| [ Index ] |
PHP Cross Reference of WordPress |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * XML-RPC protocol support for WordPress 4 * 5 * @package WordPress 6 * @subpackage Publishing 7 */ 8 9 /** 10 * WordPress XMLRPC server implementation. 11 * 12 * Implements compatibility for Blogger API, MetaWeblog API, MovableType, and 13 * pingback. Additional WordPress API for managing comments, pages, posts, 14 * options, etc. 15 * 16 * As of WordPress 3.5.0, XML-RPC is enabled by default. It can be disabled 17 * via the {@see 'xmlrpc_enabled'} filter found in wp_xmlrpc_server::login(). 18 * 19 * @since 1.5.0 20 * 21 * @see IXR_Server 22 */ 23 class wp_xmlrpc_server extends IXR_Server { 24 /** 25 * Methods. 26 * 27 * @var array 28 */ 29 public $methods; 30 31 /** 32 * Blog options. 33 * 34 * @var array 35 */ 36 public $blog_options; 37 38 /** 39 * IXR_Error instance. 40 * 41 * @var IXR_Error 42 */ 43 public $error; 44 45 /** 46 * Flags that the user authentication has failed in this instance of wp_xmlrpc_server. 47 * 48 * @var bool 49 */ 50 protected $auth_failed = false; 51 52 /** 53 * Registers all of the XMLRPC methods that XMLRPC server understands. 54 * 55 * Sets up server and method property. Passes XMLRPC 56 * methods through the {@see 'xmlrpc_methods'} filter to allow plugins to extend 57 * or replace XML-RPC methods. 58 * 59 * @since 1.5.0 60 */ 61 public function __construct() { 62 $this->methods = array( 63 // WordPress API 64 'wp.getUsersBlogs' => 'this:wp_getUsersBlogs', 65 'wp.newPost' => 'this:wp_newPost', 66 'wp.editPost' => 'this:wp_editPost', 67 'wp.deletePost' => 'this:wp_deletePost', 68 'wp.getPost' => 'this:wp_getPost', 69 'wp.getPosts' => 'this:wp_getPosts', 70 'wp.newTerm' => 'this:wp_newTerm', 71 'wp.editTerm' => 'this:wp_editTerm', 72 'wp.deleteTerm' => 'this:wp_deleteTerm', 73 'wp.getTerm' => 'this:wp_getTerm', 74 'wp.getTerms' => 'this:wp_getTerms', 75 'wp.getTaxonomy' => 'this:wp_getTaxonomy', 76 'wp.getTaxonomies' => 'this:wp_getTaxonomies', 77 'wp.getUser' => 'this:wp_getUser', 78 'wp.getUsers' => 'this:wp_getUsers', 79 'wp.getProfile' => 'this:wp_getProfile', 80 'wp.editProfile' => 'this:wp_editProfile', 81 'wp.getPage' => 'this:wp_getPage', 82 'wp.getPages' => 'this:wp_getPages', 83 'wp.newPage' => 'this:wp_newPage', 84 'wp.deletePage' => 'this:wp_deletePage', 85 'wp.editPage' => 'this:wp_editPage', 86 'wp.getPageList' => 'this:wp_getPageList', 87 'wp.getAuthors' => 'this:wp_getAuthors', 88 'wp.getCategories' => 'this:mw_getCategories', // Alias 89 'wp.getTags' => 'this:wp_getTags', 90 'wp.newCategory' => 'this:wp_newCategory', 91 'wp.deleteCategory' => 'this:wp_deleteCategory', 92 'wp.suggestCategories' => 'this:wp_suggestCategories', 93 'wp.uploadFile' => 'this:mw_newMediaObject', // Alias 94 'wp.deleteFile' => 'this:wp_deletePost', // Alias 95 'wp.getCommentCount' => 'this:wp_getCommentCount', 96 'wp.getPostStatusList' => 'this:wp_getPostStatusList', 97 'wp.getPageStatusList' => 'this:wp_getPageStatusList', 98 'wp.getPageTemplates' => 'this:wp_getPageTemplates', 99 'wp.getOptions' => 'this:wp_getOptions', 100 'wp.setOptions' => 'this:wp_setOptions', 101 'wp.getComment' => 'this:wp_getComment', 102 'wp.getComments' => 'this:wp_getComments', 103 'wp.deleteComment' => 'this:wp_deleteComment', 104 'wp.editComment' => 'this:wp_editComment', 105 'wp.newComment' => 'this:wp_newComment', 106 'wp.getCommentStatusList' => 'this:wp_getCommentStatusList', 107 'wp.getMediaItem' => 'this:wp_getMediaItem', 108 'wp.getMediaLibrary' => 'this:wp_getMediaLibrary', 109 'wp.getPostFormats' => 'this:wp_getPostFormats', 110 'wp.getPostType' => 'this:wp_getPostType', 111 'wp.getPostTypes' => 'this:wp_getPostTypes', 112 'wp.getRevisions' => 'this:wp_getRevisions', 113 'wp.restoreRevision' => 'this:wp_restoreRevision', 114 115 // Blogger API 116 'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs', 117 'blogger.getUserInfo' => 'this:blogger_getUserInfo', 118 'blogger.getPost' => 'this:blogger_getPost', 119 'blogger.getRecentPosts' => 'this:blogger_getRecentPosts', 120 'blogger.newPost' => 'this:blogger_newPost', 121 'blogger.editPost' => 'this:blogger_editPost', 122 'blogger.deletePost' => 'this:blogger_deletePost', 123 124 // MetaWeblog API (with MT extensions to structs) 125 'metaWeblog.newPost' => 'this:mw_newPost', 126 'metaWeblog.editPost' => 'this:mw_editPost', 127 'metaWeblog.getPost' => 'this:mw_getPost', 128 'metaWeblog.getRecentPosts' => 'this:mw_getRecentPosts', 129 'metaWeblog.getCategories' => 'this:mw_getCategories', 130 'metaWeblog.newMediaObject' => 'this:mw_newMediaObject', 131 132 // MetaWeblog API aliases for Blogger API 133 // see http://www.xmlrpc.com/stories/storyReader$2460 134 'metaWeblog.deletePost' => 'this:blogger_deletePost', 135 'metaWeblog.getUsersBlogs' => 'this:blogger_getUsersBlogs', 136 137 // MovableType API 138 'mt.getCategoryList' => 'this:mt_getCategoryList', 139 'mt.getRecentPostTitles' => 'this:mt_getRecentPostTitles', 140 'mt.getPostCategories' => 'this:mt_getPostCategories', 141 'mt.setPostCategories' => 'this:mt_setPostCategories', 142 'mt.supportedMethods' => 'this:mt_supportedMethods', 143 'mt.supportedTextFilters' => 'this:mt_supportedTextFilters', 144 'mt.getTrackbackPings' => 'this:mt_getTrackbackPings', 145 'mt.publishPost' => 'this:mt_publishPost', 146 147 // PingBack 148 'pingback.ping' => 'this:pingback_ping', 149 'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks', 150 151 'demo.sayHello' => 'this:sayHello', 152 'demo.addTwoNumbers' => 'this:addTwoNumbers', 153 ); 154 155 $this->initialise_blog_option_info(); 156 157 /** 158 * Filters the methods exposed by the XML-RPC server. 159 * 160 * This filter can be used to add new methods, and remove built-in methods. 161 * 162 * @since 1.5.0 163 * 164 * @param string[] $methods An array of XML-RPC methods, keyed by their methodName. 165 */ 166 $this->methods = apply_filters( 'xmlrpc_methods', $this->methods ); 167 } 168 169 /** 170 * Make private/protected methods readable for backward compatibility. 171 * 172 * @since 4.0.0 173 * 174 * @param string $name Method to call. 175 * @param array $arguments Arguments to pass when calling. 176 * @return array|IXR_Error|false Return value of the callback, false otherwise. 177 */ 178 public function __call( $name, $arguments ) { 179 if ( '_multisite_getUsersBlogs' === $name ) { 180 return $this->_multisite_getUsersBlogs( ...$arguments ); 181 } 182 return false; 183 } 184 185 /** 186 * Serves the XML-RPC request. 187 * 188 * @since 2.9.0 189 */ 190 public function serve_request() { 191 $this->IXR_Server( $this->methods ); 192 } 193 194 /** 195 * Test XMLRPC API by saying, "Hello!" to client. 196 * 197 * @since 1.5.0 198 * 199 * @return string Hello string response. 200 */ 201 public function sayHello() { 202 return 'Hello!'; 203 } 204 205 /** 206 * Test XMLRPC API by adding two numbers for client. 207 * 208 * @since 1.5.0 209 * 210 * @param array $args { 211 * Method arguments. Note: arguments must be ordered as documented. 212 * 213 * @type int $number1 A number to add. 214 * @type int $number2 A second number to add. 215 * } 216 * @return int Sum of the two given numbers. 217 */ 218 public function addTwoNumbers( $args ) { 219 $number1 = $args[0]; 220 $number2 = $args[1]; 221 return $number1 + $number2; 222 } 223 224 /** 225 * Log user in. 226 * 227 * @since 2.8.0 228 * 229 * @param string $username User's username. 230 * @param string $password User's password. 231 * @return WP_User|bool WP_User object if authentication passed, false otherwise 232 */ 233 public function login( $username, $password ) { 234 /* 235 * Respect old get_option() filters left for back-compat when the 'enable_xmlrpc' 236 * option was deprecated in 3.5.0. Use the 'xmlrpc_enabled' hook instead. 237 */ 238 $enabled = apply_filters( 'pre_option_enable_xmlrpc', false ); 239 if ( false === $enabled ) { 240 $enabled = apply_filters( 'option_enable_xmlrpc', true ); 241 } 242 243 /** 244 * Filters whether XML-RPC methods requiring authentication are enabled. 245 * 246 * Contrary to the way it's named, this filter does not control whether XML-RPC is *fully* 247 * enabled, rather, it only controls whether XML-RPC methods requiring authentication - such 248 * as for publishing purposes - are enabled. 249 * 250 * Further, the filter does not control whether pingbacks or other custom endpoints that don't 251 * require authentication are enabled. This behavior is expected, and due to how parity was matched 252 * with the `enable_xmlrpc` UI option the filter replaced when it was introduced in 3.5. 253 * 254 * To disable XML-RPC methods that require authentication, use: 255 * 256 * add_filter( 'xmlrpc_enabled', '__return_false' ); 257 * 258 * For more granular control over all XML-RPC methods and requests, see the {@see 'xmlrpc_methods'} 259 * and {@see 'xmlrpc_element_limit'} hooks. 260 * 261 * @since 3.5.0 262 * 263 * @param bool $enabled Whether XML-RPC is enabled. Default true. 264 */ 265 $enabled = apply_filters( 'xmlrpc_enabled', $enabled ); 266 267 if ( ! $enabled ) { 268 $this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this site.' ) ) ); 269 return false; 270 } 271 272 if ( $this->auth_failed ) { 273 $user = new WP_Error( 'login_prevented' ); 274 } else { 275 $user = wp_authenticate( $username, $password ); 276 } 277 278 if ( is_wp_error( $user ) ) { 279 $this->error = new IXR_Error( 403, __( 'Incorrect username or password.' ) ); 280 281 // Flag that authentication has failed once on this wp_xmlrpc_server instance 282 $this->auth_failed = true; 283 284 /** 285 * Filters the XML-RPC user login error message. 286 * 287 * @since 3.5.0 288 * 289 * @param string $error The XML-RPC error message. 290 * @param WP_Error $user WP_Error object. 291 */ 292 $this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user ); 293 return false; 294 } 295 296 wp_set_current_user( $user->ID ); 297 return $user; 298 } 299 300 /** 301 * Check user's credentials. Deprecated. 302 * 303 * @since 1.5.0 304 * @deprecated 2.8.0 Use wp_xmlrpc_server::login() 305 * @see wp_xmlrpc_server::login() 306 * 307 * @param string $username User's username. 308 * @param string $password User's password. 309 * @return bool Whether authentication passed. 310 */ 311 public function login_pass_ok( $username, $password ) { 312 return (bool) $this->login( $username, $password ); 313 } 314 315 /** 316 * Escape string or array of strings for database. 317 * 318 * @since 1.5.2 319 * 320 * @param string|array $data Escape single string or array of strings. 321 * @return string|void Returns with string is passed, alters by-reference 322 * when array is passed. 323 */ 324 public function escape( &$data ) { 325 if ( ! is_array( $data ) ) { 326 return wp_slash( $data ); 327 } 328 329 foreach ( $data as &$v ) { 330 if ( is_array( $v ) ) { 331 $this->escape( $v ); 332 } elseif ( ! is_object( $v ) ) { 333 $v = wp_slash( $v ); 334 } 335 } 336 } 337 338 /** 339 * Retrieve custom fields for post. 340 * 341 * @since 2.5.0 342 * 343 * @param int $post_id Post ID. 344 * @return array Custom fields, if exist. 345 */ 346 public function get_custom_fields( $post_id ) { 347 $post_id = (int) $post_id; 348 349 $custom_fields = array(); 350 351 foreach ( (array) has_meta( $post_id ) as $meta ) { 352 // Don't expose protected fields. 353 if ( ! current_user_can( 'edit_post_meta', $post_id, $meta['meta_key'] ) ) { 354 continue; 355 } 356 357 $custom_fields[] = array( 358 'id' => $meta['meta_id'], 359 'key' => $meta['meta_key'], 360 'value' => $meta['meta_value'], 361 ); 362 } 363 364 return $custom_fields; 365 } 366 367 /** 368 * Set custom fields for post. 369 * 370 * @since 2.5.0 371 * 372 * @param int $post_id Post ID. 373 * @param array $fields Custom fields. 374 */ 375 public function set_custom_fields( $post_id, $fields ) { 376 $post_id = (int) $post_id; 377 378 foreach ( (array) $fields as $meta ) { 379 if ( isset( $meta['id'] ) ) { 380 $meta['id'] = (int) $meta['id']; 381 $pmeta = get_metadata_by_mid( 'post', $meta['id'] ); 382 383 if ( ! $pmeta || $pmeta->post_id != $post_id ) { 384 continue; 385 } 386 387 if ( isset( $meta['key'] ) ) { 388 $meta['key'] = wp_unslash( $meta['key'] ); 389 if ( $meta['key'] !== $pmeta->meta_key ) { 390 continue; 391 } 392 $meta['value'] = wp_unslash( $meta['value'] ); 393 if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) { 394 update_metadata_by_mid( 'post', $meta['id'], $meta['value'] ); 395 } 396 } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) { 397 delete_metadata_by_mid( 'post', $meta['id'] ); 398 } 399 } elseif ( current_user_can( 'add_post_meta', $post_id, wp_unslash( $meta['key'] ) ) ) { 400 add_post_meta( $post_id, $meta['key'], $meta['value'] ); 401 } 402 } 403 } 404 405 /** 406 * Retrieve custom fields for a term. 407 * 408 * @since 4.9.0 409 * 410 * @param int $term_id Term ID. 411 * @return array Array of custom fields, if they exist. 412 */ 413 public function get_term_custom_fields( $term_id ) { 414 $term_id = (int) $term_id; 415 416 $custom_fields = array(); 417 418 foreach ( (array) has_term_meta( $term_id ) as $meta ) { 419 420 if ( ! current_user_can( 'edit_term_meta', $term_id ) ) { 421 continue; 422 } 423 424 $custom_fields[] = array( 425 'id' => $meta['meta_id'], 426 'key' => $meta['meta_key'], 427 'value' => $meta['meta_value'], 428 ); 429 } 430 431 return $custom_fields; 432 } 433 434 /** 435 * Set custom fields for a term. 436 * 437 * @since 4.9.0 438 * 439 * @param int $term_id Term ID. 440 * @param array $fields Custom fields. 441 */ 442 public function set_term_custom_fields( $term_id, $fields ) { 443 $term_id = (int) $term_id; 444 445 foreach ( (array) $fields as $meta ) { 446 if ( isset( $meta['id'] ) ) { 447 $meta['id'] = (int) $meta['id']; 448 $pmeta = get_metadata_by_mid( 'term', $meta['id'] ); 449 if ( isset( $meta['key'] ) ) { 450 $meta['key'] = wp_unslash( $meta['key'] ); 451 if ( $meta['key'] !== $pmeta->meta_key ) { 452 continue; 453 } 454 $meta['value'] = wp_unslash( $meta['value'] ); 455 if ( current_user_can( 'edit_term_meta', $term_id ) ) { 456 update_metadata_by_mid( 'term', $meta['id'], $meta['value'] ); 457 } 458 } elseif ( current_user_can( 'delete_term_meta', $term_id ) ) { 459 delete_metadata_by_mid( 'term', $meta['id'] ); 460 } 461 } elseif ( current_user_can( 'add_term_meta', $term_id ) ) { 462 add_term_meta( $term_id, $meta['key'], $meta['value'] ); 463 } 464 } 465 } 466 467 /** 468 * Set up blog options property. 469 * 470 * Passes property through {@see 'xmlrpc_blog_options'} filter. 471 * 472 * @since 2.6.0 473 */ 474 public function initialise_blog_option_info() { 475 $this->blog_options = array( 476 // Read only options 477 'software_name' => array( 478 'desc' => __( 'Software Name' ), 479 'readonly' => true, 480 'value' => 'WordPress', 481 ), 482 'software_version' => array( 483 'desc' => __( 'Software Version' ), 484 'readonly' => true, 485 'value' => get_bloginfo( 'version' ), 486 ), 487 'blog_url' => array( 488 'desc' => __( 'WordPress Address (URL)' ), 489 'readonly' => true, 490 'option' => 'siteurl', 491 ), 492 'home_url' => array( 493 'desc' => __( 'Site Address (URL)' ), 494 'readonly' => true, 495 'option' => 'home', 496 ), 497 'login_url' => array( 498 'desc' => __( 'Login Address (URL)' ), 499 'readonly' => true, 500 'value' => wp_login_url(), 501 ), 502 'admin_url' => array( 503 'desc' => __( 'The URL to the admin area' ), 504 'readonly' => true, 505 'value' => get_admin_url(), 506 ), 507 'image_default_link_type' => array( 508 'desc' => __( 'Image default link type' ), 509 'readonly' => true, 510 'option' => 'image_default_link_type', 511 ), 512 'image_default_size' => array( 513 'desc' => __( 'Image default size' ), 514 'readonly' => true, 515 'option' => 'image_default_size', 516 ), 517 'image_default_align' => array( 518 'desc' => __( 'Image default align' ), 519 'readonly' => true, 520 'option' => 'image_default_align', 521 ), 522 'template' => array( 523 'desc' => __( 'Template' ), 524 'readonly' => true, 525 'option' => 'template', 526 ), 527 'stylesheet' => array( 528 'desc' => __( 'Stylesheet' ), 529 'readonly' => true, 530 'option' => 'stylesheet', 531 ), 532 'post_thumbnail' => array( 533 'desc' => __( 'Post Thumbnail' ), 534 'readonly' => true, 535 'value' => current_theme_supports( 'post-thumbnails' ), 536 ), 537 538 // Updatable options 539 'time_zone' => array( 540 'desc' => __( 'Time Zone' ), 541 'readonly' => false, 542 'option' => 'gmt_offset', 543 ), 544 'blog_title' => array( 545 'desc' => __( 'Site Title' ), 546 'readonly' => false, 547 'option' => 'blogname', 548 ), 549 'blog_tagline' => array( 550 'desc' => __( 'Site Tagline' ), 551 'readonly' => false, 552 'option' => 'blogdescription', 553 ), 554 'date_format' => array( 555 'desc' => __( 'Date Format' ), 556 'readonly' => false, 557 'option' => 'date_format', 558 ), 559 'time_format' => array( 560 'desc' => __( 'Time Format' ), 561 'readonly' => false, 562 'option' => 'time_format', 563 ), 564 'users_can_register' => array( 565 'desc' => __( 'Allow new users to sign up' ), 566 'readonly' => false, 567 'option' => 'users_can_register', 568 ), 569 'thumbnail_size_w' => array( 570 'desc' => __( 'Thumbnail Width' ), 571 'readonly' => false, 572 'option' => 'thumbnail_size_w', 573 ), 574 'thumbnail_size_h' => array( 575 'desc' => __( 'Thumbnail Height' ), 576 'readonly' => false, 577 'option' => 'thumbnail_size_h', 578 ), 579 'thumbnail_crop' => array( 580 'desc' => __( 'Crop thumbnail to exact dimensions' ), 581 'readonly' => false, 582 'option' => 'thumbnail_crop', 583 ), 584 'medium_size_w' => array( 585 'desc' => __( 'Medium size image width' ), 586 'readonly' => false, 587 'option' => 'medium_size_w', 588 ), 589 'medium_size_h' => array( 590 'desc' => __( 'Medium size image height' ), 591 'readonly' => false, 592 'option' => 'medium_size_h', 593 ), 594 'medium_large_size_w' => array( 595 'desc' => __( 'Medium-Large size image width' ), 596 'readonly' => false, 597 'option' => 'medium_large_size_w', 598 ), 599 'medium_large_size_h' => array( 600 'desc' => __( 'Medium-Large size image height' ), 601 'readonly' => false, 602 'option' => 'medium_large_size_h', 603 ), 604 'large_size_w' => array( 605 'desc' => __( 'Large size image width' ), 606 'readonly' => false, 607 'option' => 'large_size_w', 608 ), 609 'large_size_h' => array( 610 'desc' => __( 'Large size image height' ), 611 'readonly' => false, 612 'option' => 'large_size_h', 613 ), 614 'default_comment_status' => array( 615 'desc' => __( 'Allow people to submit comments on new posts.' ), 616 'readonly' => false, 617 'option' => 'default_comment_status', 618 ), 619 'default_ping_status' => array( 620 'desc' => __( 'Allow link notifications from other blogs (pingbacks and trackbacks) on new posts.' ), 621 'readonly' => false, 622 'option' => 'default_ping_status', 623 ), 624 ); 625 626 /** 627 * Filters the XML-RPC blog options property. 628 * 629 * @since 2.6.0 630 * 631 * @param array $blog_options An array of XML-RPC blog options. 632 */ 633 $this->blog_options = apply_filters( 'xmlrpc_blog_options', $this->blog_options ); 634 } 635 636 /** 637 * Retrieve the blogs of the user. 638 * 639 * @since 2.6.0 640 * 641 * @param array $args { 642 * Method arguments. Note: arguments must be ordered as documented. 643 * 644 * @type string $username Username. 645 * @type string $password Password. 646 * } 647 * @return array|IXR_Error Array contains: 648 * - 'isAdmin' 649 * - 'isPrimary' - whether the blog is the user's primary blog 650 * - 'url' 651 * - 'blogid' 652 * - 'blogName' 653 * - 'xmlrpc' - url of xmlrpc endpoint 654 */ 655 public function wp_getUsersBlogs( $args ) { 656 if ( ! $this->minimum_args( $args, 2 ) ) { 657 return $this->error; 658 } 659 660 // If this isn't on WPMU then just use blogger_getUsersBlogs 661 if ( ! is_multisite() ) { 662 array_unshift( $args, 1 ); 663 return $this->blogger_getUsersBlogs( $args ); 664 } 665 666 $this->escape( $args ); 667 668 $username = $args[0]; 669 $password = $args[1]; 670 671 $user = $this->login( $username, $password ); 672 if ( ! $user ) { 673 return $this->error; 674 } 675 676 /** 677 * Fires after the XML-RPC user has been authenticated but before the rest of 678 * the method logic begins. 679 * 680 * All built-in XML-RPC methods use the action xmlrpc_call, with a parameter 681 * equal to the method's name, e.g., wp.getUsersBlogs, wp.newPost, etc. 682 * 683 * @since 2.5.0 684 * 685 * @param string $name The method name. 686 */ 687 do_action( 'xmlrpc_call', 'wp.getUsersBlogs' ); 688 689 $blogs = (array) get_blogs_of_user( $user->ID ); 690 $struct = array(); 691 $primary_blog_id = 0; 692 $active_blog = get_active_blog_for_user( $user->ID ); 693 if ( $active_blog ) { 694 $primary_blog_id = (int) $active_blog->blog_id; 695 } 696 697 foreach ( $blogs as $blog ) { 698 // Don't include blogs that aren't hosted at this site. 699 if ( $blog->site_id != get_current_network_id() ) { 700 continue; 701 } 702 703 $blog_id = $blog->userblog_id; 704 705 switch_to_blog( $blog_id ); 706 707 $is_admin = current_user_can( 'manage_options' ); 708 $is_primary = ( (int) $blog_id === $primary_blog_id ); 709 710 $struct[] = array( 711 'isAdmin' => $is_admin, 712 'isPrimary' => $is_primary, 713 'url' => home_url( '/' ), 714 'blogid' => (string) $blog_id, 715 'blogName' => get_option( 'blogname' ), 716 'xmlrpc' => site_url( 'xmlrpc.php', 'rpc' ), 717 ); 718 719 restore_current_blog(); 720 } 721 722 return $struct; 723 } 724 725 /** 726 * Checks if the method received at least the minimum number of arguments. 727 * 728 * @since 3.4.0 729 * 730 * @param array $args An array of arguments to check. 731 * @param int $count Minimum number of arguments. 732 * @return bool True if `$args` contains at least `$count` arguments, false otherwise. 733 */ 734 protected function minimum_args( $args, $count ) { 735 if ( ! is_array( $args ) || count( $args ) < $count ) { 736 $this->error = new IXR_Error( 400, __( 'Insufficient arguments passed to this XML-RPC method.' ) ); 737 return false; 738 } 739 740 return true; 741 } 742 743 /** 744 * Prepares taxonomy data for return in an XML-RPC object. 745 * 746 * @param object $taxonomy The unprepared taxonomy data. 747 * @param array $fields The subset of taxonomy fields to return. 748 * @return array The prepared taxonomy data. 749 */ 750 protected function _prepare_taxonomy( $taxonomy, $fields ) { 751 $_taxonomy = array( 752 'name' => $taxonomy->name, 753 'label' => $taxonomy->label, 754 'hierarchical' => (bool) $taxonomy->hierarchical, 755 'public' => (bool) $taxonomy->public, 756 'show_ui' => (bool) $taxonomy->show_ui, 757 '_builtin' => (bool) $taxonomy->_builtin, 758 ); 759 760 if ( in_array( 'labels', $fields ) ) { 761 $_taxonomy['labels'] = (array) $taxonomy->labels; 762 } 763 764 if ( in_array( 'cap', $fields ) ) { 765 $_taxonomy['cap'] = (array) $taxonomy->cap; 766 } 767 768 if ( in_array( 'menu', $fields ) ) { 769 $_taxonomy['show_in_menu'] = (bool) $_taxonomy->show_in_menu; 770 } 771 772 if ( in_array( 'object_type', $fields ) ) { 773 $_taxonomy['object_type'] = array_unique( (array) $taxonomy->object_type ); 774 } 775 776 /** 777 * Filters XML-RPC-prepared data for the given taxonomy. 778 * 779 * @since 3.4.0 780 * 781 * @param array $_taxonomy An array of taxonomy data. 782 * @param WP_Taxonomy $taxonomy Taxonomy object. 783 * @param array $fields The subset of taxonomy fields to return. 784 */ 785 return apply_filters( 'xmlrpc_prepare_taxonomy', $_taxonomy, $taxonomy, $fields ); 786 } 787 788 /** 789 * Prepares term data for return in an XML-RPC object. 790 * 791 * @param array|object $term The unprepared term data. 792 * @return array The prepared term data. 793 */ 794 protected function _prepare_term( $term ) { 795 $_term = $term; 796 if ( ! is_array( $_term ) ) { 797 $_term = get_object_vars( $_term ); 798 } 799 800 // For integers which may be larger than XML-RPC supports ensure we return strings. 801 $_term['term_id'] = strval( $_term['term_id'] ); 802 $_term['term_group'] = strval( $_term['term_group'] ); 803 $_term['term_taxonomy_id'] = strval( $_term['term_taxonomy_id'] ); 804 $_term['parent'] = strval( $_term['parent'] ); 805 806 // Count we are happy to return as an integer because people really shouldn't use terms that much. 807 $_term['count'] = intval( $_term['count'] ); 808 809 // Get term meta. 810 $_term['custom_fields'] = $this->get_term_custom_fields( $_term['term_id'] ); 811 812 /** 813 * Filters XML-RPC-prepared data for the given term. 814 * 815 * @since 3.4.0 816 * 817 * @param array $_term An array of term data. 818 * @param array|object $term Term object or array. 819 */ 820 return apply_filters( 'xmlrpc_prepare_term', $_term, $term ); 821 } 822 823 /** 824 * Convert a WordPress date string to an IXR_Date object. 825 * 826 * @param string $date Date string to convert. 827 * @return IXR_Date IXR_Date object. 828 */ 829 protected function _convert_date( $date ) { 830 if ( $date === '0000-00-00 00:00:00' ) { 831 return new IXR_Date( '00000000T00:00:00Z' ); 832 } 833 return new IXR_Date( mysql2date( 'Ymd\TH:i:s', $date, false ) ); 834 } 835 836 /** 837 * Convert a WordPress GMT date string to an IXR_Date object. 838 * 839 * @param string $date_gmt WordPress GMT date string. 840 * @param string $date Date string. 841 * @return IXR_Date IXR_Date object. 842 */ 843 protected function _convert_date_gmt( $date_gmt, $date ) { 844 if ( $date !== '0000-00-00 00:00:00' && $date_gmt === '0000-00-00 00:00:00' ) { 845 return new IXR_Date( get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $date, false ), 'Ymd\TH:i:s' ) ); 846 } 847 return $this->_convert_date( $date_gmt ); 848 } 849 850 /** 851 * Prepares post data for return in an XML-RPC object. 852 * 853 * @param array $post The unprepared post data. 854 * @param array $fields The subset of post type fields to return. 855 * @return array The prepared post data. 856 */ 857 protected function _prepare_post( $post, $fields ) { 858 // Holds the data for this post. built up based on $fields. 859 $_post = array( 'post_id' => strval( $post['ID'] ) ); 860 861 // Prepare common post fields. 862 $post_fields = array( 863 'post_title' => $post['post_title'], 864 'post_date' => $this->_convert_date( $post['post_date'] ), 865 'post_date_gmt' => $this->_convert_date_gmt( $post['post_date_gmt'], $post['post_date'] ), 866 'post_modified' => $this->_convert_date( $post['post_modified'] ), 867 'post_modified_gmt' => $this->_convert_date_gmt( $post['post_modified_gmt'], $post['post_modified'] ), 868 'post_status' => $post['post_status'], 869 'post_type' => $post['post_type'], 870 'post_name' => $post['post_name'], 871 'post_author' => $post['post_author'], 872 'post_password' => $post['post_password'], 873 'post_excerpt' => $post['post_excerpt'], 874 'post_content' => $post['post_content'], 875 'post_parent' => strval( $post['post_parent'] ), 876 'post_mime_type' => $post['post_mime_type'], 877 'link' => get_permalink( $post['ID'] ), 878 'guid' => $post['guid'], 879 'menu_order' => intval( $post['menu_order'] ), 880 'comment_status' => $post['comment_status'], 881 'ping_status' => $post['ping_status'], 882 'sticky' => ( $post['post_type'] === 'post' && is_sticky( $post['ID'] ) ), 883 ); 884 885 // Thumbnail. 886 $post_fields['post_thumbnail'] = array(); 887 $thumbnail_id = get_post_thumbnail_id( $post['ID'] ); 888 if ( $thumbnail_id ) { 889 $thumbnail_size = current_theme_supports( 'post-thumbnail' ) ? 'post-thumbnail' : 'thumbnail'; 890 $post_fields['post_thumbnail'] = $this->_prepare_media_item( get_post( $thumbnail_id ), $thumbnail_size ); 891 } 892 893 // Consider future posts as published. 894 if ( $post_fields['post_status'] === 'future' ) { 895 $post_fields['post_status'] = 'publish'; 896 } 897 898 // Fill in blank post format. 899 $post_fields['post_format'] = get_post_format( $post['ID'] ); 900 if ( empty( $post_fields['post_format'] ) ) { 901 $post_fields['post_format'] = 'standard'; 902 } 903 904 // Merge requested $post_fields fields into $_post. 905 if ( in_array( 'post', $fields ) ) { 906 $_post = array_merge( $_post, $post_fields ); 907 } else { 908 $requested_fields = array_intersect_key( $post_fields, array_flip( $fields ) ); 909 $_post = array_merge( $_post, $requested_fields ); 910 } 911 912 $all_taxonomy_fields = in_array( 'taxonomies', $fields ); 913 914 if ( $all_taxonomy_fields || in_array( 'terms', $fields ) ) { 915 $post_type_taxonomies = get_object_taxonomies( $post['post_type'], 'names' ); 916 $terms = wp_get_object_terms( $post['ID'], $post_type_taxonomies ); 917 $_post['terms'] = array(); 918 foreach ( $terms as $term ) { 919 $_post['terms'][] = $this->_prepare_term( $term ); 920 } 921 } 922 923 if ( in_array( 'custom_fields', $fields ) ) { 924 $_post['custom_fields'] = $this->get_custom_fields( $post['ID'] ); 925 } 926 927 if ( in_array( 'enclosure', $fields ) ) { 928 $_post['enclosure'] = array(); 929 $enclosures = (array) get_post_meta( $post['ID'], 'enclosure' ); 930 if ( ! empty( $enclosures ) ) { 931 $encdata = explode( "\n", $enclosures[0] ); 932 $_post['enclosure']['url'] = trim( htmlspecialchars( $encdata[0] ) ); 933 $_post['enclosure']['length'] = (int) trim( $encdata[1] ); 934 $_post['enclosure']['type'] = trim( $encdata[2] ); 935 } 936 } 937 938 /** 939 * Filters XML-RPC-prepared date for the given post. 940 * 941 * @since 3.4.0 942 * 943 * @param array $_post An array of modified post data. 944 * @param array $post An array of post data. 945 * @param array $fields An array of post fields. 946 */ 947 return apply_filters( 'xmlrpc_prepare_post', $_post, $post, $fields ); 948 } 949 950 /** 951 * Prepares post data for return in an XML-RPC object. 952 * 953 * @since 3.4.0 954 * @since 4.6.0 Converted the `$post_type` parameter to accept a WP_Post_Type object. 955 * 956 * @param WP_Post_Type $post_type Post type object. 957 * @param array $fields The subset of post fields to return. 958 * @return array The prepared post type data. 959 */ 960 protected function _prepare_post_type( $post_type, $fields ) { 961 $_post_type = array( 962 'name' => $post_type->name, 963 'label' => $post_type->label, 964 'hierarchical' => (bool) $post_type->hierarchical, 965 'public' => (bool) $post_type->public, 966 'show_ui' => (bool) $post_type->show_ui, 967 '_builtin' => (bool) $post_type->_builtin, 968 'has_archive' => (bool) $post_type->has_archive, 969 'supports' => get_all_post_type_supports( $post_type->name ), 970 ); 971 972 if ( in_array( 'labels', $fields ) ) { 973 $_post_type['labels'] = (array) $post_type->labels; 974 } 975 976 if ( in_array( 'cap', $fields ) ) { 977 $_post_type['cap'] = (array) $post_type->cap; 978 $_post_type['map_meta_cap'] = (bool) $post_type->map_meta_cap; 979 } 980 981 if ( in_array( 'menu', $fields ) ) { 982 $_post_type['menu_position'] = (int) $post_type->menu_position; 983 $_post_type['menu_icon'] = $post_type->menu_icon; 984 $_post_type['show_in_menu'] = (bool) $post_type->show_in_menu; 985 } 986 987 if ( in_array( 'taxonomies', $fields ) ) { 988 $_post_type['taxonomies'] = get_object_taxonomies( $post_type->name, 'names' ); 989 } 990 991 /** 992 * Filters XML-RPC-prepared date for the given post type. 993 * 994 * @since 3.4.0 995 * @since 4.6.0 Converted the `$post_type` parameter to accept a WP_Post_Type object. 996 * 997 * @param array $_post_type An array of post type data. 998 * @param WP_Post_Type $post_type Post type object. 999 */ 1000 return apply_filters( 'xmlrpc_prepare_post_type', $_post_type, $post_type ); 1001 } 1002 1003 /** 1004 * Prepares media item data for return in an XML-RPC object. 1005 * 1006 * @param object $media_item The unprepared media item data. 1007 * @param string $thumbnail_size The image size to use for the thumbnail URL. 1008 * @return array The prepared media item data. 1009 */ 1010 protected function _prepare_media_item( $media_item, $thumbnail_size = 'thumbnail' ) { 1011 $_media_item = array( 1012 'attachment_id' => strval( $media_item->ID ), 1013 'date_created_gmt' => $this->_convert_date_gmt( $media_item->post_date_gmt, $media_item->post_date ), 1014 'parent' => $media_item->post_parent, 1015 'link' => wp_get_attachment_url( $media_item->ID ), 1016 'title' => $media_item->post_title, 1017 'caption' => $media_item->post_excerpt, 1018 'description' => $media_item->post_content, 1019 'metadata' => wp_get_attachment_metadata( $media_item->ID ), 1020 'type' => $media_item->post_mime_type, 1021 ); 1022 1023 $thumbnail_src = image_downsize( $media_item->ID, $thumbnail_size ); 1024 if ( $thumbnail_src ) { 1025 $_media_item['thumbnail'] = $thumbnail_src[0]; 1026 } else { 1027 $_media_item['thumbnail'] = $_media_item['link']; 1028 } 1029 1030 /** 1031 * Filters XML-RPC-prepared data for the given media item. 1032 * 1033 * @since 3.4.0 1034 * 1035 * @param array $_media_item An array of media item data. 1036 * @param object $media_item Media item object. 1037 * @param string $thumbnail_size Image size. 1038 */ 1039 return apply_filters( 'xmlrpc_prepare_media_item', $_media_item, $media_item, $thumbnail_size ); 1040 } 1041 1042 /** 1043 * Prepares page data for return in an XML-RPC object. 1044 * 1045 * @param object $page The unprepared page data. 1046 * @return array The prepared page data. 1047 */ 1048 protected function _prepare_page( $page ) { 1049 // Get all of the page content and link. 1050 $full_page = get_extended( $page->post_content ); 1051 $link = get_permalink( $page->ID ); 1052 1053 // Get info the page parent if there is one. 1054 $parent_title = ''; 1055 if ( ! empty( $page->post_parent ) ) { 1056 $parent = get_post( $page->post_parent ); 1057 $parent_title = $parent->post_title; 1058 } 1059 1060 // Determine comment and ping settings. 1061 $allow_comments = comments_open( $page->ID ) ? 1 : 0; 1062 $allow_pings = pings_open( $page->ID ) ? 1 : 0; 1063 1064 // Format page date. 1065 $page_date = $this->_convert_date( $page->post_date ); 1066 $page_date_gmt = $this->_convert_date_gmt( $page->post_date_gmt, $page->post_date ); 1067 1068 // Pull the categories info together. 1069 $categories = array(); 1070 if ( is_object_in_taxonomy( 'page', 'category' ) ) { 1071 foreach ( wp_get_post_categories( $page->ID ) as $cat_id ) { 1072 $categories[] = get_cat_name( $cat_id ); 1073 } 1074 } 1075 1076 // Get the author info. 1077 $author = get_userdata( $page->post_author ); 1078 1079 $page_template = get_page_template_slug( $page->ID ); 1080 if ( empty( $page_template ) ) { 1081 $page_template = 'default'; 1082 } 1083 1084 $_page = array( 1085 'dateCreated' => $page_date, 1086 'userid' => $page->post_author, 1087 'page_id' => $page->ID, 1088 'page_status' => $page->post_status, 1089 'description' => $full_page['main'], 1090 'title' => $page->post_title, 1091 'link' => $link, 1092 'permaLink' => $link, 1093 'categories' => $categories, 1094 'excerpt' => $page->post_excerpt, 1095 'text_more' => $full_page['extended'], 1096 'mt_allow_comments' => $allow_comments, 1097 'mt_allow_pings' => $allow_pings, 1098 'wp_slug' => $page->post_name, 1099 'wp_password' => $page->post_password, 1100 'wp_author' => $author->display_name, 1101 'wp_page_parent_id' => $page->post_parent, 1102 'wp_page_parent_title' => $parent_title, 1103 'wp_page_order' => $page->menu_order, 1104 'wp_author_id' => (string) $author->ID, 1105 'wp_author_display_name' => $author->display_name, 1106 'date_created_gmt' => $page_date_gmt, 1107 'custom_fields' => $this->get_custom_fields( $page->ID ), 1108 'wp_page_template' => $page_template, 1109 ); 1110 1111 /** 1112 * Filters XML-RPC-prepared data for the given page. 1113 * 1114 * @since 3.4.0 1115 * 1116 * @param array $_page An array of page data. 1117 * @param WP_Post $page Page object. 1118 */ 1119 return apply_filters( 'xmlrpc_prepare_page', $_page, $page ); 1120 } 1121 1122 /** 1123 * Prepares comment data for return in an XML-RPC object. 1124 * 1125 * @param object $comment The unprepared comment data. 1126 * @return array The prepared comment data. 1127 */ 1128 protected function _prepare_comment( $comment ) { 1129 // Format page date. 1130 $comment_date_gmt = $this->_convert_date_gmt( $comment->comment_date_gmt, $comment->comment_date ); 1131 1132 if ( '0' == $comment->comment_approved ) { 1133 $comment_status = 'hold'; 1134 } elseif ( 'spam' == $comment->comment_approved ) { 1135 $comment_status = 'spam'; 1136 } elseif ( '1' == $comment->comment_approved ) { 1137 $comment_status = 'approve'; 1138 } else { 1139 $comment_status = $comment->comment_approved; 1140 } 1141 $_comment = array( 1142 'date_created_gmt' => $comment_date_gmt, 1143 'user_id' => $comment->user_id, 1144 'comment_id' => $comment->comment_ID, 1145 'parent' => $comment->comment_parent, 1146 'status' => $comment_status, 1147 'content' => $comment->comment_content, 1148 'link' => get_comment_link( $comment ), 1149 'post_id' => $comment->comment_post_ID, 1150 'post_title' => get_the_title( $comment->comment_post_ID ), 1151 'author' => $comment->comment_author, 1152 'author_url' => $comment->comment_author_url, 1153 'author_email' => $comment->comment_author_email, 1154 'author_ip' => $comment->comment_author_IP, 1155 'type' => $comment->comment_type, 1156 ); 1157 1158 /** 1159 * Filters XML-RPC-prepared data for the given comment. 1160 * 1161 * @since 3.4.0 1162 * 1163 * @param array $_comment An array of prepared comment data. 1164 * @param WP_Comment $comment Comment object. 1165 */ 1166 return apply_filters( 'xmlrpc_prepare_comment', $_comment, $comment ); 1167 } 1168 1169 /** 1170 * Prepares user data for return in an XML-RPC object. 1171 * 1172 * @param WP_User $user The unprepared user object. 1173 * @param array $fields The subset of user fields to return. 1174 * @return array The prepared user data. 1175 */ 1176 protected function _prepare_user( $user, $fields ) { 1177 $_user = array( 'user_id' => strval( $user->ID ) ); 1178 1179 $user_fields = array( 1180 'username' => $user->user_login, 1181 'first_name' => $user->user_firstname, 1182 'last_name' => $user->user_lastname, 1183 'registered' => $this->_convert_date( $user->user_registered ), 1184 'bio' => $user->user_description, 1185 'email' => $user->user_email, 1186 'nickname' => $user->nickname, 1187 'nicename' => $user->user_nicename, 1188 'url' => $user->user_url, 1189 'display_name' => $user->display_name, 1190 'roles' => $user->roles, 1191 ); 1192 1193 if ( in_array( 'all', $fields ) ) { 1194 $_user = array_merge( $_user, $user_fields ); 1195 } else { 1196 if ( in_array( 'basic', $fields ) ) { 1197 $basic_fields = array( 'username', 'email', 'registered', 'display_name', 'nicename' ); 1198 $fields = array_merge( $fields, $basic_fields ); 1199 } 1200 $requested_fields = array_intersect_key( $user_fields, array_flip( $fields ) ); 1201 $_user = array_merge( $_user, $requested_fields ); 1202 } 1203 1204 /** 1205 * Filters XML-RPC-prepared data for the given user. 1206 * 1207 * @since 3.5.0 1208 * 1209 * @param array $_user An array of user data. 1210 * @param WP_User $user User object. 1211 * @param array $fields An array of user fields. 1212 */ 1213 return apply_filters( 'xmlrpc_prepare_user', $_user, $user, $fields ); 1214 } 1215 1216 /** 1217 * Create a new post for any registered post type. 1218 * 1219 * @since 3.4.0 1220 * 1221 * @link https://en.wikipedia.org/wiki/RSS_enclosure for information on RSS enclosures. 1222 * 1223 * @param array $args { 1224 * Method arguments. Note: top-level arguments must be ordered as documented. 1225 * 1226 * @type int $blog_id Blog ID (unused). 1227 * @type string $username Username. 1228 * @type string $password Password. 1229 * @type array $content_struct { 1230 * Content struct for adding a new post. See wp_insert_post() for information on 1231 * additional post fields 1232 * 1233 * @type string $post_type Post type. Default 'post'. 1234 * @type string $post_status Post status. Default 'draft' 1235 * @type string $post_title Post title. 1236 * @type int $post_author Post author ID. 1237 * @type string $post_excerpt Post excerpt. 1238 * @type string $post_content Post content. 1239 * @type string $post_date_gmt Post date in GMT. 1240 * @type string $post_date Post date. 1241 * @type string $post_password Post password (20-character limit). 1242 * @type string $comment_status Post comment enabled status. Accepts 'open' or 'closed'. 1243 * @type string $ping_status Post ping status. Accepts 'open' or 'closed'. 1244 * @type bool $sticky Whether the post should be sticky. Automatically false if 1245 * `$post_status` is 'private'. 1246 * @type int $post_thumbnail ID of an image to use as the post thumbnail/featured image. 1247 * @type array $custom_fields Array of meta key/value pairs to add to the post. 1248 * @type array $terms Associative array with taxonomy names as keys and arrays 1249 * of term IDs as values. 1250 * @type array $terms_names Associative array with taxonomy names as keys and arrays 1251 * of term names as values. 1252 * @type array $enclosure { 1253 * Array of feed enclosure data to add to post meta. 1254 * 1255 * @type string $url URL for the feed enclosure. 1256 * @type int $length Size in bytes of the enclosure. 1257 * @type string $type Mime-type for the enclosure. 1258 * } 1259 * } 1260 * } 1261 * @return int|IXR_Error Post ID on success, IXR_Error instance otherwise. 1262 */ 1263 public function wp_newPost( $args ) { 1264 if ( ! $this->minimum_args( $args, 4 ) ) { 1265 return $this->error; 1266 } 1267 1268 $this->escape( $args ); 1269 1270 $username = $args[1]; 1271 $password = $args[2]; 1272 $content_struct = $args[3]; 1273 1274 $user = $this->login( $username, $password ); 1275 if ( ! $user ) { 1276 return $this->error; 1277 } 1278 1279 // convert the date field back to IXR form 1280 if ( isset( $content_struct['post_date'] ) && ! ( $content_struct['post_date'] instanceof IXR_Date ) ) { 1281 $content_struct['post_date'] = $this->_convert_date( $content_struct['post_date'] ); 1282 } 1283 1284 // ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct, 1285 // since _insert_post will ignore the non-GMT date if the GMT date is set 1286 if ( isset( $content_struct['post_date_gmt'] ) && ! ( $content_struct['post_date_gmt'] instanceof IXR_Date ) ) { 1287 if ( $content_struct['post_date_gmt'] == '0000-00-00 00:00:00' || isset( $content_struct['post_date'] ) ) { 1288 unset( $content_struct['post_date_gmt'] ); 1289 } else { 1290 $content_struct['post_date_gmt'] = $this->_convert_date( $content_struct['post_date_gmt'] ); 1291 } 1292 } 1293 1294 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 1295 do_action( 'xmlrpc_call', 'wp.newPost' ); 1296 1297 unset( $content_struct['ID'] ); 1298 1299 return $this->_insert_post( $user, $content_struct ); 1300 } 1301 1302 /** 1303 * Helper method for filtering out elements from an array. 1304 * 1305 * @since 3.4.0 1306 * 1307 * @param int $count Number to compare to one. 1308 */ 1309 private function _is_greater_than_one( $count ) { 1310 return $count > 1; 1311 } 1312 1313 /** 1314 * Encapsulate the logic for sticking a post 1315 * and determining if the user has permission to do so 1316 * 1317 * @since 4.3.0 1318 * 1319 * @param array $post_data 1320 * @param bool $update 1321 * @return void|IXR_Error 1322 */ 1323 private function _toggle_sticky( $post_data, $update = false ) { 1324 $post_type = get_post_type_object( $post_data['post_type'] ); 1325 1326 // Private and password-protected posts cannot be stickied. 1327 if ( 'private' === $post_data['post_status'] || ! empty( $post_data['post_password'] ) ) { 1328 // Error if the client tried to stick the post, otherwise, silently unstick. 1329 if ( ! empty( $post_data['sticky'] ) ) { 1330 return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) ); 1331 } 1332 1333 if ( $update ) { 1334 unstick_post( $post_data['ID'] ); 1335 } 1336 } elseif ( isset( $post_data['sticky'] ) ) { 1337 if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) { 1338 return new IXR_Error( 401, __( 'Sorry, you are not allowed to make posts sticky.' ) ); 1339 } 1340 1341 $sticky = wp_validate_boolean( $post_data['sticky'] ); 1342 if ( $sticky ) { 1343 stick_post( $post_data['ID'] ); 1344 } else { 1345 unstick_post( $post_data['ID'] ); 1346 } 1347 } 1348 } 1349 1350 /** 1351 * Helper method for wp_newPost() and wp_editPost(), containing shared logic. 1352 * 1353 * @since 3.4.0 1354 * 1355 * @see wp_insert_post() 1356 * 1357 * @param WP_User $user The post author if post_author isn't set in $content_struct. 1358 * @param array|IXR_Error $content_struct Post data to insert. 1359 * @return IXR_Error|string 1360 */ 1361 protected function _insert_post( $user, $content_struct ) { 1362 $defaults = array( 1363 'post_status' => 'draft', 1364 'post_type' => 'post', 1365 'post_author' => null, 1366 'post_password' => null, 1367 'post_excerpt' => null, 1368 'post_content' => null, 1369 'post_title' => null, 1370 'post_date' => null, 1371 'post_date_gmt' => null, 1372 'post_format' => null, 1373 'post_name' => null, 1374 'post_thumbnail' => null, 1375 'post_parent' => null, 1376 'ping_status' => null, 1377 'comment_status' => null, 1378 'custom_fields' => null, 1379 'terms_names' => null, 1380 'terms' => null, 1381 'sticky' => null, 1382 'enclosure' => null, 1383 'ID' => null, 1384 ); 1385 1386 $post_data = wp_parse_args( array_intersect_key( $content_struct, $defaults ), $defaults ); 1387 1388 $post_type = get_post_type_object( $post_data['post_type'] ); 1389 if ( ! $post_type ) { 1390 return new IXR_Error( 403, __( 'Invalid post type.' ) ); 1391 } 1392 1393 $update = ! empty( $post_data['ID'] ); 1394 1395 if ( $update ) { 1396 if ( ! get_post( $post_data['ID'] ) ) { 1397 return new IXR_Error( 401, __( 'Invalid post ID.' ) ); 1398 } 1399 if ( ! current_user_can( 'edit_post', $post_data['ID'] ) ) { 1400 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); 1401 } 1402 if ( $post_data['post_type'] != get_post_type( $post_data['ID'] ) ) { 1403 return new IXR_Error( 401, __( 'The post type may not be changed.' ) ); 1404 } 1405 } else { 1406 if ( ! current_user_can( $post_type->cap->create_posts ) || ! current_user_can( $post_type->cap->edit_posts ) ) { 1407 return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) ); 1408 } 1409 } 1410 1411 switch ( $post_data['post_status'] ) { 1412 case 'draft': 1413 case 'pending': 1414 break; 1415 case 'private': 1416 if ( ! current_user_can( $post_type->cap->publish_posts ) ) { 1417 return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type.' ) ); 1418 } 1419 break; 1420 case 'publish': 1421 case 'future': 1422 if ( ! current_user_can( $post_type->cap->publish_posts ) ) { 1423 return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type.' ) ); 1424 } 1425 break; 1426 default: 1427 if ( ! get_post_status_object( $post_data['post_status'] ) ) { 1428 $post_data['post_status'] = 'draft'; 1429 } 1430 break; 1431 } 1432 1433 if ( ! empty( $post_data['post_password'] ) && ! current_user_can( $post_type->cap->publish_posts ) ) { 1434 return new IXR_Error( 401, __( 'Sorry, you are not allowed to create password protected posts in this post type.' ) ); 1435 } 1436 1437 $post_data['post_author'] = absint( $post_data['post_author'] ); 1438 if ( ! empty( $post_data['post_author'] ) && $post_data['post_author'] != $user->ID ) { 1439 if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) { 1440 return new IXR_Error( 401, __( 'Sorry, you are not allowed to create posts as this user.' ) ); 1441 } 1442 1443 $author = get_userdata( $post_data['post_author'] ); 1444 1445 if ( ! $author ) { 1446 return new IXR_Error( 404, __( 'Invalid author ID.' ) ); 1447 } 1448 } else { 1449 $post_data['post_author'] = $user->ID; 1450 } 1451 1452 if ( isset( $post_data['comment_status'] ) && $post_data['comment_status'] != 'open' && $post_data['comment_status'] != 'closed' ) { 1453 unset( $post_data['comment_status'] ); 1454 } 1455 1456 if ( isset( $post_data['ping_status'] ) && $post_data['ping_status'] != 'open' && $post_data['ping_status'] != 'closed' ) { 1457 unset( $post_data['ping_status'] ); 1458 } 1459 1460 // Do some timestamp voodoo. 1461 if ( ! empty( $post_data['post_date_gmt'] ) ) { 1462 // We know this is supposed to be GMT, so we're going to slap that Z on there by force. 1463 $dateCreated = rtrim( $post_data['post_date_gmt']->getIso(), 'Z' ) . 'Z'; 1464 } elseif ( ! empty( $post_data['post_date'] ) ) { 1465 $dateCreated = $post_data['post_date']->getIso(); 1466 } 1467 1468 // Default to not flagging the post date to be edited unless it's intentional. 1469 $post_data['edit_date'] = false; 1470 1471 if ( ! empty( $dateCreated ) ) { 1472 $post_data['post_date'] = iso8601_to_datetime( $dateCreated ); 1473 $post_data['post_date_gmt'] = iso8601_to_datetime( $dateCreated, 'gmt' ); 1474 1475 // Flag the post date to be edited. 1476 $post_data['edit_date'] = true; 1477 } 1478 1479 if ( ! isset( $post_data['ID'] ) ) { 1480 $post_data['ID'] = get_default_post_to_edit( $post_data['post_type'], true )->ID; 1481 } 1482 $post_ID = $post_data['ID']; 1483 1484 if ( $post_data['post_type'] == 'post' ) { 1485 $error = $this->_toggle_sticky( $post_data, $update ); 1486 if ( $error ) { 1487 return $error; 1488 } 1489 } 1490 1491 if ( isset( $post_data['post_thumbnail'] ) ) { 1492 // empty value deletes, non-empty value adds/updates. 1493 if ( ! $post_data['post_thumbnail'] ) { 1494 delete_post_thumbnail( $post_ID ); 1495 } elseif ( ! get_post( absint( $post_data['post_thumbnail'] ) ) ) { 1496 return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); 1497 } 1498 set_post_thumbnail( $post_ID, $post_data['post_thumbnail'] ); 1499 unset( $content_struct['post_thumbnail'] ); 1500 } 1501 1502 if ( isset( $post_data['custom_fields'] ) ) { 1503 $this->set_custom_fields( $post_ID, $post_data['custom_fields'] ); 1504 } 1505 1506 if ( isset( $post_data['terms'] ) || isset( $post_data['terms_names'] ) ) { 1507 $post_type_taxonomies = get_object_taxonomies( $post_data['post_type'], 'objects' ); 1508 1509 // Accumulate term IDs from terms and terms_names. 1510 $terms = array(); 1511 1512 // First validate the terms specified by ID. 1513 if ( isset( $post_data['terms'] ) && is_array( $post_data['terms'] ) ) { 1514 $taxonomies = array_keys( $post_data['terms'] ); 1515 1516 // Validating term ids. 1517 foreach ( $taxonomies as $taxonomy ) { 1518 if ( ! array_key_exists( $taxonomy, $post_type_taxonomies ) ) { 1519 return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) ); 1520 } 1521 1522 if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->assign_terms ) ) { 1523 return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) ); 1524 } 1525 1526 $term_ids = $post_data['terms'][ $taxonomy ]; 1527 $terms[ $taxonomy ] = array(); 1528 foreach ( $term_ids as $term_id ) { 1529 $term = get_term_by( 'id', $term_id, $taxonomy ); 1530 1531 if ( ! $term ) { 1532 return new IXR_Error( 403, __( 'Invalid term ID.' ) ); 1533 } 1534 1535 $terms[ $taxonomy ][] = (int) $term_id; 1536 } 1537 } 1538 } 1539 1540 // Now validate terms specified by name. 1541 if ( isset( $post_data['terms_names'] ) && is_array( $post_data['terms_names'] ) ) { 1542 $taxonomies = array_keys( $post_data['terms_names'] ); 1543 1544 foreach ( $taxonomies as $taxonomy ) { 1545 if ( ! array_key_exists( $taxonomy, $post_type_taxonomies ) ) { 1546 return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) ); 1547 } 1548 1549 if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->assign_terms ) ) { 1550 return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) ); 1551 } 1552 1553 /* 1554 * For hierarchical taxonomies, we can't assign a term when multiple terms 1555 * in the hierarchy share the same name. 1556 */ 1557 $ambiguous_terms = array(); 1558 if ( is_taxonomy_hierarchical( $taxonomy ) ) { 1559 $tax_term_names = get_terms( 1560 array( 1561 'taxonomy' => $taxonomy, 1562 'fields' => 'names', 1563 'hide_empty' => false, 1564 ) 1565 ); 1566 1567 // Count the number of terms with the same name. 1568 $tax_term_names_count = array_count_values( $tax_term_names ); 1569 1570 // Filter out non-ambiguous term names. 1571 $ambiguous_tax_term_counts = array_filter( $tax_term_names_count, array( $this, '_is_greater_than_one' ) ); 1572 1573 $ambiguous_terms = array_keys( $ambiguous_tax_term_counts ); 1574 } 1575 1576 $term_names = $post_data['terms_names'][ $taxonomy ]; 1577 foreach ( $term_names as $term_name ) { 1578 if ( in_array( $term_name, $ambiguous_terms ) ) { 1579 return new IXR_Error( 401, __( 'Ambiguous term name used in a hierarchical taxonomy. Please use term ID instead.' ) ); 1580 } 1581 1582 $term = get_term_by( 'name', $term_name, $taxonomy ); 1583 1584 if ( ! $term ) { 1585 // Term doesn't exist, so check that the user is allowed to create new terms. 1586 if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->edit_terms ) ) { 1587 return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a term to one of the given taxonomies.' ) ); 1588 } 1589 1590 // Create the new term. 1591 $term_info = wp_insert_term( $term_name, $taxonomy ); 1592 if ( is_wp_error( $term_info ) ) { 1593 return new IXR_Error( 500, $term_info->get_error_message() ); 1594 } 1595 1596 $terms[ $taxonomy ][] = (int) $term_info['term_id']; 1597 } else { 1598 $terms[ $taxonomy ][] = (int) $term->term_id; 1599 } 1600 } 1601 } 1602 } 1603 1604 $post_data['tax_input'] = $terms; 1605 unset( $post_data['terms'], $post_data['terms_names'] ); 1606 } 1607 1608 if ( isset( $post_data['post_format'] ) ) { 1609 $format = set_post_format( $post_ID, $post_data['post_format'] ); 1610 1611 if ( is_wp_error( $format ) ) { 1612 return new IXR_Error( 500, $format->get_error_message() ); 1613 } 1614 1615 unset( $post_data['post_format'] ); 1616 } 1617 1618 // Handle enclosures. 1619 $enclosure = isset( $post_data['enclosure'] ) ? $post_data['enclosure'] : null; 1620 $this->add_enclosure_if_new( $post_ID, $enclosure ); 1621 1622 $this->attach_uploads( $post_ID, $post_data['post_content'] ); 1623 1624 /** 1625 * Filters post data array to be inserted via XML-RPC. 1626 * 1627 * @since 3.4.0 1628 * 1629 * @param array $post_data Parsed array of post data. 1630 * @param array $content_struct Post data array. 1631 */ 1632 $post_data = apply_filters( 'xmlrpc_wp_insert_post_data', $post_data, $content_struct ); 1633 1634 $post_ID = $update ? wp_update_post( $post_data, true ) : wp_insert_post( $post_data, true ); 1635 if ( is_wp_error( $post_ID ) ) { 1636 return new IXR_Error( 500, $post_ID->get_error_message() ); 1637 } 1638 1639 if ( ! $post_ID ) { 1640 if ( $update ) { 1641 return new IXR_Error( 401, __( 'Sorry, the post could not be updated.' ) ); 1642 } else { 1643 return new IXR_Error( 401, __( 'Sorry, the post could not be created.' ) ); 1644 } 1645 } 1646 1647 return strval( $post_ID ); 1648 } 1649 1650 /** 1651 * Edit a post for any registered post type. 1652 * 1653 * The $content_struct parameter only needs to contain fields that 1654 * should be changed. All other fields will retain their existing values. 1655 * 1656 * @since 3.4.0 1657 * 1658 * @param array $args { 1659 * Method arguments. Note: arguments must be ordered as documented. 1660 * 1661 * @type int $blog_id Blog ID (unused). 1662 * @type string $username Username. 1663 * @type string $password Password. 1664 * @type int $post_id Post ID. 1665 * @type array $content_struct Extra content arguments. 1666 * } 1667 * @return true|IXR_Error True on success, IXR_Error on failure. 1668 */ 1669 public function wp_editPost( $args ) { 1670 if ( ! $this->minimum_args( $args, 5 ) ) { 1671 return $this->error; 1672 } 1673 1674 $this->escape( $args ); 1675 1676 $username = $args[1]; 1677 $password = $args[2]; 1678 $post_id = (int) $args[3]; 1679 $content_struct = $args[4]; 1680 1681 $user = $this->login( $username, $password ); 1682 if ( ! $user ) { 1683 return $this->error; 1684 } 1685 1686 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 1687 do_action( 'xmlrpc_call', 'wp.editPost' ); 1688 1689 $post = get_post( $post_id, ARRAY_A ); 1690 1691 if ( empty( $post['ID'] ) ) { 1692 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 1693 } 1694 1695 if ( isset( $content_struct['if_not_modified_since'] ) ) { 1696 // If the post has been modified since the date provided, return an error. 1697 if ( mysql2date( 'U', $post['post_modified_gmt'] ) > $content_struct['if_not_modified_since']->getTimestamp() ) { 1698 return new IXR_Error( 409, __( 'There is a revision of this post that is more recent.' ) ); 1699 } 1700 } 1701 1702 // Convert the date field back to IXR form. 1703 $post['post_date'] = $this->_convert_date( $post['post_date'] ); 1704 1705 /* 1706 * Ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct, 1707 * since _insert_post() will ignore the non-GMT date if the GMT date is set. 1708 */ 1709 if ( $post['post_date_gmt'] == '0000-00-00 00:00:00' || isset( $content_struct['post_date'] ) ) { 1710 unset( $post['post_date_gmt'] ); 1711 } else { 1712 $post['post_date_gmt'] = $this->_convert_date( $post['post_date_gmt'] ); 1713 } 1714 1715 /* 1716 * If the API client did not provide post_date, then we must not perpetuate the value that was 1717 * stored in the database, or it will appear to be an intentional edit. Conveying it here as if 1718 * it was coming from the API client will cause an otherwise zeroed out post_date_gmt to get set 1719 * with the value that was originally stored in the database when the draft was created. 1720 */ 1721 if ( ! isset( $content_struct['post_date'] ) ) { 1722 unset( $post['post_date'] ); 1723 } 1724 1725 $this->escape( $post ); 1726 $merged_content_struct = array_merge( $post, $content_struct ); 1727 1728 $retval = $this->_insert_post( $user, $merged_content_struct ); 1729 if ( $retval instanceof IXR_Error ) { 1730 return $retval; 1731 } 1732 1733 return true; 1734 } 1735 1736 /** 1737 * Delete a post for any registered post type. 1738 * 1739 * @since 3.4.0 1740 * 1741 * @see wp_delete_post() 1742 * 1743 * @param array $args { 1744 * Method arguments. Note: arguments must be ordered as documented. 1745 * 1746 * @type int $blog_id Blog ID (unused). 1747 * @type string $username Username. 1748 * @type string $password Password. 1749 * @type int $post_id Post ID. 1750 * } 1751 * @return true|IXR_Error True on success, IXR_Error instance on failure. 1752 */ 1753 public function wp_deletePost( $args ) { 1754 if ( ! $this->minimum_args( $args, 4 ) ) { 1755 return $this->error; 1756 } 1757 1758 $this->escape( $args ); 1759 1760 $username = $args[1]; 1761 $password = $args[2]; 1762 $post_id = (int) $args[3]; 1763 1764 $user = $this->login( $username, $password ); 1765 if ( ! $user ) { 1766 return $this->error; 1767 } 1768 1769 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 1770 do_action( 'xmlrpc_call', 'wp.deletePost' ); 1771 1772 $post = get_post( $post_id, ARRAY_A ); 1773 if ( empty( $post['ID'] ) ) { 1774 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 1775 } 1776 1777 if ( ! current_user_can( 'delete_post', $post_id ) ) { 1778 return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) ); 1779 } 1780 1781 $result = wp_delete_post( $post_id ); 1782 1783 if ( ! $result ) { 1784 return new IXR_Error( 500, __( 'Sorry, the post could not be deleted.' ) ); 1785 } 1786 1787 return true; 1788 } 1789 1790 /** 1791 * Retrieve a post. 1792 * 1793 * @since 3.4.0 1794 * 1795 * The optional $fields parameter specifies what fields will be included 1796 * in the response array. This should be a list of field names. 'post_id' will 1797 * always be included in the response regardless of the value of $fields. 1798 * 1799 * Instead of, or in addition to, individual field names, conceptual group 1800 * names can be used to specify multiple fields. The available conceptual 1801 * groups are 'post' (all basic fields), 'taxonomies', 'custom_fields', 1802 * and 'enclosure'. 1803 * 1804 * @see get_post() 1805 * 1806 * @param array $args { 1807 * Method arguments. Note: arguments must be ordered as documented. 1808 * 1809 * @type int $blog_id Blog ID (unused). 1810 * @type string $username Username. 1811 * @type string $password Password. 1812 * @type int $post_id Post ID. 1813 * @type array $fields The subset of post type fields to return. 1814 * } 1815 * @return array|IXR_Error Array contains (based on $fields parameter): 1816 * - 'post_id' 1817 * - 'post_title' 1818 * - 'post_date' 1819 * - 'post_date_gmt' 1820 * - 'post_modified' 1821 * - 'post_modified_gmt' 1822 * - 'post_status' 1823 * - 'post_type' 1824 * - 'post_name' 1825 * - 'post_author' 1826 * - 'post_password' 1827 * - 'post_excerpt' 1828 * - 'post_content' 1829 * - 'link' 1830 * - 'comment_status' 1831 * - 'ping_status' 1832 * - 'sticky' 1833 * - 'custom_fields' 1834 * - 'terms' 1835 * - 'categories' 1836 * - 'tags' 1837 * - 'enclosure' 1838 */ 1839 public function wp_getPost( $args ) { 1840 if ( ! $this->minimum_args( $args, 4 ) ) { 1841 return $this->error; 1842 } 1843 1844 $this->escape( $args ); 1845 1846 $username = $args[1]; 1847 $password = $args[2]; 1848 $post_id = (int) $args[3]; 1849 1850 if ( isset( $args[4] ) ) { 1851 $fields = $args[4]; 1852 } else { 1853 /** 1854 * Filters the list of post query fields used by the given XML-RPC method. 1855 * 1856 * @since 3.4.0 1857 * 1858 * @param array $fields Array of post fields. Default array contains 'post', 'terms', and 'custom_fields'. 1859 * @param string $method Method name. 1860 */ 1861 $fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPost' ); 1862 } 1863 1864 $user = $this->login( $username, $password ); 1865 if ( ! $user ) { 1866 return $this->error; 1867 } 1868 1869 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 1870 do_action( 'xmlrpc_call', 'wp.getPost' ); 1871 1872 $post = get_post( $post_id, ARRAY_A ); 1873 1874 if ( empty( $post['ID'] ) ) { 1875 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 1876 } 1877 1878 if ( ! current_user_can( 'edit_post', $post_id ) ) { 1879 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); 1880 } 1881 1882 return $this->_prepare_post( $post, $fields ); 1883 } 1884 1885 /** 1886 * Retrieve posts. 1887 * 1888 * @since 3.4.0 1889 * 1890 * @see wp_get_recent_posts() 1891 * @see wp_getPost() for more on `$fields` 1892 * @see get_posts() for more on `$filter` values 1893 * 1894 * @param array $args { 1895 * Method arguments. Note: arguments must be ordered as documented. 1896 * 1897 * @type int $blog_id Blog ID (unused). 1898 * @type string $username Username. 1899 * @type string $password Password. 1900 * @type array $filter Optional. Modifies the query used to retrieve posts. Accepts 'post_type', 1901 * 'post_status', 'number', 'offset', 'orderby', 's', and 'order'. 1902 * Default empty array. 1903 * @type array $fields Optional. The subset of post type fields to return in the response array. 1904 * } 1905 * @return array|IXR_Error Array contains a collection of posts. 1906 */ 1907 public function wp_getPosts( $args ) { 1908 if ( ! $this->minimum_args( $args, 3 ) ) { 1909 return $this->error; 1910 } 1911 1912 $this->escape( $args ); 1913 1914 $username = $args[1]; 1915 $password = $args[2]; 1916 $filter = isset( $args[3] ) ? $args[3] : array(); 1917 1918 if ( isset( $args[4] ) ) { 1919 $fields = $args[4]; 1920 } else { 1921 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 1922 $fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPosts' ); 1923 } 1924 1925 $user = $this->login( $username, $password ); 1926 if ( ! $user ) { 1927 return $this->error; 1928 } 1929 1930 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 1931 do_action( 'xmlrpc_call', 'wp.getPosts' ); 1932 1933 $query = array(); 1934 1935 if ( isset( $filter['post_type'] ) ) { 1936 $post_type = get_post_type_object( $filter['post_type'] ); 1937 if ( ! ( (bool) $post_type ) ) { 1938 return new IXR_Error( 403, __( 'Invalid post type.' ) ); 1939 } 1940 } else { 1941 $post_type = get_post_type_object( 'post' ); 1942 } 1943 1944 if ( ! current_user_can( $post_type->cap->edit_posts ) ) { 1945 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ) ); 1946 } 1947 1948 $query['post_type'] = $post_type->name; 1949 1950 if ( isset( $filter['post_status'] ) ) { 1951 $query['post_status'] = $filter['post_status']; 1952 } 1953 1954 if ( isset( $filter['number'] ) ) { 1955 $query['numberposts'] = absint( $filter['number'] ); 1956 } 1957 1958 if ( isset( $filter['offset'] ) ) { 1959 $query['offset'] = absint( $filter['offset'] ); 1960 } 1961 1962 if ( isset( $filter['orderby'] ) ) { 1963 $query['orderby'] = $filter['orderby']; 1964 1965 if ( isset( $filter['order'] ) ) { 1966 $query['order'] = $filter['order']; 1967 } 1968 } 1969 1970 if ( isset( $filter['s'] ) ) { 1971 $query['s'] = $filter['s']; 1972 } 1973 1974 $posts_list = wp_get_recent_posts( $query ); 1975 1976 if ( ! $posts_list ) { 1977 return array(); 1978 } 1979 1980 // Holds all the posts data. 1981 $struct = array(); 1982 1983 foreach ( $posts_list as $post ) { 1984 if ( ! current_user_can( 'edit_post', $post['ID'] ) ) { 1985 continue; 1986 } 1987 1988 $struct[] = $this->_prepare_post( $post, $fields ); 1989 } 1990 1991 return $struct; 1992 } 1993 1994 /** 1995 * Create a new term. 1996 * 1997 * @since 3.4.0 1998 * 1999 * @see wp_insert_term() 2000 * 2001 * @param array $args { 2002 * Method arguments. Note: arguments must be ordered as documented. 2003 * 2004 * @type int $blog_id Blog ID (unused). 2005 * @type string $username Username. 2006 * @type string $password Password. 2007 * @type array $content_struct Content struct for adding a new term. The struct must contain 2008 * the term 'name' and 'taxonomy'. Optional accepted values include 2009 * 'parent', 'description', and 'slug'. 2010 * } 2011 * @return int|IXR_Error The term ID on success, or an IXR_Error object on failure. 2012 */ 2013 public function wp_newTerm( $args ) { 2014 if ( ! $this->minimum_args( $args, 4 ) ) { 2015 return $this->error; 2016 } 2017 2018 $this->escape( $args ); 2019 2020 $username = $args[1]; 2021 $password = $args[2]; 2022 $content_struct = $args[3]; 2023 2024 $user = $this->login( $username, $password ); 2025 if ( ! $user ) { 2026 return $this->error; 2027 } 2028 2029 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2030 do_action( 'xmlrpc_call', 'wp.newTerm' ); 2031 2032 if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) { 2033 return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); 2034 } 2035 2036 $taxonomy = get_taxonomy( $content_struct['taxonomy'] ); 2037 2038 if ( ! current_user_can( $taxonomy->cap->edit_terms ) ) { 2039 return new IXR_Error( 401, __( 'Sorry, you are not allowed to create terms in this taxonomy.' ) ); 2040 } 2041 2042 $taxonomy = (array) $taxonomy; 2043 2044 // hold the data of the term 2045 $term_data = array(); 2046 2047 $term_data['name'] = trim( $content_struct['name'] ); 2048 if ( empty( $term_data['name'] ) ) { 2049 return new IXR_Error( 403, __( 'The term name cannot be empty.' ) ); 2050 } 2051 2052 if ( isset( $content_struct['parent'] ) ) { 2053 if ( ! $taxonomy['hierarchical'] ) { 2054 return new IXR_Error( 403, __( 'This taxonomy is not hierarchical.' ) ); 2055 } 2056 2057 $parent_term_id = (int) $content_struct['parent']; 2058 $parent_term = get_term( $parent_term_id, $taxonomy['name'] ); 2059 2060 if ( is_wp_error( $parent_term ) ) { 2061 return new IXR_Error( 500, $parent_term->get_error_message() ); 2062 } 2063 2064 if ( ! $parent_term ) { 2065 return new IXR_Error( 403, __( 'Parent term does not exist.' ) ); 2066 } 2067 2068 $term_data['parent'] = $content_struct['parent']; 2069 } 2070 2071 if ( isset( $content_struct['description'] ) ) { 2072 $term_data['description'] = $content_struct['description']; 2073 } 2074 2075 if ( isset( $content_struct['slug'] ) ) { 2076 $term_data['slug'] = $content_struct['slug']; 2077 } 2078 2079 $term = wp_insert_term( $term_data['name'], $taxonomy['name'], $term_data ); 2080 2081 if ( is_wp_error( $term ) ) { 2082 return new IXR_Error( 500, $term->get_error_message() ); 2083 } 2084 2085 if ( ! $term ) { 2086 return new IXR_Error( 500, __( 'Sorry, the term could not be created.' ) ); 2087 } 2088 2089 // Add term meta. 2090 if ( isset( $content_struct['custom_fields'] ) ) { 2091 $this->set_term_custom_fields( $term['term_id'], $content_struct['custom_fields'] ); 2092 } 2093 2094 return strval( $term['term_id'] ); 2095 } 2096 2097 /** 2098 * Edit a term. 2099 * 2100 * @since 3.4.0 2101 * 2102 * @see wp_update_term() 2103 * 2104 * @param array $args { 2105 * Method arguments. Note: arguments must be ordered as documented. 2106 * 2107 * @type int $blog_id Blog ID (unused). 2108 * @type string $username Username. 2109 * @type string $password Password. 2110 * @type int $term_id Term ID. 2111 * @type array $content_struct Content struct for editing a term. The struct must contain the 2112 * term ''taxonomy'. Optional accepted values include 'name', 'parent', 2113 * 'description', and 'slug'. 2114 * } 2115 * @return true|IXR_Error True on success, IXR_Error instance on failure. 2116 */ 2117 public function wp_editTerm( $args ) { 2118 if ( ! $this->minimum_args( $args, 5 ) ) { 2119 return $this->error; 2120 } 2121 2122 $this->escape( $args ); 2123 2124 $username = $args[1]; 2125 $password = $args[2]; 2126 $term_id = (int) $args[3]; 2127 $content_struct = $args[4]; 2128 2129 $user = $this->login( $username, $password ); 2130 if ( ! $user ) { 2131 return $this->error; 2132 } 2133 2134 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2135 do_action( 'xmlrpc_call', 'wp.editTerm' ); 2136 2137 if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) { 2138 return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); 2139 } 2140 2141 $taxonomy = get_taxonomy( $content_struct['taxonomy'] ); 2142 2143 $taxonomy = (array) $taxonomy; 2144 2145 // hold the data of the term 2146 $term_data = array(); 2147 2148 $term = get_term( $term_id, $content_struct['taxonomy'] ); 2149 2150 if ( is_wp_error( $term ) ) { 2151 return new IXR_Error( 500, $term->get_error_message() ); 2152 } 2153 2154 if ( ! $term ) { 2155 return new IXR_Error( 404, __( 'Invalid term ID.' ) ); 2156 } 2157 2158 if ( ! current_user_can( 'edit_term', $term_id ) ) { 2159 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this term.' ) ); 2160 } 2161 2162 if ( isset( $content_struct['name'] ) ) { 2163 $term_data['name'] = trim( $content_struct['name'] ); 2164 2165 if ( empty( $term_data['name'] ) ) { 2166 return new IXR_Error( 403, __( 'The term name cannot be empty.' ) ); 2167 } 2168 } 2169 2170 if ( ! empty( $content_struct['parent'] ) ) { 2171 if ( ! $taxonomy['hierarchical'] ) { 2172 return new IXR_Error( 403, __( 'Cannot set parent term, taxonomy is not hierarchical.' ) ); 2173 } 2174 2175 $parent_term_id = (int) $content_struct['parent']; 2176 $parent_term = get_term( $parent_term_id, $taxonomy['name'] ); 2177 2178 if ( is_wp_error( $parent_term ) ) { 2179 return new IXR_Error( 500, $parent_term->get_error_message() ); 2180 } 2181 2182 if ( ! $parent_term ) { 2183 return new IXR_Error( 403, __( 'Parent term does not exist.' ) ); 2184 } 2185 2186 $term_data['parent'] = $content_struct['parent']; 2187 } 2188 2189 if ( isset( $content_struct['description'] ) ) { 2190 $term_data['description'] = $content_struct['description']; 2191 } 2192 2193 if ( isset( $content_struct['slug'] ) ) { 2194 $term_data['slug'] = $content_struct['slug']; 2195 } 2196 2197 $term = wp_update_term( $term_id, $taxonomy['name'], $term_data ); 2198 2199 if ( is_wp_error( $term ) ) { 2200 return new IXR_Error( 500, $term->get_error_message() ); 2201 } 2202 2203 if ( ! $term ) { 2204 return new IXR_Error( 500, __( 'Sorry, editing the term failed.' ) ); 2205 } 2206 2207 // Update term meta. 2208 if ( isset( $content_struct['custom_fields'] ) ) { 2209 $this->set_term_custom_fields( $term_id, $content_struct['custom_fields'] ); 2210 } 2211 2212 return true; 2213 } 2214 2215 /** 2216 * Delete a term. 2217 * 2218 * @since 3.4.0 2219 * 2220 * @see wp_delete_term() 2221 * 2222 * @param array $args { 2223 * Method arguments. Note: arguments must be ordered as documented. 2224 * 2225 * @type int $blog_id Blog ID (unused). 2226 * @type string $username Username. 2227 * @type string $password Password. 2228 * @type string $taxnomy_name Taxonomy name. 2229 * @type int $term_id Term ID. 2230 * } 2231 * @return bool|IXR_Error True on success, IXR_Error instance on failure. 2232 */ 2233 public function wp_deleteTerm( $args ) { 2234 if ( ! $this->minimum_args( $args, 5 ) ) { 2235 return $this->error; 2236 } 2237 2238 $this->escape( $args ); 2239 2240 $username = $args[1]; 2241 $password = $args[2]; 2242 $taxonomy = $args[3]; 2243 $term_id = (int) $args[4]; 2244 2245 $user = $this->login( $username, $password ); 2246 if ( ! $user ) { 2247 return $this->error; 2248 } 2249 2250 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2251 do_action( 'xmlrpc_call', 'wp.deleteTerm' ); 2252 2253 if ( ! taxonomy_exists( $taxonomy ) ) { 2254 return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); 2255 } 2256 2257 $taxonomy = get_taxonomy( $taxonomy ); 2258 $term = get_term( $term_id, $taxonomy->name ); 2259 2260 if ( is_wp_error( $term ) ) { 2261 return new IXR_Error( 500, $term->get_error_message() ); 2262 } 2263 2264 if ( ! $term ) { 2265 return new IXR_Error( 404, __( 'Invalid term ID.' ) ); 2266 } 2267 2268 if ( ! current_user_can( 'delete_term', $term_id ) ) { 2269 return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this term.' ) ); 2270 } 2271 2272 $result = wp_delete_term( $term_id, $taxonomy->name ); 2273 2274 if ( is_wp_error( $result ) ) { 2275 return new IXR_Error( 500, $term->get_error_message() ); 2276 } 2277 2278 if ( ! $result ) { 2279 return new IXR_Error( 500, __( 'Sorry, deleting the term failed.' ) ); 2280 } 2281 2282 return $result; 2283 } 2284 2285 /** 2286 * Retrieve a term. 2287 * 2288 * @since 3.4.0 2289 * 2290 * @see get_term() 2291 * 2292 * @param array $args { 2293 * Method arguments. Note: arguments must be ordered as documented. 2294 * 2295 * @type int $blog_id Blog ID (unused). 2296 * @type string $username Username. 2297 * @type string $password Password. 2298 * @type string $taxnomy Taxonomy name. 2299 * @type string $term_id Term ID. 2300 * } 2301 * @return array|IXR_Error IXR_Error on failure, array on success, containing: 2302 * - 'term_id' 2303 * - 'name' 2304 * - 'slug' 2305 * - 'term_group' 2306 * - 'term_taxonomy_id' 2307 * - 'taxonomy' 2308 * - 'description' 2309 * - 'parent' 2310 * - 'count' 2311 */ 2312 public function wp_getTerm( $args ) { 2313 if ( ! $this->minimum_args( $args, 5 ) ) { 2314 return $this->error; 2315 } 2316 2317 $this->escape( $args ); 2318 2319 $username = $args[1]; 2320 $password = $args[2]; 2321 $taxonomy = $args[3]; 2322 $term_id = (int) $args[4]; 2323 2324 $user = $this->login( $username, $password ); 2325 if ( ! $user ) { 2326 return $this->error; 2327 } 2328 2329 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2330 do_action( 'xmlrpc_call', 'wp.getTerm' ); 2331 2332 if ( ! taxonomy_exists( $taxonomy ) ) { 2333 return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); 2334 } 2335 2336 $taxonomy = get_taxonomy( $taxonomy ); 2337 2338 $term = get_term( $term_id, $taxonomy->name, ARRAY_A ); 2339 2340 if ( is_wp_error( $term ) ) { 2341 return new IXR_Error( 500, $term->get_error_message() ); 2342 } 2343 2344 if ( ! $term ) { 2345 return new IXR_Error( 404, __( 'Invalid term ID.' ) ); 2346 } 2347 2348 if ( ! current_user_can( 'assign_term', $term_id ) ) { 2349 return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign this term.' ) ); 2350 } 2351 2352 return $this->_prepare_term( $term ); 2353 } 2354 2355 /** 2356 * Retrieve all terms for a taxonomy. 2357 * 2358 * @since 3.4.0 2359 * 2360 * The optional $filter parameter modifies the query used to retrieve terms. 2361 * Accepted keys are 'number', 'offset', 'orderby', 'order', 'hide_empty', and 'search'. 2362 * 2363 * @see get_terms() 2364 * 2365 * @param array $args { 2366 * Method arguments. Note: arguments must be ordered as documented. 2367 * 2368 * @type int $blog_id Blog ID (unused). 2369 * @type string $username Username. 2370 * @type string $password Password. 2371 * @type string $taxnomy Taxonomy name. 2372 * @type array $filter Optional. Modifies the query used to retrieve posts. Accepts 'number', 2373 * 'offset', 'orderby', 'order', 'hide_empty', and 'search'. Default empty array. 2374 * } 2375 * @return array|IXR_Error An associative array of terms data on success, IXR_Error instance otherwise. 2376 */ 2377 public function wp_getTerms( $args ) { 2378 if ( ! $this->minimum_args( $args, 4 ) ) { 2379 return $this->error; 2380 } 2381 2382 $this->escape( $args ); 2383 2384 $username = $args[1]; 2385 $password = $args[2]; 2386 $taxonomy = $args[3]; 2387 $filter = isset( $args[4] ) ? $args[4] : array(); 2388 2389 $user = $this->login( $username, $password ); 2390 if ( ! $user ) { 2391 return $this->error; 2392 } 2393 2394 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2395 do_action( 'xmlrpc_call', 'wp.getTerms' ); 2396 2397 if ( ! taxonomy_exists( $taxonomy ) ) { 2398 return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); 2399 } 2400 2401 $taxonomy = get_taxonomy( $taxonomy ); 2402 2403 if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) { 2404 return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) ); 2405 } 2406 2407 $query = array( 'taxonomy' => $taxonomy->name ); 2408 2409 if ( isset( $filter['number'] ) ) { 2410 $query['number'] = absint( $filter['number'] ); 2411 } 2412 2413 if ( isset( $filter['offset'] ) ) { 2414 $query['offset'] = absint( $filter['offset'] ); 2415 } 2416 2417 if ( isset( $filter['orderby'] ) ) { 2418 $query['orderby'] = $filter['orderby']; 2419 2420 if ( isset( $filter['order'] ) ) { 2421 $query['order'] = $filter['order']; 2422 } 2423 } 2424 2425 if ( isset( $filter['hide_empty'] ) ) { 2426 $query['hide_empty'] = $filter['hide_empty']; 2427 } else { 2428 $query['get'] = 'all'; 2429 } 2430 2431 if ( isset( $filter['search'] ) ) { 2432 $query['search'] = $filter['search']; 2433 } 2434 2435 $terms = get_terms( $query ); 2436 2437 if ( is_wp_error( $terms ) ) { 2438 return new IXR_Error( 500, $terms->get_error_message() ); 2439 } 2440 2441 $struct = array(); 2442 2443 foreach ( $terms as $term ) { 2444 $struct[] = $this->_prepare_term( $term ); 2445 } 2446 2447 return $struct; 2448 } 2449 2450 /** 2451 * Retrieve a taxonomy. 2452 * 2453 * @since 3.4.0 2454 * 2455 * @see get_taxonomy() 2456 * 2457 * @param array $args { 2458 * Method arguments. Note: arguments must be ordered as documented. 2459 * 2460 * @type int $blog_id Blog ID (unused). 2461 * @type string $username Username. 2462 * @type string $password Password. 2463 * @type string $taxnomy Taxonomy name. 2464 * @type array $fields Optional. Array of taxonomy fields to limit to in the return. 2465 * Accepts 'labels', 'cap', 'menu', and 'object_type'. 2466 * Default empty array. 2467 * } 2468 * @return array|IXR_Error An array of taxonomy data on success, IXR_Error instance otherwise. 2469 */ 2470 public function wp_getTaxonomy( $args ) { 2471 if ( ! $this->minimum_args( $args, 4 ) ) { 2472 return $this->error; 2473 } 2474 2475 $this->escape( $args ); 2476 2477 $username = $args[1]; 2478 $password = $args[2]; 2479 $taxonomy = $args[3]; 2480 2481 if ( isset( $args[4] ) ) { 2482 $fields = $args[4]; 2483 } else { 2484 /** 2485 * Filters the taxonomy query fields used by the given XML-RPC method. 2486 * 2487 * @since 3.4.0 2488 * 2489 * @param array $fields An array of taxonomy fields to retrieve. 2490 * @param string $method The method name. 2491 */ 2492 $fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomy' ); 2493 } 2494 2495 $user = $this->login( $username, $password ); 2496 if ( ! $user ) { 2497 return $this->error; 2498 } 2499 2500 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2501 do_action( 'xmlrpc_call', 'wp.getTaxonomy' ); 2502 2503 if ( ! taxonomy_exists( $taxonomy ) ) { 2504 return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); 2505 } 2506 2507 $taxonomy = get_taxonomy( $taxonomy ); 2508 2509 if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) { 2510 return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) ); 2511 } 2512 2513 return $this->_prepare_taxonomy( $taxonomy, $fields ); 2514 } 2515 2516 /** 2517 * Retrieve all taxonomies. 2518 * 2519 * @since 3.4.0 2520 * 2521 * @see get_taxonomies() 2522 * 2523 * @param array $args { 2524 * Method arguments. Note: arguments must be ordered as documented. 2525 * 2526 * @type int $blog_id Blog ID (unused). 2527 * @type string $username Username. 2528 * @type string $password Password. 2529 * @type array $filter Optional. An array of arguments for retrieving taxonomies. 2530 * @type array $fields Optional. The subset of taxonomy fields to return. 2531 * } 2532 * @return array|IXR_Error An associative array of taxonomy data with returned fields determined 2533 * by `$fields`, or an IXR_Error instance on failure. 2534 */ 2535 public function wp_getTaxonomies( $args ) { 2536 if ( ! $this->minimum_args( $args, 3 ) ) { 2537 return $this->error; 2538 } 2539 2540 $this->escape( $args ); 2541 2542 $username = $args[1]; 2543 $password = $args[2]; 2544 $filter = isset( $args[3] ) ? $args[3] : array( 'public' => true ); 2545 2546 if ( isset( $args[4] ) ) { 2547 $fields = $args[4]; 2548 } else { 2549 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2550 $fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomies' ); 2551 } 2552 2553 $user = $this->login( $username, $password ); 2554 if ( ! $user ) { 2555 return $this->error; 2556 } 2557 2558 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2559 do_action( 'xmlrpc_call', 'wp.getTaxonomies' ); 2560 2561 $taxonomies = get_taxonomies( $filter, 'objects' ); 2562 2563 // holds all the taxonomy data 2564 $struct = array(); 2565 2566 foreach ( $taxonomies as $taxonomy ) { 2567 // capability check for post_types 2568 if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) { 2569 continue; 2570 } 2571 2572 $struct[] = $this->_prepare_taxonomy( $taxonomy, $fields ); 2573 } 2574 2575 return $struct; 2576 } 2577 2578 /** 2579 * Retrieve a user. 2580 * 2581 * The optional $fields parameter specifies what fields will be included 2582 * in the response array. This should be a list of field names. 'user_id' will 2583 * always be included in the response regardless of the value of $fields. 2584 * 2585 * Instead of, or in addition to, individual field names, conceptual group 2586 * names can be used to specify multiple fields. The available conceptual 2587 * groups are 'basic' and 'all'. 2588 * 2589 * @uses get_userdata() 2590 * 2591 * @param array $args { 2592 * Method arguments. Note: arguments must be ordered as documented. 2593 * 2594 * @type int $blog_id (unused) 2595 * @type string $username 2596 * @type string $password 2597 * @type int $user_id 2598 * @type array $fields (optional) 2599 * } 2600 * @return array|IXR_Error Array contains (based on $fields parameter): 2601 * - 'user_id' 2602 * - 'username' 2603 * - 'first_name' 2604 * - 'last_name' 2605 * - 'registered' 2606 * - 'bio' 2607 * - 'email' 2608 * - 'nickname' 2609 * - 'nicename' 2610 * - 'url' 2611 * - 'display_name' 2612 * - 'roles' 2613 */ 2614 public function wp_getUser( $args ) { 2615 if ( ! $this->minimum_args( $args, 4 ) ) { 2616 return $this->error; 2617 } 2618 2619 $this->escape( $args ); 2620 2621 $username = $args[1]; 2622 $password = $args[2]; 2623 $user_id = (int) $args[3]; 2624 2625 if ( isset( $args[4] ) ) { 2626 $fields = $args[4]; 2627 } else { 2628 /** 2629 * Filters the default user query fields used by the given XML-RPC method. 2630 * 2631 * @since 3.5.0 2632 * 2633 * @param array $fields User query fields for given method. Default 'all'. 2634 * @param string $method The method name. 2635 */ 2636 $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUser' ); 2637 } 2638 2639 $user = $this->login( $username, $password ); 2640 if ( ! $user ) { 2641 return $this->error; 2642 } 2643 2644 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2645 do_action( 'xmlrpc_call', 'wp.getUser' ); 2646 2647 if ( ! current_user_can( 'edit_user', $user_id ) ) { 2648 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this user.' ) ); 2649 } 2650 2651 $user_data = get_userdata( $user_id ); 2652 2653 if ( ! $user_data ) { 2654 return new IXR_Error( 404, __( 'Invalid user ID.' ) ); 2655 } 2656 2657 return $this->_prepare_user( $user_data, $fields ); 2658 } 2659 2660 /** 2661 * Retrieve users. 2662 * 2663 * The optional $filter parameter modifies the query used to retrieve users. 2664 * Accepted keys are 'number' (default: 50), 'offset' (default: 0), 'role', 2665 * 'who', 'orderby', and 'order'. 2666 * 2667 * The optional $fields parameter specifies what fields will be included 2668 * in the response array. 2669 * 2670 * @uses get_users() 2671 * @see wp_getUser() for more on $fields and return values 2672 * 2673 * @param array $args { 2674 * Method arguments. Note: arguments must be ordered as documented. 2675 * 2676 * @type int $blog_id (unused) 2677 * @type string $username 2678 * @type string $password 2679 * @type array $filter (optional) 2680 * @type array $fields (optional) 2681 * } 2682 * @return array|IXR_Error users data 2683 */ 2684 public function wp_getUsers( $args ) { 2685 if ( ! $this->minimum_args( $args, 3 ) ) { 2686 return $this->error; 2687 } 2688 2689 $this->escape( $args ); 2690 2691 $username = $args[1]; 2692 $password = $args[2]; 2693 $filter = isset( $args[3] ) ? $args[3] : array(); 2694 2695 if ( isset( $args[4] ) ) { 2696 $fields = $args[4]; 2697 } else { 2698 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2699 $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUsers' ); 2700 } 2701 2702 $user = $this->login( $username, $password ); 2703 if ( ! $user ) { 2704 return $this->error; 2705 } 2706 2707 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2708 do_action( 'xmlrpc_call', 'wp.getUsers' ); 2709 2710 if ( ! current_user_can( 'list_users' ) ) { 2711 return new IXR_Error( 401, __( 'Sorry, you are not allowed to list users.' ) ); 2712 } 2713 2714 $query = array( 'fields' => 'all_with_meta' ); 2715 2716 $query['number'] = ( isset( $filter['number'] ) ) ? absint( $filter['number'] ) : 50; 2717 $query['offset'] = ( isset( $filter['offset'] ) ) ? absint( $filter['offset'] ) : 0; 2718 2719 if ( isset( $filter['orderby'] ) ) { 2720 $query['orderby'] = $filter['orderby']; 2721 2722 if ( isset( $filter['order'] ) ) { 2723 $query['order'] = $filter['order']; 2724 } 2725 } 2726 2727 if ( isset( $filter['role'] ) ) { 2728 if ( get_role( $filter['role'] ) === null ) { 2729 return new IXR_Error( 403, __( 'Invalid role.' ) ); 2730 } 2731 2732 $query['role'] = $filter['role']; 2733 } 2734 2735 if ( isset( $filter['who'] ) ) { 2736 $query['who'] = $filter['who']; 2737 } 2738 2739 $users = get_users( $query ); 2740 2741 $_users = array(); 2742 foreach ( $users as $user_data ) { 2743 if ( current_user_can( 'edit_user', $user_data->ID ) ) { 2744 $_users[] = $this->_prepare_user( $user_data, $fields ); 2745 } 2746 } 2747 return $_users; 2748 } 2749 2750 /** 2751 * Retrieve information about the requesting user. 2752 * 2753 * @uses get_userdata() 2754 * 2755 * @param array $args { 2756 * Method arguments. Note: arguments must be ordered as documented. 2757 * 2758 * @type int $blog_id (unused) 2759 * @type string $username 2760 * @type string $password 2761 * @type array $fields (optional) 2762 * } 2763 * @return array|IXR_Error (@see wp_getUser) 2764 */ 2765 public function wp_getProfile( $args ) { 2766 if ( ! $this->minimum_args( $args, 3 ) ) { 2767 return $this->error; 2768 } 2769 2770 $this->escape( $args ); 2771 2772 $username = $args[1]; 2773 $password = $args[2]; 2774 2775 if ( isset( $args[3] ) ) { 2776 $fields = $args[3]; 2777 } else { 2778 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2779 $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getProfile' ); 2780 } 2781 2782 $user = $this->login( $username, $password ); 2783 if ( ! $user ) { 2784 return $this->error; 2785 } 2786 2787 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2788 do_action( 'xmlrpc_call', 'wp.getProfile' ); 2789 2790 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 2791 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) ); 2792 } 2793 2794 $user_data = get_userdata( $user->ID ); 2795 2796 return $this->_prepare_user( $user_data, $fields ); 2797 } 2798 2799 /** 2800 * Edit user's profile. 2801 * 2802 * @uses wp_update_user() 2803 * 2804 * @param array $args { 2805 * Method arguments. Note: arguments must be ordered as documented. 2806 * 2807 * @type int $blog_id (unused) 2808 * @type string $username 2809 * @type string $password 2810 * @type array $content_struct It can optionally contain: 2811 * - 'first_name' 2812 * - 'last_name' 2813 * - 'website' 2814 * - 'display_name' 2815 * - 'nickname' 2816 * - 'nicename' 2817 * - 'bio' 2818 * } 2819 * @return true|IXR_Error True, on success. 2820 */ 2821 public function wp_editProfile( $args ) { 2822 if ( ! $this->minimum_args( $args, 4 ) ) { 2823 return $this->error; 2824 } 2825 2826 $this->escape( $args ); 2827 2828 $username = $args[1]; 2829 $password = $args[2]; 2830 $content_struct = $args[3]; 2831 2832 $user = $this->login( $username, $password ); 2833 if ( ! $user ) { 2834 return $this->error; 2835 } 2836 2837 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2838 do_action( 'xmlrpc_call', 'wp.editProfile' ); 2839 2840 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 2841 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) ); 2842 } 2843 2844 // holds data of the user 2845 $user_data = array(); 2846 $user_data['ID'] = $user->ID; 2847 2848 // only set the user details if it was given 2849 if ( isset( $content_struct['first_name'] ) ) { 2850 $user_data['first_name'] = $content_struct['first_name']; 2851 } 2852 2853 if ( isset( $content_struct['last_name'] ) ) { 2854 $user_data['last_name'] = $content_struct['last_name']; 2855 } 2856 2857 if ( isset( $content_struct['url'] ) ) { 2858 $user_data['user_url'] = $content_struct['url']; 2859 } 2860 2861 if ( isset( $content_struct['display_name'] ) ) { 2862 $user_data['display_name'] = $content_struct['display_name']; 2863 } 2864 2865 if ( isset( $content_struct['nickname'] ) ) { 2866 $user_data['nickname'] = $content_struct['nickname']; 2867 } 2868 2869 if ( isset( $content_struct['nicename'] ) ) { 2870 $user_data['user_nicename'] = $content_struct['nicename']; 2871 } 2872 2873 if ( isset( $content_struct['bio'] ) ) { 2874 $user_data['description'] = $content_struct['bio']; 2875 } 2876 2877 $result = wp_update_user( $user_data ); 2878 2879 if ( is_wp_error( $result ) ) { 2880 return new IXR_Error( 500, $result->get_error_message() ); 2881 } 2882 2883 if ( ! $result ) { 2884 return new IXR_Error( 500, __( 'Sorry, the user could not be updated.' ) ); 2885 } 2886 2887 return true; 2888 } 2889 2890 /** 2891 * Retrieve page. 2892 * 2893 * @since 2.2.0 2894 * 2895 * @param array $args { 2896 * Method arguments. Note: arguments must be ordered as documented. 2897 * 2898 * @type int $blog_id (unused) 2899 * @type int $page_id 2900 * @type string $username 2901 * @type string $password 2902 * } 2903 * @return array|IXR_Error 2904 */ 2905 public function wp_getPage( $args ) { 2906 $this->escape( $args ); 2907 2908 $page_id = (int) $args[1]; 2909 $username = $args[2]; 2910 $password = $args[3]; 2911 2912 $user = $this->login( $username, $password ); 2913 if ( ! $user ) { 2914 return $this->error; 2915 } 2916 2917 $page = get_post( $page_id ); 2918 if ( ! $page ) { 2919 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 2920 } 2921 2922 if ( ! current_user_can( 'edit_page', $page_id ) ) { 2923 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this page.' ) ); 2924 } 2925 2926 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2927 do_action( 'xmlrpc_call', 'wp.getPage' ); 2928 2929 // If we found the page then format the data. 2930 if ( $page->ID && ( $page->post_type == 'page' ) ) { 2931 return $this->_prepare_page( $page ); 2932 } else { 2933 // If the page doesn't exist indicate that. 2934 return new IXR_Error( 404, __( 'Sorry, no such page.' ) ); 2935 } 2936 } 2937 2938 /** 2939 * Retrieve Pages. 2940 * 2941 * @since 2.2.0 2942 * 2943 * @param array $args { 2944 * Method arguments. Note: arguments must be ordered as documented. 2945 * 2946 * @type int $blog_id (unused) 2947 * @type string $username 2948 * @type string $password 2949 * @type int $num_pages 2950 * } 2951 * @return array|IXR_Error 2952 */ 2953 public function wp_getPages( $args ) { 2954 $this->escape( $args ); 2955 2956 $username = $args[1]; 2957 $password = $args[2]; 2958 $num_pages = isset( $args[3] ) ? (int) $args[3] : 10; 2959 2960 $user = $this->login( $username, $password ); 2961 if ( ! $user ) { 2962 return $this->error; 2963 } 2964 2965 if ( ! current_user_can( 'edit_pages' ) ) { 2966 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit pages.' ) ); 2967 } 2968 2969 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 2970 do_action( 'xmlrpc_call', 'wp.getPages' ); 2971 2972 $pages = get_posts( 2973 array( 2974 'post_type' => 'page', 2975 'post_status' => 'any', 2976 'numberposts' => $num_pages, 2977 ) 2978 ); 2979 $num_pages = count( $pages ); 2980 2981 // If we have pages, put together their info. 2982 if ( $num_pages >= 1 ) { 2983 $pages_struct = array(); 2984 2985 foreach ( $pages as $page ) { 2986 if ( current_user_can( 'edit_page', $page->ID ) ) { 2987 $pages_struct[] = $this->_prepare_page( $page ); 2988 } 2989 } 2990 2991 return $pages_struct; 2992 } 2993 2994 return array(); 2995 } 2996 2997 /** 2998 * Create new page. 2999 * 3000 * @since 2.2.0 3001 * 3002 * @see wp_xmlrpc_server::mw_newPost() 3003 * 3004 * @param array $args { 3005 * Method arguments. Note: arguments must be ordered as documented. 3006 * 3007 * @type int $blog_id (unused) 3008 * @type string $username 3009 * @type string $password 3010 * @type array $content_struct 3011 * } 3012 * @return int|IXR_Error 3013 */ 3014 public function wp_newPage( $args ) { 3015 // Items not escaped here will be escaped in newPost. 3016 $username = $this->escape( $args[1] ); 3017 $password = $this->escape( $args[2] ); 3018 3019 $user = $this->login( $username, $password ); 3020 if ( ! $user ) { 3021 return $this->error; 3022 } 3023 3024 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3025 do_action( 'xmlrpc_call', 'wp.newPage' ); 3026 3027 // Mark this as content for a page. 3028 $args[3]['post_type'] = 'page'; 3029 3030 // Let mw_newPost do all of the heavy lifting. 3031 return $this->mw_newPost( $args ); 3032 } 3033 3034 /** 3035 * Delete page. 3036 * 3037 * @since 2.2.0 3038 * 3039 * @param array $args { 3040 * Method arguments. Note: arguments must be ordered as documented. 3041 * 3042 * @type int $blog_id (unused) 3043 * @type string $username 3044 * @type string $password 3045 * @type int $page_id 3046 * } 3047 * @return true|IXR_Error True, if success. 3048 */ 3049 public function wp_deletePage( $args ) { 3050 $this->escape( $args ); 3051 3052 $username = $args[1]; 3053 $password = $args[2]; 3054 $page_id = (int) $args[3]; 3055 3056 $user = $this->login( $username, $password ); 3057 if ( ! $user ) { 3058 return $this->error; 3059 } 3060 3061 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3062 do_action( 'xmlrpc_call', 'wp.deletePage' ); 3063 3064 // Get the current page based on the page_id and 3065 // make sure it is a page and not a post. 3066 $actual_page = get_post( $page_id, ARRAY_A ); 3067 if ( ! $actual_page || ( $actual_page['post_type'] != 'page' ) ) { 3068 return new IXR_Error( 404, __( 'Sorry, no such page.' ) ); 3069 } 3070 3071 // Make sure the user can delete pages. 3072 if ( ! current_user_can( 'delete_page', $page_id ) ) { 3073 return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this page.' ) ); 3074 } 3075 3076 // Attempt to delete the page. 3077 $result = wp_delete_post( $page_id ); 3078 if ( ! $result ) { 3079 return new IXR_Error( 500, __( 'Failed to delete the page.' ) ); 3080 } 3081 3082 /** 3083 * Fires after a page has been successfully deleted via XML-RPC. 3084 * 3085 * @since 3.4.0 3086 * 3087 * @param int $page_id ID of the deleted page. 3088 * @param array $args An array of arguments to delete the page. 3089 */ 3090 do_action( 'xmlrpc_call_success_wp_deletePage', $page_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase 3091 3092 return true; 3093 } 3094 3095 /** 3096 * Edit page. 3097 * 3098 * @since 2.2.0 3099 * 3100 * @param array $args { 3101 * Method arguments. Note: arguments must be ordered as documented. 3102 * 3103 * @type int $blog_id (unused) 3104 * @type int $page_id 3105 * @type string $username 3106 * @type string $password 3107 * @type string $content 3108 * @type string $publish 3109 * } 3110 * @return array|IXR_Error 3111 */ 3112 public function wp_editPage( $args ) { 3113 // Items will be escaped in mw_editPost. 3114 $page_id = (int) $args[1]; 3115 $username = $args[2]; 3116 $password = $args[3]; 3117 $content = $args[4]; 3118 $publish = $args[5]; 3119 3120 $escaped_username = $this->escape( $username ); 3121 $escaped_password = $this->escape( $password ); 3122 3123 $user = $this->login( $escaped_username, $escaped_password ); 3124 if ( ! $user ) { 3125 return $this->error; 3126 } 3127 3128 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3129 do_action( 'xmlrpc_call', 'wp.editPage' ); 3130 3131 // Get the page data and make sure it is a page. 3132 $actual_page = get_post( $page_id, ARRAY_A ); 3133 if ( ! $actual_page || ( $actual_page['post_type'] != 'page' ) ) { 3134 return new IXR_Error( 404, __( 'Sorry, no such page.' ) ); 3135 } 3136 3137 // Make sure the user is allowed to edit pages. 3138 if ( ! current_user_can( 'edit_page', $page_id ) ) { 3139 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this page.' ) ); 3140 } 3141 3142 // Mark this as content for a page. 3143 $content['post_type'] = 'page'; 3144 3145 // Arrange args in the way mw_editPost understands. 3146 $args = array( 3147 $page_id, 3148 $username, 3149 $password, 3150 $content, 3151 $publish, 3152 ); 3153 3154 // Let mw_editPost do all of the heavy lifting. 3155 return $this->mw_editPost( $args ); 3156 } 3157 3158 /** 3159 * Retrieve page list. 3160 * 3161 * @since 2.2.0 3162 * 3163 * @global wpdb $wpdb WordPress database abstraction object. 3164 * 3165 * @param array $args { 3166 * Method arguments. Note: arguments must be ordered as documented. 3167 * 3168 * @type int $blog_id (unused) 3169 * @type string $username 3170 * @type string $password 3171 * } 3172 * @return array|IXR_Error 3173 */ 3174 public function wp_getPageList( $args ) { 3175 global $wpdb; 3176 3177 $this->escape( $args ); 3178 3179 $username = $args[1]; 3180 $password = $args[2]; 3181 3182 $user = $this->login( $username, $password ); 3183 if ( ! $user ) { 3184 return $this->error; 3185 } 3186 3187 if ( ! current_user_can( 'edit_pages' ) ) { 3188 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit pages.' ) ); 3189 } 3190 3191 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3192 do_action( 'xmlrpc_call', 'wp.getPageList' ); 3193 3194 // Get list of pages ids and titles 3195 $page_list = $wpdb->get_results( 3196 " 3197 SELECT ID page_id, 3198 post_title page_title, 3199 post_parent page_parent_id, 3200 post_date_gmt, 3201 post_date, 3202 post_status 3203 FROM {$wpdb->posts} 3204 WHERE post_type = 'page' 3205 ORDER BY ID 3206 " 3207 ); 3208 3209 // The date needs to be formatted properly. 3210 $num_pages = count( $page_list ); 3211 for ( $i = 0; $i < $num_pages; $i++ ) { 3212 $page_list[ $i ]->dateCreated = $this->_convert_date( $page_list[ $i ]->post_date ); 3213 $page_list[ $i ]->date_created_gmt = $this->_convert_date_gmt( $page_list[ $i ]->post_date_gmt, $page_list[ $i ]->post_date ); 3214 3215 unset( $page_list[ $i ]->post_date_gmt ); 3216 unset( $page_list[ $i ]->post_date ); 3217 unset( $page_list[ $i ]->post_status ); 3218 } 3219 3220 return $page_list; 3221 } 3222 3223 /** 3224 * Retrieve authors list. 3225 * 3226 * @since 2.2.0 3227 * 3228 * @param array $args { 3229 * Method arguments. Note: arguments must be ordered as documented. 3230 * 3231 * @type int $blog_id (unused) 3232 * @type string $username 3233 * @type string $password 3234 * } 3235 * @return array|IXR_Error 3236 */ 3237 public function wp_getAuthors( $args ) { 3238 $this->escape( $args ); 3239 3240 $username = $args[1]; 3241 $password = $args[2]; 3242 3243 $user = $this->login( $username, $password ); 3244 if ( ! $user ) { 3245 return $this->error; 3246 } 3247 3248 if ( ! current_user_can( 'edit_posts' ) ) { 3249 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) ); 3250 } 3251 3252 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3253 do_action( 'xmlrpc_call', 'wp.getAuthors' ); 3254 3255 $authors = array(); 3256 foreach ( get_users( array( 'fields' => array( 'ID', 'user_login', 'display_name' ) ) ) as $user ) { 3257 $authors[] = array( 3258 'user_id' => $user->ID, 3259 'user_login' => $user->user_login, 3260 'display_name' => $user->display_name, 3261 ); 3262 } 3263 3264 return $authors; 3265 } 3266 3267 /** 3268 * Get list of all tags 3269 * 3270 * @since 2.7.0 3271 * 3272 * @param array $args { 3273 * Method arguments. Note: arguments must be ordered as documented. 3274 * 3275 * @type int $blog_id (unused) 3276 * @type string $username 3277 * @type string $password 3278 * } 3279 * @return array|IXR_Error 3280 */ 3281 public function wp_getTags( $args ) { 3282 $this->escape( $args ); 3283 3284 $username = $args[1]; 3285 $password = $args[2]; 3286 3287 $user = $this->login( $username, $password ); 3288 if ( ! $user ) { 3289 return $this->error; 3290 } 3291 3292 if ( ! current_user_can( 'edit_posts' ) ) { 3293 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view tags.' ) ); 3294 } 3295 3296 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3297 do_action( 'xmlrpc_call', 'wp.getKeywords' ); 3298 3299 $tags = array(); 3300 3301 $all_tags = get_tags(); 3302 if ( $all_tags ) { 3303 foreach ( (array) $all_tags as $tag ) { 3304 $struct = array(); 3305 $struct['tag_id'] = $tag->term_id; 3306 $struct['name'] = $tag->name; 3307 $struct['count'] = $tag->count; 3308 $struct['slug'] = $tag->slug; 3309 $struct['html_url'] = esc_html( get_tag_link( $tag->term_id ) ); 3310 $struct['rss_url'] = esc_html( get_tag_feed_link( $tag->term_id ) ); 3311 3312 $tags[] = $struct; 3313 } 3314 } 3315 3316 return $tags; 3317 } 3318 3319 /** 3320 * Create new category. 3321 * 3322 * @since 2.2.0 3323 * 3324 * @param array $args { 3325 * Method arguments. Note: arguments must be ordered as documented. 3326 * 3327 * @type int $blog_id (unused) 3328 * @type string $username 3329 * @type string $password 3330 * @type array $category 3331 * } 3332 * @return int|IXR_Error Category ID. 3333 */ 3334 public function wp_newCategory( $args ) { 3335 $this->escape( $args ); 3336 3337 $username = $args[1]; 3338 $password = $args[2]; 3339 $category = $args[3]; 3340 3341 $user = $this->login( $username, $password ); 3342 if ( ! $user ) { 3343 return $this->error; 3344 } 3345 3346 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3347 do_action( 'xmlrpc_call', 'wp.newCategory' ); 3348 3349 // Make sure the user is allowed to add a category. 3350 if ( ! current_user_can( 'manage_categories' ) ) { 3351 return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a category.' ) ); 3352 } 3353 3354 // If no slug was provided make it empty so that 3355 // WordPress will generate one. 3356 if ( empty( $category['slug'] ) ) { 3357 $category['slug'] = ''; 3358 } 3359 3360 // If no parent_id was provided make it empty 3361 // so that it will be a top level page (no parent). 3362 if ( ! isset( $category['parent_id'] ) ) { 3363 $category['parent_id'] = ''; 3364 } 3365 3366 // If no description was provided make it empty. 3367 if ( empty( $category['description'] ) ) { 3368 $category['description'] = ''; 3369 } 3370 3371 $new_category = array( 3372 'cat_name' => $category['name'], 3373 'category_nicename' => $category['slug'], 3374 'category_parent' => $category['parent_id'], 3375 'category_description' => $category['description'], 3376 ); 3377 3378 $cat_id = wp_insert_category( $new_category, true ); 3379 if ( is_wp_error( $cat_id ) ) { 3380 if ( 'term_exists' == $cat_id->get_error_code() ) { 3381 return (int) $cat_id->get_error_data(); 3382 } else { 3383 return new IXR_Error( 500, __( 'Sorry, the category could not be created.' ) ); 3384 } 3385 } elseif ( ! $cat_id ) { 3386 return new IXR_Error( 500, __( 'Sorry, the category could not be created.' ) ); 3387 } 3388 3389 /** 3390 * Fires after a new category has been successfully created via XML-RPC. 3391 * 3392 * @since 3.4.0 3393 * 3394 * @param int $cat_id ID of the new category. 3395 * @param array $args An array of new category arguments. 3396 */ 3397 do_action( 'xmlrpc_call_success_wp_newCategory', $cat_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase 3398 3399 return $cat_id; 3400 } 3401 3402 /** 3403 * Remove category. 3404 * 3405 * @since 2.5.0 3406 * 3407 * @param array $args { 3408 * Method arguments. Note: arguments must be ordered as documented. 3409 * 3410 * @type int $blog_id (unused) 3411 * @type string $username 3412 * @type string $password 3413 * @type int $category_id 3414 * } 3415 * @return bool|IXR_Error See wp_delete_term() for return info. 3416 */ 3417 public function wp_deleteCategory( $args ) { 3418 $this->escape( $args ); 3419 3420 $username = $args[1]; 3421 $password = $args[2]; 3422 $category_id = (int) $args[3]; 3423 3424 $user = $this->login( $username, $password ); 3425 if ( ! $user ) { 3426 return $this->error; 3427 } 3428 3429 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3430 do_action( 'xmlrpc_call', 'wp.deleteCategory' ); 3431 3432 if ( ! current_user_can( 'delete_term', $category_id ) ) { 3433 return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this category.' ) ); 3434 } 3435 3436 $status = wp_delete_term( $category_id, 'category' ); 3437 3438 if ( true == $status ) { 3439 /** 3440 * Fires after a category has been successfully deleted via XML-RPC. 3441 * 3442 * @since 3.4.0 3443 * 3444 * @param int $category_id ID of the deleted category. 3445 * @param array $args An array of arguments to delete the category. 3446 */ 3447 do_action( 'xmlrpc_call_success_wp_deleteCategory', $category_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase 3448 } 3449 3450 return $status; 3451 } 3452 3453 /** 3454 * Retrieve category list. 3455 * 3456 * @since 2.2.0 3457 * 3458 * @param array $args { 3459 * Method arguments. Note: arguments must be ordered as documented. 3460 * 3461 * @type int $blog_id (unused) 3462 * @type string $username 3463 * @type string $password 3464 * @type array $category 3465 * @type int $max_results 3466 * } 3467 * @return array|IXR_Error 3468 */ 3469 public function wp_suggestCategories( $args ) { 3470 $this->escape( $args ); 3471 3472 $username = $args[1]; 3473 $password = $args[2]; 3474 $category = $args[3]; 3475 $max_results = (int) $args[4]; 3476 3477 $user = $this->login( $username, $password ); 3478 if ( ! $user ) { 3479 return $this->error; 3480 } 3481 3482 if ( ! current_user_can( 'edit_posts' ) ) { 3483 return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) ); 3484 } 3485 3486 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3487 do_action( 'xmlrpc_call', 'wp.suggestCategories' ); 3488 3489 $category_suggestions = array(); 3490 $args = array( 3491 'get' => 'all', 3492 'number' => $max_results, 3493 'name__like' => $category, 3494 ); 3495 foreach ( (array) get_categories( $args ) as $cat ) { 3496 $category_suggestions[] = array( 3497 'category_id' => $cat->term_id, 3498 'category_name' => $cat->name, 3499 ); 3500 } 3501 3502 return $category_suggestions; 3503 } 3504 3505 /** 3506 * Retrieve comment. 3507 * 3508 * @since 2.7.0 3509 * 3510 * @param array $args { 3511 * Method arguments. Note: arguments must be ordered as documented. 3512 * 3513 * @type int $blog_id (unused) 3514 * @type string $username 3515 * @type string $password 3516 * @type int $comment_id 3517 * } 3518 * @return array|IXR_Error 3519 */ 3520 public function wp_getComment( $args ) { 3521 $this->escape( $args ); 3522 3523 $username = $args[1]; 3524 $password = $args[2]; 3525 $comment_id = (int) $args[3]; 3526 3527 $user = $this->login( $username, $password ); 3528 if ( ! $user ) { 3529 return $this->error; 3530 } 3531 3532 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3533 do_action( 'xmlrpc_call', 'wp.getComment' ); 3534 3535 $comment = get_comment( $comment_id ); 3536 if ( ! $comment ) { 3537 return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 3538 } 3539 3540 if ( ! current_user_can( 'edit_comment', $comment_id ) ) { 3541 return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) ); 3542 } 3543 3544 return $this->_prepare_comment( $comment ); 3545 } 3546 3547 /** 3548 * Retrieve comments. 3549 * 3550 * Besides the common blog_id (unused), username, and password arguments, it takes a filter 3551 * array as last argument. 3552 * 3553 * Accepted 'filter' keys are 'status', 'post_id', 'offset', and 'number'. 3554 * 3555 * The defaults are as follows: 3556 * - 'status' - Default is ''. Filter by status (e.g., 'approve', 'hold') 3557 * - 'post_id' - Default is ''. The post where the comment is posted. Empty string shows all comments. 3558 * - 'number' - Default is 10. Total number of media items to retrieve. 3559 * - 'offset' - Default is 0. See WP_Query::query() for more. 3560 * 3561 * @since 2.7.0 3562 * 3563 * @param array $args { 3564 * Method arguments. Note: arguments must be ordered as documented. 3565 * 3566 * @type int $blog_id (unused) 3567 * @type string $username 3568 * @type string $password 3569 * @type array $struct 3570 * } 3571 * @return array|IXR_Error Contains a collection of comments. See wp_xmlrpc_server::wp_getComment() for a description of each item contents 3572 */ 3573 public function wp_getComments( $args ) { 3574 $this->escape( $args ); 3575 3576 $username = $args[1]; 3577 $password = $args[2]; 3578 $struct = isset( $args[3] ) ? $args[3] : array(); 3579 3580 $user = $this->login( $username, $password ); 3581 if ( ! $user ) { 3582 return $this->error; 3583 } 3584 3585 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3586 do_action( 'xmlrpc_call', 'wp.getComments' ); 3587 3588 if ( isset( $struct['status'] ) ) { 3589 $status = $struct['status']; 3590 } else { 3591 $status = ''; 3592 } 3593 3594 if ( ! current_user_can( 'moderate_comments' ) && 'approve' !== $status ) { 3595 return new IXR_Error( 401, __( 'Invalid comment status.' ) ); 3596 } 3597 3598 $post_id = ''; 3599 if ( isset( $struct['post_id'] ) ) { 3600 $post_id = absint( $struct['post_id'] ); 3601 } 3602 3603 $post_type = ''; 3604 if ( isset( $struct['post_type'] ) ) { 3605 $post_type_object = get_post_type_object( $struct['post_type'] ); 3606 if ( ! $post_type_object || ! post_type_supports( $post_type_object->name, 'comments' ) ) { 3607 return new IXR_Error( 404, __( 'Invalid post type.' ) ); 3608 } 3609 $post_type = $struct['post_type']; 3610 } 3611 3612 $offset = 0; 3613 if ( isset( $struct['offset'] ) ) { 3614 $offset = absint( $struct['offset'] ); 3615 } 3616 3617 $number = 10; 3618 if ( isset( $struct['number'] ) ) { 3619 $number = absint( $struct['number'] ); 3620 } 3621 3622 $comments = get_comments( 3623 array( 3624 'status' => $status, 3625 'post_id' => $post_id, 3626 'offset' => $offset, 3627 'number' => $number, 3628 'post_type' => $post_type, 3629 ) 3630 ); 3631 3632 $comments_struct = array(); 3633 if ( is_array( $comments ) ) { 3634 foreach ( $comments as $comment ) { 3635 $comments_struct[] = $this->_prepare_comment( $comment ); 3636 } 3637 } 3638 3639 return $comments_struct; 3640 } 3641 3642 /** 3643 * Delete a comment. 3644 * 3645 * By default, the comment will be moved to the trash instead of deleted. 3646 * See wp_delete_comment() for more information on this behavior. 3647 * 3648 * @since 2.7.0 3649 * 3650 * @param array $args { 3651 * Method arguments. Note: arguments must be ordered as documented. 3652 * 3653 * @type int $blog_id (unused) 3654 * @type string $username 3655 * @type string $password 3656 * @type int $comment_ID 3657 * } 3658 * @return bool|IXR_Error See wp_delete_comment(). 3659 */ 3660 public function wp_deleteComment( $args ) { 3661 $this->escape( $args ); 3662 3663 $username = $args[1]; 3664 $password = $args[2]; 3665 $comment_ID = (int) $args[3]; 3666 3667 $user = $this->login( $username, $password ); 3668 if ( ! $user ) { 3669 return $this->error; 3670 } 3671 3672 if ( ! get_comment( $comment_ID ) ) { 3673 return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 3674 } 3675 3676 if ( ! current_user_can( 'edit_comment', $comment_ID ) ) { 3677 return new IXR_Error( 403, __( 'Sorry, you are not allowed to delete this comment.' ) ); 3678 } 3679 3680 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3681 do_action( 'xmlrpc_call', 'wp.deleteComment' ); 3682 3683 $status = wp_delete_comment( $comment_ID ); 3684 3685 if ( $status ) { 3686 /** 3687 * Fires after a comment has been successfully deleted via XML-RPC. 3688 * 3689 * @since 3.4.0 3690 * 3691 * @param int $comment_ID ID of the deleted comment. 3692 * @param array $args An array of arguments to delete the comment. 3693 */ 3694 do_action( 'xmlrpc_call_success_wp_deleteComment', $comment_ID, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase 3695 } 3696 3697 return $status; 3698 } 3699 3700 /** 3701 * Edit comment. 3702 * 3703 * Besides the common blog_id (unused), username, and password arguments, it takes a 3704 * comment_id integer and a content_struct array as last argument. 3705 * 3706 * The allowed keys in the content_struct array are: 3707 * - 'author' 3708 * - 'author_url' 3709 * - 'author_email' 3710 * - 'content' 3711 * - 'date_created_gmt' 3712 * - 'status'. Common statuses are 'approve', 'hold', 'spam'. See get_comment_statuses() for more details 3713 * 3714 * @since 2.7.0 3715 * 3716 * @param array $args { 3717 * Method arguments. Note: arguments must be ordered as documented. 3718 * 3719 * @type int $blog_id (unused) 3720 * @type string $username 3721 * @type string $password 3722 * @type int $comment_ID 3723 * @type array $content_struct 3724 * } 3725 * @return true|IXR_Error True, on success. 3726 */ 3727 public function wp_editComment( $args ) { 3728 $this->escape( $args ); 3729 3730 $username = $args[1]; 3731 $password = $args[2]; 3732 $comment_ID = (int) $args[3]; 3733 $content_struct = $args[4]; 3734 3735 $user = $this->login( $username, $password ); 3736 if ( ! $user ) { 3737 return $this->error; 3738 } 3739 3740 if ( ! get_comment( $comment_ID ) ) { 3741 return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 3742 } 3743 3744 if ( ! current_user_can( 'edit_comment', $comment_ID ) ) { 3745 return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) ); 3746 } 3747 3748 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3749 do_action( 'xmlrpc_call', 'wp.editComment' ); 3750 $comment = array( 3751 'comment_ID' => $comment_ID, 3752 ); 3753 3754 if ( isset( $content_struct['status'] ) ) { 3755 $statuses = get_comment_statuses(); 3756 $statuses = array_keys( $statuses ); 3757 3758 if ( ! in_array( $content_struct['status'], $statuses ) ) { 3759 return new IXR_Error( 401, __( 'Invalid comment status.' ) ); 3760 } 3761 3762 $comment['comment_approved'] = $content_struct['status']; 3763 } 3764 3765 // Do some timestamp voodoo 3766 if ( ! empty( $content_struct['date_created_gmt'] ) ) { 3767 // We know this is supposed to be GMT, so we're going to slap that Z on there by force 3768 $dateCreated = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z'; 3769 $comment['comment_date'] = get_date_from_gmt( $dateCreated ); 3770 $comment['comment_date_gmt'] = iso8601_to_datetime( $dateCreated, 'gmt' ); 3771 } 3772 3773 if ( isset( $content_struct['content'] ) ) { 3774 $comment['comment_content'] = $content_struct['content']; 3775 } 3776 3777 if ( isset( $content_struct['author'] ) ) { 3778 $comment['comment_author'] = $content_struct['author']; 3779 } 3780 3781 if ( isset( $content_struct['author_url'] ) ) { 3782 $comment['comment_author_url'] = $content_struct['author_url']; 3783 } 3784 3785 if ( isset( $content_struct['author_email'] ) ) { 3786 $comment['comment_author_email'] = $content_struct['author_email']; 3787 } 3788 3789 $result = wp_update_comment( $comment ); 3790 if ( is_wp_error( $result ) ) { 3791 return new IXR_Error( 500, $result->get_error_message() ); 3792 } 3793 3794 if ( ! $result ) { 3795 return new IXR_Error( 500, __( 'Sorry, the comment could not be updated.' ) ); 3796 } 3797 3798 /** 3799 * Fires after a comment has been successfully updated via XML-RPC. 3800 * 3801 * @since 3.4.0 3802 * 3803 * @param int $comment_ID ID of the updated comment. 3804 * @param array $args An array of arguments to update the comment. 3805 */ 3806 do_action( 'xmlrpc_call_success_wp_editComment', $comment_ID, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase 3807 3808 return true; 3809 } 3810 3811 /** 3812 * Create new comment. 3813 * 3814 * @since 2.7.0 3815 * 3816 * @param array $args { 3817 * Method arguments. Note: arguments must be ordered as documented. 3818 * 3819 * @type int $blog_id (unused) 3820 * @type string $username 3821 * @type string $password 3822 * @type string|int $post 3823 * @type array $content_struct 3824 * } 3825 * @return int|IXR_Error See wp_new_comment(). 3826 */ 3827 public function wp_newComment( $args ) { 3828 $this->escape( $args ); 3829 3830 $username = $args[1]; 3831 $password = $args[2]; 3832 $post = $args[3]; 3833 $content_struct = $args[4]; 3834 3835 /** 3836 * Filters whether to allow anonymous comments over XML-RPC. 3837 * 3838 * @since 2.7.0 3839 * 3840 * @param bool $allow Whether to allow anonymous commenting via XML-RPC. 3841 * Default false. 3842 */ 3843 $allow_anon = apply_filters( 'xmlrpc_allow_anonymous_comments', false ); 3844 3845 $user = $this->login( $username, $password ); 3846 3847 if ( ! $user ) { 3848 $logged_in = false; 3849 if ( $allow_anon && get_option( 'comment_registration' ) ) { 3850 return new IXR_Error( 403, __( 'You must be registered to comment.' ) ); 3851 } elseif ( ! $allow_anon ) { 3852 return $this->error; 3853 } 3854 } else { 3855 $logged_in = true; 3856 } 3857 3858 if ( is_numeric( $post ) ) { 3859 $post_id = absint( $post ); 3860 } else { 3861 $post_id = url_to_postid( $post ); 3862 } 3863 3864 if ( ! $post_id ) { 3865 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 3866 } 3867 3868 if ( ! get_post( $post_id ) ) { 3869 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 3870 } 3871 3872 if ( ! comments_open( $post_id ) ) { 3873 return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) ); 3874 } 3875 3876 if ( empty( $content_struct['content'] ) ) { 3877 return new IXR_Error( 403, __( 'Comment is required.' ) ); 3878 } 3879 3880 $comment = array( 3881 'comment_post_ID' => $post_id, 3882 'comment_content' => $content_struct['content'], 3883 ); 3884 3885 if ( $logged_in ) { 3886 $display_name = $user->display_name; 3887 $user_email = $user->user_email; 3888 $user_url = $user->user_url; 3889 3890 $comment['comment_author'] = $this->escape( $display_name ); 3891 $comment['comment_author_email'] = $this->escape( $user_email ); 3892 $comment['comment_author_url'] = $this->escape( $user_url ); 3893 $comment['user_ID'] = $user->ID; 3894 } else { 3895 $comment['comment_author'] = ''; 3896 if ( isset( $content_struct['author'] ) ) { 3897 $comment['comment_author'] = $content_struct['author']; 3898 } 3899 3900 $comment['comment_author_email'] = ''; 3901 if ( isset( $content_struct['author_email'] ) ) { 3902 $comment['comment_author_email'] = $content_struct['author_email']; 3903 } 3904 3905 $comment['comment_author_url'] = ''; 3906 if ( isset( $content_struct['author_url'] ) ) { 3907 $comment['comment_author_url'] = $content_struct['author_url']; 3908 } 3909 3910 $comment['user_ID'] = 0; 3911 3912 if ( get_option( 'require_name_email' ) ) { 3913 if ( 6 > strlen( $comment['comment_author_email'] ) || '' == $comment['comment_author'] ) { 3914 return new IXR_Error( 403, __( 'Comment author name and email are required.' ) ); 3915 } elseif ( ! is_email( $comment['comment_author_email'] ) ) { 3916 return new IXR_Error( 403, __( 'A valid email address is required.' ) ); 3917 } 3918 } 3919 } 3920 3921 $comment['comment_parent'] = isset( $content_struct['comment_parent'] ) ? absint( $content_struct['comment_parent'] ) : 0; 3922 3923 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3924 do_action( 'xmlrpc_call', 'wp.newComment' ); 3925 3926 $comment_ID = wp_new_comment( $comment, true ); 3927 if ( is_wp_error( $comment_ID ) ) { 3928 return new IXR_Error( 403, $comment_ID->get_error_message() ); 3929 } 3930 3931 if ( ! $comment_ID ) { 3932 return new IXR_Error( 403, __( 'Something went wrong.' ) ); 3933 } 3934 3935 /** 3936 * Fires after a new comment has been successfully created via XML-RPC. 3937 * 3938 * @since 3.4.0 3939 * 3940 * @param int $comment_ID ID of the new comment. 3941 * @param array $args An array of new comment arguments. 3942 */ 3943 do_action( 'xmlrpc_call_success_wp_newComment', $comment_ID, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase 3944 3945 return $comment_ID; 3946 } 3947 3948 /** 3949 * Retrieve all of the comment status. 3950 * 3951 * @since 2.7.0 3952 * 3953 * @param array $args { 3954 * Method arguments. Note: arguments must be ordered as documented. 3955 * 3956 * @type int $blog_id (unused) 3957 * @type string $username 3958 * @type string $password 3959 * } 3960 * @return array|IXR_Error 3961 */ 3962 public function wp_getCommentStatusList( $args ) { 3963 $this->escape( $args ); 3964 3965 $username = $args[1]; 3966 $password = $args[2]; 3967 3968 $user = $this->login( $username, $password ); 3969 if ( ! $user ) { 3970 return $this->error; 3971 } 3972 3973 if ( ! current_user_can( 'publish_posts' ) ) { 3974 return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); 3975 } 3976 3977 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3978 do_action( 'xmlrpc_call', 'wp.getCommentStatusList' ); 3979 3980 return get_comment_statuses(); 3981 } 3982 3983 /** 3984 * Retrieve comment count. 3985 * 3986 * @since 2.5.0 3987 * 3988 * @param array $args { 3989 * Method arguments. Note: arguments must be ordered as documented. 3990 * 3991 * @type int $blog_id (unused) 3992 * @type string $username 3993 * @type string $password 3994 * @type int $post_id 3995 * } 3996 * @return array|IXR_Error 3997 */ 3998 public function wp_getCommentCount( $args ) { 3999 $this->escape( $args ); 4000 4001 $username = $args[1]; 4002 $password = $args[2]; 4003 $post_id = (int) $args[3]; 4004 4005 $user = $this->login( $username, $password ); 4006 if ( ! $user ) { 4007 return $this->error; 4008 } 4009 4010 $post = get_post( $post_id, ARRAY_A ); 4011 if ( empty( $post['ID'] ) ) { 4012 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 4013 } 4014 4015 if ( ! current_user_can( 'edit_post', $post_id ) ) { 4016 return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details of this post.' ) ); 4017 } 4018 4019 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4020 do_action( 'xmlrpc_call', 'wp.getCommentCount' ); 4021 4022 $count = wp_count_comments( $post_id ); 4023 4024 return array( 4025 'approved' => $count->approved, 4026 'awaiting_moderation' => $count->moderated, 4027 'spam' => $count->spam, 4028 'total_comments' => $count->total_comments, 4029 ); 4030 } 4031 4032 /** 4033 * Retrieve post statuses. 4034 * 4035 * @since 2.5.0 4036 * 4037 * @param array $args { 4038 * Method arguments. Note: arguments must be ordered as documented. 4039 * 4040 * @type int $blog_id (unused) 4041 * @type string $username 4042 * @type string $password 4043 * } 4044 * @return array|IXR_Error 4045 */ 4046 public function wp_getPostStatusList( $args ) { 4047 $this->escape( $args ); 4048 4049 $username = $args[1]; 4050 $password = $args[2]; 4051 4052 $user = $this->login( $username, $password ); 4053 if ( ! $user ) { 4054 return $this->error; 4055 } 4056 4057 if ( ! current_user_can( 'edit_posts' ) ) { 4058 return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); 4059 } 4060 4061 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4062 do_action( 'xmlrpc_call', 'wp.getPostStatusList' ); 4063 4064 return get_post_statuses(); 4065 } 4066 4067 /** 4068 * Retrieve page statuses. 4069 * 4070 * @since 2.5.0 4071 * 4072 * @param array $args { 4073 * Method arguments. Note: arguments must be ordered as documented. 4074 * 4075 * @type int $blog_id (unused) 4076 * @type string $username 4077 * @type string $password 4078 * } 4079 * @return array|IXR_Error 4080 */ 4081 public function wp_getPageStatusList( $args ) { 4082 $this->escape( $args ); 4083 4084 $username = $args[1]; 4085 $password = $args[2]; 4086 4087 $user = $this->login( $username, $password ); 4088 if ( ! $user ) { 4089 return $this->error; 4090 } 4091 4092 if ( ! current_user_can( 'edit_pages' ) ) { 4093 return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); 4094 } 4095 4096 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4097 do_action( 'xmlrpc_call', 'wp.getPageStatusList' ); 4098 4099 return get_page_statuses(); 4100 } 4101 4102 /** 4103 * Retrieve page templates. 4104 * 4105 * @since 2.6.0 4106 * 4107 * @param array $args { 4108 * Method arguments. Note: arguments must be ordered as documented. 4109 * 4110 * @type int $blog_id (unused) 4111 * @type string $username 4112 * @type string $password 4113 * } 4114 * @return array|IXR_Error 4115 */ 4116 public function wp_getPageTemplates( $args ) { 4117 $this->escape( $args ); 4118 4119 $username = $args[1]; 4120 $password = $args[2]; 4121 4122 $user = $this->login( $username, $password ); 4123 if ( ! $user ) { 4124 return $this->error; 4125 } 4126 4127 if ( ! current_user_can( 'edit_pages' ) ) { 4128 return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); 4129 } 4130 4131 $templates = get_page_templates(); 4132 $templates['Default'] = 'default'; 4133 4134 return $templates; 4135 } 4136 4137 /** 4138 * Retrieve blog options. 4139 * 4140 * @since 2.6.0 4141 * 4142 * @param array $args { 4143 * Method arguments. Note: arguments must be ordered as documented. 4144 * 4145 * @type int $blog_id (unused) 4146 * @type string $username 4147 * @type string $password 4148 * @type array $options 4149 * } 4150 * @return array|IXR_Error 4151 */ 4152 public function wp_getOptions( $args ) { 4153 $this->escape( $args ); 4154 4155 $username = $args[1]; 4156 $password = $args[2]; 4157 $options = isset( $args[3] ) ? (array) $args[3] : array(); 4158 4159 $user = $this->login( $username, $password ); 4160 if ( ! $user ) { 4161 return $this->error; 4162 } 4163 4164 // If no specific options where asked for, return all of them 4165 if ( count( $options ) == 0 ) { 4166 $options = array_keys( $this->blog_options ); 4167 } 4168 4169 return $this->_getOptions( $options ); 4170 } 4171 4172 /** 4173 * Retrieve blog options value from list. 4174 * 4175 * @since 2.6.0 4176 * 4177 * @param array $options Options to retrieve. 4178 * @return array 4179 */ 4180 public function _getOptions( $options ) { 4181 $data = array(); 4182 $can_manage = current_user_can( 'manage_options' ); 4183 foreach ( $options as $option ) { 4184 if ( array_key_exists( $option, $this->blog_options ) ) { 4185 $data[ $option ] = $this->blog_options[ $option ]; 4186 //Is the value static or dynamic? 4187 if ( isset( $data[ $option ]['option'] ) ) { 4188 $data[ $option ]['value'] = get_option( $data[ $option ]['option'] ); 4189 unset( $data[ $option ]['option'] ); 4190 } 4191 4192 if ( ! $can_manage ) { 4193 $data[ $option ]['readonly'] = true; 4194 } 4195 } 4196 } 4197 4198 return $data; 4199 } 4200 4201 /** 4202 * Update blog options. 4203 * 4204 * @since 2.6.0 4205 * 4206 * @param array $args { 4207 * Method arguments. Note: arguments must be ordered as documented. 4208 * 4209 * @type int $blog_id (unused) 4210 * @type string $username 4211 * @type string $password 4212 * @type array $options 4213 * } 4214 * @return array|IXR_Error 4215 */ 4216 public function wp_setOptions( $args ) { 4217 $this->escape( $args ); 4218 4219 $username = $args[1]; 4220 $password = $args[2]; 4221 $options = (array) $args[3]; 4222 4223 $user = $this->login( $username, $password ); 4224 if ( ! $user ) { 4225 return $this->error; 4226 } 4227 4228 if ( ! current_user_can( 'manage_options' ) ) { 4229 return new IXR_Error( 403, __( 'Sorry, you are not allowed to update options.' ) ); 4230 } 4231 4232 $option_names = array(); 4233 foreach ( $options as $o_name => $o_value ) { 4234 $option_names[] = $o_name; 4235 if ( ! array_key_exists( $o_name, $this->blog_options ) ) { 4236 continue; 4237 } 4238 4239 if ( $this->blog_options[ $o_name ]['readonly'] == true ) { 4240 continue; 4241 } 4242 4243 update_option( $this->blog_options[ $o_name ]['option'], wp_unslash( $o_value ) ); 4244 } 4245 4246 //Now return the updated values 4247 return $this->_getOptions( $option_names ); 4248 } 4249 4250 /** 4251 * Retrieve a media item by ID 4252 * 4253 * @since 3.1.0 4254 * 4255 * @param array $args { 4256 * Method arguments. Note: arguments must be ordered as documented. 4257 * 4258 * @type int $blog_id (unused) 4259 * @type string $username 4260 * @type string $password 4261 * @type int $attachment_id 4262 * } 4263 * @return array|IXR_Error Associative array contains: 4264 * - 'date_created_gmt' 4265 * - 'parent' 4266 * - 'link' 4267 * - 'thumbnail' 4268 * - 'title' 4269 * - 'caption' 4270 * - 'description' 4271 * - 'metadata' 4272 */ 4273 public function wp_getMediaItem( $args ) { 4274 $this->escape( $args ); 4275 4276 $username = $args[1]; 4277 $password = $args[2]; 4278 $attachment_id = (int) $args[3]; 4279 4280 $user = $this->login( $username, $password ); 4281 if ( ! $user ) { 4282 return $this->error; 4283 } 4284 4285 if ( ! current_user_can( 'upload_files' ) ) { 4286 return new IXR_Error( 403, __( 'Sorry, you are not allowed to upload files.' ) ); 4287 } 4288 4289 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4290 do_action( 'xmlrpc_call', 'wp.getMediaItem' ); 4291 4292 $attachment = get_post( $attachment_id ); 4293 if ( ! $attachment ) { 4294 return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); 4295 } 4296 4297 return $this->_prepare_media_item( $attachment ); 4298 } 4299 4300 /** 4301 * Retrieves a collection of media library items (or attachments) 4302 * 4303 * Besides the common blog_id (unused), username, and password arguments, it takes a filter 4304 * array as last argument. 4305 * 4306 * Accepted 'filter' keys are 'parent_id', 'mime_type', 'offset', and 'number'. 4307 * 4308 * The defaults are as follows: 4309 * - 'number' - Default is 5. Total number of media items to retrieve. 4310 * - 'offset' - Default is 0. See WP_Query::query() for more. 4311 * - 'parent_id' - Default is ''. The post where the media item is attached. Empty string shows all media items. 0 shows unattached media items. 4312 * - 'mime_type' - Default is ''. Filter by mime type (e.g., 'image/jpeg', 'application/pdf') 4313 * 4314 * @since 3.1.0 4315 * 4316 * @param array $args { 4317 * Method arguments. Note: arguments must be ordered as documented. 4318 * 4319 * @type int $blog_id (unused) 4320 * @type string $username 4321 * @type string $password 4322 * @type array $struct 4323 * } 4324 * @return array|IXR_Error Contains a collection of media items. See wp_xmlrpc_server::wp_getMediaItem() for a description of each item contents 4325 */ 4326 public function wp_getMediaLibrary( $args ) { 4327 $this->escape( $args ); 4328 4329 $username = $args[1]; 4330 $password = $args[2]; 4331 $struct = isset( $args[3] ) ? $args[3] : array(); 4332 4333 $user = $this->login( $username, $password ); 4334 if ( ! $user ) { 4335 return $this->error; 4336 } 4337 4338 if ( ! current_user_can( 'upload_files' ) ) { 4339 return new IXR_Error( 401, __( 'Sorry, you are not allowed to upload files.' ) ); 4340 } 4341 4342 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4343 do_action( 'xmlrpc_call', 'wp.getMediaLibrary' ); 4344 4345 $parent_id = ( isset( $struct['parent_id'] ) ) ? absint( $struct['parent_id'] ) : ''; 4346 $mime_type = ( isset( $struct['mime_type'] ) ) ? $struct['mime_type'] : ''; 4347 $offset = ( isset( $struct['offset'] ) ) ? absint( $struct['offset'] ) : 0; 4348 $number = ( isset( $struct['number'] ) ) ? absint( $struct['number'] ) : -1; 4349 4350 $attachments = get_posts( 4351 array( 4352 'post_type' => 'attachment', 4353 'post_parent' => $parent_id, 4354 'offset' => $offset, 4355 'numberposts' => $number, 4356 'post_mime_type' => $mime_type, 4357 ) 4358 ); 4359 4360 $attachments_struct = array(); 4361 4362 foreach ( $attachments as $attachment ) { 4363 $attachments_struct[] = $this->_prepare_media_item( $attachment ); 4364 } 4365 4366 return $attachments_struct; 4367 } 4368 4369 /** 4370 * Retrieves a list of post formats used by the site. 4371 * 4372 * @since 3.1.0 4373 * 4374 * @param array $args { 4375 * Method arguments. Note: arguments must be ordered as documented. 4376 * 4377 * @type int $blog_id (unused) 4378 * @type string $username 4379 * @type string $password 4380 * } 4381 * @return array|IXR_Error List of post formats, otherwise IXR_Error object. 4382 */ 4383 public function wp_getPostFormats( $args ) { 4384 $this->escape( $args ); 4385 4386 $username = $args[1]; 4387 $password = $args[2]; 4388 4389 $user = $this->login( $username, $password ); 4390 if ( ! $user ) { 4391 return $this->error; 4392 } 4393 4394 if ( ! current_user_can( 'edit_posts' ) ) { 4395 return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); 4396 } 4397 4398 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4399 do_action( 'xmlrpc_call', 'wp.getPostFormats' ); 4400 4401 $formats = get_post_format_strings(); 4402 4403 // find out if they want a list of currently supports formats 4404 if ( isset( $args[3] ) && is_array( $args[3] ) ) { 4405 if ( $args[3]['show-supported'] ) { 4406 if ( current_theme_supports( 'post-formats' ) ) { 4407 $supported = get_theme_support( 'post-formats' ); 4408 4409 $data = array(); 4410 $data['all'] = $formats; 4411 $data['supported'] = $supported[0]; 4412 4413 $formats = $data; 4414 } 4415 } 4416 } 4417 4418 return $formats; 4419 } 4420 4421 /** 4422 * Retrieves a post type 4423 * 4424 * @since 3.4.0 4425 * 4426 * @see get_post_type_object() 4427 * 4428 * @param array $args { 4429 * Method arguments. Note: arguments must be ordered as documented. 4430 * 4431 * @type int $blog_id (unused) 4432 * @type string $username 4433 * @type string $password 4434 * @type string $post_type_name 4435 * @type array $fields (optional) 4436 * } 4437 * @return array|IXR_Error Array contains: 4438 * - 'labels' 4439 * - 'description' 4440 * - 'capability_type' 4441 * - 'cap' 4442 * - 'map_meta_cap' 4443 * - 'hierarchical' 4444 * - 'menu_position' 4445 * - 'taxonomies' 4446 * - 'supports' 4447 */ 4448 public function wp_getPostType( $args ) { 4449 if ( ! $this->minimum_args( $args, 4 ) ) { 4450 return $this->error; 4451 } 4452 4453 $this->escape( $args ); 4454 4455 $username = $args[1]; 4456 $password = $args[2]; 4457 $post_type_name = $args[3]; 4458 4459 if ( isset( $args[4] ) ) { 4460 $fields = $args[4]; 4461 } else { 4462 /** 4463 * Filters the default query fields used by the given XML-RPC method. 4464 * 4465 * @since 3.4.0 4466 * 4467 * @param array $fields An array of post type query fields for the given method. 4468 * @param string $method The method name. 4469 */ 4470 $fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostType' ); 4471 } 4472 4473 $user = $this->login( $username, $password ); 4474 if ( ! $user ) { 4475 return $this->error; 4476 } 4477 4478 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4479 do_action( 'xmlrpc_call', 'wp.getPostType' ); 4480 4481 if ( ! post_type_exists( $post_type_name ) ) { 4482 return new IXR_Error( 403, __( 'Invalid post type.' ) ); 4483 } 4484 4485 $post_type = get_post_type_object( $post_type_name ); 4486 4487 if ( ! current_user_can( $post_type->cap->edit_posts ) ) { 4488 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ) ); 4489 } 4490 4491 return $this->_prepare_post_type( $post_type, $fields ); 4492 } 4493 4494 /** 4495 * Retrieves a post types 4496 * 4497 * @since 3.4.0 4498 * 4499 * @see get_post_types() 4500 * 4501 * @param array $args { 4502 * Method arguments. Note: arguments must be ordered as documented. 4503 * 4504 * @type int $blog_id (unused) 4505 * @type string $username 4506 * @type string $password 4507 * @type array $filter (optional) 4508 * @type array $fields (optional) 4509 * } 4510 * @return array|IXR_Error 4511 */ 4512 public function wp_getPostTypes( $args ) { 4513 if ( ! $this->minimum_args( $args, 3 ) ) { 4514 return $this->error; 4515 } 4516 4517 $this->escape( $args ); 4518 4519 $username = $args[1]; 4520 $password = $args[2]; 4521 $filter = isset( $args[3] ) ? $args[3] : array( 'public' => true ); 4522 4523 if ( isset( $args[4] ) ) { 4524 $fields = $args[4]; 4525 } else { 4526 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4527 $fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostTypes' ); 4528 } 4529 4530 $user = $this->login( $username, $password ); 4531 if ( ! $user ) { 4532 return $this->error; 4533 } 4534 4535 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4536 do_action( 'xmlrpc_call', 'wp.getPostTypes' ); 4537 4538 $post_types = get_post_types( $filter, 'objects' ); 4539 4540 $struct = array(); 4541 4542 foreach ( $post_types as $post_type ) { 4543 if ( ! current_user_can( $post_type->cap->edit_posts ) ) { 4544 continue; 4545 } 4546 4547 $struct[ $post_type->name ] = $this->_prepare_post_type( $post_type, $fields ); 4548 } 4549 4550 return $struct; 4551 } 4552 4553 /** 4554 * Retrieve revisions for a specific post. 4555 * 4556 * @since 3.5.0 4557 * 4558 * The optional $fields parameter specifies what fields will be included 4559 * in the response array. 4560 * 4561 * @uses wp_get_post_revisions() 4562 * @see wp_getPost() for more on $fields 4563 * 4564 * @param array $args { 4565 * Method arguments. Note: arguments must be ordered as documented. 4566 * 4567 * @type int $blog_id (unused) 4568 * @type string $username 4569 * @type string $password 4570 * @type int $post_id 4571 * @type array $fields (optional) 4572 * } 4573 * @return array|IXR_Error contains a collection of posts. 4574 */ 4575 public function wp_getRevisions( $args ) { 4576 if ( ! $this->minimum_args( $args, 4 ) ) { 4577 return $this->error; 4578 } 4579 4580 $this->escape( $args ); 4581 4582 $username = $args[1]; 4583 $password = $args[2]; 4584 $post_id = (int) $args[3]; 4585 4586 if ( isset( $args[4] ) ) { 4587 $fields = $args[4]; 4588 } else { 4589 /** 4590 * Filters the default revision query fields used by the given XML-RPC method. 4591 * 4592 * @since 3.5.0 4593 * 4594 * @param array $field An array of revision query fields. 4595 * @param string $method The method name. 4596 */ 4597 $fields = apply_filters( 'xmlrpc_default_revision_fields', array( 'post_date', 'post_date_gmt' ), 'wp.getRevisions' ); 4598 } 4599 4600 $user = $this->login( $username, $password ); 4601 if ( ! $user ) { 4602 return $this->error; 4603 } 4604 4605 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4606 do_action( 'xmlrpc_call', 'wp.getRevisions' ); 4607 4608 $post = get_post( $post_id ); 4609 if ( ! $post ) { 4610 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 4611 } 4612 4613 if ( ! current_user_can( 'edit_post', $post_id ) ) { 4614 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) ); 4615 } 4616 4617 // Check if revisions are enabled. 4618 if ( ! wp_revisions_enabled( $post ) ) { 4619 return new IXR_Error( 401, __( 'Sorry, revisions are disabled.' ) ); 4620 } 4621 4622 $revisions = wp_get_post_revisions( $post_id ); 4623 4624 if ( ! $revisions ) { 4625 return array(); 4626 } 4627 4628 $struct = array(); 4629 4630 foreach ( $revisions as $revision ) { 4631 if ( ! current_user_can( 'read_post', $revision->ID ) ) { 4632 continue; 4633 } 4634 4635 // Skip autosaves 4636 if ( wp_is_post_autosave( $revision ) ) { 4637 continue; 4638 } 4639 4640 $struct[] = $this->_prepare_post( get_object_vars( $revision ), $fields ); 4641 } 4642 4643 return $struct; 4644 } 4645 4646 /** 4647 * Restore a post revision 4648 * 4649 * @since 3.5.0 4650 * 4651 * @uses wp_restore_post_revision() 4652 * 4653 * @param array $args { 4654 * Method arguments. Note: arguments must be ordered as documented. 4655 * 4656 * @type int $blog_id (unused) 4657 * @type string $username 4658 * @type string $password 4659 * @type int $revision_id 4660 * } 4661 * @return bool|IXR_Error false if there was an error restoring, true if success. 4662 */ 4663 public function wp_restoreRevision( $args ) { 4664 if ( ! $this->minimum_args( $args, 3 ) ) { 4665 return $this->error; 4666 } 4667 4668 $this->escape( $args ); 4669 4670 $username = $args[1]; 4671 $password = $args[2]; 4672 $revision_id = (int) $args[3]; 4673 4674 $user = $this->login( $username, $password ); 4675 if ( ! $user ) { 4676 return $this->error; 4677 } 4678 4679 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4680 do_action( 'xmlrpc_call', 'wp.restoreRevision' ); 4681 4682 $revision = wp_get_post_revision( $revision_id ); 4683 if ( ! $revision ) { 4684 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 4685 } 4686 4687 if ( wp_is_post_autosave( $revision ) ) { 4688 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 4689 } 4690 4691 $post = get_post( $revision->post_parent ); 4692 if ( ! $post ) { 4693 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 4694 } 4695 4696 if ( ! current_user_can( 'edit_post', $revision->post_parent ) ) { 4697 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); 4698 } 4699 4700 // Check if revisions are disabled. 4701 if ( ! wp_revisions_enabled( $post ) ) { 4702 return new IXR_Error( 401, __( 'Sorry, revisions are disabled.' ) ); 4703 } 4704 4705 $post = wp_restore_post_revision( $revision_id ); 4706 4707 return (bool) $post; 4708 } 4709 4710 /* Blogger API functions. 4711 * specs on http://plant.blogger.com/api and https://groups.yahoo.com/group/bloggerDev/ 4712 */ 4713 4714 /** 4715 * Retrieve blogs that user owns. 4716 * 4717 * Will make more sense once we support multiple blogs. 4718 * 4719 * @since 1.5.0 4720 * 4721 * @param array $args { 4722 * Method arguments. Note: arguments must be ordered as documented. 4723 * 4724 * @type int $blog_id (unused) 4725 * @type string $username 4726 * @type string $password 4727 * } 4728 * @return array|IXR_Error 4729 */ 4730 public function blogger_getUsersBlogs( $args ) { 4731 if ( ! $this->minimum_args( $args, 3 ) ) { 4732 return $this->error; 4733 } 4734 4735 if ( is_multisite() ) { 4736 return $this->_multisite_getUsersBlogs( $args ); 4737 } 4738 4739 $this->escape( $args ); 4740 4741 $username = $args[1]; 4742 $password = $args[2]; 4743 4744 $user = $this->login( $username, $password ); 4745 if ( ! $user ) { 4746 return $this->error; 4747 } 4748 4749 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4750 do_action( 'xmlrpc_call', 'blogger.getUsersBlogs' ); 4751 4752 $is_admin = current_user_can( 'manage_options' ); 4753 4754 $struct = array( 4755 'isAdmin' => $is_admin, 4756 'url' => get_option( 'home' ) . '/', 4757 'blogid' => '1', 4758 'blogName' => get_option( 'blogname' ), 4759 'xmlrpc' => site_url( 'xmlrpc.php', 'rpc' ), 4760 ); 4761 4762 return array( $struct ); 4763 } 4764 4765 /** 4766 * Private function for retrieving a users blogs for multisite setups 4767 * 4768 * @since 3.0.0 4769 * 4770 * @param array $args { 4771 * Method arguments. Note: arguments must be ordered as documented. 4772 * 4773 * @type string $username Username. 4774 * @type string $password Password. 4775 * } 4776 * @return array|IXR_Error 4777 */ 4778 protected function _multisite_getUsersBlogs( $args ) { 4779 $current_blog = get_site(); 4780 4781 $domain = $current_blog->domain; 4782 $path = $current_blog->path . 'xmlrpc.php'; 4783 4784 $rpc = new IXR_Client( set_url_scheme( "http://{$domain}{$path}" ) ); 4785 $rpc->query( 'wp.getUsersBlogs', $args[1], $args[2] ); 4786 $blogs = $rpc->getResponse(); 4787 4788 if ( isset( $blogs['faultCode'] ) ) { 4789 return new IXR_Error( $blogs['faultCode'], $blogs['faultString'] ); 4790 } 4791 4792 if ( $_SERVER['HTTP_HOST'] == $domain && $_SERVER['REQUEST_URI'] == $path ) { 4793 return $blogs; 4794 } else { 4795 foreach ( (array) $blogs as $blog ) { 4796 if ( strpos( $blog['url'], $_SERVER['HTTP_HOST'] ) ) { 4797 return array( $blog ); 4798 } 4799 } 4800 return array(); 4801 } 4802 } 4803 4804 /** 4805 * Retrieve user's data. 4806 * 4807 * Gives your client some info about you, so you don't have to. 4808 * 4809 * @since 1.5.0 4810 * 4811 * @param array $args { 4812 * Method arguments. Note: arguments must be ordered as documented. 4813 * 4814 * @type int $blog_id (unused) 4815 * @type string $username 4816 * @type string $password 4817 * } 4818 * @return array|IXR_Error 4819 */ 4820 public function blogger_getUserInfo( $args ) { 4821 $this->escape( $args ); 4822 4823 $username = $args[1]; 4824 $password = $args[2]; 4825 4826 $user = $this->login( $username, $password ); 4827 if ( ! $user ) { 4828 return $this->error; 4829 } 4830 4831 if ( ! current_user_can( 'edit_posts' ) ) { 4832 return new IXR_Error( 401, __( 'Sorry, you are not allowed to access user data on this site.' ) ); 4833 } 4834 4835 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4836 do_action( 'xmlrpc_call', 'blogger.getUserInfo' ); 4837 4838 $struct = array( 4839 'nickname' => $user->nickname, 4840 'userid' => $user->ID, 4841 'url' => $user->user_url, 4842 'lastname' => $user->last_name, 4843 'firstname' => $user->first_name, 4844 ); 4845 4846 return $struct; 4847 } 4848 4849 /** 4850 * Retrieve post. 4851 * 4852 * @since 1.5.0 4853 * 4854 * @param array $args { 4855 * Method arguments. Note: arguments must be ordered as documented. 4856 * 4857 * @type int $blog_id (unused) 4858 * @type int $post_ID 4859 * @type string $username 4860 * @type string $password 4861 * } 4862 * @return array|IXR_Error 4863 */ 4864 public function blogger_getPost( $args ) { 4865 $this->escape( $args ); 4866 4867 $post_ID = (int) $args[1]; 4868 $username = $args[2]; 4869 $password = $args[3]; 4870 4871 $user = $this->login( $username, $password ); 4872 if ( ! $user ) { 4873 return $this->error; 4874 } 4875 4876 $post_data = get_post( $post_ID, ARRAY_A ); 4877 if ( ! $post_data ) { 4878 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 4879 } 4880 4881 if ( ! current_user_can( 'edit_post', $post_ID ) ) { 4882 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); 4883 } 4884 4885 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4886 do_action( 'xmlrpc_call', 'blogger.getPost' ); 4887 4888 $categories = implode( ',', wp_get_post_categories( $post_ID ) ); 4889 4890 $content = '<title>' . wp_unslash( $post_data['post_title'] ) . '</title>'; 4891 $content .= '<category>' . $categories . '</category>'; 4892 $content .= wp_unslash( $post_data['post_content'] ); 4893 4894 $struct = array( 4895 'userid' => $post_data['post_author'], 4896 'dateCreated' => $this->_convert_date( $post_data['post_date'] ), 4897 'content' => $content, 4898 'postid' => (string) $post_data['ID'], 4899 ); 4900 4901 return $struct; 4902 } 4903 4904 /** 4905 * Retrieve list of recent posts. 4906 * 4907 * @since 1.5.0 4908 * 4909 * @param array $args { 4910 * Method arguments. Note: arguments must be ordered as documented. 4911 * 4912 * @type string $appkey (unused) 4913 * @type int $blog_id (unused) 4914 * @type string $username 4915 * @type string $password 4916 * @type int $numberposts (optional) 4917 * } 4918 * @return array|IXR_Error 4919 */ 4920 public function blogger_getRecentPosts( $args ) { 4921 4922 $this->escape( $args ); 4923 4924 // $args[0] = appkey - ignored 4925 $username = $args[2]; 4926 $password = $args[3]; 4927 if ( isset( $args[4] ) ) { 4928 $query = array( 'numberposts' => absint( $args[4] ) ); 4929 } else { 4930 $query = array(); 4931 } 4932 4933 $user = $this->login( $username, $password ); 4934 if ( ! $user ) { 4935 return $this->error; 4936 } 4937 4938 if ( ! current_user_can( 'edit_posts' ) ) { 4939 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) ); 4940 } 4941 4942 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 4943 do_action( 'xmlrpc_call', 'blogger.getRecentPosts' ); 4944 4945 $posts_list = wp_get_recent_posts( $query ); 4946 4947 if ( ! $posts_list ) { 4948 $this->error = new IXR_Error( 500, __( 'Either there are no posts, or something went wrong.' ) ); 4949 return $this->error; 4950 } 4951 4952 $recent_posts = array(); 4953 foreach ( $posts_list as $entry ) { 4954 if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) { 4955 continue; 4956 } 4957 4958 $post_date = $this->_convert_date( $entry['post_date'] ); 4959 $categories = implode( ',', wp_get_post_categories( $entry['ID'] ) );