function xmlrpc_ob_end($content) { $start = substr($content, 0, 5); if ($start != "<" . "?xml" && $start != "<meth") { // may be an error - wrap it up $err = new IXR_Error(99, htmlspecialchars("System error: " . $content)); return $err->getXml(); } return $content; }
/** * Kill WordPress execution and display XML message with error message. * * This is the handler for wp_die when processing XMLRPC requests. * * @since 3.2.0 * @access private * * @global wp_xmlrpc_server $wp_xmlrpc_server * * @param string $message Error message. * @param string $title Optional. Error title. Default empty. * @param string|array $args Optional. Arguments to control behavior. Default empty array. */ function _xmlrpc_wp_die_handler($message, $title = '', $args = array()) { global $wp_xmlrpc_server; $defaults = array('response' => 500); $r = wp_parse_args($args, $defaults); if ($wp_xmlrpc_server) { $error = new IXR_Error($r['response'], $message); $wp_xmlrpc_server->output($error->getXml()); } die; }
function xmlrpc_get_languages_list($lang) { global $wpdb; if (!is_null($lang)) { if (!$wpdb->get_var("SELECT code FROM {$wpdb->prefix}icl_languages WHERE code='" . esc_sql($lang) . "'")) { $IXR_Error = new IXR_Error(401, __('Invalid language code', 'sitepress')); echo $IXR_Error->getXml(); exit(1); } $this->admin_language = $lang; } define('WP_ADMIN', true); // hack - allow to force display language $active_languages = $this->get_active_languages(true); return $active_languages; }
function error($error, $message = false) { // Accepts either an error object or an error code and message if ($message && !is_object($error)) { $error = new IXR_Error($error, $message); } $this->output($error->getXml()); }
public static function exception_handler($exception) { $ixr_error = new IXR_Error(500, $exception->getMessage()); echo $ixr_error->getXml(); }
function r16803($xmlrpc_method) { // Hotfixes: http://core.trac.wordpress.org/changeset/16803 global $wp_xmlrpc_server; // Pretend that we are an xmlrpc method, freshly called $args = $wp_xmlrpc_server->message->params; $error_code = 401; switch ($xmlrpc_method) { case 'metaWeblog.newPost': $content_struct = $args[3]; $publish = isset($args[4]) ? $args[4] : 0; if (!empty($content_struct['post_type'])) { if ($content_struct['post_type'] == 'page') { if ($publish || 'publish' == $content_struct['page_status']) { $cap = 'publish_pages'; } else { $cap = 'edit_pages'; } $error_message = __('Sorry, you are not allowed to publish pages on this site.'); } elseif ($content_struct['post_type'] == 'post') { if ($publish || 'publish' == $content_struct['post_status']) { $cap = 'publish_posts'; } else { $cap = 'edit_posts'; } $error_message = __('Sorry, you are not allowed to publish posts on this site.'); } else { $error_message = __('Invalid post type.'); } } else { if ($publish || 'publish' == $content_struct['post_status']) { $cap = 'publish_posts'; } else { $cap = 'edit_posts'; } $error_message = __('Sorry, you are not allowed to publish posts on this site.'); } if (current_user_can($cap)) { return true; } break; case 'metaWeblog.editPost': $post_ID = (int) $args[0]; $content_struct = $args[3]; $publish = $args[4]; $cap = $publish ? 'publish_posts' : 'edit_posts'; $error_message = __('Sorry, you are not allowed to publish posts on this site.'); if (!empty($content_struct['post_type'])) { if ($content_struct['post_type'] == 'page') { if ($publish || 'publish' == $content_struct['page_status']) { $cap = 'publish_pages'; } else { $cap = 'edit_pages'; } $error_message = __('Sorry, you are not allowed to publish pages on this site.'); } elseif ($content_struct['post_type'] == 'post') { if ($publish || 'publish' == $content_struct['post_status']) { $cap = 'publish_posts'; } else { $cap = 'edit_posts'; } $error_message = __('Sorry, you are not allowed to publish posts on this site.'); } else { $error_message = __('Invalid post type.'); } } else { if ($publish || 'publish' == $content_struct['post_status']) { $cap = 'publish_posts'; } else { $cap = 'edit_posts'; } $error_message = __('Sorry, you are not allowed to publish posts on this site.'); } if (current_user_can($cap)) { return true; } break; case 'mt.publishPost': $post_ID = (int) $args[0]; if (current_user_can('publish_posts') && current_user_can('edit_post', $post_ID)) { return true; } $error_message = __('Sorry, you cannot edit this post.'); break; case 'blogger.deletePost': $post_ID = (int) $args[1]; if (current_user_can('delete_post', $post_ID)) { return true; } $error_message = __('Sorry, you do not have the right to delete this post.'); break; case 'wp.getPageStatusList': if (current_user_can('edit_pages')) { return true; } $error_code = 403; $error_message = __('You are not allowed access to details about this site.'); break; case 'wp.deleteComment': case 'wp.editComment': $comment_ID = (int) $args[3]; if (!($comment = get_comment($comment_ID))) { return true; } // This will be handled in the calling function explicitly if (current_user_can('edit_post', $comment->comment_post_ID)) { return true; } $error_code = 403; $error_message = __('You are not allowed to moderate comments on this site.'); break; default: return true; } // If we are here then this was a handlable xmlrpc call and the capability checks above all failed // ( otherwise they would have returned to the do_action from the switch statement above ) so it's // time to exit with whatever error we've determined is the problem (thus short circuiting the // original XMLRPC method call, and enforcing the above capability checks -- with an ax. We'll // mimic the behavior from the end of IXR_Server::serve() $r = new IXR_Error($error_code, $error_message); $resultxml = $r->getXml(); $xml = <<<EOD <methodResponse> <params> \t<param> \t <value> \t\t{$resultxml} \t </value> \t</param> </params> </methodResponse> EOD; $wp_xmlrpc_server->output($xml); // For good measure... die; }