Skip to content
Browse files

Make the xmlrpc user the current user. fixes #2273

git-svn-id: http://svn.automattic.com/wordpress/trunk@3430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
1 parent 5587110 commit cb093369a18a84e5ec7dd45984bb2254963a02c2 ryan committed Jan 13, 2006
Showing with 65 additions and 27 deletions.
  1. +9 −1 wp-includes/kses.php
  2. +27 −0 wp-includes/pluggable-functions.php
  3. +29 −26 xmlrpc.php
View
10 wp-includes/kses.php
@@ -530,9 +530,17 @@ function kses_init_filters() {
function kses_init() {
global $current_user;
- get_currentuserinfo(); // set $current_user
+ remove_filter('pre_comment_author', 'wp_filter_kses');
+ remove_filter('pre_comment_content', 'wp_filter_kses');
+ remove_filter('content_save_pre', 'wp_filter_post_kses');
+ remove_filter('title_save_pre', 'wp_filter_kses');
+
+ if (! defined('XMLRPC_REQUEST') )
+ get_currentuserinfo();
+
if (current_user_can('unfiltered_html') == false)
kses_init_filters();
}
add_action('init', 'kses_init');
+add_action('set_current_user', 'kses_init');
?>
View
27 wp-includes/pluggable-functions.php
@@ -3,11 +3,38 @@
/* These functions can be replaced via plugins. They are loaded after
plugins are loaded. */
+if ( !function_exists('set_current_user') ) :
+function set_current_user($id, $name = '') {
+ global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
+
+ $current_user = '';
+
+ $current_user = new WP_User($id, $name);
+
+ $userdata = get_userdatabylogin($user_login);
+
+ $user_login = $userdata->user_login;
+ $user_level = $userdata->user_level;
+ $user_ID = $userdata->ID;
+ $user_email = $userdata->user_email;
+ $user_url = $userdata->user_url;
+ $user_pass_md5 = md5($userdata->user_pass);
+ $user_identity = $userdata->display_name;
+
+ do_action('set_current_user');
+
+ return $current_user;
+}
+endif;
+
if ( !function_exists('get_currentuserinfo') ) :
function get_currentuserinfo() {
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
+ if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
+ return false;
+
if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ||
!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
$current_user = new WP_User(0);
View
55 xmlrpc.php
@@ -1,5 +1,10 @@
<?php
+define('XMLRPC_REQUEST', true);
+
+// Some browser-embedded clients send cookies. We don't want them.
+$_COOKIE = array();
+
# fix for mozBlog and other cases where '<?xml' isn't on the very first line
$HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA);
@@ -179,16 +184,16 @@ function blogger_getUsersBlogs($args) {
return $this->error;
}
- $user = new WP_User(0, $user_login);
- $is_admin = $user->has_cap('level_8');
+ set_current_user(0, $user_login);
+ $is_admin = current_user_can('level_8');
$struct = array(
'isAdmin' => $is_admin,
'url' => get_settings('home') . '/',
'blogid' => '1',
'blogName' => get_settings('blogname')
);
-
+error_log(print_r($struct,1), 3, '/tmp/xmlrpc');
return array($struct);
}
@@ -317,8 +322,8 @@ function blogger_getTemplate($args) {
return $this->error;
}
- $user = new WP_User(0, $user_login);
- if ( !$user->has_cap('edit_themes') ) {
+ set_current_user(0, $user_login);
+ if ( !current_user_can('edit_themes') ) {
return new IXR_Error(401, 'Sorry, this user can not edit the template.');
}
@@ -352,8 +357,8 @@ function blogger_setTemplate($args) {
return $this->error;
}
- $user = new WP_User(0, $user_login);
- if ( !$user->has_cap('edit_themes') ) {
+ set_current_user(0, $user_login);
+ if ( !current_user_can('edit_themes') ) {
return new IXR_Error(401, 'Sorry, this user can not edit the template.');
}
@@ -390,9 +395,8 @@ function blogger_newPost($args) {
}
$cap = ($publish) ? 'publish_posts' : 'edit_posts';
-
- $user = new WP_User(0, $user_login);
- if ( !$user->has_cap($cap) )
+ $user = set_current_user(0, $user_login);
+ if ( !current_user_can($cap) )
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
$post_status = ($publish) ? 'publish' : 'draft';
@@ -445,8 +449,8 @@ function blogger_editPost($args) {
$this->escape($actual_post);
- $user = new WP_User(0, $user_login);
- if ( !$user->has_cap('edit_post', $post_ID) )
+ set_current_user(0, $user_login);
+ if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.');
extract($actual_post);
@@ -489,8 +493,8 @@ function blogger_deletePost($args) {
return new IXR_Error(404, 'Sorry, no such post.');
}
- $user = new WP_User(0, $user_login);
- if ( !$user->has_cap('edit_post', $post_ID) )
+ set_current_user(0, $user_login);
+ if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you do not have the right to delete this post.');
$result = wp_delete_post($post_ID);
@@ -525,8 +529,8 @@ function mw_newPost($args) {
return $this->error;
}
- $user = new WP_User(0, $user_login);
- if ( !$user->has_cap('publish_posts') )
+ $user = set_current_user(0, $user_login);
+ if ( !current_user_can('publish_posts') )
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
$post_author = $user->ID;
@@ -605,8 +609,8 @@ function mw_editPost($args) {
return $this->error;
}
- $user = new WP_User(0, $user_login);
- if ( !$user->has_cap('edit_post', $post_ID) )
+ set_current_user(0, $user_login);
+ if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you can not edit this post.');
$postdata = wp_get_single_post($post_ID, ARRAY_A);
@@ -844,9 +848,8 @@ function mw_newMediaObject($args) {
if ( !$this->login_pass_ok($user_login, $user_pass) )
return $this->error;
- $user = new WP_User(0, $user_login);
-
- if ( !$user->has_cap('upload_files') ) {
+ set_current_user(0, $user_login);
+ if ( !current_user_can('upload_files') ) {
logIO('O', '(MW) User does not have upload_files capability');
$this->error = new IXR_Error(401, 'You are not allowed to upload files to this site.');
return $this->error;
@@ -984,8 +987,8 @@ function mt_setPostCategories($args) {
return $this->error;
}
- $user = new WP_User(0, $user_login);
- if ( !$user->has_cap('edit_post', $post_ID) )
+ set_current_user(0, $user_login);
+ if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you can not edit this post.');
foreach($categories as $cat) {
@@ -1066,8 +1069,8 @@ function mt_publishPost($args) {
return $this->error;
}
- $user = new WP_User(0, $user_login);
- if ( !$user->has_cap('edit_post', $post_ID) )
+ set_current_user(0, $user_login);
+ if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you can not edit this post.');
$postdata = wp_get_single_post($post_ID,ARRAY_A);
@@ -1282,4 +1285,4 @@ function pingback_extensions_getPingbacks($args) {
$wp_xmlrpc_server = new wp_xmlrpc_server();
-?>
+?>

0 comments on commit cb09336

Please sign in to comment.
Something went wrong with that request. Please try again.