X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/b22765f41bf0b2021b9beb9120ee0ac91fa89292..e3ff8f35458a959c1879c0a4976701ed8dcfe651:/wp-includes/class-wp-xmlrpc-server.php
diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php
index be2d3edb..5084da65 100644
--- a/wp-includes/class-wp-xmlrpc-server.php
+++ b/wp-includes/class-wp-xmlrpc-server.php
@@ -404,12 +404,8 @@ class wp_xmlrpc_server extends IXR_Server {
* Passes property through {@see 'xmlrpc_blog_options'} filter.
*
* @since 2.6.0
- *
- * @global string $wp_version
*/
public function initialise_blog_option_info() {
- global $wp_version;
-
$this->blog_options = array(
// Read only options
'software_name' => array(
@@ -420,7 +416,7 @@ class wp_xmlrpc_server extends IXR_Server {
'software_version' => array(
'desc' => __( 'Software Version' ),
'readonly' => true,
- 'value' => $wp_version
+ 'value' => get_bloginfo( 'version' )
),
'blog_url' => array(
'desc' => __( 'WordPress Address (URL)' ),
@@ -591,6 +587,10 @@ class wp_xmlrpc_server extends IXR_Server {
* - 'xmlrpc' - url of xmlrpc endpoint
*/
public function wp_getUsersBlogs( $args ) {
+ if ( ! $this->minimum_args( $args, 2 ) ) {
+ return $this->error;
+ }
+
// If this isn't on WPMU then just use blogger_getUsersBlogs
if ( !is_multisite() ) {
array_unshift( $args, 1 );
@@ -628,7 +628,7 @@ class wp_xmlrpc_server extends IXR_Server {
foreach ( $blogs as $blog ) {
// Don't include blogs that aren't hosted at this site.
- if ( $blog->site_id != get_current_site()->id )
+ if ( $blog->site_id != get_current_network_id() )
continue;
$blog_id = $blog->userblog_id;
@@ -708,9 +708,9 @@ class wp_xmlrpc_server extends IXR_Server {
*
* @since 3.4.0
*
- * @param array $_taxonomy An array of taxonomy data.
- * @param object $taxonomy Taxonomy object.
- * @param array $fields The subset of taxonomy fields to return.
+ * @param array $_taxonomy An array of taxonomy data.
+ * @param WP_Taxonomy $taxonomy Taxonomy object.
+ * @param array $fields The subset of taxonomy fields to return.
*/
return apply_filters( 'xmlrpc_prepare_taxonomy', $_taxonomy, $taxonomy, $fields );
}
@@ -1270,7 +1270,7 @@ class wp_xmlrpc_server extends IXR_Server {
}
} elseif ( isset( $post_data['sticky'] ) ) {
if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) {
- return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to make posts sticky.' ) );
}
$sticky = wp_validate_boolean( $post_data['sticky'] );
@@ -1324,12 +1324,12 @@ class wp_xmlrpc_server extends IXR_Server {
break;
case 'private':
if ( ! current_user_can( $post_type->cap->publish_posts ) )
- return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type.' ) );
break;
case 'publish':
case 'future':
if ( ! current_user_can( $post_type->cap->publish_posts ) )
- return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type.' ) );
break;
default:
if ( ! get_post_status_object( $post_data['post_status'] ) )
@@ -1338,7 +1338,7 @@ class wp_xmlrpc_server extends IXR_Server {
}
if ( ! empty( $post_data['post_password'] ) && ! current_user_can( $post_type->cap->publish_posts ) )
- return new IXR_Error( 401, __( 'Sorry, you are not allowed to create password protected posts in this post type' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to create password protected posts in this post type.' ) );
$post_data['post_author'] = absint( $post_data['post_author'] );
if ( ! empty( $post_data['post_author'] ) && $post_data['post_author'] != $user->ID ) {
@@ -1523,7 +1523,7 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error( 500, $post_ID->get_error_message() );
if ( ! $post_ID )
- return new IXR_Error( 401, __( 'Sorry, your entry could not be posted. Something wrong happened.' ) );
+ return new IXR_Error( 401, __( 'Sorry, your entry could not be posted.' ) );
return strval( $post_ID );
}
@@ -1789,13 +1789,13 @@ class wp_xmlrpc_server extends IXR_Server {
if ( isset( $filter['post_type'] ) ) {
$post_type = get_post_type_object( $filter['post_type'] );
if ( ! ( (bool) $post_type ) )
- return new IXR_Error( 403, __( 'The post type specified is not valid' ) );
+ return new IXR_Error( 403, __( 'Invalid post type.' ) );
} else {
$post_type = get_post_type_object( 'post' );
}
if ( ! current_user_can( $post_type->cap->edit_posts ) )
- return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ));
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ) );
$query['post_type'] = $post_type->name;
@@ -1877,8 +1877,9 @@ class wp_xmlrpc_server extends IXR_Server {
$taxonomy = get_taxonomy( $content_struct['taxonomy'] );
- if ( ! current_user_can( $taxonomy->cap->manage_terms ) )
+ if ( ! current_user_can( $taxonomy->cap->edit_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create terms in this taxonomy.' ) );
+ }
$taxonomy = (array) $taxonomy;
@@ -1917,7 +1918,7 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error( 500, $term->get_error_message() );
if ( ! $term )
- return new IXR_Error( 500, __( 'Sorry, your term could not be created. Something wrong happened.' ) );
+ return new IXR_Error( 500, __( 'Sorry, your term could not be created.' ) );
return strval( $term['term_id'] );
}
@@ -1964,9 +1965,6 @@ class wp_xmlrpc_server extends IXR_Server {
$taxonomy = get_taxonomy( $content_struct['taxonomy'] );
- if ( ! current_user_can( $taxonomy->cap->edit_terms ) )
- return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ) );
-
$taxonomy = (array) $taxonomy;
// hold the data of the term
@@ -1980,6 +1978,10 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $term )
return new IXR_Error( 404, __( 'Invalid term ID.' ) );
+ if ( ! current_user_can( 'edit_term', $term_id ) ) {
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this term.' ) );
+ }
+
if ( isset( $content_struct['name'] ) ) {
$term_data['name'] = trim( $content_struct['name'] );
@@ -2059,10 +2061,6 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
$taxonomy = get_taxonomy( $taxonomy );
-
- if ( ! current_user_can( $taxonomy->cap->delete_terms ) )
- return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete terms in this taxonomy.' ) );
-
$term = get_term( $term_id, $taxonomy->name );
if ( is_wp_error( $term ) )
@@ -2071,6 +2069,10 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $term )
return new IXR_Error( 404, __( 'Invalid term ID.' ) );
+ if ( ! current_user_can( 'delete_term', $term_id ) ) {
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this term.' ) );
+ }
+
$result = wp_delete_term( $term_id, $taxonomy->name );
if ( is_wp_error( $result ) )
@@ -2131,9 +2133,6 @@ class wp_xmlrpc_server extends IXR_Server {
$taxonomy = get_taxonomy( $taxonomy );
- if ( ! current_user_can( $taxonomy->cap->assign_terms ) )
- return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) );
-
$term = get_term( $term_id , $taxonomy->name, ARRAY_A );
if ( is_wp_error( $term ) )
@@ -2142,6 +2141,10 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $term )
return new IXR_Error( 404, __( 'Invalid term ID.' ) );
+ if ( ! current_user_can( 'assign_term', $term_id ) ) {
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign this term.' ) );
+ }
+
return $this->_prepare_term( $term );
}
@@ -2473,7 +2476,7 @@ class wp_xmlrpc_server extends IXR_Server {
do_action( 'xmlrpc_call', 'wp.getUsers' );
if ( ! current_user_can( 'list_users' ) )
- return new IXR_Error( 401, __( 'Sorry, you are not allowed to browse users.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to list users.' ) );
$query = array( 'fields' => 'all_with_meta' );
@@ -2489,7 +2492,7 @@ class wp_xmlrpc_server extends IXR_Server {
if ( isset( $filter['role'] ) ) {
if ( get_role( $filter['role'] ) === null )
- return new IXR_Error( 403, __( 'The role specified is not valid' ) );
+ return new IXR_Error( 403, __( 'Invalid role.' ) );
$query['role'] = $filter['role'];
}
@@ -3471,7 +3474,7 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error(500, $result->get_error_message());
if ( !$result )
- return new IXR_Error(500, __('Sorry, the comment could not be edited. Something wrong happened.'));
+ return new IXR_Error(500, __('Sorry, the comment could not be edited.'));
/**
* Fires after a comment has been successfully updated via XML-RPC.
@@ -3525,7 +3528,7 @@ class wp_xmlrpc_server extends IXR_Server {
if ( !$user ) {
$logged_in = false;
if ( $allow_anon && get_option('comment_registration') ) {
- return new IXR_Error( 403, __( 'You must be registered to comment' ) );
+ return new IXR_Error( 403, __( 'You must be registered to comment.' ) );
} elseif ( ! $allow_anon ) {
return $this->error;
}
@@ -3550,8 +3553,14 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) );
}
- $comment = array();
- $comment['comment_post_ID'] = $post_id;
+ if ( empty( $content_struct['content'] ) ) {
+ return new IXR_Error( 403, __( 'Comment is required.' ) );
+ }
+
+ $comment = array(
+ 'comment_post_ID' => $post_id,
+ 'comment_content' => $content_struct['content'],
+ );
if ( $logged_in ) {
$display_name = $user->display_name;
@@ -3579,20 +3588,25 @@ class wp_xmlrpc_server extends IXR_Server {
if ( get_option('require_name_email') ) {
if ( 6 > strlen($comment['comment_author_email']) || '' == $comment['comment_author'] )
- return new IXR_Error( 403, __( 'Comment author name and email are required' ) );
+ return new IXR_Error( 403, __( 'Comment author name and email are required.' ) );
elseif ( !is_email($comment['comment_author_email']) )
- return new IXR_Error( 403, __( 'A valid email address is required' ) );
+ return new IXR_Error( 403, __( 'A valid email address is required.' ) );
}
}
$comment['comment_parent'] = isset($content_struct['comment_parent']) ? absint($content_struct['comment_parent']) : 0;
- $comment['comment_content'] = isset($content_struct['content']) ? $content_struct['content'] : null;
-
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.newComment' );
- $comment_ID = wp_new_comment( $comment );
+ $comment_ID = wp_new_comment( $comment, true );
+ if ( is_wp_error( $comment_ID ) ) {
+ return new IXR_Error( 403, $comment_ID->get_error_message() );
+ }
+
+ if ( ! $comment_ID ) {
+ return new IXR_Error( 403, __( 'An unknown error occurred' ) );
+ }
/**
* Fires after a new comment has been successfully created via XML-RPC.
@@ -4103,7 +4117,7 @@ class wp_xmlrpc_server extends IXR_Server {
$post_type = get_post_type_object( $post_type_name );
if ( ! current_user_can( $post_type->cap->edit_posts ) )
- return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post type.' ) );
+ return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ) );
return $this->_prepare_post_type( $post_type, $fields );
}
@@ -4321,8 +4335,13 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array|IXR_Error
*/
public function blogger_getUsersBlogs($args) {
- if ( is_multisite() )
+ if ( ! $this->minimum_args( $args, 3 ) ) {
+ return $this->error;
+ }
+
+ if ( is_multisite() ) {
return $this->_multisite_getUsersBlogs($args);
+ }
$this->escape($args);
@@ -4363,7 +4382,7 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array|IXR_Error
*/
protected function _multisite_getUsersBlogs( $args ) {
- $current_blog = get_blog_details();
+ $current_blog = get_site();
$domain = $current_blog->domain;
$path = $current_blog->path . 'xmlrpc.php';
@@ -4625,7 +4644,7 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error(500, $post_ID->get_error_message());
if ( !$post_ID )
- return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.'));
+ return new IXR_Error(500, __('Sorry, your entry could not be posted.'));
$this->attach_uploads( $post_ID, $post_content );
@@ -4879,7 +4898,7 @@ class wp_xmlrpc_server extends IXR_Server {
if ( isset( $content_struct['wp_post_format'] ) ) {
$content_struct['wp_post_format'] = sanitize_key( $content_struct['wp_post_format'] );
if ( !array_key_exists( $content_struct['wp_post_format'], get_post_format_strings() ) ) {
- return new IXR_Error( 404, __( 'Invalid post format' ) );
+ return new IXR_Error( 404, __( 'Invalid post format.' ) );
}
}
@@ -5084,7 +5103,7 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error(500, $post_ID->get_error_message());
if ( !$post_ID )
- return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.'));
+ return new IXR_Error(500, __('Sorry, your entry could not be posted.'));
/**
* Fires after a new post has been successfully created via the XML-RPC MovableType API.
@@ -5203,7 +5222,7 @@ class wp_xmlrpc_server extends IXR_Server {
if ( isset( $content_struct['wp_post_format'] ) ) {
$content_struct['wp_post_format'] = sanitize_key( $content_struct['wp_post_format'] );
if ( !array_key_exists( $content_struct['wp_post_format'], get_post_format_strings() ) ) {
- return new IXR_Error( 404, __( 'Invalid post format' ) );
+ return new IXR_Error( 404, __( 'Invalid post format.' ) );
}
}
@@ -5405,7 +5424,7 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error(500, $result->get_error_message());
if ( !$result )
- return new IXR_Error(500, __('Sorry, your entry could not be edited. Something wrong happened.'));
+ return new IXR_Error(500, __('Sorry, your entry could not be edited.'));
// Only posts can be sticky
if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) {
@@ -5818,8 +5837,9 @@ class wp_xmlrpc_server extends IXR_Server {
$upload = wp_upload_bits($name, null, $bits);
if ( ! empty($upload['error']) ) {
- $errorString = sprintf(__('Could not write file %1$s (%2$s)'), $name, $upload['error']);
- return new IXR_Error(500, $errorString);
+ /* translators: 1: file name, 2: error message */
+ $errorString = sprintf( __( 'Could not write file %1$s (%2$s).' ), $name, $upload['error'] );
+ return new IXR_Error( 500, $errorString );
}
// Construct the attachment array
$post_id = 0;
@@ -6192,9 +6212,6 @@ class wp_xmlrpc_server extends IXR_Server {
*
* @since 1.5.0
*
- * @global wpdb $wpdb WordPress database abstraction object.
- * @global string $wp_version
- *
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
@@ -6204,7 +6221,7 @@ class wp_xmlrpc_server extends IXR_Server {
* @return string|IXR_Error
*/
public function pingback_ping( $args ) {
- global $wpdb, $wp_version;
+ global $wpdb;
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'pingback.ping' );
@@ -6292,7 +6309,7 @@ class wp_xmlrpc_server extends IXR_Server {
$remote_ip = preg_replace( '/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR'] );
/** This filter is documented in wp-includes/class-http.php */
- $user_agent = apply_filters( 'http_headers_useragent', 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ) );
+ $user_agent = apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ) );
// Let's check the remote site
$http_api_args = array(
@@ -6328,9 +6345,10 @@ class wp_xmlrpc_server extends IXR_Server {
$remote_source = preg_replace( "/<\/*(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $remote_source );
preg_match( '|([^<]*?)|is', $remote_source, $matchtitle );
- $title = $matchtitle[1];
- if ( empty( $title ) )
- return $this->pingback_error( 32, __('We cannot find a title on that page.' ) );
+ $title = isset( $matchtitle[1] ) ? $matchtitle[1] : '';
+ if ( empty( $title ) ) {
+ return $this->pingback_error( 32, __( 'We cannot find a title on that page.' ) );
+ }
$remote_source = strip_tags( $remote_source, '' ); // just keep the tag we need
@@ -6398,7 +6416,8 @@ class wp_xmlrpc_server extends IXR_Server {
*/
do_action( 'pingback_post', $comment_ID );
- return sprintf(__('Pingback from %1$s to %2$s registered. Keep the web talking! :-)'), $pagelinkedfrom, $pagelinkedto);
+ /* translators: 1: URL of the page linked from, 2: URL of the page linked to */
+ return sprintf( __( 'Pingback from %1$s to %2$s registered. Keep the web talking! :-)' ), $pagelinkedfrom, $pagelinkedto );
}
/**