;
foreach($types as $t) {
list($acceptedType,$acceptedSubtype) = explode('/',$t);
- if($acceptedType == '*' || $acceptedType == $type) {
- if($acceptedSubtype == '*' || $acceptedSubtype == $subtype)
+ if ($acceptedType == '*' || $acceptedType == $type) {
+ if ($acceptedSubtype == '*' || $acceptedSubtype == $subtype)
return $type . "/" . $subtype;
}
}
@@ -1085,10 +1511,15 @@ EOD;
$this->invalid_media();
}
+ /**
+ * Process conditionals for posts.
+ *
+ * @since 2.2.0
+ */
function process_conditionals() {
- if(empty($this->params)) return;
- if($_SERVER['REQUEST_METHOD'] == 'DELETE') return;
+ if (empty($this->params)) return;
+ if ($_SERVER['REQUEST_METHOD'] == 'DELETE') return;
switch($this->params[0]) {
case $this->ENTRY_PATH:
@@ -1128,31 +1559,52 @@ EOD;
}
}
+ /**
+ * Convert RFC3339 time string to timestamp.
+ *
+ * @since 2.3.0
+ *
+ * @param string $str String to time.
+ * @return bool|int false if format is incorrect.
+ */
function rfc3339_str2time($str) {
- $match = false;
- if(!preg_match("/(\d{4}-\d{2}-\d{2})T(\d{2}\:\d{2}\:\d{2})\.?\d{0,3}(Z|[+-]+\d{2}\:\d{2})/", $str, $match))
+ $match = false;
+ if (!preg_match("/(\d{4}-\d{2}-\d{2})T(\d{2}\:\d{2}\:\d{2})\.?\d{0,3}(Z|[+-]+\d{2}\:\d{2})/", $str, $match))
return false;
- if($match[3] == 'Z')
- $match[3] == '+0000';
+ if ($match[3] == 'Z')
+ $match[3] = '+0000';
- return strtotime($match[1] . " " . $match[2] . " " . $match[3]);
+ return strtotime($match[1] . " " . $match[2] . " " . $match[3]);
}
- function get_publish_time($entry) {
+ /**
+ * Retrieve published time to display in XML.
+ *
+ * @since 2.3.0
+ *
+ * @param string $published Time string.
+ * @return string
+ */
+ function get_publish_time($published) {
- $pubtime = $this->rfc3339_str2time($entry->published);
+ $pubtime = $this->rfc3339_str2time($published);
- if(!$pubtime) {
+ if (!$pubtime) {
return array(current_time('mysql'),current_time('mysql',1));
- } else {
+ } else {
return array(date("Y-m-d H:i:s", $pubtime), gmdate("Y-m-d H:i:s", $pubtime));
- }
+ }
}
}
+/**
+ * AtomServer
+ * @var AtomServer
+ * @global object $server
+ */
$server = new AtomServer();
$server->handle_request();