Projects : mp-wp : mp-wp_genesis
1 | <?php |
2 | /** |
3 | * XML-RPC protocol support for WordPress |
4 | * |
5 | * @license GPL v2 <./license.txt> |
6 | * @package WordPress |
7 | */ |
8 | |
9 | /** |
10 | * Whether this is a XMLRPC Request |
11 | * |
12 | * @var bool |
13 | */ |
14 | define('XMLRPC_REQUEST', true); |
15 | |
16 | // Some browser-embedded clients send cookies. We don't want them. |
17 | $_COOKIE = array(); |
18 | |
19 | // A bug in PHP < 5.2.2 makes $HTTP_RAW_POST_DATA not set by default, |
20 | // but we can do it ourself. |
21 | if ( !isset( $HTTP_RAW_POST_DATA ) ) { |
22 | $HTTP_RAW_POST_DATA = file_get_contents( 'php://input' ); |
23 | } |
24 | |
25 | // fix for mozBlog and other cases where '<?xml' isn't on the very first line |
26 | if ( isset($HTTP_RAW_POST_DATA) ) |
27 | $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA); |
28 | |
29 | /** Include the bootstrap for setting up WordPress environment */ |
30 | include('./wp-load.php'); |
31 | |
32 | if ( isset( $_GET['rsd'] ) ) { // http://archipelago.phrasewise.com/rsd |
33 | header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true); |
34 | ?> |
35 | <?php echo '<?xml version="1.0" encoding="'.get_option('blog_charset').'"?'.'>'; ?> |
36 | <rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd"> |
37 | <service> |
38 | <engineName>WordPress</engineName> |
39 | <engineLink>http://wordpress.org/</engineLink> |
40 | <homePageLink><?php bloginfo_rss('url') ?></homePageLink> |
41 | <apis> |
42 | <api name="WordPress" blogID="1" preferred="true" apiLink="<?php echo site_url('xmlrpc.php') ?>" /> |
43 | <api name="Movable Type" blogID="1" preferred="false" apiLink="<?php echo site_url('xmlrpc.php') ?>" /> |
44 | <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php echo site_url('xmlrpc.php') ?>" /> |
45 | <api name="Blogger" blogID="1" preferred="false" apiLink="<?php echo site_url('xmlrpc.php') ?>" /> |
46 | <api name="Atom" blogID="" preferred="false" apiLink="<?php echo apply_filters('atom_service_url', site_url('wp-app.php/service') ) ?>" /> |
47 | </apis> |
48 | </service> |
49 | </rsd> |
50 | <?php |
51 | exit; |
52 | } |
53 | |
54 | include_once(ABSPATH . 'wp-admin/includes/admin.php'); |
55 | include_once(ABSPATH . WPINC . '/class-IXR.php'); |
56 | |
57 | // Turn off all warnings and errors. |
58 | // error_reporting(0); |
59 | |
60 | /** |
61 | * Posts submitted via the xmlrpc interface get that title |
62 | * @name post_default_title |
63 | * @var string |
64 | */ |
65 | $post_default_title = ""; |
66 | |
67 | /** |
68 | * Whether to enable XMLRPC Logging. |
69 | * |
70 | * @name xmlrpc_logging |
71 | * @var int|bool |
72 | */ |
73 | $xmlrpc_logging = 0; |
74 | |
75 | /** |
76 | * logIO() - Writes logging info to a file. |
77 | * |
78 | * @uses $xmlrpc_logging |
79 | * @package WordPress |
80 | * @subpackage Logging |
81 | * |
82 | * @param string $io Whether input or output |
83 | * @param string $msg Information describing logging reason. |
84 | * @return bool Always return true |
85 | */ |
86 | function logIO($io,$msg) { |
87 | global $xmlrpc_logging; |
88 | if ($xmlrpc_logging) { |
89 | $fp = fopen("../xmlrpc.log","a+"); |
90 | $date = gmdate("Y-m-d H:i:s "); |
91 | $iot = ($io == "I") ? " Input: " : " Output: "; |
92 | fwrite($fp, "\n\n".$date.$iot.$msg); |
93 | fclose($fp); |
94 | } |
95 | return true; |
96 | } |
97 | |
98 | if ( isset($HTTP_RAW_POST_DATA) ) |
99 | logIO("I", $HTTP_RAW_POST_DATA); |
100 | |
101 | /** |
102 | * WordPress XMLRPC server implementation. |
103 | * |
104 | * Implements compatability for Blogger API, MetaWeblog API, MovableType, and |
105 | * pingback. Additional WordPress API for managing comments, pages, posts, |
106 | * options, etc. |
107 | * |
108 | * Since WordPress 2.6.0, WordPress XMLRPC server can be disabled in the |
109 | * administration panels. |
110 | * |
111 | * @package WordPress |
112 | * @subpackage Publishing |
113 | * @since 1.5.0 |
114 | */ |
115 | class wp_xmlrpc_server extends IXR_Server { |
116 | |
117 | /** |
118 | * Register all of the XMLRPC methods that XMLRPC server understands. |
119 | * |
120 | * PHP4 constructor and sets up server and method property. Passes XMLRPC |
121 | * methods through the 'xmlrpc_methods' filter to allow plugins to extend |
122 | * or replace XMLRPC methods. |
123 | * |
124 | * @since 1.5.0 |
125 | * |
126 | * @return wp_xmlrpc_server |
127 | */ |
128 | function wp_xmlrpc_server() { |
129 | $this->methods = array( |
130 | // Close all but pingback! |
131 | /* |
132 | // WordPress API |
133 | 'wp.getUsersBlogs' => 'this:wp_getUsersBlogs', |
134 | 'wp.getPage' => 'this:wp_getPage', |
135 | 'wp.getPages' => 'this:wp_getPages', |
136 | 'wp.newPage' => 'this:wp_newPage', |
137 | 'wp.deletePage' => 'this:wp_deletePage', |
138 | 'wp.editPage' => 'this:wp_editPage', |
139 | 'wp.getPageList' => 'this:wp_getPageList', |
140 | 'wp.getAuthors' => 'this:wp_getAuthors', |
141 | 'wp.getCategories' => 'this:mw_getCategories', // Alias |
142 | 'wp.getTags' => 'this:wp_getTags', |
143 | 'wp.newCategory' => 'this:wp_newCategory', |
144 | 'wp.deleteCategory' => 'this:wp_deleteCategory', |
145 | 'wp.suggestCategories' => 'this:wp_suggestCategories', |
146 | 'wp.uploadFile' => 'this:mw_newMediaObject', // Alias |
147 | 'wp.getCommentCount' => 'this:wp_getCommentCount', |
148 | 'wp.getPostStatusList' => 'this:wp_getPostStatusList', |
149 | 'wp.getPageStatusList' => 'this:wp_getPageStatusList', |
150 | 'wp.getPageTemplates' => 'this:wp_getPageTemplates', |
151 | 'wp.getOptions' => 'this:wp_getOptions', |
152 | 'wp.setOptions' => 'this:wp_setOptions', |
153 | 'wp.getComment' => 'this:wp_getComment', |
154 | 'wp.getComments' => 'this:wp_getComments', |
155 | 'wp.deleteComment' => 'this:wp_deleteComment', |
156 | 'wp.editComment' => 'this:wp_editComment', |
157 | 'wp.newComment' => 'this:wp_newComment', |
158 | 'wp.getCommentStatusList' => 'this:wp_getCommentStatusList', |
159 | |
160 | // Blogger API |
161 | 'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs', |
162 | 'blogger.getUserInfo' => 'this:blogger_getUserInfo', |
163 | 'blogger.getPost' => 'this:blogger_getPost', |
164 | 'blogger.getRecentPosts' => 'this:blogger_getRecentPosts', |
165 | 'blogger.getTemplate' => 'this:blogger_getTemplate', |
166 | 'blogger.setTemplate' => 'this:blogger_setTemplate', |
167 | 'blogger.newPost' => 'this:blogger_newPost', |
168 | 'blogger.editPost' => 'this:blogger_editPost', |
169 | 'blogger.deletePost' => 'this:blogger_deletePost', |
170 | |
171 | // MetaWeblog API (with MT extensions to structs) |
172 | 'metaWeblog.newPost' => 'this:mw_newPost', |
173 | 'metaWeblog.editPost' => 'this:mw_editPost', |
174 | 'metaWeblog.getPost' => 'this:mw_getPost', |
175 | 'metaWeblog.getRecentPosts' => 'this:mw_getRecentPosts', |
176 | 'metaWeblog.getCategories' => 'this:mw_getCategories', |
177 | 'metaWeblog.newMediaObject' => 'this:mw_newMediaObject', |
178 | |
179 | // MetaWeblog API aliases for Blogger API |
180 | // see http://www.xmlrpc.com/stories/storyReader$2460 |
181 | 'metaWeblog.deletePost' => 'this:blogger_deletePost', |
182 | 'metaWeblog.getTemplate' => 'this:blogger_getTemplate', |
183 | 'metaWeblog.setTemplate' => 'this:blogger_setTemplate', |
184 | 'metaWeblog.getUsersBlogs' => 'this:blogger_getUsersBlogs', |
185 | |
186 | // MovableType API |
187 | 'mt.getCategoryList' => 'this:mt_getCategoryList', |
188 | 'mt.getRecentPostTitles' => 'this:mt_getRecentPostTitles', |
189 | 'mt.getPostCategories' => 'this:mt_getPostCategories', |
190 | 'mt.setPostCategories' => 'this:mt_setPostCategories', |
191 | 'mt.supportedMethods' => 'this:mt_supportedMethods', |
192 | 'mt.supportedTextFilters' => 'this:mt_supportedTextFilters', |
193 | 'mt.getTrackbackPings' => 'this:mt_getTrackbackPings', |
194 | 'mt.publishPost' => 'this:mt_publishPost', |
195 | |
196 | |
197 | 'demo.sayHello' => 'this:sayHello', |
198 | 'demo.addTwoNumbers' => 'this:addTwoNumbers' |
199 | */ |
200 | |
201 | // PingBack |
202 | 'pingback.ping' => 'this:pingback_ping', |
203 | 'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks', |
204 | |
205 | ); |
206 | |
207 | $this->initialise_blog_option_info( ); |
208 | $this->methods = apply_filters('xmlrpc_methods', $this->methods); |
209 | $this->IXR_Server($this->methods); |
210 | } |
211 | |
212 | /** |
213 | * Test XMLRPC API by saying, "Hello!" to client. |
214 | * |
215 | * @since 1.5.0 |
216 | * |
217 | * @param array $args Method Parameters. |
218 | * @return string |
219 | */ |
220 | function sayHello($args) { |
221 | return 'Hello!'; |
222 | } |
223 | |
224 | /** |
225 | * Test XMLRPC API by adding two numbers for client. |
226 | * |
227 | * @since 1.5.0 |
228 | * |
229 | * @param array $args Method Parameters. |
230 | * @return int |
231 | */ |
232 | function addTwoNumbers($args) { |
233 | $number1 = $args[0]; |
234 | $number2 = $args[1]; |
235 | return $number1 + $number2; |
236 | } |
237 | |
238 | /** |
239 | * Check user's credentials. |
240 | * |
241 | * @since 1.5.0 |
242 | * |
243 | * @param string $user_login User's username. |
244 | * @param string $user_pass User's password. |
245 | * @return bool Whether authentication passed. |
246 | */ |
247 | function login_pass_ok($user_login, $user_pass) { |
248 | if ( !get_option( 'enable_xmlrpc' ) ) { |
249 | $this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this blog. An admin user can enable them at %s'), admin_url('options-writing.php') ) ); |
250 | return false; |
251 | } |
252 | |
253 | if (!user_pass_ok($user_login, $user_pass)) { |
254 | $this->error = new IXR_Error(403, __('Bad login/pass combination.')); |
255 | return false; |
256 | } |
257 | return true; |
258 | } |
259 | |
260 | /** |
261 | * Sanitize string or array of strings for database. |
262 | * |
263 | * @since 1.5.2 |
264 | * |
265 | * @param string|array $array Sanitize single string or array of strings. |
266 | * @return string|array Type matches $array and sanitized for the database. |
267 | */ |
268 | function escape(&$array) { |
269 | global $wpdb; |
270 | |
271 | if(!is_array($array)) { |
272 | return($wpdb->escape($array)); |
273 | } |
274 | else { |
275 | foreach ( (array) $array as $k => $v ) { |
276 | if (is_array($v)) { |
277 | $this->escape($array[$k]); |
278 | } else if (is_object($v)) { |
279 | //skip |
280 | } else { |
281 | $array[$k] = $wpdb->escape($v); |
282 | } |
283 | } |
284 | } |
285 | } |
286 | |
287 | /** |
288 | * Retrieve custom fields for post. |
289 | * |
290 | * @since 2.5.0 |
291 | * |
292 | * @param int $post_id Post ID. |
293 | * @return array Custom fields, if exist. |
294 | */ |
295 | function get_custom_fields($post_id) { |
296 | $post_id = (int) $post_id; |
297 | |
298 | $custom_fields = array(); |
299 | |
300 | foreach ( (array) has_meta($post_id) as $meta ) { |
301 | // Don't expose protected fields. |
302 | if ( strpos($meta['meta_key'], '_wp_') === 0 ) { |
303 | continue; |
304 | } |
305 | |
306 | $custom_fields[] = array( |
307 | "id" => $meta['meta_id'], |
308 | "key" => $meta['meta_key'], |
309 | "value" => $meta['meta_value'] |
310 | ); |
311 | } |
312 | |
313 | return $custom_fields; |
314 | } |
315 | |
316 | /** |
317 | * Set custom fields for post. |
318 | * |
319 | * @since 2.5.0 |
320 | * |
321 | * @param int $post_id Post ID. |
322 | * @param array $fields Custom fields. |
323 | */ |
324 | function set_custom_fields($post_id, $fields) { |
325 | $post_id = (int) $post_id; |
326 | |
327 | foreach ( (array) $fields as $meta ) { |
328 | if ( isset($meta['id']) ) { |
329 | $meta['id'] = (int) $meta['id']; |
330 | |
331 | if ( isset($meta['key']) ) { |
332 | update_meta($meta['id'], $meta['key'], $meta['value']); |
333 | } |
334 | else { |
335 | delete_meta($meta['id']); |
336 | } |
337 | } |
338 | else { |
339 | $_POST['metakeyinput'] = $meta['key']; |
340 | $_POST['metavalue'] = $meta['value']; |
341 | add_meta($post_id); |
342 | } |
343 | } |
344 | } |
345 | |
346 | /** |
347 | * Setup blog options property. |
348 | * |
349 | * Passes property through 'xmlrpc_blog_options' filter. |
350 | * |
351 | * @since 2.6.0 |
352 | */ |
353 | function initialise_blog_option_info( ) { |
354 | global $wp_version; |
355 | |
356 | $this->blog_options = array( |
357 | // Read only options |
358 | 'software_name' => array( |
359 | 'desc' => __( 'Software Name' ), |
360 | 'readonly' => true, |
361 | 'value' => 'WordPress' |
362 | ), |
363 | 'software_version' => array( |
364 | 'desc' => __( 'Software Version' ), |
365 | 'readonly' => true, |
366 | 'value' => $wp_version |
367 | ), |
368 | 'blog_url' => array( |
369 | 'desc' => __( 'Blog URL' ), |
370 | 'readonly' => true, |
371 | 'option' => 'siteurl' |
372 | ), |
373 | |
374 | // Updatable options |
375 | 'time_zone' => array( |
376 | 'desc' => __( 'Time Zone' ), |
377 | 'readonly' => false, |
378 | 'option' => 'gmt_offset' |
379 | ), |
380 | 'blog_title' => array( |
381 | 'desc' => __( 'Blog Title' ), |
382 | 'readonly' => false, |
383 | 'option' => 'blogname' |
384 | ), |
385 | 'blog_tagline' => array( |
386 | 'desc' => __( 'Blog Tagline' ), |
387 | 'readonly' => false, |
388 | 'option' => 'blogdescription' |
389 | ), |
390 | 'date_format' => array( |
391 | 'desc' => __( 'Date Format' ), |
392 | 'readonly' => false, |
393 | 'option' => 'date_format' |
394 | ), |
395 | 'time_format' => array( |
396 | 'desc' => __( 'Time Format' ), |
397 | 'readonly' => false, |
398 | 'option' => 'time_format' |
399 | ) |
400 | ); |
401 | |
402 | $this->blog_options = apply_filters( 'xmlrpc_blog_options', $this->blog_options ); |
403 | } |
404 | |
405 | /** |
406 | * Retrieve the blogs of the user. |
407 | * |
408 | * @since 2.6.0 |
409 | * |
410 | * @param array $args Method parameters. |
411 | * @return array |
412 | */ |
413 | function wp_getUsersBlogs( $args ) { |
414 | // If this isn't on WPMU then just use blogger_getUsersBlogs |
415 | if( !function_exists( 'is_site_admin' ) ) { |
416 | array_unshift( $args, 1 ); |
417 | return $this->blogger_getUsersBlogs( $args ); |
418 | } |
419 | |
420 | $this->escape( $args ); |
421 | |
422 | $username = $args[0]; |
423 | $password = $args[1]; |
424 | |
425 | if( !$this->login_pass_ok( $username, $password ) ) |
426 | return $this->error; |
427 | |
428 | do_action( 'xmlrpc_call', 'wp.getUsersBlogs' ); |
429 | |
430 | $user = set_current_user( 0, $username ); |
431 | |
432 | $blogs = (array) get_blogs_of_user( $user->ID ); |
433 | $struct = array( ); |
434 | |
435 | foreach( $blogs as $blog ) { |
436 | // Don't include blogs that aren't hosted at this site |
437 | if( $blog->site_id != $current_site->id ) |
438 | continue; |
439 | |
440 | $blog_id = $blog->userblog_id; |
441 | switch_to_blog($blog_id); |
442 | $is_admin = current_user_can('level_8'); |
443 | |
444 | $struct[] = array( |
445 | 'isAdmin' => $is_admin, |
446 | 'url' => get_option( 'home' ) . '/', |
447 | 'blogid' => $blog_id, |
448 | 'blogName' => get_option( 'blogname' ), |
449 | 'xmlrpc' => get_option( 'home' ) . '/xmlrpc.php' |
450 | ); |
451 | |
452 | restore_current_blog( ); |
453 | } |
454 | |
455 | return $struct; |
456 | } |
457 | |
458 | /** |
459 | * Retrieve page. |
460 | * |
461 | * @since 2.2.0 |
462 | * |
463 | * @param array $args Method parameters. |
464 | * @return array |
465 | */ |
466 | function wp_getPage($args) { |
467 | $this->escape($args); |
468 | |
469 | $blog_id = (int) $args[0]; |
470 | $page_id = (int) $args[1]; |
471 | $username = $args[2]; |
472 | $password = $args[3]; |
473 | |
474 | if(!$this->login_pass_ok($username, $password)) { |
475 | return($this->error); |
476 | } |
477 | |
478 | set_current_user( 0, $username ); |
479 | if( !current_user_can( 'edit_page', $page_id ) ) |
480 | return new IXR_Error( 401, __( 'Sorry, you can not edit this page.' ) ); |
481 | |
482 | do_action('xmlrpc_call', 'wp.getPage'); |
483 | |
484 | // Lookup page info. |
485 | $page = get_page($page_id); |
486 | |
487 | // If we found the page then format the data. |
488 | if($page->ID && ($page->post_type == "page")) { |
489 | // Get all of the page content and link. |
490 | $full_page = get_extended($page->post_content); |
491 | $link = post_permalink($page->ID); |
492 | |
493 | // Get info the page parent if there is one. |
494 | $parent_title = ""; |
495 | if(!empty($page->post_parent)) { |
496 | $parent = get_page($page->post_parent); |
497 | $parent_title = $parent->post_title; |
498 | } |
499 | |
500 | // Determine comment and ping settings. |
501 | $allow_comments = ("open" == $page->comment_status) ? 1 : 0; |
502 | $allow_pings = ("open" == $page->ping_status) ? 1 : 0; |
503 | |
504 | // Format page date. |
505 | $page_date = mysql2date("Ymd\TH:i:s", $page->post_date); |
506 | $page_date_gmt = mysql2date("Ymd\TH:i:s", $page->post_date_gmt); |
507 | |
508 | // Pull the categories info together. |
509 | $categories = array(); |
510 | foreach(wp_get_post_categories($page->ID) as $cat_id) { |
511 | $categories[] = get_cat_name($cat_id); |
512 | } |
513 | |
514 | // Get the author info. |
515 | $author = get_userdata($page->post_author); |
516 | |
517 | $page_template = get_post_meta( $page->ID, '_wp_page_template', true ); |
518 | if( empty( $page_template ) ) |
519 | $page_template = 'default'; |
520 | |
521 | $page_struct = array( |
522 | "dateCreated" => new IXR_Date($page_date), |
523 | "userid" => $page->post_author, |
524 | "page_id" => $page->ID, |
525 | "page_status" => $page->post_status, |
526 | "description" => $full_page["main"], |
527 | "title" => $page->post_title, |
528 | "link" => $link, |
529 | "permaLink" => $link, |
530 | "categories" => $categories, |
531 | "excerpt" => $page->post_excerpt, |
532 | "text_more" => $full_page["extended"], |
533 | "mt_allow_comments" => $allow_comments, |
534 | "mt_allow_pings" => $allow_pings, |
535 | "wp_slug" => $page->post_name, |
536 | "wp_password" => $page->post_password, |
537 | "wp_author" => $author->display_name, |
538 | "wp_page_parent_id" => $page->post_parent, |
539 | "wp_page_parent_title" => $parent_title, |
540 | "wp_page_order" => $page->menu_order, |
541 | "wp_author_id" => $author->ID, |
542 | "wp_author_display_name" => $author->display_name, |
543 | "date_created_gmt" => new IXR_Date($page_date_gmt), |
544 | "custom_fields" => $this->get_custom_fields($page_id), |
545 | "wp_page_template" => $page_template |
546 | ); |
547 | |
548 | return($page_struct); |
549 | } |
550 | // If the page doesn't exist indicate that. |
551 | else { |
552 | return(new IXR_Error(404, __("Sorry, no such page."))); |
553 | } |
554 | } |
555 | |
556 | /** |
557 | * Retrieve Pages. |
558 | * |
559 | * @since 2.2.0 |
560 | * |
561 | * @param array $args Method parameters. |
562 | * @return array |
563 | */ |
564 | function wp_getPages($args) { |
565 | $this->escape($args); |
566 | |
567 | $blog_id = (int) $args[0]; |
568 | $username = $args[1]; |
569 | $password = $args[2]; |
570 | $num_pages = (int) $args[3]; |
571 | |
572 | if(!$this->login_pass_ok($username, $password)) { |
573 | return($this->error); |
574 | } |
575 | |
576 | set_current_user( 0, $username ); |
577 | if( !current_user_can( 'edit_pages' ) ) |
578 | return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); |
579 | |
580 | do_action('xmlrpc_call', 'wp.getPages'); |
581 | |
582 | $page_limit = 10; |
583 | if( isset( $num_pages ) ) { |
584 | $page_limit = $num_pages; |
585 | } |
586 | |
587 | $pages = get_posts( "post_type=page&post_status=all&numberposts={$page_limit}" ); |
588 | $num_pages = count($pages); |
589 | |
590 | // If we have pages, put together their info. |
591 | if($num_pages >= 1) { |
592 | $pages_struct = array(); |
593 | |
594 | for($i = 0; $i < $num_pages; $i++) { |
595 | $page = wp_xmlrpc_server::wp_getPage(array( |
596 | $blog_id, $pages[$i]->ID, $username, $password |
597 | )); |
598 | $pages_struct[] = $page; |
599 | } |
600 | |
601 | return($pages_struct); |
602 | } |
603 | // If no pages were found return an error. |
604 | else { |
605 | return(array()); |
606 | } |
607 | } |
608 | |
609 | /** |
610 | * Create new page. |
611 | * |
612 | * @since 2.2.0 |
613 | * |
614 | * @param array $args Method parameters. |
615 | * @return unknown |
616 | */ |
617 | function wp_newPage($args) { |
618 | // Items not escaped here will be escaped in newPost. |
619 | $username = $this->escape($args[1]); |
620 | $password = $this->escape($args[2]); |
621 | $page = $args[3]; |
622 | $publish = $args[4]; |
623 | |
624 | if(!$this->login_pass_ok($username, $password)) { |
625 | return($this->error); |
626 | } |
627 | |
628 | do_action('xmlrpc_call', 'wp.newPage'); |
629 | |
630 | // Set the user context and check if they are allowed |
631 | // to add new pages. |
632 | $user = set_current_user(0, $username); |
633 | if(!current_user_can("publish_pages")) { |
634 | return(new IXR_Error(401, __("Sorry, you can not add new pages."))); |
635 | } |
636 | |
637 | // Mark this as content for a page. |
638 | $args[3]["post_type"] = "page"; |
639 | |
640 | // Let mw_newPost do all of the heavy lifting. |
641 | return($this->mw_newPost($args)); |
642 | } |
643 | |
644 | /** |
645 | * Delete page. |
646 | * |
647 | * @since 2.2.0 |
648 | * |
649 | * @param array $args Method parameters. |
650 | * @return bool True, if success. |
651 | */ |
652 | function wp_deletePage($args) { |
653 | $this->escape($args); |
654 | |
655 | $blog_id = (int) $args[0]; |
656 | $username = $args[1]; |
657 | $password = $args[2]; |
658 | $page_id = (int) $args[3]; |
659 | |
660 | if(!$this->login_pass_ok($username, $password)) { |
661 | return($this->error); |
662 | } |
663 | |
664 | do_action('xmlrpc_call', 'wp.deletePage'); |
665 | |
666 | // Get the current page based on the page_id and |
667 | // make sure it is a page and not a post. |
668 | $actual_page = wp_get_single_post($page_id, ARRAY_A); |
669 | if( |
670 | !$actual_page |
671 | || ($actual_page["post_type"] != "page") |
672 | ) { |
673 | return(new IXR_Error(404, __("Sorry, no such page."))); |
674 | } |
675 | |
676 | // Set the user context and make sure they can delete pages. |
677 | set_current_user(0, $username); |
678 | if(!current_user_can("delete_page", $page_id)) { |
679 | return(new IXR_Error(401, __("Sorry, you do not have the right to delete this page."))); |
680 | } |
681 | |
682 | // Attempt to delete the page. |
683 | $result = wp_delete_post($page_id); |
684 | if(!$result) { |
685 | return(new IXR_Error(500, __("Failed to delete the page."))); |
686 | } |
687 | |
688 | return(true); |
689 | } |
690 | |
691 | /** |
692 | * Edit page. |
693 | * |
694 | * @since 2.2.0 |
695 | * |
696 | * @param array $args Method parameters. |
697 | * @return unknown |
698 | */ |
699 | function wp_editPage($args) { |
700 | // Items not escaped here will be escaped in editPost. |
701 | $blog_id = (int) $args[0]; |
702 | $page_id = (int) $this->escape($args[1]); |
703 | $username = $this->escape($args[2]); |
704 | $password = $this->escape($args[3]); |
705 | $content = $args[4]; |
706 | $publish = $args[5]; |
707 | |
708 | if(!$this->login_pass_ok($username, $password)) { |
709 | return($this->error); |
710 | } |
711 | |
712 | do_action('xmlrpc_call', 'wp.editPage'); |
713 | |
714 | // Get the page data and make sure it is a page. |
715 | $actual_page = wp_get_single_post($page_id, ARRAY_A); |
716 | if( |
717 | !$actual_page |
718 | || ($actual_page["post_type"] != "page") |
719 | ) { |
720 | return(new IXR_Error(404, __("Sorry, no such page."))); |
721 | } |
722 | |
723 | // Set the user context and make sure they are allowed to edit pages. |
724 | set_current_user(0, $username); |
725 | if(!current_user_can("edit_page", $page_id)) { |
726 | return(new IXR_Error(401, __("Sorry, you do not have the right to edit this page."))); |
727 | } |
728 | |
729 | // Mark this as content for a page. |
730 | $content["post_type"] = "page"; |
731 | |
732 | // Arrange args in the way mw_editPost understands. |
733 | $args = array( |
734 | $page_id, |
735 | $username, |
736 | $password, |
737 | $content, |
738 | $publish |
739 | ); |
740 | |
741 | // Let mw_editPost do all of the heavy lifting. |
742 | return($this->mw_editPost($args)); |
743 | } |
744 | |
745 | /** |
746 | * Retrieve page list. |
747 | * |
748 | * @since 2.2.0 |
749 | * |
750 | * @param array $args Method parameters. |
751 | * @return unknown |
752 | */ |
753 | function wp_getPageList($args) { |
754 | global $wpdb; |
755 | |
756 | $this->escape($args); |
757 | |
758 | $blog_id = (int) $args[0]; |
759 | $username = $args[1]; |
760 | $password = $args[2]; |
761 | |
762 | if(!$this->login_pass_ok($username, $password)) { |
763 | return($this->error); |
764 | } |
765 | |
766 | set_current_user( 0, $username ); |
767 | if( !current_user_can( 'edit_pages' ) ) |
768 | return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) ); |
769 | |
770 | do_action('xmlrpc_call', 'wp.getPageList'); |
771 | |
772 | // Get list of pages ids and titles |
773 | $page_list = $wpdb->get_results(" |
774 | SELECT ID page_id, |
775 | post_title page_title, |
776 | post_parent page_parent_id, |
777 | post_date_gmt, |
778 | post_date |
779 | FROM {$wpdb->posts} |
780 | WHERE post_type = 'page' |
781 | ORDER BY ID |
782 | "); |
783 | |
784 | // The date needs to be formated properly. |
785 | $num_pages = count($page_list); |
786 | for($i = 0; $i < $num_pages; $i++) { |
787 | $post_date = mysql2date("Ymd\TH:i:s", $page_list[$i]->post_date); |
788 | $post_date_gmt = mysql2date("Ymd\TH:i:s", $page_list[$i]->post_date_gmt); |
789 | |
790 | $page_list[$i]->dateCreated = new IXR_Date($post_date); |
791 | $page_list[$i]->date_created_gmt = new IXR_Date($post_date_gmt); |
792 | |
793 | unset($page_list[$i]->post_date_gmt); |
794 | unset($page_list[$i]->post_date); |
795 | } |
796 | |
797 | return($page_list); |
798 | } |
799 | |
800 | /** |
801 | * Retrieve authors list. |
802 | * |
803 | * @since 2.2.0 |
804 | * |
805 | * @param array $args Method parameters. |
806 | * @return array |
807 | */ |
808 | function wp_getAuthors($args) { |
809 | |
810 | $this->escape($args); |
811 | |
812 | $blog_id = (int) $args[0]; |
813 | $username = $args[1]; |
814 | $password = $args[2]; |
815 | |
816 | if(!$this->login_pass_ok($username, $password)) { |
817 | return($this->error); |
818 | } |
819 | |
820 | set_current_user(0, $username); |
821 | if(!current_user_can("edit_posts")) { |
822 | return(new IXR_Error(401, __("Sorry, you can not edit posts on this blog."))); |
823 | } |
824 | |
825 | do_action('xmlrpc_call', 'wp.getAuthors'); |
826 | |
827 | $authors = array(); |
828 | foreach( (array) get_users_of_blog() as $row ) { |
829 | $authors[] = array( |
830 | "user_id" => $row->user_id, |
831 | "user_login" => $row->user_login, |
832 | "display_name" => $row->display_name |
833 | ); |
834 | } |
835 | |
836 | return($authors); |
837 | } |
838 | |
839 | /** |
840 | * Get list of all tags |
841 | * |
842 | * @since 2.7 |
843 | * |
844 | * @param array $args Method parameters. |
845 | * @return array |
846 | */ |
847 | function wp_getTags( $args ) { |
848 | $this->escape( $args ); |
849 | |
850 | $blog_id = (int) $args[0]; |
851 | $username = $args[1]; |
852 | $password = $args[2]; |
853 | |
854 | if( !$this->login_pass_ok( $username, $password ) ) { |
855 | return $this->error; |
856 | } |
857 | |
858 | set_current_user( 0, $username ); |
859 | if( !current_user_can( 'edit_posts' ) ) { |
860 | return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view tags.' ) ); |
861 | } |
862 | |
863 | do_action( 'xmlrpc_call', 'wp.getKeywords' ); |
864 | |
865 | $tags = array( ); |
866 | |
867 | if( $all_tags = get_tags( ) ) { |
868 | foreach( (array) $all_tags as $tag ) { |
869 | $struct['tag_id'] = $tag->term_id; |
870 | $struct['name'] = $tag->name; |
871 | $struct['count'] = $tag->count; |
872 | $struct['slug'] = $tag->slug; |
873 | $struct['html_url'] = wp_specialchars( get_tag_link( $tag->term_id ) ); |
874 | $struct['rss_url'] = wp_specialchars( get_tag_feed_link( $tag->term_id ) ); |
875 | |
876 | $tags[] = $struct; |
877 | } |
878 | } |
879 | |
880 | return $tags; |
881 | } |
882 | |
883 | /** |
884 | * Create new category. |
885 | * |
886 | * @since 2.2.0 |
887 | * |
888 | * @param array $args Method parameters. |
889 | * @return int Category ID. |
890 | */ |
891 | function wp_newCategory($args) { |
892 | $this->escape($args); |
893 | |
894 | $blog_id = (int) $args[0]; |
895 | $username = $args[1]; |
896 | $password = $args[2]; |
897 | $category = $args[3]; |
898 | |
899 | if(!$this->login_pass_ok($username, $password)) { |
900 | return($this->error); |
901 | } |
902 | |
903 | do_action('xmlrpc_call', 'wp.newCategory'); |
904 | |
905 | // Set the user context and make sure they are |
906 | // allowed to add a category. |
907 | set_current_user(0, $username); |
908 | if(!current_user_can("manage_categories")) { |
909 | return(new IXR_Error(401, __("Sorry, you do not have the right to add a category."))); |
910 | } |
911 | |
912 | // If no slug was provided make it empty so that |
913 | // WordPress will generate one. |
914 | if(empty($category["slug"])) { |
915 | $category["slug"] = ""; |
916 | } |
917 | |
918 | // If no parent_id was provided make it empty |
919 | // so that it will be a top level page (no parent). |
920 | if ( !isset($category["parent_id"]) ) |
921 | $category["parent_id"] = ""; |
922 | |
923 | // If no description was provided make it empty. |
924 | if(empty($category["description"])) { |
925 | $category["description"] = ""; |
926 | } |
927 | |
928 | $new_category = array( |
929 | "cat_name" => $category["name"], |
930 | "category_nicename" => $category["slug"], |
931 | "category_parent" => $category["parent_id"], |
932 | "category_description" => $category["description"] |
933 | ); |
934 | |
935 | $cat_id = wp_insert_category($new_category); |
936 | if(!$cat_id) { |
937 | return(new IXR_Error(500, __("Sorry, the new category failed."))); |
938 | } |
939 | |
940 | return($cat_id); |
941 | } |
942 | |
943 | /** |
944 | * Remove category. |
945 | * |
946 | * @since 2.5.0 |
947 | * |
948 | * @param array $args Method parameters. |
949 | * @return mixed See {@link wp_delete_category()} for return info. |
950 | */ |
951 | function wp_deleteCategory($args) { |
952 | $this->escape($args); |
953 | |
954 | $blog_id = (int) $args[0]; |
955 | $username = $args[1]; |
956 | $password = $args[2]; |
957 | $category_id = (int) $args[3]; |
958 | |
959 | if( !$this->login_pass_ok( $username, $password ) ) { |
960 | return $this->error; |
961 | } |
962 | |
963 | do_action('xmlrpc_call', 'wp.deleteCategory'); |
964 | |
965 | set_current_user(0, $username); |
966 | if( !current_user_can("manage_categories") ) { |
967 | return new IXR_Error( 401, __( "Sorry, you do not have the right to delete a category." ) ); |
968 | } |
969 | |
970 | return wp_delete_category( $category_id ); |
971 | } |
972 | |
973 | /** |
974 | * Retrieve category list. |
975 | * |
976 | * @since 2.2.0 |
977 | * |
978 | * @param array $args Method parameters. |
979 | * @return array |
980 | */ |
981 | function wp_suggestCategories($args) { |
982 | $this->escape($args); |
983 | |
984 | $blog_id = (int) $args[0]; |
985 | $username = $args[1]; |
986 | $password = $args[2]; |
987 | $category = $args[3]; |
988 | $max_results = (int) $args[4]; |
989 | |
990 | if(!$this->login_pass_ok($username, $password)) { |
991 | return($this->error); |
992 | } |
993 | |
994 | set_current_user(0, $username); |
995 | if( !current_user_can( 'edit_posts' ) ) |
996 | return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts to this blog in order to view categories.' ) ); |
997 | |
998 | do_action('xmlrpc_call', 'wp.suggestCategories'); |
999 | |
1000 | $category_suggestions = array(); |
1001 | $args = array('get' => 'all', 'number' => $max_results, 'name__like' => $category); |
1002 | foreach ( (array) get_categories($args) as $cat ) { |
1003 | $category_suggestions[] = array( |
1004 | "category_id" => $cat->cat_ID, |
1005 | "category_name" => $cat->cat_name |
1006 | ); |
1007 | } |
1008 | |
1009 | return($category_suggestions); |
1010 | } |
1011 | |
1012 | /** |
1013 | * Retrieve comment. |
1014 | * |
1015 | * @since 2.7.0 |
1016 | * |
1017 | * @param array $args Method parameters. |
1018 | * @return array |
1019 | */ |
1020 | function wp_getComment($args) { |
1021 | $this->escape($args); |
1022 | |
1023 | $blog_id = (int) $args[0]; |
1024 | $username = $args[1]; |
1025 | $password = $args[2]; |
1026 | $comment_id = (int) $args[3]; |
1027 | |
1028 | if ( !$this->login_pass_ok( $username, $password ) ) |
1029 | return $this->error; |
1030 | |
1031 | set_current_user( 0, $username ); |
1032 | if ( !current_user_can( 'moderate_comments' ) ) |
1033 | return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) ); |
1034 | |
1035 | do_action('xmlrpc_call', 'wp.getComment'); |
1036 | |
1037 | if ( ! $comment = get_comment($comment_id) ) |
1038 | return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); |
1039 | |
1040 | // Format page date. |
1041 | $comment_date = mysql2date("Ymd\TH:i:s", $comment->comment_date); |
1042 | $comment_date_gmt = mysql2date("Ymd\TH:i:s", $comment->comment_date_gmt); |
1043 | |
1044 | if ( 0 == $comment->comment_approved ) |
1045 | $comment_status = 'hold'; |
1046 | else if ( 'spam' == $comment->comment_approved ) |
1047 | $comment_status = 'spam'; |
1048 | else if ( 1 == $comment->comment_approved ) |
1049 | $comment_status = 'approve'; |
1050 | else |
1051 | $comment_status = $comment->comment_approved; |
1052 | |
1053 | $link = get_comment_link($comment); |
1054 | |
1055 | $comment_struct = array( |
1056 | "date_created_gmt" => new IXR_Date($comment_date_gmt), |
1057 | "user_id" => $comment->user_id, |
1058 | "comment_id" => $comment->comment_ID, |
1059 | "parent" => $comment->comment_parent, |
1060 | "status" => $comment_status, |
1061 | "content" => $comment->comment_content, |
1062 | "link" => $link, |
1063 | "post_id" => $comment->comment_post_ID, |
1064 | "post_title" => get_the_title($comment->comment_post_ID), |
1065 | "author" => $comment->comment_author, |
1066 | "author_url" => $comment->comment_author_url, |
1067 | "author_email" => $comment->comment_author_email, |
1068 | "author_ip" => $comment->comment_author_IP, |
1069 | "type" => $comment->comment_type, |
1070 | ); |
1071 | |
1072 | return $comment_struct; |
1073 | } |
1074 | |
1075 | /** |
1076 | * Retrieve comments. |
1077 | * |
1078 | * @since 2.7.0 |
1079 | * |
1080 | * @param array $args Method parameters. |
1081 | * @return array |
1082 | */ |
1083 | function wp_getComments($args) { |
1084 | $this->escape($args); |
1085 | |
1086 | $blog_id = (int) $args[0]; |
1087 | $username = $args[1]; |
1088 | $password = $args[2]; |
1089 | $struct = $args[3]; |
1090 | |
1091 | if ( !$this->login_pass_ok($username, $password) ) |
1092 | return($this->error); |
1093 | |
1094 | set_current_user( 0, $username ); |
1095 | if ( !current_user_can( 'moderate_comments' ) ) |
1096 | return new IXR_Error( 401, __( 'Sorry, you can not edit comments.' ) ); |
1097 | |
1098 | do_action('xmlrpc_call', 'wp.getComments'); |
1099 | |
1100 | if ( isset($struct['status']) ) |
1101 | $status = $struct['status']; |
1102 | else |
1103 | $status = ''; |
1104 | |
1105 | $post_id = ''; |
1106 | if ( isset($struct['post_id']) ) |
1107 | $post_id = absint($struct['post_id']); |
1108 | |
1109 | $offset = 0; |
1110 | if ( isset($struct['offset']) ) |
1111 | $offset = absint($struct['offset']); |
1112 | |
1113 | $number = 10; |
1114 | if ( isset($struct['number']) ) |
1115 | $number = absint($struct['number']); |
1116 | |
1117 | $comments = get_comments( array('status' => $status, 'post_id' => $post_id, 'offset' => $offset, 'number' => $number ) ); |
1118 | $num_comments = count($comments); |
1119 | |
1120 | if ( ! $num_comments ) |
1121 | return array(); |
1122 | |
1123 | $comments_struct = array(); |
1124 | |
1125 | for ( $i = 0; $i < $num_comments; $i++ ) { |
1126 | $comment = wp_xmlrpc_server::wp_getComment(array( |
1127 | $blog_id, $username, $password, $comments[$i]->comment_ID, |
1128 | )); |
1129 | $comments_struct[] = $comment; |
1130 | } |
1131 | |
1132 | return $comments_struct; |
1133 | } |
1134 | |
1135 | /** |
1136 | * Remove comment. |
1137 | * |
1138 | * @since 2.7.0 |
1139 | * |
1140 | * @param array $args Method parameters. |
1141 | * @return mixed {@link wp_delete_comment()} |
1142 | */ |
1143 | function wp_deleteComment($args) { |
1144 | $this->escape($args); |
1145 | |
1146 | $blog_id = (int) $args[0]; |
1147 | $username = $args[1]; |
1148 | $password = $args[2]; |
1149 | $comment_ID = (int) $args[3]; |
1150 | |
1151 | if ( !$this->login_pass_ok( $username, $password ) ) |
1152 | return $this->error; |
1153 | |
1154 | set_current_user( 0, $username ); |
1155 | if ( !current_user_can( 'moderate_comments' ) ) |
1156 | return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) ); |
1157 | |
1158 | do_action('xmlrpc_call', 'wp.deleteComment'); |
1159 | |
1160 | if ( ! get_comment($comment_ID) ) |
1161 | return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); |
1162 | |
1163 | return wp_delete_comment($comment_ID); |
1164 | } |
1165 | |
1166 | /** |
1167 | * Edit comment. |
1168 | * |
1169 | * @since 2.7.0 |
1170 | * |
1171 | * @param array $args Method parameters. |
1172 | * @return bool True, on success. |
1173 | */ |
1174 | function wp_editComment($args) { |
1175 | $this->escape($args); |
1176 | |
1177 | $blog_id = (int) $args[0]; |
1178 | $username = $args[1]; |
1179 | $password = $args[2]; |
1180 | $comment_ID = (int) $args[3]; |
1181 | $content_struct = $args[4]; |
1182 | |
1183 | if ( !$this->login_pass_ok( $username, $password ) ) |
1184 | return $this->error; |
1185 | |
1186 | set_current_user( 0, $username ); |
1187 | if ( !current_user_can( 'moderate_comments' ) ) |
1188 | return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) ); |
1189 | |
1190 | do_action('xmlrpc_call', 'wp.editComment'); |
1191 | |
1192 | if ( ! get_comment($comment_ID) ) |
1193 | return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); |
1194 | |
1195 | if ( isset($content_struct['status']) ) { |
1196 | $statuses = get_comment_statuses(); |
1197 | $statuses = array_keys($statuses); |
1198 | |
1199 | if ( ! in_array($content_struct['status'], $statuses) ) |
1200 | return new IXR_Error( 401, __( 'Invalid comment status.' ) ); |
1201 | $comment_approved = $content_struct['status']; |
1202 | } |
1203 | |
1204 | // Do some timestamp voodoo |
1205 | if ( !empty( $content_struct['date_created_gmt'] ) ) { |
1206 | $dateCreated = str_replace( 'Z', '', $content_struct['date_created_gmt']->getIso() ) . 'Z'; // We know this is supposed to be GMT, so we're going to slap that Z on there by force |
1207 | $comment_date = get_date_from_gmt(iso8601_to_datetime($dateCreated)); |
1208 | $comment_date_gmt = iso8601_to_datetime($dateCreated, GMT); |
1209 | } |
1210 | |
1211 | if ( isset($content_struct['content']) ) |
1212 | $comment_content = $content_struct['content']; |
1213 | |
1214 | if ( isset($content_struct['author']) ) |
1215 | $comment_author = $content_struct['author']; |
1216 | |
1217 | if ( isset($content_struct['author_url']) ) |
1218 | $comment_author_url = $content_struct['author_url']; |
1219 | |
1220 | if ( isset($content_struct['author_email']) ) |
1221 | $comment_author_email = $content_struct['author_email']; |
1222 | |
1223 | // We've got all the data -- post it: |
1224 | $comment = compact('comment_ID', 'comment_content', 'comment_approved', 'comment_date', 'comment_date_gmt', 'comment_author', 'comment_author_email', 'comment_author_url'); |
1225 | |
1226 | $result = wp_update_comment($comment); |
1227 | if ( is_wp_error( $result ) ) |
1228 | return new IXR_Error(500, $result->get_error_message()); |
1229 | |
1230 | if ( !$result ) |
1231 | return new IXR_Error(500, __('Sorry, the comment could not be edited. Something wrong happened.')); |
1232 | |
1233 | return true; |
1234 | } |
1235 | |
1236 | /** |
1237 | * Create new comment. |
1238 | * |
1239 | * @since 2.7.0 |
1240 | * |
1241 | * @param array $args Method parameters. |
1242 | * @return mixed {@link wp_new_comment()} |
1243 | */ |
1244 | function wp_newComment($args) { |
1245 | global $wpdb; |
1246 | |
1247 | $this->escape($args); |
1248 | |
1249 | $blog_id = (int) $args[0]; |
1250 | $username = $args[1]; |
1251 | $password = $args[2]; |
1252 | $post = $args[3]; |
1253 | $content_struct = $args[4]; |
1254 | |
1255 | $allow_anon = apply_filters('xmlrpc_allow_anonymous_comments', false); |
1256 | |
1257 | if ( !$this->login_pass_ok( $username, $password ) ) { |
1258 | $logged_in = false; |
1259 | if ( $allow_anon && get_option('comment_registration') ) |
1260 | return new IXR_Error( 403, __( 'You must be registered to comment' ) ); |
1261 | else if ( !$allow_anon ) |
1262 | return $this->error; |
1263 | } else { |
1264 | $logged_in = true; |
1265 | set_current_user( 0, $username ); |
1266 | if ( !current_user_can( 'moderate_comments' ) ) |
1267 | return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) ); |
1268 | } |
1269 | |
1270 | if ( is_numeric($post) ) |
1271 | $post_id = absint($post); |
1272 | else |
1273 | $post_id = url_to_postid($post); |
1274 | |
1275 | if ( ! $post_id ) |
1276 | return new IXR_Error( 404, __( 'Invalid post ID.' ) ); |
1277 | |
1278 | if ( ! get_post($post_id) ) |
1279 | return new IXR_Error( 404, __( 'Invalid post ID.' ) ); |
1280 | |
1281 | $comment['comment_post_ID'] = $post_id; |
1282 | |
1283 | if ( $logged_in ) { |
1284 | $user = wp_get_current_user(); |
1285 | $comment['comment_author'] = $wpdb->escape( $user->display_name ); |
1286 | $comment['comment_author_email'] = $wpdb->escape( $user->user_email ); |
1287 | $comment['comment_author_url'] = $wpdb->escape( $user->user_url ); |
1288 | $comment['user_ID'] = $user->ID; |
1289 | } else { |
1290 | $comment['comment_author'] = ''; |
1291 | if ( isset($content_struct['author']) ) |
1292 | $comment['comment_author'] = $content_struct['author']; |
1293 | $comment['comment_author_email'] = ''; |
1294 | if ( isset($content_struct['author']) ) |
1295 | $comment['comment_author_email'] = $content_struct['author_email']; |
1296 | $comment['comment_author_url'] = ''; |
1297 | if ( isset($content_struct['author']) ) |
1298 | $comment['comment_author_url'] = $content_struct['author_url']; |
1299 | $comment['user_ID'] = 0; |
1300 | |
1301 | if ( get_option('require_name_email') ) { |
1302 | if ( 6 > strlen($comment['comment_author_email']) || '' == $comment['comment_author'] ) |
1303 | return new IXR_Error( 403, __( 'Comment author name and email are required' ) ); |
1304 | elseif ( !is_email($comment['comment_author_email']) ) |
1305 | return new IXR_Error( 403, __( 'A valid email address is required' ) ); |
1306 | } |
1307 | } |
1308 | |
1309 | $comment['comment_parent'] = isset($content_struct['comment_parent']) ? absint($content_struct['comment_parent']) : 0; |
1310 | |
1311 | $comment['comment_content'] = $content_struct['content']; |
1312 | |
1313 | do_action('xmlrpc_call', 'wp.newComment'); |
1314 | |
1315 | return wp_new_comment($comment); |
1316 | } |
1317 | |
1318 | /** |
1319 | * Retrieve all of the comment status. |
1320 | * |
1321 | * @since 2.7.0 |
1322 | * |
1323 | * @param array $args Method parameters. |
1324 | * @return array |
1325 | */ |
1326 | function wp_getCommentStatusList($args) { |
1327 | $this->escape( $args ); |
1328 | |
1329 | $blog_id = (int) $args[0]; |
1330 | $username = $args[1]; |
1331 | $password = $args[2]; |
1332 | |
1333 | if ( !$this->login_pass_ok( $username, $password ) ) |
1334 | return $this->error; |
1335 | |
1336 | set_current_user( 0, $username ); |
1337 | if ( !current_user_can( 'moderate_comments' ) ) |
1338 | return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); |
1339 | |
1340 | do_action('xmlrpc_call', 'wp.getCommentStatusList'); |
1341 | |
1342 | return get_comment_statuses( ); |
1343 | } |
1344 | |
1345 | /** |
1346 | * Retrieve comment count. |
1347 | * |
1348 | * @since 2.5.0 |
1349 | * |
1350 | * @param array $args Method parameters. |
1351 | * @return array |
1352 | */ |
1353 | function wp_getCommentCount( $args ) { |
1354 | $this->escape($args); |
1355 | |
1356 | $blog_id = (int) $args[0]; |
1357 | $username = $args[1]; |
1358 | $password = $args[2]; |
1359 | $post_id = (int) $args[3]; |
1360 | |
1361 | if( !$this->login_pass_ok( $username, $password ) ) { |
1362 | return $this->error; |
1363 | } |
1364 | |
1365 | set_current_user( 0, $username ); |
1366 | if( !current_user_can( 'edit_posts' ) ) { |
1367 | return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) ); |
1368 | } |
1369 | |
1370 | do_action('xmlrpc_call', 'wp.getCommentCount'); |
1371 | |
1372 | $count = wp_count_comments( $post_id ); |
1373 | return array( |
1374 | "approved" => $count->approved, |
1375 | "awaiting_moderation" => $count->moderated, |
1376 | "spam" => $count->spam, |
1377 | "total_comments" => $count->total_comments |
1378 | ); |
1379 | } |
1380 | |
1381 | /** |
1382 | * Retrieve post statuses. |
1383 | * |
1384 | * @since 2.5.0 |
1385 | * |
1386 | * @param array $args Method parameters. |
1387 | * @return array |
1388 | */ |
1389 | function wp_getPostStatusList( $args ) { |
1390 | $this->escape( $args ); |
1391 | |
1392 | $blog_id = (int) $args[0]; |
1393 | $username = $args[1]; |
1394 | $password = $args[2]; |
1395 | |
1396 | if( !$this->login_pass_ok( $username, $password ) ) { |
1397 | return $this->error; |
1398 | } |
1399 | |
1400 | set_current_user( 0, $username ); |
1401 | if( !current_user_can( 'edit_posts' ) ) { |
1402 | return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); |
1403 | } |
1404 | |
1405 | do_action('xmlrpc_call', 'wp.getPostStatusList'); |
1406 | |
1407 | return get_post_statuses( ); |
1408 | } |
1409 | |
1410 | /** |
1411 | * Retrieve page statuses. |
1412 | * |
1413 | * @since 2.5.0 |
1414 | * |
1415 | * @param array $args Method parameters. |
1416 | * @return array |
1417 | */ |
1418 | function wp_getPageStatusList( $args ) { |
1419 | $this->escape( $args ); |
1420 | |
1421 | $blog_id = (int) $args[0]; |
1422 | $username = $args[1]; |
1423 | $password = $args[2]; |
1424 | |
1425 | if( !$this->login_pass_ok( $username, $password ) ) { |
1426 | return $this->error; |
1427 | } |
1428 | |
1429 | set_current_user( 0, $username ); |
1430 | if( !current_user_can( 'edit_posts' ) ) { |
1431 | return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); |
1432 | } |
1433 | |
1434 | do_action('xmlrpc_call', 'wp.getPageStatusList'); |
1435 | |
1436 | return get_page_statuses( ); |
1437 | } |
1438 | |
1439 | /** |
1440 | * Retrieve page templates. |
1441 | * |
1442 | * @since 2.6.0 |
1443 | * |
1444 | * @param array $args Method parameters. |
1445 | * @return array |
1446 | */ |
1447 | function wp_getPageTemplates( $args ) { |
1448 | $this->escape( $args ); |
1449 | |
1450 | $blog_id = (int) $args[0]; |
1451 | $username = $args[1]; |
1452 | $password = $args[2]; |
1453 | |
1454 | if( !$this->login_pass_ok( $username, $password ) ) { |
1455 | return $this->error; |
1456 | } |
1457 | |
1458 | set_current_user( 0, $username ); |
1459 | if( !current_user_can( 'edit_pages' ) ) { |
1460 | return new IXR_Error( 403, __( 'You are not allowed access to details about this blog.' ) ); |
1461 | } |
1462 | |
1463 | $templates = get_page_templates( ); |
1464 | $templates['Default'] = 'default'; |
1465 | |
1466 | return $templates; |
1467 | } |
1468 | |
1469 | /** |
1470 | * Retrieve blog options. |
1471 | * |
1472 | * @since 2.6.0 |
1473 | * |
1474 | * @param array $args Method parameters. |
1475 | * @return array |
1476 | */ |
1477 | function wp_getOptions( $args ) { |
1478 | $this->escape( $args ); |
1479 | |
1480 | $blog_id = (int) $args[0]; |
1481 | $username = $args[1]; |
1482 | $password = $args[2]; |
1483 | $options = (array) $args[3]; |
1484 | |
1485 | if( !$this->login_pass_ok( $username, $password ) ) |
1486 | return $this->error; |
1487 | |
1488 | $user = set_current_user( 0, $username ); |
1489 | |
1490 | // If no specific options where asked for, return all of them |
1491 | if (count( $options ) == 0 ) { |
1492 | $options = array_keys($this->blog_options); |
1493 | } |
1494 | |
1495 | return $this->_getOptions($options); |
1496 | } |
1497 | |
1498 | /** |
1499 | * Retrieve blog options value from list. |
1500 | * |
1501 | * @since 2.6.0 |
1502 | * |
1503 | * @param array $options Options to retrieve. |
1504 | * @return array |
1505 | */ |
1506 | function _getOptions($options) |
1507 | { |
1508 | $data = array( ); |
1509 | foreach( $options as $option ) { |
1510 | if( array_key_exists( $option, $this->blog_options ) ) |
1511 | { |
1512 | $data[$option] = $this->blog_options[$option]; |
1513 | //Is the value static or dynamic? |
1514 | if( isset( $data[$option]['option'] ) ) { |
1515 | $data[$option]['value'] = get_option( $data[$option]['option'] ); |
1516 | unset($data[$option]['option']); |
1517 | } |
1518 | } |
1519 | } |
1520 | |
1521 | return $data; |
1522 | } |
1523 | |
1524 | /** |
1525 | * Update blog options. |
1526 | * |
1527 | * @since 2.6.0 |
1528 | * |
1529 | * @param array $args Method parameters. |
1530 | * @return unknown |
1531 | */ |
1532 | function wp_setOptions( $args ) { |
1533 | $this->escape( $args ); |
1534 | |
1535 | $blog_id = (int) $args[0]; |
1536 | $username = $args[1]; |
1537 | $password = $args[2]; |
1538 | $options = (array) $args[3]; |
1539 | |
1540 | if( !$this->login_pass_ok( $username, $password ) ) |
1541 | return $this->error; |
1542 | |
1543 | $user = set_current_user( 0, $username ); |
1544 | if( !current_user_can( 'manage_options' ) ) |
1545 | return new IXR_Error( 403, __( 'You are not allowed to update options.' ) ); |
1546 | |
1547 | foreach( $options as $o_name => $o_value ) { |
1548 | $option_names[] = $o_name; |
1549 | if( empty( $o_value ) ) |
1550 | continue; |
1551 | |
1552 | if( !array_key_exists( $o_name, $this->blog_options ) ) |
1553 | continue; |
1554 | |
1555 | if( $this->blog_options[$o_name]['readonly'] == true ) |
1556 | continue; |
1557 | |
1558 | update_option( $this->blog_options[$o_name]['option'], $o_value ); |
1559 | } |
1560 | |
1561 | //Now return the updated values |
1562 | return $this->_getOptions($option_names); |
1563 | } |
1564 | |
1565 | /* Blogger API functions. |
1566 | * specs on http://plant.blogger.com/api and http://groups.yahoo.com/group/bloggerDev/ |
1567 | */ |
1568 | |
1569 | /** |
1570 | * Retrieve blogs that user owns. |
1571 | * |
1572 | * Will make more sense once we support multiple blogs. |
1573 | * |
1574 | * @since 1.5.0 |
1575 | * |
1576 | * @param array $args Method parameters. |
1577 | * @return array |
1578 | */ |
1579 | function blogger_getUsersBlogs($args) { |
1580 | |
1581 | $this->escape($args); |
1582 | |
1583 | $user_login = $args[1]; |
1584 | $user_pass = $args[2]; |
1585 | |
1586 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
1587 | return $this->error; |
1588 | } |
1589 | |
1590 | do_action('xmlrpc_call', 'blogger.getUsersBlogs'); |
1591 | |
1592 | set_current_user(0, $user_login); |
1593 | $is_admin = current_user_can('manage_options'); |
1594 | |
1595 | $struct = array( |
1596 | 'isAdmin' => $is_admin, |
1597 | 'url' => get_option('home') . '/', |
1598 | 'blogid' => '1', |
1599 | 'blogName' => get_option('blogname'), |
1600 | 'xmlrpc' => get_option('home') . '/xmlrpc.php', |
1601 | ); |
1602 | |
1603 | return array($struct); |
1604 | } |
1605 | |
1606 | /** |
1607 | * Retrieve user's data. |
1608 | * |
1609 | * Gives your client some info about you, so you don't have to. |
1610 | * |
1611 | * @since 1.5.0 |
1612 | * |
1613 | * @param array $args Method parameters. |
1614 | * @return array |
1615 | */ |
1616 | function blogger_getUserInfo($args) { |
1617 | |
1618 | $this->escape($args); |
1619 | |
1620 | $user_login = $args[1]; |
1621 | $user_pass = $args[2]; |
1622 | |
1623 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
1624 | return $this->error; |
1625 | } |
1626 | |
1627 | set_current_user( 0, $user_login ); |
1628 | if( !current_user_can( 'edit_posts' ) ) |
1629 | return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) ); |
1630 | |
1631 | do_action('xmlrpc_call', 'blogger.getUserInfo'); |
1632 | |
1633 | $user_data = get_userdatabylogin($user_login); |
1634 | |
1635 | $struct = array( |
1636 | 'nickname' => $user_data->nickname, |
1637 | 'userid' => $user_data->ID, |
1638 | 'url' => $user_data->user_url, |
1639 | 'lastname' => $user_data->last_name, |
1640 | 'firstname' => $user_data->first_name |
1641 | ); |
1642 | |
1643 | return $struct; |
1644 | } |
1645 | |
1646 | /** |
1647 | * Retrieve post. |
1648 | * |
1649 | * @since 1.5.0 |
1650 | * |
1651 | * @param array $args Method parameters. |
1652 | * @return array |
1653 | */ |
1654 | function blogger_getPost($args) { |
1655 | |
1656 | $this->escape($args); |
1657 | |
1658 | $post_ID = (int) $args[1]; |
1659 | $user_login = $args[2]; |
1660 | $user_pass = $args[3]; |
1661 | |
1662 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
1663 | return $this->error; |
1664 | } |
1665 | |
1666 | set_current_user( 0, $user_login ); |
1667 | if( !current_user_can( 'edit_post', $post_ID ) ) |
1668 | return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); |
1669 | |
1670 | do_action('xmlrpc_call', 'blogger.getPost'); |
1671 | |
1672 | $post_data = wp_get_single_post($post_ID, ARRAY_A); |
1673 | |
1674 | $categories = implode(',', wp_get_post_categories($post_ID)); |
1675 | |
1676 | $content = '<title>'.stripslashes($post_data['post_title']).'</title>'; |
1677 | $content .= '<category>'.$categories.'</category>'; |
1678 | $content .= stripslashes($post_data['post_content']); |
1679 | |
1680 | $struct = array( |
1681 | 'userid' => $post_data['post_author'], |
1682 | 'dateCreated' => new IXR_Date(mysql2date('Ymd\TH:i:s', $post_data['post_date'])), |
1683 | 'content' => $content, |
1684 | 'postid' => $post_data['ID'] |
1685 | ); |
1686 | |
1687 | return $struct; |
1688 | } |
1689 | |
1690 | /** |
1691 | * Retrieve list of recent posts. |
1692 | * |
1693 | * @since 1.5.0 |
1694 | * |
1695 | * @param array $args Method parameters. |
1696 | * @return array |
1697 | */ |
1698 | function blogger_getRecentPosts($args) { |
1699 | |
1700 | $this->escape($args); |
1701 | |
1702 | $blog_ID = (int) $args[1]; /* though we don't use it yet */ |
1703 | $user_login = $args[2]; |
1704 | $user_pass = $args[3]; |
1705 | $num_posts = $args[4]; |
1706 | |
1707 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
1708 | return $this->error; |
1709 | } |
1710 | |
1711 | do_action('xmlrpc_call', 'blogger.getRecentPosts'); |
1712 | |
1713 | $posts_list = wp_get_recent_posts($num_posts); |
1714 | |
1715 | set_current_user( 0, $user_login ); |
1716 | |
1717 | if (!$posts_list) { |
1718 | $this->error = new IXR_Error(500, __('Either there are no posts, or something went wrong.')); |
1719 | return $this->error; |
1720 | } |
1721 | |
1722 | foreach ($posts_list as $entry) { |
1723 | if( !current_user_can( 'edit_post', $entry['ID'] ) ) |
1724 | continue; |
1725 | |
1726 | $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); |
1727 | $categories = implode(',', wp_get_post_categories($entry['ID'])); |
1728 | |
1729 | $content = '<title>'.stripslashes($entry['post_title']).'</title>'; |
1730 | $content .= '<category>'.$categories.'</category>'; |
1731 | $content .= stripslashes($entry['post_content']); |
1732 | |
1733 | $struct[] = array( |
1734 | 'userid' => $entry['post_author'], |
1735 | 'dateCreated' => new IXR_Date($post_date), |
1736 | 'content' => $content, |
1737 | 'postid' => $entry['ID'], |
1738 | ); |
1739 | |
1740 | } |
1741 | |
1742 | $recent_posts = array(); |
1743 | for ($j=0; $j<count($struct); $j++) { |
1744 | array_push($recent_posts, $struct[$j]); |
1745 | } |
1746 | |
1747 | return $recent_posts; |
1748 | } |
1749 | |
1750 | /** |
1751 | * Retrieve blog_filename content. |
1752 | * |
1753 | * @since 1.5.0 |
1754 | * |
1755 | * @param array $args Method parameters. |
1756 | * @return string |
1757 | */ |
1758 | function blogger_getTemplate($args) { |
1759 | |
1760 | $this->escape($args); |
1761 | |
1762 | $blog_ID = (int) $args[1]; |
1763 | $user_login = $args[2]; |
1764 | $user_pass = $args[3]; |
1765 | $template = $args[4]; /* could be 'main' or 'archiveIndex', but we don't use it */ |
1766 | |
1767 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
1768 | return $this->error; |
1769 | } |
1770 | |
1771 | do_action('xmlrpc_call', 'blogger.getTemplate'); |
1772 | |
1773 | set_current_user(0, $user_login); |
1774 | if ( !current_user_can('edit_themes') ) { |
1775 | return new IXR_Error(401, __('Sorry, this user can not edit the template.')); |
1776 | } |
1777 | |
1778 | /* warning: here we make the assumption that the blog's URL is on the same server */ |
1779 | $filename = get_option('home') . '/'; |
1780 | $filename = preg_replace('#https?://.+?/#', $_SERVER['DOCUMENT_ROOT'].'/', $filename); |
1781 | |
1782 | $f = fopen($filename, 'r'); |
1783 | $content = fread($f, filesize($filename)); |
1784 | fclose($f); |
1785 | |
1786 | /* so it is actually editable with a windows/mac client */ |
1787 | // FIXME: (or delete me) do we really want to cater to bad clients at the expense of good ones by BEEPing up their line breaks? commented. $content = str_replace("\n", "\r\n", $content); |
1788 | |
1789 | return $content; |
1790 | } |
1791 | |
1792 | /** |
1793 | * Updates the content of blog_filename. |
1794 | * |
1795 | * @since 1.5.0 |
1796 | * |
1797 | * @param array $args Method parameters. |
1798 | * @return bool True when done. |
1799 | */ |
1800 | function blogger_setTemplate($args) { |
1801 | |
1802 | $this->escape($args); |
1803 | |
1804 | $blog_ID = (int) $args[1]; |
1805 | $user_login = $args[2]; |
1806 | $user_pass = $args[3]; |
1807 | $content = $args[4]; |
1808 | $template = $args[5]; /* could be 'main' or 'archiveIndex', but we don't use it */ |
1809 | |
1810 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
1811 | return $this->error; |
1812 | } |
1813 | |
1814 | do_action('xmlrpc_call', 'blogger.setTemplate'); |
1815 | |
1816 | set_current_user(0, $user_login); |
1817 | if ( !current_user_can('edit_themes') ) { |
1818 | return new IXR_Error(401, __('Sorry, this user can not edit the template.')); |
1819 | } |
1820 | |
1821 | /* warning: here we make the assumption that the blog's URL is on the same server */ |
1822 | $filename = get_option('home') . '/'; |
1823 | $filename = preg_replace('#https?://.+?/#', $_SERVER['DOCUMENT_ROOT'].'/', $filename); |
1824 | |
1825 | if ($f = fopen($filename, 'w+')) { |
1826 | fwrite($f, $content); |
1827 | fclose($f); |
1828 | } else { |
1829 | return new IXR_Error(500, __('Either the file is not writable, or something wrong happened. The file has not been updated.')); |
1830 | } |
1831 | |
1832 | return true; |
1833 | } |
1834 | |
1835 | /** |
1836 | * Create new post. |
1837 | * |
1838 | * @since 1.5.0 |
1839 | * |
1840 | * @param array $args Method parameters. |
1841 | * @return int |
1842 | */ |
1843 | function blogger_newPost($args) { |
1844 | |
1845 | $this->escape($args); |
1846 | |
1847 | $blog_ID = (int) $args[1]; /* though we don't use it yet */ |
1848 | $user_login = $args[2]; |
1849 | $user_pass = $args[3]; |
1850 | $content = $args[4]; |
1851 | $publish = $args[5]; |
1852 | |
1853 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
1854 | return $this->error; |
1855 | } |
1856 | |
1857 | do_action('xmlrpc_call', 'blogger.newPost'); |
1858 | |
1859 | $cap = ($publish) ? 'publish_posts' : 'edit_posts'; |
1860 | $user = set_current_user(0, $user_login); |
1861 | if ( !current_user_can($cap) ) |
1862 | return new IXR_Error(401, __('Sorry, you are not allowed to post on this blog.')); |
1863 | |
1864 | $post_status = ($publish) ? 'publish' : 'draft'; |
1865 | |
1866 | $post_author = $user->ID; |
1867 | |
1868 | $post_title = xmlrpc_getposttitle($content); |
1869 | $post_category = xmlrpc_getpostcategory($content); |
1870 | $post_content = xmlrpc_removepostdata($content); |
1871 | |
1872 | $post_date = current_time('mysql'); |
1873 | $post_date_gmt = current_time('mysql', 1); |
1874 | |
1875 | $post_data = compact('blog_ID', 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status'); |
1876 | |
1877 | $post_ID = wp_insert_post($post_data); |
1878 | if ( is_wp_error( $post_ID ) ) |
1879 | return new IXR_Error(500, $post_ID->get_error_message()); |
1880 | |
1881 | if (!$post_ID) |
1882 | return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.')); |
1883 | |
1884 | $this->attach_uploads( $post_ID, $post_content ); |
1885 | |
1886 | logIO('O', "Posted ! ID: $post_ID"); |
1887 | |
1888 | return $post_ID; |
1889 | } |
1890 | |
1891 | /** |
1892 | * Edit a post. |
1893 | * |
1894 | * @since 1.5.0 |
1895 | * |
1896 | * @param array $args Method parameters. |
1897 | * @return bool true when done. |
1898 | */ |
1899 | function blogger_editPost($args) { |
1900 | |
1901 | $this->escape($args); |
1902 | |
1903 | $post_ID = (int) $args[1]; |
1904 | $user_login = $args[2]; |
1905 | $user_pass = $args[3]; |
1906 | $content = $args[4]; |
1907 | $publish = $args[5]; |
1908 | |
1909 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
1910 | return $this->error; |
1911 | } |
1912 | |
1913 | do_action('xmlrpc_call', 'blogger.editPost'); |
1914 | |
1915 | $actual_post = wp_get_single_post($post_ID,ARRAY_A); |
1916 | |
1917 | if (!$actual_post || $actual_post['post_type'] != 'post') { |
1918 | return new IXR_Error(404, __('Sorry, no such post.')); |
1919 | } |
1920 | |
1921 | $this->escape($actual_post); |
1922 | |
1923 | set_current_user(0, $user_login); |
1924 | if ( !current_user_can('edit_post', $post_ID) ) |
1925 | return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); |
1926 | |
1927 | extract($actual_post, EXTR_SKIP); |
1928 | |
1929 | if ( ('publish' == $post_status) && !current_user_can('publish_posts') ) |
1930 | return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); |
1931 | |
1932 | $post_title = xmlrpc_getposttitle($content); |
1933 | $post_category = xmlrpc_getpostcategory($content); |
1934 | $post_content = xmlrpc_removepostdata($content); |
1935 | |
1936 | $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt'); |
1937 | |
1938 | $result = wp_update_post($postdata); |
1939 | |
1940 | if (!$result) { |
1941 | return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be edited.')); |
1942 | } |
1943 | $this->attach_uploads( $ID, $post_content ); |
1944 | |
1945 | return true; |
1946 | } |
1947 | |
1948 | /** |
1949 | * Remove a post. |
1950 | * |
1951 | * @since 1.5.0 |
1952 | * |
1953 | * @param array $args Method parameters. |
1954 | * @return bool True when post is deleted. |
1955 | */ |
1956 | function blogger_deletePost($args) { |
1957 | $this->escape($args); |
1958 | |
1959 | $post_ID = (int) $args[1]; |
1960 | $user_login = $args[2]; |
1961 | $user_pass = $args[3]; |
1962 | $publish = $args[4]; |
1963 | |
1964 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
1965 | return $this->error; |
1966 | } |
1967 | |
1968 | do_action('xmlrpc_call', 'blogger.deletePost'); |
1969 | |
1970 | $actual_post = wp_get_single_post($post_ID,ARRAY_A); |
1971 | |
1972 | if (!$actual_post || $actual_post['post_type'] != 'post') { |
1973 | return new IXR_Error(404, __('Sorry, no such post.')); |
1974 | } |
1975 | |
1976 | set_current_user(0, $user_login); |
1977 | if ( !current_user_can('edit_post', $post_ID) ) |
1978 | return new IXR_Error(401, __('Sorry, you do not have the right to delete this post.')); |
1979 | |
1980 | $result = wp_delete_post($post_ID); |
1981 | |
1982 | if (!$result) { |
1983 | return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be deleted.')); |
1984 | } |
1985 | |
1986 | return true; |
1987 | } |
1988 | |
1989 | /* MetaWeblog API functions |
1990 | * specs on wherever Dave Winer wants them to be |
1991 | */ |
1992 | |
1993 | /** |
1994 | * Create a new post. |
1995 | * |
1996 | * @since 1.5.0 |
1997 | * |
1998 | * @param array $args Method parameters. |
1999 | * @return int |
2000 | */ |
2001 | function mw_newPost($args) { |
2002 | $this->escape($args); |
2003 | |
2004 | $blog_ID = (int) $args[0]; // we will support this in the near future |
2005 | $user_login = $args[1]; |
2006 | $user_pass = $args[2]; |
2007 | $content_struct = $args[3]; |
2008 | $publish = $args[4]; |
2009 | |
2010 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
2011 | return $this->error; |
2012 | } |
2013 | $user = set_current_user(0, $user_login); |
2014 | |
2015 | do_action('xmlrpc_call', 'metaWeblog.newPost'); |
2016 | |
2017 | $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; |
2018 | $error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' ); |
2019 | $post_type = 'post'; |
2020 | $page_template = ''; |
2021 | if( !empty( $content_struct['post_type'] ) ) { |
2022 | if( $content_struct['post_type'] == 'page' ) { |
2023 | $cap = ( $publish ) ? 'publish_pages' : 'edit_pages'; |
2024 | $error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' ); |
2025 | $post_type = 'page'; |
2026 | if( !empty( $content_struct['wp_page_template'] ) ) |
2027 | $page_template = $content_struct['wp_page_template']; |
2028 | } |
2029 | elseif( $content_struct['post_type'] == 'post' ) { |
2030 | // This is the default, no changes needed |
2031 | } |
2032 | else { |
2033 | // No other post_type values are allowed here |
2034 | return new IXR_Error( 401, __( 'Invalid post type.' ) ); |
2035 | } |
2036 | } |
2037 | |
2038 | if( !current_user_can( $cap ) ) { |
2039 | return new IXR_Error( 401, $error_message ); |
2040 | } |
2041 | |
2042 | // Let WordPress generate the post_name (slug) unless |
2043 | // one has been provided. |
2044 | $post_name = ""; |
2045 | if(isset($content_struct["wp_slug"])) { |
2046 | $post_name = $content_struct["wp_slug"]; |
2047 | } |
2048 | |
2049 | // Only use a password if one was given. |
2050 | if(isset($content_struct["wp_password"])) { |
2051 | $post_password = $content_struct["wp_password"]; |
2052 | } |
2053 | |
2054 | // Only set a post parent if one was provided. |
2055 | if(isset($content_struct["wp_page_parent_id"])) { |
2056 | $post_parent = $content_struct["wp_page_parent_id"]; |
2057 | } |
2058 | |
2059 | // Only set the menu_order if it was provided. |
2060 | if(isset($content_struct["wp_page_order"])) { |
2061 | $menu_order = $content_struct["wp_page_order"]; |
2062 | } |
2063 | |
2064 | $post_author = $user->ID; |
2065 | |
2066 | // If an author id was provided then use it instead. |
2067 | if( |
2068 | isset($content_struct["wp_author_id"]) |
2069 | && ($user->ID != $content_struct["wp_author_id"]) |
2070 | ) { |
2071 | switch($post_type) { |
2072 | case "post": |
2073 | if(!current_user_can("edit_others_posts")) { |
2074 | return(new IXR_Error(401, __("You are not allowed to post as this user"))); |
2075 | } |
2076 | break; |
2077 | case "page": |
2078 | if(!current_user_can("edit_others_pages")) { |
2079 | return(new IXR_Error(401, __("You are not allowed to create pages as this user"))); |
2080 | } |
2081 | break; |
2082 | default: |
2083 | return(new IXR_Error(401, __("Invalid post type."))); |
2084 | break; |
2085 | } |
2086 | $post_author = $content_struct["wp_author_id"]; |
2087 | } |
2088 | |
2089 | $post_title = $content_struct['title']; |
2090 | $post_content = apply_filters( 'content_save_pre', $content_struct['description'] ); |
2091 | |
2092 | $post_status = $publish ? 'publish' : 'draft'; |
2093 | |
2094 | if( isset( $content_struct["{$post_type}_status"] ) ) { |
2095 | switch( $content_struct["{$post_type}_status"] ) { |
2096 | case 'draft': |
2097 | case 'private': |
2098 | case 'publish': |
2099 | $post_status = $content_struct["{$post_type}_status"]; |
2100 | break; |
2101 | case 'pending': |
2102 | // Pending is only valid for posts, not pages. |
2103 | if( $post_type === 'post' ) { |
2104 | $post_status = $content_struct["{$post_type}_status"]; |
2105 | } |
2106 | break; |
2107 | default: |
2108 | $post_status = $publish ? 'publish' : 'draft'; |
2109 | break; |
2110 | } |
2111 | } |
2112 | |
2113 | $post_excerpt = $content_struct['mt_excerpt']; |
2114 | $post_more = $content_struct['mt_text_more']; |
2115 | |
2116 | $tags_input = $content_struct['mt_keywords']; |
2117 | |
2118 | if(isset($content_struct["mt_allow_comments"])) { |
2119 | if(!is_numeric($content_struct["mt_allow_comments"])) { |
2120 | switch($content_struct["mt_allow_comments"]) { |
2121 | case "closed": |
2122 | $comment_status = "closed"; |
2123 | break; |
2124 | case "open": |
2125 | $comment_status = "open"; |
2126 | break; |
2127 | default: |
2128 | $comment_status = get_option("default_comment_status"); |
2129 | break; |
2130 | } |
2131 | } |
2132 | else { |
2133 | switch((int) $content_struct["mt_allow_comments"]) { |
2134 | case 0: |
2135 | case 2: |
2136 | $comment_status = "closed"; |
2137 | break; |
2138 | case 1: |
2139 | $comment_status = "open"; |
2140 | break; |
2141 | default: |
2142 | $comment_status = get_option("default_comment_status"); |
2143 | break; |
2144 | } |
2145 | } |
2146 | } |
2147 | else { |
2148 | $comment_status = get_option("default_comment_status"); |
2149 | } |
2150 | |
2151 | if(isset($content_struct["mt_allow_pings"])) { |
2152 | if(!is_numeric($content_struct["mt_allow_pings"])) { |
2153 | switch($content_struct['mt_allow_pings']) { |
2154 | case "closed": |
2155 | $ping_status = "closed"; |
2156 | break; |
2157 | case "open": |
2158 | $ping_status = "open"; |
2159 | break; |
2160 | default: |
2161 | $ping_status = get_option("default_ping_status"); |
2162 | break; |
2163 | } |
2164 | } |
2165 | else { |
2166 | switch((int) $content_struct["mt_allow_pings"]) { |
2167 | case 0: |
2168 | $ping_status = "closed"; |
2169 | break; |
2170 | case 1: |
2171 | $ping_status = "open"; |
2172 | break; |
2173 | default: |
2174 | $ping_status = get_option("default_ping_status"); |
2175 | break; |
2176 | } |
2177 | } |
2178 | } |
2179 | else { |
2180 | $ping_status = get_option("default_ping_status"); |
2181 | } |
2182 | |
2183 | if ($post_more) { |
2184 | $post_content = $post_content . "<!--more-->" . $post_more; |
2185 | } |
2186 | |
2187 | $to_ping = $content_struct['mt_tb_ping_urls']; |
2188 | if ( is_array($to_ping) ) |
2189 | $to_ping = implode(' ', $to_ping); |
2190 | |
2191 | // Do some timestamp voodoo |
2192 | if ( !empty( $content_struct['date_created_gmt'] ) ) |
2193 | $dateCreated = str_replace( 'Z', '', $content_struct['date_created_gmt']->getIso() ) . 'Z'; // We know this is supposed to be GMT, so we're going to slap that Z on there by force |
2194 | elseif ( !empty( $content_struct['dateCreated']) ) |
2195 | $dateCreated = $content_struct['dateCreated']->getIso(); |
2196 | |
2197 | if ( !empty( $dateCreated ) ) { |
2198 | $post_date = get_date_from_gmt(iso8601_to_datetime($dateCreated)); |
2199 | $post_date_gmt = iso8601_to_datetime($dateCreated, GMT); |
2200 | } else { |
2201 | $post_date = current_time('mysql'); |
2202 | $post_date_gmt = current_time('mysql', 1); |
2203 | } |
2204 | |
2205 | $catnames = $content_struct['categories']; |
2206 | logIO('O', 'Post cats: ' . var_export($catnames,true)); |
2207 | $post_category = array(); |
2208 | |
2209 | if (is_array($catnames)) { |
2210 | foreach ($catnames as $cat) { |
2211 | $post_category[] = get_cat_ID($cat); |
2212 | } |
2213 | } |
2214 | |
2215 | // We've got all the data -- post it: |
2216 | $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping', 'post_type', 'post_name', 'post_password', 'post_parent', 'menu_order', 'tags_input', 'page_template'); |
2217 | |
2218 | $post_ID = wp_insert_post($postdata, true); |
2219 | if ( is_wp_error( $post_ID ) ) |
2220 | return new IXR_Error(500, $post_ID->get_error_message()); |
2221 | |
2222 | if (!$post_ID) { |
2223 | return new IXR_Error(500, __('Sorry, your entry could not be posted. Something wrong happened.')); |
2224 | } |
2225 | |
2226 | if ( isset($content_struct['custom_fields']) ) { |
2227 | $this->set_custom_fields($post_ID, $content_struct['custom_fields']); |
2228 | } |
2229 | |
2230 | // Handle enclosures |
2231 | $enclosure = $content_struct['enclosure']; |
2232 | if( is_array( $enclosure ) && isset( $enclosure['url'] ) && isset( $enclosure['length'] ) && isset( $enclosure['type'] ) ) { |
2233 | add_post_meta( $post_ID, 'enclosure', $enclosure['url'] . "\n" . $enclosure['length'] . "\n" . $enclosure['type'] ); |
2234 | } |
2235 | |
2236 | $this->attach_uploads( $post_ID, $post_content ); |
2237 | |
2238 | logIO('O', "Posted ! ID: $post_ID"); |
2239 | |
2240 | return strval($post_ID); |
2241 | } |
2242 | |
2243 | /** |
2244 | * Attach upload to a post. |
2245 | * |
2246 | * @since 2.1.0 |
2247 | * |
2248 | * @param int $post_ID Post ID. |
2249 | * @param string $post_content Post Content for attachment. |
2250 | */ |
2251 | function attach_uploads( $post_ID, $post_content ) { |
2252 | global $wpdb; |
2253 | |
2254 | // find any unattached files |
2255 | $attachments = $wpdb->get_results( "SELECT ID, guid FROM {$wpdb->posts} WHERE post_parent = '-1' AND post_type = 'attachment'" ); |
2256 | if( is_array( $attachments ) ) { |
2257 | foreach( $attachments as $file ) { |
2258 | if( strpos( $post_content, $file->guid ) !== false ) { |
2259 | $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) ); |
2260 | } |
2261 | } |
2262 | } |
2263 | } |
2264 | |
2265 | /** |
2266 | * Edit a post. |
2267 | * |
2268 | * @since 1.5.0 |
2269 | * |
2270 | * @param array $args Method parameters. |
2271 | * @return bool True on success. |
2272 | */ |
2273 | function mw_editPost($args) { |
2274 | |
2275 | $this->escape($args); |
2276 | |
2277 | $post_ID = (int) $args[0]; |
2278 | $user_login = $args[1]; |
2279 | $user_pass = $args[2]; |
2280 | $content_struct = $args[3]; |
2281 | $publish = $args[4]; |
2282 | |
2283 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
2284 | return $this->error; |
2285 | } |
2286 | $user = set_current_user(0, $user_login); |
2287 | |
2288 | do_action('xmlrpc_call', 'metaWeblog.editPost'); |
2289 | |
2290 | $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; |
2291 | $error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' ); |
2292 | $post_type = 'post'; |
2293 | $page_template = ''; |
2294 | if( !empty( $content_struct['post_type'] ) ) { |
2295 | if( $content_struct['post_type'] == 'page' ) { |
2296 | $cap = ( $publish ) ? 'publish_pages' : 'edit_pages'; |
2297 | $error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' ); |
2298 | $post_type = 'page'; |
2299 | if( !empty( $content_struct['wp_page_template'] ) ) |
2300 | $page_template = $content_struct['wp_page_template']; |
2301 | } |
2302 | elseif( $content_struct['post_type'] == 'post' ) { |
2303 | // This is the default, no changes needed |
2304 | } |
2305 | else { |
2306 | // No other post_type values are allowed here |
2307 | return new IXR_Error( 401, __( 'Invalid post type.' ) ); |
2308 | } |
2309 | } |
2310 | |
2311 | if( !current_user_can( $cap ) ) { |
2312 | return new IXR_Error( 401, $error_message ); |
2313 | } |
2314 | |
2315 | $postdata = wp_get_single_post($post_ID, ARRAY_A); |
2316 | |
2317 | // If there is no post data for the give post id, stop |
2318 | // now and return an error. Other wise a new post will be |
2319 | // created (which was the old behavior). |
2320 | if(empty($postdata["ID"])) { |
2321 | return(new IXR_Error(404, __("Invalid post id."))); |
2322 | } |
2323 | |
2324 | $this->escape($postdata); |
2325 | extract($postdata, EXTR_SKIP); |
2326 | |
2327 | // Let WordPress manage slug if none was provided. |
2328 | $post_name = ""; |
2329 | if(isset($content_struct["wp_slug"])) { |
2330 | $post_name = $content_struct["wp_slug"]; |
2331 | } |
2332 | |
2333 | // Only use a password if one was given. |
2334 | if(isset($content_struct["wp_password"])) { |
2335 | $post_password = $content_struct["wp_password"]; |
2336 | } |
2337 | |
2338 | // Only set a post parent if one was given. |
2339 | if(isset($content_struct["wp_page_parent_id"])) { |
2340 | $post_parent = $content_struct["wp_page_parent_id"]; |
2341 | } |
2342 | |
2343 | // Only set the menu_order if it was given. |
2344 | if(isset($content_struct["wp_page_order"])) { |
2345 | $menu_order = $content_struct["wp_page_order"]; |
2346 | } |
2347 | |
2348 | $post_author = $postdata["post_author"]; |
2349 | |
2350 | // Only set the post_author if one is set. |
2351 | if( |
2352 | isset($content_struct["wp_author_id"]) |
2353 | && ($user->ID != $content_struct["wp_author_id"]) |
2354 | ) { |
2355 | switch($post_type) { |
2356 | case "post": |
2357 | if(!current_user_can("edit_others_posts")) { |
2358 | return(new IXR_Error(401, __("You are not allowed to change the post author as this user."))); |
2359 | } |
2360 | break; |
2361 | case "page": |
2362 | if(!current_user_can("edit_others_pages")) { |
2363 | return(new IXR_Error(401, __("You are not allowed to change the page author as this user."))); |
2364 | } |
2365 | break; |
2366 | default: |
2367 | return(new IXR_Error(401, __("Invalid post type."))); |
2368 | break; |
2369 | } |
2370 | $post_author = $content_struct["wp_author_id"]; |
2371 | } |
2372 | |
2373 | if(isset($content_struct["mt_allow_comments"])) { |
2374 | if(!is_numeric($content_struct["mt_allow_comments"])) { |
2375 | switch($content_struct["mt_allow_comments"]) { |
2376 | case "closed": |
2377 | $comment_status = "closed"; |
2378 | break; |
2379 | case "open": |
2380 | $comment_status = "open"; |
2381 | break; |
2382 | default: |
2383 | $comment_status = get_option("default_comment_status"); |
2384 | break; |
2385 | } |
2386 | } |
2387 | else { |
2388 | switch((int) $content_struct["mt_allow_comments"]) { |
2389 | case 0: |
2390 | case 2: |
2391 | $comment_status = "closed"; |
2392 | break; |
2393 | case 1: |
2394 | $comment_status = "open"; |
2395 | break; |
2396 | default: |
2397 | $comment_status = get_option("default_comment_status"); |
2398 | break; |
2399 | } |
2400 | } |
2401 | } |
2402 | |
2403 | if(isset($content_struct["mt_allow_pings"])) { |
2404 | if(!is_numeric($content_struct["mt_allow_pings"])) { |
2405 | switch($content_struct["mt_allow_pings"]) { |
2406 | case "closed": |
2407 | $ping_status = "closed"; |
2408 | break; |
2409 | case "open": |
2410 | $ping_status = "open"; |
2411 | break; |
2412 | default: |
2413 | $ping_status = get_option("default_ping_status"); |
2414 | break; |
2415 | } |
2416 | } |
2417 | else { |
2418 | switch((int) $content_struct["mt_allow_pings"]) { |
2419 | case 0: |
2420 | $ping_status = "closed"; |
2421 | break; |
2422 | case 1: |
2423 | $ping_status = "open"; |
2424 | break; |
2425 | default: |
2426 | $ping_status = get_option("default_ping_status"); |
2427 | break; |
2428 | } |
2429 | } |
2430 | } |
2431 | |
2432 | $post_title = $content_struct['title']; |
2433 | $post_content = apply_filters( 'content_save_pre', $content_struct['description'] ); |
2434 | $catnames = $content_struct['categories']; |
2435 | |
2436 | $post_category = array(); |
2437 | |
2438 | if (is_array($catnames)) { |
2439 | foreach ($catnames as $cat) { |
2440 | $post_category[] = get_cat_ID($cat); |
2441 | } |
2442 | } |
2443 | |
2444 | $post_excerpt = $content_struct['mt_excerpt']; |
2445 | $post_more = $content_struct['mt_text_more']; |
2446 | |
2447 | $post_status = $publish ? 'publish' : 'draft'; |
2448 | if( isset( $content_struct["{$post_type}_status"] ) ) { |
2449 | switch( $content_struct["{$post_type}_status"] ) { |
2450 | case 'draft': |
2451 | case 'private': |
2452 | case 'publish': |
2453 | $post_status = $content_struct["{$post_type}_status"]; |
2454 | break; |
2455 | case 'pending': |
2456 | // Pending is only valid for posts, not pages. |
2457 | if( $post_type === 'post' ) { |
2458 | $post_status = $content_struct["{$post_type}_status"]; |
2459 | } |
2460 | break; |
2461 | default: |
2462 | $post_status = $publish ? 'publish' : 'draft'; |
2463 | break; |
2464 | } |
2465 | } |
2466 | |
2467 | $tags_input = $content_struct['mt_keywords']; |
2468 | |
2469 | if ( ('publish' == $post_status) ) { |
2470 | if ( ( 'page' == $post_type ) && !current_user_can('publish_pages') ) |
2471 | return new IXR_Error(401, __('Sorry, you do not have the right to publish this page.')); |
2472 | else if ( !current_user_can('publish_posts') ) |
2473 | return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); |
2474 | } |
2475 | |
2476 | if ($post_more) { |
2477 | $post_content = $post_content . "<!--more-->" . $post_more; |
2478 | } |
2479 | |
2480 | $to_ping = $content_struct['mt_tb_ping_urls']; |
2481 | if ( is_array($to_ping) ) |
2482 | $to_ping = implode(' ', $to_ping); |
2483 | |
2484 | // Do some timestamp voodoo |
2485 | if ( !empty( $content_struct['date_created_gmt'] ) ) |
2486 | $dateCreated = str_replace( 'Z', '', $content_struct['date_created_gmt']->getIso() ) . 'Z'; // We know this is supposed to be GMT, so we're going to slap that Z on there by force |
2487 | elseif ( !empty( $content_struct['dateCreated']) ) |
2488 | $dateCreated = $content_struct['dateCreated']->getIso(); |
2489 | |
2490 | if ( !empty( $dateCreated ) ) { |
2491 | $post_date = get_date_from_gmt(iso8601_to_datetime($dateCreated)); |
2492 | $post_date_gmt = iso8601_to_datetime($dateCreated, GMT); |
2493 | } else { |
2494 | $post_date = $postdata['post_date']; |
2495 | $post_date_gmt = $postdata['post_date_gmt']; |
2496 | } |
2497 | |
2498 | // We've got all the data -- post it: |
2499 | $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt', 'to_ping', 'post_name', 'post_password', 'post_parent', 'menu_order', 'post_author', 'tags_input', 'page_template'); |
2500 | |
2501 | $result = wp_update_post($newpost, true); |
2502 | if ( is_wp_error( $result ) ) |
2503 | return new IXR_Error(500, $result->get_error_message()); |
2504 | |
2505 | if (!$result) { |
2506 | return new IXR_Error(500, __('Sorry, your entry could not be edited. Something wrong happened.')); |
2507 | } |
2508 | |
2509 | if ( isset($content_struct['custom_fields']) ) { |
2510 | $this->set_custom_fields($post_ID, $content_struct['custom_fields']); |
2511 | } |
2512 | |
2513 | // Handle enclosures |
2514 | $enclosure = $content_struct['enclosure']; |
2515 | if( is_array( $enclosure ) && isset( $enclosure['url'] ) && isset( $enclosure['length'] ) && isset( $enclosure['type'] ) ) { |
2516 | add_post_meta( $post_ID, 'enclosure', $enclosure['url'] . "\n" . $enclosure['length'] . "\n" . $enclosure['type'] ); |
2517 | } |
2518 | |
2519 | $this->attach_uploads( $ID, $post_content ); |
2520 | |
2521 | logIO('O',"(MW) Edited ! ID: $post_ID"); |
2522 | |
2523 | return true; |
2524 | } |
2525 | |
2526 | /** |
2527 | * Retrieve post. |
2528 | * |
2529 | * @since 1.5.0 |
2530 | * |
2531 | * @param array $args Method parameters. |
2532 | * @return array |
2533 | */ |
2534 | function mw_getPost($args) { |
2535 | |
2536 | $this->escape($args); |
2537 | |
2538 | $post_ID = (int) $args[0]; |
2539 | $user_login = $args[1]; |
2540 | $user_pass = $args[2]; |
2541 | |
2542 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
2543 | return $this->error; |
2544 | } |
2545 | |
2546 | set_current_user( 0, $user_login ); |
2547 | if( !current_user_can( 'edit_post', $post_ID ) ) |
2548 | return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); |
2549 | |
2550 | do_action('xmlrpc_call', 'metaWeblog.getPost'); |
2551 | |
2552 | $postdata = wp_get_single_post($post_ID, ARRAY_A); |
2553 | |
2554 | if ($postdata['post_date'] != '') { |
2555 | $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']); |
2556 | $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']); |
2557 | |
2558 | $categories = array(); |
2559 | $catids = wp_get_post_categories($post_ID); |
2560 | foreach($catids as $catid) |
2561 | $categories[] = get_cat_name($catid); |
2562 | |
2563 | $tagnames = array(); |
2564 | $tags = wp_get_post_tags( $post_ID ); |
2565 | if ( !empty( $tags ) ) { |
2566 | foreach ( $tags as $tag ) |
2567 | $tagnames[] = $tag->name; |
2568 | $tagnames = implode( ', ', $tagnames ); |
2569 | } else { |
2570 | $tagnames = ''; |
2571 | } |
2572 | |
2573 | $post = get_extended($postdata['post_content']); |
2574 | $link = post_permalink($postdata['ID']); |
2575 | |
2576 | // Get the author info. |
2577 | $author = get_userdata($postdata['post_author']); |
2578 | |
2579 | $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0; |
2580 | $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0; |
2581 | |
2582 | // Consider future posts as published |
2583 | if( $postdata['post_status'] === 'future' ) { |
2584 | $postdata['post_status'] = 'publish'; |
2585 | } |
2586 | |
2587 | $enclosure = array(); |
2588 | foreach ( (array) get_post_custom($post_ID) as $key => $val) { |
2589 | if ($key == 'enclosure') { |
2590 | foreach ( (array) $val as $enc ) { |
2591 | $encdata = split("\n", $enc); |
2592 | $enclosure['url'] = trim(htmlspecialchars($encdata[0])); |
2593 | $enclosure['length'] = trim($encdata[1]); |
2594 | $enclosure['type'] = trim($encdata[2]); |
2595 | break 2; |
2596 | } |
2597 | } |
2598 | } |
2599 | |
2600 | $resp = array( |
2601 | 'dateCreated' => new IXR_Date($post_date), |
2602 | 'userid' => $postdata['post_author'], |
2603 | 'postid' => $postdata['ID'], |
2604 | 'description' => $post['main'], |
2605 | 'title' => $postdata['post_title'], |
2606 | 'link' => $link, |
2607 | 'permaLink' => $link, |
2608 | // commented out because no other tool seems to use this |
2609 | // 'content' => $entry['post_content'], |
2610 | 'categories' => $categories, |
2611 | 'mt_excerpt' => $postdata['post_excerpt'], |
2612 | 'mt_text_more' => $post['extended'], |
2613 | 'mt_allow_comments' => $allow_comments, |
2614 | 'mt_allow_pings' => $allow_pings, |
2615 | 'mt_keywords' => $tagnames, |
2616 | 'wp_slug' => $postdata['post_name'], |
2617 | 'wp_password' => $postdata['post_password'], |
2618 | 'wp_author_id' => $author->ID, |
2619 | 'wp_author_display_name' => $author->display_name, |
2620 | 'date_created_gmt' => new IXR_Date($post_date_gmt), |
2621 | 'post_status' => $postdata['post_status'], |
2622 | 'custom_fields' => $this->get_custom_fields($post_ID) |
2623 | ); |
2624 | |
2625 | if (!empty($enclosure)) $resp['enclosure'] = $enclosure; |
2626 | |
2627 | return $resp; |
2628 | } else { |
2629 | return new IXR_Error(404, __('Sorry, no such post.')); |
2630 | } |
2631 | } |
2632 | |
2633 | /** |
2634 | * Retrieve list of recent posts. |
2635 | * |
2636 | * @since 1.5.0 |
2637 | * |
2638 | * @param array $args Method parameters. |
2639 | * @return array |
2640 | */ |
2641 | function mw_getRecentPosts($args) { |
2642 | |
2643 | $this->escape($args); |
2644 | |
2645 | $blog_ID = (int) $args[0]; |
2646 | $user_login = $args[1]; |
2647 | $user_pass = $args[2]; |
2648 | $num_posts = (int) $args[3]; |
2649 | |
2650 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
2651 | return $this->error; |
2652 | } |
2653 | |
2654 | do_action('xmlrpc_call', 'metaWeblog.getRecentPosts'); |
2655 | |
2656 | $posts_list = wp_get_recent_posts($num_posts); |
2657 | |
2658 | if (!$posts_list) { |
2659 | return array( ); |
2660 | } |
2661 | |
2662 | set_current_user( 0, $user_login ); |
2663 | |
2664 | foreach ($posts_list as $entry) { |
2665 | if( !current_user_can( 'edit_post', $entry['ID'] ) ) |
2666 | continue; |
2667 | |
2668 | $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); |
2669 | $post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt']); |
2670 | |
2671 | $categories = array(); |
2672 | $catids = wp_get_post_categories($entry['ID']); |
2673 | foreach($catids as $catid) { |
2674 | $categories[] = get_cat_name($catid); |
2675 | } |
2676 | |
2677 | $tagnames = array(); |
2678 | $tags = wp_get_post_tags( $entry['ID'] ); |
2679 | if ( !empty( $tags ) ) { |
2680 | foreach ( $tags as $tag ) { |
2681 | $tagnames[] = $tag->name; |
2682 | } |
2683 | $tagnames = implode( ', ', $tagnames ); |
2684 | } else { |
2685 | $tagnames = ''; |
2686 | } |
2687 | |
2688 | $post = get_extended($entry['post_content']); |
2689 | $link = post_permalink($entry['ID']); |
2690 | |
2691 | // Get the post author info. |
2692 | $author = get_userdata($entry['post_author']); |
2693 | |
2694 | $allow_comments = ('open' == $entry['comment_status']) ? 1 : 0; |
2695 | $allow_pings = ('open' == $entry['ping_status']) ? 1 : 0; |
2696 | |
2697 | // Consider future posts as published |
2698 | if( $entry['post_status'] === 'future' ) { |
2699 | $entry['post_status'] = 'publish'; |
2700 | } |
2701 | |
2702 | $struct[] = array( |
2703 | 'dateCreated' => new IXR_Date($post_date), |
2704 | 'userid' => $entry['post_author'], |
2705 | 'postid' => $entry['ID'], |
2706 | 'description' => $post['main'], |
2707 | 'title' => $entry['post_title'], |
2708 | 'link' => $link, |
2709 | 'permaLink' => $link, |
2710 | // commented out because no other tool seems to use this |
2711 | // 'content' => $entry['post_content'], |
2712 | 'categories' => $categories, |
2713 | 'mt_excerpt' => $entry['post_excerpt'], |
2714 | 'mt_text_more' => $post['extended'], |
2715 | 'mt_allow_comments' => $allow_comments, |
2716 | 'mt_allow_pings' => $allow_pings, |
2717 | 'mt_keywords' => $tagnames, |
2718 | 'wp_slug' => $entry['post_name'], |
2719 | 'wp_password' => $entry['post_password'], |
2720 | 'wp_author_id' => $author->ID, |
2721 | 'wp_author_display_name' => $author->display_name, |
2722 | 'date_created_gmt' => new IXR_Date($post_date_gmt), |
2723 | 'post_status' => $entry['post_status'], |
2724 | 'custom_fields' => $this->get_custom_fields($entry['ID']) |
2725 | ); |
2726 | |
2727 | } |
2728 | |
2729 | $recent_posts = array(); |
2730 | for ($j=0; $j<count($struct); $j++) { |
2731 | array_push($recent_posts, $struct[$j]); |
2732 | } |
2733 | |
2734 | return $recent_posts; |
2735 | } |
2736 | |
2737 | /** |
2738 | * Retrieve the list of categories on a given blog. |
2739 | * |
2740 | * @since 1.5.0 |
2741 | * |
2742 | * @param array $args Method parameters. |
2743 | * @return array |
2744 | */ |
2745 | function mw_getCategories($args) { |
2746 | |
2747 | $this->escape($args); |
2748 | |
2749 | $blog_ID = (int) $args[0]; |
2750 | $user_login = $args[1]; |
2751 | $user_pass = $args[2]; |
2752 | |
2753 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
2754 | return $this->error; |
2755 | } |
2756 | |
2757 | set_current_user( 0, $user_login ); |
2758 | if( !current_user_can( 'edit_posts' ) ) |
2759 | return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); |
2760 | |
2761 | do_action('xmlrpc_call', 'metaWeblog.getCategories'); |
2762 | |
2763 | $categories_struct = array(); |
2764 | |
2765 | if ( $cats = get_categories('get=all') ) { |
2766 | foreach ( $cats as $cat ) { |
2767 | $struct['categoryId'] = $cat->term_id; |
2768 | $struct['parentId'] = $cat->parent; |
2769 | $struct['description'] = $cat->description; |
2770 | $struct['categoryName'] = $cat->name; |
2771 | $struct['htmlUrl'] = wp_specialchars(get_category_link($cat->term_id)); |
2772 | $struct['rssUrl'] = wp_specialchars(get_category_feed_link($cat->term_id, 'rss2')); |
2773 | |
2774 | $categories_struct[] = $struct; |
2775 | } |
2776 | } |
2777 | |
2778 | return $categories_struct; |
2779 | } |
2780 | |
2781 | /** |
2782 | * Uploads a file, following your settings. |
2783 | * |
2784 | * Adapted from a patch by Johann Richard. |
2785 | * |
2786 | * @link http://mycvs.org/archives/2004/06/30/file-upload-to-wordpress-in-ecto/ |
2787 | * |
2788 | * @since 1.5.0 |
2789 | * |
2790 | * @param array $args Method parameters. |
2791 | * @return array |
2792 | */ |
2793 | function mw_newMediaObject($args) { |
2794 | global $wpdb; |
2795 | |
2796 | $blog_ID = (int) $args[0]; |
2797 | $user_login = $wpdb->escape($args[1]); |
2798 | $user_pass = $wpdb->escape($args[2]); |
2799 | $data = $args[3]; |
2800 | |
2801 | $name = sanitize_file_name( $data['name'] ); |
2802 | $type = $data['type']; |
2803 | $bits = $data['bits']; |
2804 | |
2805 | logIO('O', '(MW) Received '.strlen($bits).' bytes'); |
2806 | |
2807 | if ( !$this->login_pass_ok($user_login, $user_pass) ) |
2808 | return $this->error; |
2809 | |
2810 | do_action('xmlrpc_call', 'metaWeblog.newMediaObject'); |
2811 | |
2812 | set_current_user(0, $user_login); |
2813 | if ( !current_user_can('upload_files') ) { |
2814 | logIO('O', '(MW) User does not have upload_files capability'); |
2815 | $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.')); |
2816 | return $this->error; |
2817 | } |
2818 | |
2819 | if ( $upload_err = apply_filters( "pre_upload_error", false ) ) |
2820 | return new IXR_Error(500, $upload_err); |
2821 | |
2822 | if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) { |
2823 | // Get postmeta info on the object. |
2824 | $old_file = $wpdb->get_row(" |
2825 | SELECT ID |
2826 | FROM {$wpdb->posts} |
2827 | WHERE post_title = '{$name}' |
2828 | AND post_type = 'attachment' |
2829 | "); |
2830 | |
2831 | // Delete previous file. |
2832 | wp_delete_attachment($old_file->ID); |
2833 | |
2834 | // Make sure the new name is different by pre-pending the |
2835 | // previous post id. |
2836 | $filename = preg_replace("/^wpid\d+-/", "", $name); |
2837 | $name = "wpid{$old_file->ID}-{$filename}"; |
2838 | } |
2839 | |
2840 | $upload = wp_upload_bits($name, $type, $bits); |
2841 | if ( ! empty($upload['error']) ) { |
2842 | $errorString = sprintf(__('Could not write file %1$s (%2$s)'), $name, $upload['error']); |
2843 | logIO('O', '(MW) ' . $errorString); |
2844 | return new IXR_Error(500, $errorString); |
2845 | } |
2846 | // Construct the attachment array |
2847 | // attach to post_id -1 |
2848 | $post_id = -1; |
2849 | $attachment = array( |
2850 | 'post_title' => $name, |
2851 | 'post_content' => '', |
2852 | 'post_type' => 'attachment', |
2853 | 'post_parent' => $post_id, |
2854 | 'post_mime_type' => $type, |
2855 | 'guid' => $upload[ 'url' ] |
2856 | ); |
2857 | |
2858 | // Save the data |
2859 | $id = wp_insert_attachment( $attachment, $upload[ 'file' ], $post_id ); |
2860 | wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $upload['file'] ) ); |
2861 | |
2862 | return apply_filters( 'wp_handle_upload', array( 'file' => $name, 'url' => $upload[ 'url' ], 'type' => $type ) ); |
2863 | } |
2864 | |
2865 | /* MovableType API functions |
2866 | * specs on http://www.movabletype.org/docs/mtmanual_programmatic.html |
2867 | */ |
2868 | |
2869 | /** |
2870 | * Retrieve the post titles of recent posts. |
2871 | * |
2872 | * @since 1.5.0 |
2873 | * |
2874 | * @param array $args Method parameters. |
2875 | * @return array |
2876 | */ |
2877 | function mt_getRecentPostTitles($args) { |
2878 | |
2879 | $this->escape($args); |
2880 | |
2881 | $blog_ID = (int) $args[0]; |
2882 | $user_login = $args[1]; |
2883 | $user_pass = $args[2]; |
2884 | $num_posts = (int) $args[3]; |
2885 | |
2886 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
2887 | return $this->error; |
2888 | } |
2889 | |
2890 | do_action('xmlrpc_call', 'mt.getRecentPostTitles'); |
2891 | |
2892 | $posts_list = wp_get_recent_posts($num_posts); |
2893 | |
2894 | if (!$posts_list) { |
2895 | $this->error = new IXR_Error(500, __('Either there are no posts, or something went wrong.')); |
2896 | return $this->error; |
2897 | } |
2898 | |
2899 | set_current_user( 0, $user_login ); |
2900 | |
2901 | foreach ($posts_list as $entry) { |
2902 | if( !current_user_can( 'edit_post', $entry['ID'] ) ) |
2903 | continue; |
2904 | |
2905 | $post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']); |
2906 | $post_date_gmt = mysql2date('Ymd\TH:i:s', $entry['post_date_gmt']); |
2907 | |
2908 | $struct[] = array( |
2909 | 'dateCreated' => new IXR_Date($post_date), |
2910 | 'userid' => $entry['post_author'], |
2911 | 'postid' => $entry['ID'], |
2912 | 'title' => $entry['post_title'], |
2913 | 'date_created_gmt' => new IXR_Date($post_date_gmt) |
2914 | ); |
2915 | |
2916 | } |
2917 | |
2918 | $recent_posts = array(); |
2919 | for ($j=0; $j<count($struct); $j++) { |
2920 | array_push($recent_posts, $struct[$j]); |
2921 | } |
2922 | |
2923 | return $recent_posts; |
2924 | } |
2925 | |
2926 | /** |
2927 | * Retrieve list of all categories on blog. |
2928 | * |
2929 | * @since 1.5.0 |
2930 | * |
2931 | * @param array $args Method parameters. |
2932 | * @return array |
2933 | */ |
2934 | function mt_getCategoryList($args) { |
2935 | |
2936 | $this->escape($args); |
2937 | |
2938 | $blog_ID = (int) $args[0]; |
2939 | $user_login = $args[1]; |
2940 | $user_pass = $args[2]; |
2941 | |
2942 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
2943 | return $this->error; |
2944 | } |
2945 | |
2946 | set_current_user( 0, $user_login ); |
2947 | if( !current_user_can( 'edit_posts' ) ) |
2948 | return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this blog in order to view categories.' ) ); |
2949 | |
2950 | do_action('xmlrpc_call', 'mt.getCategoryList'); |
2951 | |
2952 | $categories_struct = array(); |
2953 | |
2954 | if ( $cats = get_categories('hide_empty=0&hierarchical=0') ) { |
2955 | foreach ($cats as $cat) { |
2956 | $struct['categoryId'] = $cat->term_id; |
2957 | $struct['categoryName'] = $cat->name; |
2958 | |
2959 | $categories_struct[] = $struct; |
2960 | } |
2961 | } |
2962 | |
2963 | return $categories_struct; |
2964 | } |
2965 | |
2966 | /** |
2967 | * Retrieve post categories. |
2968 | * |
2969 | * @since 1.5.0 |
2970 | * |
2971 | * @param array $args Method parameters. |
2972 | * @return array |
2973 | */ |
2974 | function mt_getPostCategories($args) { |
2975 | |
2976 | $this->escape($args); |
2977 | |
2978 | $post_ID = (int) $args[0]; |
2979 | $user_login = $args[1]; |
2980 | $user_pass = $args[2]; |
2981 | |
2982 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
2983 | return $this->error; |
2984 | } |
2985 | |
2986 | set_current_user( 0, $user_login ); |
2987 | if( !current_user_can( 'edit_post', $post_ID ) ) |
2988 | return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) ); |
2989 | |
2990 | do_action('xmlrpc_call', 'mt.getPostCategories'); |
2991 | |
2992 | $categories = array(); |
2993 | $catids = wp_get_post_categories(intval($post_ID)); |
2994 | // first listed category will be the primary category |
2995 | $isPrimary = true; |
2996 | foreach($catids as $catid) { |
2997 | $categories[] = array( |
2998 | 'categoryName' => get_cat_name($catid), |
2999 | 'categoryId' => (string) $catid, |
3000 | 'isPrimary' => $isPrimary |
3001 | ); |
3002 | $isPrimary = false; |
3003 | } |
3004 | |
3005 | return $categories; |
3006 | } |
3007 | |
3008 | /** |
3009 | * Sets categories for a post. |
3010 | * |
3011 | * @since 1.5.0 |
3012 | * |
3013 | * @param array $args Method parameters. |
3014 | * @return bool True on success. |
3015 | */ |
3016 | function mt_setPostCategories($args) { |
3017 | |
3018 | $this->escape($args); |
3019 | |
3020 | $post_ID = (int) $args[0]; |
3021 | $user_login = $args[1]; |
3022 | $user_pass = $args[2]; |
3023 | $categories = $args[3]; |
3024 | |
3025 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
3026 | return $this->error; |
3027 | } |
3028 | |
3029 | do_action('xmlrpc_call', 'mt.setPostCategories'); |
3030 | |
3031 | set_current_user(0, $user_login); |
3032 | if ( !current_user_can('edit_post', $post_ID) ) |
3033 | return new IXR_Error(401, __('Sorry, you can not edit this post.')); |
3034 | |
3035 | foreach($categories as $cat) { |
3036 | $catids[] = $cat['categoryId']; |
3037 | } |
3038 | |
3039 | wp_set_post_categories($post_ID, $catids); |
3040 | |
3041 | return true; |
3042 | } |
3043 | |
3044 | /** |
3045 | * Retrieve an array of methods supported by this server. |
3046 | * |
3047 | * @since 1.5.0 |
3048 | * |
3049 | * @param array $args Method parameters. |
3050 | * @return array |
3051 | */ |
3052 | function mt_supportedMethods($args) { |
3053 | |
3054 | do_action('xmlrpc_call', 'mt.supportedMethods'); |
3055 | |
3056 | $supported_methods = array(); |
3057 | foreach($this->methods as $key=>$value) { |
3058 | $supported_methods[] = $key; |
3059 | } |
3060 | |
3061 | return $supported_methods; |
3062 | } |
3063 | |
3064 | /** |
3065 | * Retrieve an empty array because we don't support per-post text filters. |
3066 | * |
3067 | * @since 1.5.0 |
3068 | * |
3069 | * @param array $args Method parameters. |
3070 | */ |
3071 | function mt_supportedTextFilters($args) { |
3072 | do_action('xmlrpc_call', 'mt.supportedTextFilters'); |
3073 | return apply_filters('xmlrpc_text_filters', array()); |
3074 | } |
3075 | |
3076 | /** |
3077 | * Retrieve trackbacks sent to a given post. |
3078 | * |
3079 | * @since 1.5.0 |
3080 | * |
3081 | * @param array $args Method parameters. |
3082 | * @return mixed |
3083 | */ |
3084 | function mt_getTrackbackPings($args) { |
3085 | |
3086 | global $wpdb; |
3087 | |
3088 | $post_ID = intval($args); |
3089 | |
3090 | do_action('xmlrpc_call', 'mt.getTrackbackPings'); |
3091 | |
3092 | $actual_post = wp_get_single_post($post_ID, ARRAY_A); |
3093 | |
3094 | if (!$actual_post) { |
3095 | return new IXR_Error(404, __('Sorry, no such post.')); |
3096 | } |
3097 | |
3098 | $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); |
3099 | |
3100 | if (!$comments) { |
3101 | return array(); |
3102 | } |
3103 | |
3104 | $trackback_pings = array(); |
3105 | foreach($comments as $comment) { |
3106 | if ( 'trackback' == $comment->comment_type ) { |
3107 | $content = $comment->comment_content; |
3108 | $title = substr($content, 8, (strpos($content, '</strong>') - 8)); |
3109 | $trackback_pings[] = array( |
3110 | 'pingTitle' => $title, |
3111 | 'pingURL' => $comment->comment_author_url, |
3112 | 'pingIP' => $comment->comment_author_IP |
3113 | ); |
3114 | } |
3115 | } |
3116 | |
3117 | return $trackback_pings; |
3118 | } |
3119 | |
3120 | /** |
3121 | * Sets a post's publish status to 'publish'. |
3122 | * |
3123 | * @since 1.5.0 |
3124 | * |
3125 | * @param array $args Method parameters. |
3126 | * @return int |
3127 | */ |
3128 | function mt_publishPost($args) { |
3129 | |
3130 | $this->escape($args); |
3131 | |
3132 | $post_ID = (int) $args[0]; |
3133 | $user_login = $args[1]; |
3134 | $user_pass = $args[2]; |
3135 | |
3136 | if (!$this->login_pass_ok($user_login, $user_pass)) { |
3137 | return $this->error; |
3138 | } |
3139 | |
3140 | do_action('xmlrpc_call', 'mt.publishPost'); |
3141 | |
3142 | set_current_user(0, $user_login); |
3143 | if ( !current_user_can('edit_post', $post_ID) ) |
3144 | return new IXR_Error(401, __('Sorry, you can not edit this post.')); |
3145 | |
3146 | $postdata = wp_get_single_post($post_ID,ARRAY_A); |
3147 | |
3148 | $postdata['post_status'] = 'publish'; |
3149 | |
3150 | // retain old cats |
3151 | $cats = wp_get_post_categories($post_ID); |
3152 | $postdata['post_category'] = $cats; |
3153 | $this->escape($postdata); |
3154 | |
3155 | $result = wp_update_post($postdata); |
3156 | |
3157 | return $result; |
3158 | } |
3159 | |
3160 | /* PingBack functions |
3161 | * specs on www.hixie.ch/specs/pingback/pingback |
3162 | */ |
3163 | |
3164 | /** |
3165 | * Retrieves a pingback and registers it. |
3166 | * |
3167 | * @since 1.5.0 |
3168 | * |
3169 | * @param array $args Method parameters. |
3170 | * @return array |
3171 | */ |
3172 | function pingback_ping($args) { |
3173 | global $wpdb; |
3174 | |
3175 | do_action('xmlrpc_call', 'pingback.ping'); |
3176 | |
3177 | $this->escape($args); |
3178 | |
3179 | $pagelinkedfrom = $args[0]; |
3180 | $pagelinkedto = $args[1]; |
3181 | |
3182 | $title = ''; |
3183 | |
3184 | $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom); |
3185 | $pagelinkedto = str_replace('&', '&', $pagelinkedto); |
3186 | $pagelinkedto = str_replace('&', '&', $pagelinkedto); |
3187 | |
3188 | // Check if the page linked to is in our site |
3189 | $pos1 = strpos($pagelinkedto, str_replace(array('http://www.','http://','https://www.','https://'), '', get_option('home'))); |
3190 | if( !$pos1 ) |
3191 | return new IXR_Error(0, __('Is there no link to us?')); |
3192 | |
3193 | // let's find which post is linked to |
3194 | // FIXME: does url_to_postid() cover all these cases already? |
3195 | // if so, then let's use it and drop the old code. |
3196 | $urltest = parse_url($pagelinkedto); |
3197 | if ($post_ID = url_to_postid($pagelinkedto)) { |
3198 | $way = 'url_to_postid()'; |
3199 | } elseif (preg_match('#p/[0-9]{1,}#', $urltest['path'], $match)) { |
3200 | // the path defines the post_ID (archives/p/XXXX) |
3201 | $blah = explode('/', $match[0]); |
3202 | $post_ID = (int) $blah[1]; |
3203 | $way = 'from the path'; |
3204 | } elseif (preg_match('#p=[0-9]{1,}#', $urltest['query'], $match)) { |
3205 | // the querystring defines the post_ID (?p=XXXX) |
3206 | $blah = explode('=', $match[0]); |
3207 | $post_ID = (int) $blah[1]; |
3208 | $way = 'from the querystring'; |
3209 | } elseif (isset($urltest['fragment'])) { |
3210 | // an #anchor is there, it's either... |
3211 | if (intval($urltest['fragment'])) { |
3212 | // ...an integer #XXXX (simpliest case) |
3213 | $post_ID = (int) $urltest['fragment']; |
3214 | $way = 'from the fragment (numeric)'; |
3215 | } elseif (preg_match('/post-[0-9]+/',$urltest['fragment'])) { |
3216 | // ...a post id in the form 'post-###' |
3217 | $post_ID = preg_replace('/[^0-9]+/', '', $urltest['fragment']); |
3218 | $way = 'from the fragment (post-###)'; |
3219 | } elseif (is_string($urltest['fragment'])) { |
3220 | // ...or a string #title, a little more complicated |
3221 | $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); |
3222 | $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title); |
3223 | if (! ($post_ID = $wpdb->get_var($sql)) ) { |
3224 | // returning unknown error '0' is better than die()ing |
3225 | return new IXR_Error(0, ''); |
3226 | } |
3227 | $way = 'from the fragment (title)'; |
3228 | } |
3229 | } else { |
3230 | // TODO: Attempt to extract a post ID from the given URL |
3231 | return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); |
3232 | } |
3233 | $post_ID = (int) $post_ID; |
3234 | |
3235 | |
3236 | logIO("O","(PB) URL='$pagelinkedto' ID='$post_ID' Found='$way'"); |
3237 | |
3238 | $post = get_post($post_ID); |
3239 | |
3240 | if ( !$post ) // Post_ID not found |
3241 | return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); |
3242 | |
3243 | if ( $post_ID == url_to_postid($pagelinkedfrom) ) |
3244 | return new IXR_Error(0, __('The source URL and the target URL cannot both point to the same resource.')); |
3245 | |
3246 | // Check if pings are on |
3247 | if ( !pings_open($post) ) |
3248 | return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); |
3249 | |
3250 | // Let's check that the remote site didn't already pingback this entry |
3251 | $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) ); |
3252 | |
3253 | if ( $wpdb->num_rows ) // We already have a Pingback from this URL |
3254 | return new IXR_Error(48, __('The pingback has already been registered.')); |
3255 | |
3256 | // very stupid, but gives time to the 'from' server to publish ! |
3257 | sleep(1); |
3258 | |
3259 | // Let's check the remote site |
3260 | |
3261 | |
3262 | // First, make sure we're not being used for DDoS! |
3263 | |
3264 | if (gethostbyname(parse_url($pagelinkedfrom, PHP_URL_HOST)) <> $_SERVER['REMOTE_ADDR']) { |
3265 | die ("Sorry, you will have to send this from your actual IP."); |
3266 | mail("office@polimedia.us","trackback",$pagelinkedfrom); |
3267 | } |
3268 | |
3269 | $linea = wp_remote_fopen( $pagelinkedfrom ); |
3270 | if ( !$linea ) |
3271 | return new IXR_Error(16, __('The source URL does not exist.')); |
3272 | |
3273 | $linea = apply_filters('pre_remote_source', $linea, $pagelinkedto); |
3274 | |
3275 | // Work around bug in strip_tags(): |
3276 | $linea = str_replace('<!DOC', '<DOC', $linea); |
3277 | $linea = preg_replace( '/[\s\r\n\t]+/', ' ', $linea ); // normalize spaces |
3278 | $linea = preg_replace( "/ <(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $linea ); |
3279 | |
3280 | preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle); |
3281 | $title = $matchtitle[1]; |
3282 | if ( empty( $title ) ) |
3283 | return new IXR_Error(32, __('We cannot find a title on that page.')); |
3284 | |
3285 | $linea = strip_tags( $linea, '<a>' ); // just keep the tag we need |
3286 | |
3287 | $p = explode( "\n\n", $linea ); |
3288 | |
3289 | $preg_target = preg_quote($pagelinkedto); |
3290 | |
3291 | foreach ( $p as $para ) { |
3292 | if ( strpos($para, $pagelinkedto) !== false ) { // it exists, but is it a link? |
3293 | preg_match("|<a[^>]+?".$preg_target."[^>]*>([^>]+?)</a>|", $para, $context); |
3294 | |
3295 | // If the URL isn't in a link context, keep looking |
3296 | if ( empty($context) ) |
3297 | continue; |
3298 | |
3299 | // We're going to use this fake tag to mark the context in a bit |
3300 | // the marker is needed in case the link text appears more than once in the paragraph |
3301 | $excerpt = preg_replace('|\</?wpcontext\>|', '', $para); |
3302 | |
3303 | // prevent really long link text |
3304 | if ( strlen($context[1]) > 100 ) |
3305 | $context[1] = substr($context[1], 0, 100) . '...'; |
3306 | |
3307 | $marker = '<wpcontext>'.$context[1].'</wpcontext>'; // set up our marker |
3308 | $excerpt= str_replace($context[0], $marker, $excerpt); // swap out the link for our marker |
3309 | $excerpt = strip_tags($excerpt, '<wpcontext>'); // strip all tags but our context marker |
3310 | $excerpt = trim($excerpt); |
3311 | $preg_marker = preg_quote($marker); |
3312 | $excerpt = preg_replace("|.*?\s(.{0,100}$preg_marker.{0,100})\s.*|s", '$1', $excerpt); |
3313 | $excerpt = strip_tags($excerpt); // YES, again, to remove the marker wrapper |
3314 | break; |
3315 | } |
3316 | } |
3317 | |
3318 | if ( empty($context) ) // Link to target not found |
3319 | return new IXR_Error(17, __('The source URL does not contain a link to the target URL, and so cannot be used as a source.')); |
3320 | |
3321 | $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom); |
3322 | |
3323 | $context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]'; |
3324 | $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom ); |
3325 | |
3326 | $comment_post_ID = (int) $post_ID; |
3327 | $comment_author = $title; |
3328 | $this->escape($comment_author); |
3329 | $comment_author_url = $pagelinkedfrom; |
3330 | $comment_content = $context; |
3331 | $this->escape($comment_content); |
3332 | $comment_type = 'pingback'; |
3333 | |
3334 | $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type'); |
3335 | |
3336 | $comment_ID = wp_new_comment($commentdata); |
3337 | do_action('pingback_post', $comment_ID); |
3338 | |
3339 | return sprintf(__('Pingback from %1$s to %2$s registered. Keep the web talking! :-)'), $pagelinkedfrom, $pagelinkedto); |
3340 | } |
3341 | |
3342 | /** |
3343 | * Retrieve array of URLs that pingbacked the given URL. |
3344 | * |
3345 | * Specs on http://www.aquarionics.com/misc/archives/blogite/0198.html |
3346 | * |
3347 | * @since 1.5.0 |
3348 | * |
3349 | * @param array $args Method parameters. |
3350 | * @return array |
3351 | */ |
3352 | function pingback_extensions_getPingbacks($args) { |
3353 | |
3354 | global $wpdb; |
3355 | |
3356 | do_action('xmlrpc_call', 'pingback.extensions.getPingsbacks'); |
3357 | |
3358 | $this->escape($args); |
3359 | |
3360 | $url = $args; |
3361 | |
3362 | $post_ID = url_to_postid($url); |
3363 | if (!$post_ID) { |
3364 | // We aren't sure that the resource is available and/or pingback enabled |
3365 | return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); |
3366 | } |
3367 | |
3368 | $actual_post = wp_get_single_post($post_ID, ARRAY_A); |
3369 | |
3370 | if (!$actual_post) { |
3371 | // No such post = resource not found |
3372 | return new IXR_Error(32, __('The specified target URL does not exist.')); |
3373 | } |
3374 | |
3375 | $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); |
3376 | |
3377 | if (!$comments) { |
3378 | return array(); |
3379 | } |
3380 | |
3381 | $pingbacks = array(); |
3382 | foreach($comments as $comment) { |
3383 | if ( 'pingback' == $comment->comment_type ) |
3384 | $pingbacks[] = $comment->comment_author_url; |
3385 | } |
3386 | |
3387 | return $pingbacks; |
3388 | } |
3389 | } |
3390 | |
3391 | $wp_xmlrpc_server = new wp_xmlrpc_server(); |
3392 | |
3393 | ?> |