--- a/wp/wp-includes/class-wp-xmlrpc-server.php Tue Dec 15 15:52:01 2020 +0100
+++ b/wp/wp-includes/class-wp-xmlrpc-server.php Wed Sep 21 18:19:35 2022 +0200
@@ -14,7 +14,7 @@
* options, etc.
*
* As of WordPress 3.5.0, XML-RPC is enabled by default. It can be disabled
- * via the {@see 'xmlrpc_enabled'} filter found in wp_xmlrpc_server::login().
+ * via the {@see 'xmlrpc_enabled'} filter found in wp_xmlrpc_server::set_is_enabled().
*
* @since 1.5.0
*
@@ -50,6 +50,13 @@
protected $auth_failed = false;
/**
+ * Flags that XML-RPC is enabled
+ *
+ * @var bool
+ */
+ private $is_enabled;
+
+ /**
* Registers all of the XMLRPC methods that XMLRPC server understands.
*
* Sets up server and method property. Passes XMLRPC
@@ -164,6 +171,51 @@
* @param string[] $methods An array of XML-RPC methods, keyed by their methodName.
*/
$this->methods = apply_filters( 'xmlrpc_methods', $this->methods );
+
+ $this->set_is_enabled();
+ }
+
+ /**
+ * Set wp_xmlrpc_server::$is_enabled property.
+ *
+ * Determine whether the xmlrpc server is enabled on this WordPress install
+ * and set the is_enabled property accordingly.
+ *
+ * @since 5.7.3
+ */
+ private function set_is_enabled() {
+ /*
+ * Respect old get_option() filters left for back-compat when the 'enable_xmlrpc'
+ * option was deprecated in 3.5.0. Use the 'xmlrpc_enabled' hook instead.
+ */
+ $is_enabled = apply_filters( 'pre_option_enable_xmlrpc', false );
+ if ( false === $is_enabled ) {
+ $is_enabled = apply_filters( 'option_enable_xmlrpc', true );
+ }
+
+ /**
+ * Filters whether XML-RPC methods requiring authentication are enabled.
+ *
+ * Contrary to the way it's named, this filter does not control whether XML-RPC is *fully*
+ * enabled, rather, it only controls whether XML-RPC methods requiring authentication - such
+ * as for publishing purposes - are enabled.
+ *
+ * Further, the filter does not control whether pingbacks or other custom endpoints that don't
+ * require authentication are enabled. This behavior is expected, and due to how parity was matched
+ * with the `enable_xmlrpc` UI option the filter replaced when it was introduced in 3.5.
+ *
+ * To disable XML-RPC methods that require authentication, use:
+ *
+ * add_filter( 'xmlrpc_enabled', '__return_false' );
+ *
+ * For more granular control over all XML-RPC methods and requests, see the {@see 'xmlrpc_methods'}
+ * and {@see 'xmlrpc_element_limit'} hooks.
+ *
+ * @since 3.5.0
+ *
+ * @param bool $is_enabled Whether XML-RPC is enabled. Default true.
+ */
+ $this->is_enabled = apply_filters( 'xmlrpc_enabled', $is_enabled );
}
/**
@@ -228,43 +280,10 @@
*
* @param string $username User's username.
* @param string $password User's password.
- * @return WP_User|bool WP_User object if authentication passed, false otherwise
+ * @return WP_User|false WP_User object if authentication passed, false otherwise
*/
public function login( $username, $password ) {
- /*
- * Respect old get_option() filters left for back-compat when the 'enable_xmlrpc'
- * option was deprecated in 3.5.0. Use the 'xmlrpc_enabled' hook instead.
- */
- $enabled = apply_filters( 'pre_option_enable_xmlrpc', false );
- if ( false === $enabled ) {
- $enabled = apply_filters( 'option_enable_xmlrpc', true );
- }
-
- /**
- * Filters whether XML-RPC methods requiring authentication are enabled.
- *
- * Contrary to the way it's named, this filter does not control whether XML-RPC is *fully*
- * enabled, rather, it only controls whether XML-RPC methods requiring authentication - such
- * as for publishing purposes - are enabled.
- *
- * Further, the filter does not control whether pingbacks or other custom endpoints that don't
- * require authentication are enabled. This behavior is expected, and due to how parity was matched
- * with the `enable_xmlrpc` UI option the filter replaced when it was introduced in 3.5.
- *
- * To disable XML-RPC methods that require authentication, use:
- *
- * add_filter( 'xmlrpc_enabled', '__return_false' );
- *
- * For more granular control over all XML-RPC methods and requests, see the {@see 'xmlrpc_methods'}
- * and {@see 'xmlrpc_element_limit'} hooks.
- *
- * @since 3.5.0
- *
- * @param bool $enabled Whether XML-RPC is enabled. Default true.
- */
- $enabled = apply_filters( 'xmlrpc_enabled', $enabled );
-
- if ( ! $enabled ) {
+ if ( ! $this->is_enabled ) {
$this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this site.' ) ) );
return false;
}
@@ -286,8 +305,8 @@
*
* @since 3.5.0
*
- * @param string $error The XML-RPC error message.
- * @param WP_Error $user WP_Error object.
+ * @param IXR_Error $error The XML-RPC error message.
+ * @param WP_Error $user WP_Error object.
*/
$this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user );
return false;
@@ -336,6 +355,30 @@
}
/**
+ * Send error response to client.
+ *
+ * Send an XML error response to the client. If the endpoint is enabled
+ * an HTTP 200 response is always sent per the XML-RPC specification.
+ *
+ * @since 5.7.3
+ *
+ * @param IXR_Error|string $error Error code or an error object.
+ * @param false $message Error message. Optional.
+ */
+ public function error( $error, $message = false ) {
+ // Accepts either an error object or an error code and message
+ if ( $message && ! is_object( $error ) ) {
+ $error = new IXR_Error( $error, $message );
+ }
+
+ if ( ! $this->is_enabled ) {
+ status_header( $error->code );
+ }
+
+ $this->output( $error->getXml() );
+ }
+
+ /**
* Retrieve custom fields for post.
*
* @since 2.5.0
@@ -681,10 +724,13 @@
* equal to the method's name, e.g., wp.getUsersBlogs, wp.newPost, etc.
*
* @since 2.5.0
+ * @since 5.7.0 Added the `$args` and `$server` parameters.
*
- * @param string $name The method name.
+ * @param string $name The method name.
+ * @param array|string $args The escaped arguments passed to the method.
+ * @param wp_xmlrpc_server $server The XML-RPC server instance.
*/
- do_action( 'xmlrpc_call', 'wp.getUsersBlogs' );
+ do_action( 'xmlrpc_call', 'wp.getUsersBlogs', $args, $this );
$blogs = (array) get_blogs_of_user( $user->ID );
$struct = array();
@@ -743,8 +789,8 @@
/**
* Prepares taxonomy data for return in an XML-RPC object.
*
- * @param object $taxonomy The unprepared taxonomy data.
- * @param array $fields The subset of taxonomy fields to return.
+ * @param WP_Taxonomy $taxonomy The unprepared taxonomy data.
+ * @param array $fields The subset of taxonomy fields to return.
* @return array The prepared taxonomy data.
*/
protected function _prepare_taxonomy( $taxonomy, $fields ) {
@@ -766,7 +812,7 @@
}
if ( in_array( 'menu', $fields, true ) ) {
- $_taxonomy['show_in_menu'] = (bool) $_taxonomy->show_in_menu;
+ $_taxonomy['show_in_menu'] = (bool) $taxonomy->show_in_menu;
}
if ( in_array( 'object_type', $fields, true ) ) {
@@ -798,13 +844,13 @@
}
// For integers which may be larger than XML-RPC supports ensure we return strings.
- $_term['term_id'] = strval( $_term['term_id'] );
- $_term['term_group'] = strval( $_term['term_group'] );
- $_term['term_taxonomy_id'] = strval( $_term['term_taxonomy_id'] );
- $_term['parent'] = strval( $_term['parent'] );
+ $_term['term_id'] = (string) $_term['term_id'];
+ $_term['term_group'] = (string) $_term['term_group'];
+ $_term['term_taxonomy_id'] = (string) $_term['term_taxonomy_id'];
+ $_term['parent'] = (string) $_term['parent'];
// Count we are happy to return as an integer because people really shouldn't use terms that much.
- $_term['count'] = intval( $_term['count'] );
+ $_term['count'] = (int) $_term['count'];
// Get term meta.
$_term['custom_fields'] = $this->get_term_custom_fields( $_term['term_id'] );
@@ -856,7 +902,7 @@
*/
protected function _prepare_post( $post, $fields ) {
// Holds the data for this post. built up based on $fields.
- $_post = array( 'post_id' => strval( $post['ID'] ) );
+ $_post = array( 'post_id' => (string) $post['ID'] );
// Prepare common post fields.
$post_fields = array(
@@ -872,11 +918,11 @@
'post_password' => $post['post_password'],
'post_excerpt' => $post['post_excerpt'],
'post_content' => $post['post_content'],
- 'post_parent' => strval( $post['post_parent'] ),
+ 'post_parent' => (string) $post['post_parent'],
'post_mime_type' => $post['post_mime_type'],
'link' => get_permalink( $post['ID'] ),
'guid' => $post['guid'],
- 'menu_order' => intval( $post['menu_order'] ),
+ 'menu_order' => (int) $post['menu_order'],
'comment_status' => $post['comment_status'],
'ping_status' => $post['ping_status'],
'sticky' => ( 'post' === $post['post_type'] && is_sticky( $post['ID'] ) ),
@@ -1003,13 +1049,13 @@
/**
* Prepares media item data for return in an XML-RPC object.
*
- * @param object $media_item The unprepared media item data.
- * @param string $thumbnail_size The image size to use for the thumbnail URL.
+ * @param WP_Post $media_item The unprepared media item data.
+ * @param string $thumbnail_size The image size to use for the thumbnail URL.
* @return array The prepared media item data.
*/
protected function _prepare_media_item( $media_item, $thumbnail_size = 'thumbnail' ) {
$_media_item = array(
- 'attachment_id' => strval( $media_item->ID ),
+ 'attachment_id' => (string) $media_item->ID,
'date_created_gmt' => $this->_convert_date_gmt( $media_item->post_date_gmt, $media_item->post_date ),
'parent' => $media_item->post_parent,
'link' => wp_get_attachment_url( $media_item->ID ),
@@ -1032,9 +1078,9 @@
*
* @since 3.4.0
*
- * @param array $_media_item An array of media item data.
- * @param object $media_item Media item object.
- * @param string $thumbnail_size Image size.
+ * @param array $_media_item An array of media item data.
+ * @param WP_Post $media_item Media item object.
+ * @param string $thumbnail_size Image size.
*/
return apply_filters( 'xmlrpc_prepare_media_item', $_media_item, $media_item, $thumbnail_size );
}
@@ -1042,7 +1088,7 @@
/**
* Prepares page data for return in an XML-RPC object.
*
- * @param object $page The unprepared page data.
+ * @param WP_Post $page The unprepared page data.
* @return array The prepared page data.
*/
protected function _prepare_page( $page ) {
@@ -1122,7 +1168,7 @@
/**
* Prepares comment data for return in an XML-RPC object.
*
- * @param object $comment The unprepared comment data.
+ * @param WP_Comment $comment The unprepared comment data.
* @return array The prepared comment data.
*/
protected function _prepare_comment( $comment ) {
@@ -1174,7 +1220,7 @@
* @return array The prepared user data.
*/
protected function _prepare_user( $user, $fields ) {
- $_user = array( 'user_id' => strval( $user->ID ) );
+ $_user = array( 'user_id' => (string) $user->ID );
$user_fields = array(
'username' => $user->user_login,
@@ -1294,7 +1340,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.newPost' );
+ do_action( 'xmlrpc_call', 'wp.newPost', $args, $this );
unset( $content_struct['ID'] );
@@ -1307,6 +1353,7 @@
* @since 3.4.0
*
* @param int $count Number to compare to one.
+ * @return bool True if the number is greater than one, false otherwise.
*/
private function _is_greater_than_one( $count ) {
return $count > 1;
@@ -1646,7 +1693,7 @@
}
}
- return strval( $post_ID );
+ return (string) $post_ID;
}
/**
@@ -1686,7 +1733,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.editPost' );
+ do_action( 'xmlrpc_call', 'wp.editPost', $args, $this );
$post = get_post( $post_id, ARRAY_A );
@@ -1769,7 +1816,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.deletePost' );
+ do_action( 'xmlrpc_call', 'wp.deletePost', $args, $this );
$post = get_post( $post_id, ARRAY_A );
if ( empty( $post['ID'] ) ) {
@@ -1869,7 +1916,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getPost' );
+ do_action( 'xmlrpc_call', 'wp.getPost', $args, $this );
$post = get_post( $post_id, ARRAY_A );
@@ -1930,7 +1977,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getPosts' );
+ do_action( 'xmlrpc_call', 'wp.getPosts', $args, $this );
$query = array();
@@ -2029,7 +2076,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.newTerm' );
+ do_action( 'xmlrpc_call', 'wp.newTerm', $args, $this );
if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
@@ -2093,7 +2140,7 @@
$this->set_term_custom_fields( $term['term_id'], $content_struct['custom_fields'] );
}
- return strval( $term['term_id'] );
+ return (string) $term['term_id'];
}
/**
@@ -2134,7 +2181,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.editTerm' );
+ do_action( 'xmlrpc_call', 'wp.editTerm', $args, $this );
if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
@@ -2230,7 +2277,7 @@
* @type string $taxnomy_name Taxonomy name.
* @type int $term_id Term ID.
* }
- * @return bool|IXR_Error True on success, IXR_Error instance on failure.
+ * @return true|IXR_Error True on success, IXR_Error instance on failure.
*/
public function wp_deleteTerm( $args ) {
if ( ! $this->minimum_args( $args, 5 ) ) {
@@ -2250,7 +2297,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.deleteTerm' );
+ do_action( 'xmlrpc_call', 'wp.deleteTerm', $args, $this );
if ( ! taxonomy_exists( $taxonomy ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
@@ -2329,7 +2376,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getTerm' );
+ do_action( 'xmlrpc_call', 'wp.getTerm', $args, $this );
if ( ! taxonomy_exists( $taxonomy ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
@@ -2394,7 +2441,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getTerms' );
+ do_action( 'xmlrpc_call', 'wp.getTerms', $args, $this );
if ( ! taxonomy_exists( $taxonomy ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
@@ -2500,7 +2547,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getTaxonomy' );
+ do_action( 'xmlrpc_call', 'wp.getTaxonomy', $args, $this );
if ( ! taxonomy_exists( $taxonomy ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
@@ -2558,7 +2605,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getTaxonomies' );
+ do_action( 'xmlrpc_call', 'wp.getTaxonomies', $args, $this );
$taxonomies = get_taxonomies( $filter, 'objects' );
@@ -2644,7 +2691,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getUser' );
+ do_action( 'xmlrpc_call', 'wp.getUser', $args, $this );
if ( ! current_user_can( 'edit_user', $user_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this user.' ) );
@@ -2707,7 +2754,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getUsers' );
+ do_action( 'xmlrpc_call', 'wp.getUsers', $args, $this );
if ( ! current_user_can( 'list_users' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to list users.' ) );
@@ -2787,7 +2834,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getProfile' );
+ do_action( 'xmlrpc_call', 'wp.getProfile', $args, $this );
if ( ! current_user_can( 'edit_user', $user->ID ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) );
@@ -2837,7 +2884,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.editProfile' );
+ do_action( 'xmlrpc_call', 'wp.editProfile', $args, $this );
if ( ! current_user_can( 'edit_user', $user->ID ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) );
@@ -2926,7 +2973,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getPage' );
+ do_action( 'xmlrpc_call', 'wp.getPage', $args, $this );
// If we found the page then format the data.
if ( $page->ID && ( 'page' === $page->post_type ) ) {
@@ -2969,7 +3016,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getPages' );
+ do_action( 'xmlrpc_call', 'wp.getPages', $args, $this );
$pages = get_posts(
array(
@@ -3024,7 +3071,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.newPage' );
+ do_action( 'xmlrpc_call', 'wp.newPage', $args, $this );
// Mark this as content for a page.
$args[3]['post_type'] = 'page';
@@ -3061,7 +3108,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.deletePage' );
+ do_action( 'xmlrpc_call', 'wp.deletePage', $args, $this );
// Get the current page based on the 'page_id' and
// make sure it is a page and not a post.
@@ -3128,7 +3175,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.editPage' );
+ do_action( 'xmlrpc_call', 'wp.editPage', $args, $this );
// Get the page data and make sure it is a page.
$actual_page = get_post( $page_id, ARRAY_A );
@@ -3191,7 +3238,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getPageList' );
+ do_action( 'xmlrpc_call', 'wp.getPageList', $args, $this );
// Get list of page IDs and titles.
$page_list = $wpdb->get_results(
@@ -3252,7 +3299,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getAuthors' );
+ do_action( 'xmlrpc_call', 'wp.getAuthors', $args, $this );
$authors = array();
foreach ( get_users( array( 'fields' => array( 'ID', 'user_login', 'display_name' ) ) ) as $user ) {
@@ -3296,7 +3343,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getKeywords' );
+ do_action( 'xmlrpc_call', 'wp.getKeywords', $args, $this );
$tags = array();
@@ -3346,7 +3393,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.newCategory' );
+ do_action( 'xmlrpc_call', 'wp.newCategory', $args, $this );
// Make sure the user is allowed to add a category.
if ( ! current_user_can( 'manage_categories' ) ) {
@@ -3429,7 +3476,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.deleteCategory' );
+ do_action( 'xmlrpc_call', 'wp.deleteCategory', $args, $this );
if ( ! current_user_can( 'delete_term', $category_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this category.' ) );
@@ -3486,7 +3533,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.suggestCategories' );
+ do_action( 'xmlrpc_call', 'wp.suggestCategories', $args, $this );
$category_suggestions = array();
$args = array(
@@ -3532,7 +3579,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getComment' );
+ do_action( 'xmlrpc_call', 'wp.getComment', $args, $this );
$comment = get_comment( $comment_id );
if ( ! $comment ) {
@@ -3585,7 +3632,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getComments' );
+ do_action( 'xmlrpc_call', 'wp.getComments', $args, $this );
if ( isset( $struct['status'] ) ) {
$status = $struct['status'];
@@ -3680,7 +3727,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.deleteComment' );
+ do_action( 'xmlrpc_call', 'wp.deleteComment', $args, $this );
$status = wp_delete_comment( $comment_ID );
@@ -3748,7 +3795,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.editComment' );
+ do_action( 'xmlrpc_call', 'wp.editComment', $args, $this );
$comment = array(
'comment_ID' => $comment_ID,
);
@@ -3875,13 +3922,24 @@
return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) );
}
- if ( empty( $content_struct['content'] ) ) {
- return new IXR_Error( 403, __( 'Comment is required.' ) );
+ if (
+ 'publish' === get_post_status( $post_id ) &&
+ ! current_user_can( 'edit_post', $post_id ) &&
+ post_password_required( $post_id )
+ ) {
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
+ }
+
+ if (
+ 'private' === get_post_status( $post_id ) &&
+ ! current_user_can( 'read_post', $post_id )
+ ) {
+ return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
}
$comment = array(
'comment_post_ID' => $post_id,
- 'comment_content' => $content_struct['content'],
+ 'comment_content' => trim( $content_struct['content'] ),
);
if ( $logged_in ) {
@@ -3912,7 +3970,7 @@
$comment['user_ID'] = 0;
if ( get_option( 'require_name_email' ) ) {
- if ( strlen( $comment['comment_author_email'] < 6 ) || '' === $comment['comment_author'] ) {
+ if ( strlen( $comment['comment_author_email'] ) < 6 || '' === $comment['comment_author'] ) {
return new IXR_Error( 403, __( 'Comment author name and email are required.' ) );
} elseif ( ! is_email( $comment['comment_author_email'] ) ) {
return new IXR_Error( 403, __( 'A valid email address is required.' ) );
@@ -3922,8 +3980,15 @@
$comment['comment_parent'] = isset( $content_struct['comment_parent'] ) ? absint( $content_struct['comment_parent'] ) : 0;
+ /** This filter is documented in wp-includes/comment.php */
+ $allow_empty = apply_filters( 'allow_empty_comment', false, $comment );
+
+ if ( ! $allow_empty && '' === $comment['comment_content'] ) {
+ return new IXR_Error( 403, __( 'Comment is required.' ) );
+ }
+
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.newComment' );
+ do_action( 'xmlrpc_call', 'wp.newComment', $args, $this );
$comment_ID = wp_new_comment( $comment, true );
if ( is_wp_error( $comment_ID ) ) {
@@ -3977,7 +4042,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getCommentStatusList' );
+ do_action( 'xmlrpc_call', 'wp.getCommentStatusList', $args, $this );
return get_comment_statuses();
}
@@ -4019,7 +4084,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getCommentCount' );
+ do_action( 'xmlrpc_call', 'wp.getCommentCount', $args, $this );
$count = wp_count_comments( $post_id );
@@ -4061,7 +4126,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getPostStatusList' );
+ do_action( 'xmlrpc_call', 'wp.getPostStatusList', $args, $this );
return get_post_statuses();
}
@@ -4096,7 +4161,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getPageStatusList' );
+ do_action( 'xmlrpc_call', 'wp.getPageStatusList', $args, $this );
return get_page_statuses();
}
@@ -4289,10 +4354,10 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getMediaItem' );
+ do_action( 'xmlrpc_call', 'wp.getMediaItem', $args, $this );
$attachment = get_post( $attachment_id );
- if ( ! $attachment ) {
+ if ( ! $attachment || 'attachment' !== $attachment->post_type ) {
return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
}
@@ -4342,7 +4407,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getMediaLibrary' );
+ do_action( 'xmlrpc_call', 'wp.getMediaLibrary', $args, $this );
$parent_id = ( isset( $struct['parent_id'] ) ) ? absint( $struct['parent_id'] ) : '';
$mime_type = ( isset( $struct['mime_type'] ) ) ? $struct['mime_type'] : '';
@@ -4398,7 +4463,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getPostFormats' );
+ do_action( 'xmlrpc_call', 'wp.getPostFormats', $args, $this );
$formats = get_post_format_strings();
@@ -4478,7 +4543,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getPostType' );
+ do_action( 'xmlrpc_call', 'wp.getPostType', $args, $this );
if ( ! post_type_exists( $post_type_name ) ) {
return new IXR_Error( 403, __( 'Invalid post type.' ) );
@@ -4535,7 +4600,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getPostTypes' );
+ do_action( 'xmlrpc_call', 'wp.getPostTypes', $args, $this );
$post_types = get_post_types( $filter, 'objects' );
@@ -4605,7 +4670,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.getRevisions' );
+ do_action( 'xmlrpc_call', 'wp.getRevisions', $args, $this );
$post = get_post( $post_id );
if ( ! $post ) {
@@ -4679,7 +4744,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'wp.restoreRevision' );
+ do_action( 'xmlrpc_call', 'wp.restoreRevision', $args, $this );
$revision = wp_get_post_revision( $revision_id );
if ( ! $revision ) {
@@ -4750,7 +4815,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'blogger.getUsersBlogs' );
+ do_action( 'xmlrpc_call', 'blogger.getUsersBlogs', $args, $this );
$is_admin = current_user_can( 'manage_options' );
@@ -4836,7 +4901,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'blogger.getUserInfo' );
+ do_action( 'xmlrpc_call', 'blogger.getUserInfo', $args, $this );
$struct = array(
'nickname' => $user->nickname,
@@ -4886,7 +4951,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'blogger.getPost' );
+ do_action( 'xmlrpc_call', 'blogger.getPost', $args, $this );
$categories = implode( ',', wp_get_post_categories( $post_ID ) );
@@ -4943,7 +5008,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'blogger.getRecentPosts' );
+ do_action( 'xmlrpc_call', 'blogger.getRecentPosts', $args, $this );
$posts_list = wp_get_recent_posts( $query );
@@ -5033,7 +5098,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'blogger.newPost' );
+ do_action( 'xmlrpc_call', 'blogger.newPost', $args, $this );
$cap = ( $publish ) ? 'publish_posts' : 'edit_posts';
if ( ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) || ! current_user_can( $cap ) ) {
@@ -5110,7 +5175,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'blogger.editPost' );
+ do_action( 'xmlrpc_call', 'blogger.editPost', $args, $this );
$actual_post = get_post( $post_ID, ARRAY_A );
@@ -5184,7 +5249,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'blogger.deletePost' );
+ do_action( 'xmlrpc_call', 'blogger.deletePost', $args, $this );
$actual_post = get_post( $post_ID, ARRAY_A );
@@ -5272,7 +5337,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'metaWeblog.newPost' );
+ do_action( 'xmlrpc_call', 'metaWeblog.newPost', $args, $this );
$page_template = '';
if ( ! empty( $content_struct['post_type'] ) ) {
@@ -5565,7 +5630,7 @@
*/
do_action( 'xmlrpc_call_success_mw_newPost', $post_ID, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
- return strval( $post_ID );
+ return (string) $post_ID;
}
/**
@@ -5573,8 +5638,8 @@
*
* @since 2.8.0
*
- * @param integer $post_ID Post ID.
- * @param array $enclosure Enclosure data.
+ * @param int $post_ID Post ID.
+ * @param array $enclosure Enclosure data.
*/
public function add_enclosure_if_new( $post_ID, $enclosure ) {
if ( is_array( $enclosure ) && isset( $enclosure['url'] ) && isset( $enclosure['length'] ) && isset( $enclosure['type'] ) ) {
@@ -5634,7 +5699,7 @@
* @type array $content_struct
* @type int $publish
* }
- * @return bool|IXR_Error True on success.
+ * @return true|IXR_Error True on success.
*/
public function mw_editPost( $args ) {
$this->escape( $args );
@@ -5651,7 +5716,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'metaWeblog.editPost' );
+ do_action( 'xmlrpc_call', 'metaWeblog.editPost', $args, $this );
$postdata = get_post( $post_ID, ARRAY_A );
@@ -5989,7 +6054,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'metaWeblog.getPost' );
+ do_action( 'xmlrpc_call', 'metaWeblog.getPost', $args, $this );
if ( '' !== $postdata['post_date'] ) {
$post_date = $this->_convert_date( $postdata['post_date'] );
@@ -6130,7 +6195,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'metaWeblog.getRecentPosts' );
+ do_action( 'xmlrpc_call', 'metaWeblog.getRecentPosts', $args, $this );
$posts_list = wp_get_recent_posts( $query );
@@ -6251,7 +6316,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'metaWeblog.getCategories' );
+ do_action( 'xmlrpc_call', 'metaWeblog.getCategories', $args, $this );
$categories_struct = array();
@@ -6312,7 +6377,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'metaWeblog.newMediaObject' );
+ do_action( 'xmlrpc_call', 'metaWeblog.newMediaObject', $args, $this );
if ( ! current_user_can( 'upload_files' ) ) {
$this->error = new IXR_Error( 401, __( 'Sorry, you are not allowed to upload files.' ) );
@@ -6431,7 +6496,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'mt.getRecentPostTitles' );
+ do_action( 'xmlrpc_call', 'mt.getRecentPostTitles', $args, $this );
$posts_list = wp_get_recent_posts( $query );
@@ -6493,7 +6558,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'mt.getCategoryList' );
+ do_action( 'xmlrpc_call', 'mt.getCategoryList', $args, $this );
$categories_struct = array();
@@ -6551,10 +6616,10 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'mt.getPostCategories' );
+ do_action( 'xmlrpc_call', 'mt.getPostCategories', $args, $this );
$categories = array();
- $catids = wp_get_post_categories( intval( $post_ID ) );
+ $catids = wp_get_post_categories( (int) $post_ID );
// First listed category will be the primary category.
$isPrimary = true;
foreach ( $catids as $catid ) {
@@ -6598,7 +6663,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'mt.setPostCategories' );
+ do_action( 'xmlrpc_call', 'mt.setPostCategories', $args, $this );
if ( ! get_post( $post_ID ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
@@ -6627,7 +6692,7 @@
*/
public function mt_supportedMethods() {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'mt.supportedMethods' );
+ do_action( 'xmlrpc_call', 'mt.supportedMethods', array(), $this );
return array_keys( $this->methods );
}
@@ -6639,7 +6704,7 @@
*/
public function mt_supportedTextFilters() {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'mt.supportedTextFilters' );
+ do_action( 'xmlrpc_call', 'mt.supportedTextFilters', array(), $this );
/**
* Filters the MoveableType text filters list for XML-RPC.
@@ -6665,7 +6730,7 @@
global $wpdb;
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'mt.getTrackbackPings' );
+ do_action( 'xmlrpc_call', 'mt.getTrackbackPings', $post_ID, $this );
$actual_post = get_post( $post_ID, ARRAY_A );
@@ -6722,7 +6787,7 @@
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'mt.publishPost' );
+ do_action( 'xmlrpc_call', 'mt.publishPost', $args, $this );
$postdata = get_post( $post_ID, ARRAY_A );
if ( ! $postdata ) {
@@ -6764,7 +6829,7 @@
global $wpdb;
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'pingback.ping' );
+ do_action( 'xmlrpc_call', 'pingback.ping', $args, $this );
$this->escape( $args );
@@ -6811,7 +6876,7 @@
$post_ID = (int) $blah[1];
} elseif ( isset( $urltest['fragment'] ) ) {
// An #anchor is there, it's either...
- if ( intval( $urltest['fragment'] ) ) {
+ if ( (int) $urltest['fragment'] ) {
// ...an integer #XXXX (simplest case),
$post_ID = (int) $urltest['fragment'];
} elseif ( preg_match( '/post-[0-9]+/', $urltest['fragment'] ) ) {
@@ -7003,7 +7068,7 @@
global $wpdb;
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
- do_action( 'xmlrpc_call', 'pingback.extensions.getPingbacks' );
+ do_action( 'xmlrpc_call', 'pingback.extensions.getPingbacks', $url, $this );
$url = $this->escape( $url );