function xmlrpc_ob_end($content)
{
$start = substr($content, 0, 5);
if ($start != "<" . "?xml" && $start != "<meth") {
// may be an error - wrap it up
$err = new IXR_Error(99, htmlspecialchars("System error: " . $content));
return $err->getXml();
}
return $content;
}
/**
* Kill WordPress execution and display XML message with error message.
*
* This is the handler for wp_die when processing XMLRPC requests.
*
* @since 3.2.0
* @access private
*
* @global wp_xmlrpc_server $wp_xmlrpc_server
*
* @param string $message Error message.
* @param string $title Optional. Error title. Default empty.
* @param string|array $args Optional. Arguments to control behavior. Default empty array.
*/
function _xmlrpc_wp_die_handler($message, $title = '', $args = array())
{
global $wp_xmlrpc_server;
$defaults = array('response' => 500);
$r = wp_parse_args($args, $defaults);
if ($wp_xmlrpc_server) {
$error = new IXR_Error($r['response'], $message);
$wp_xmlrpc_server->output($error->getXml());
}
die;
}
function xmlrpc_get_languages_list($lang)
{
global $wpdb;
if (!is_null($lang)) {
if (!$wpdb->get_var("SELECT code FROM {$wpdb->prefix}icl_languages WHERE code='" . esc_sql($lang) . "'")) {
$IXR_Error = new IXR_Error(401, __('Invalid language code', 'sitepress'));
echo $IXR_Error->getXml();
exit(1);
}
$this->admin_language = $lang;
}
define('WP_ADMIN', true);
// hack - allow to force display language
$active_languages = $this->get_active_languages(true);
return $active_languages;
}
function error($error, $message = false)
{
// Accepts either an error object or an error code and message
if ($message && !is_object($error)) {
$error = new IXR_Error($error, $message);
}
$this->output($error->getXml());
}
public static function exception_handler($exception)
{
$ixr_error = new IXR_Error(500, $exception->getMessage());
echo $ixr_error->getXml();
}
function r16803($xmlrpc_method)
{
// Hotfixes: http://core.trac.wordpress.org/changeset/16803
global $wp_xmlrpc_server;
// Pretend that we are an xmlrpc method, freshly called
$args = $wp_xmlrpc_server->message->params;
$error_code = 401;
switch ($xmlrpc_method) {
case 'metaWeblog.newPost':
$content_struct = $args[3];
$publish = isset($args[4]) ? $args[4] : 0;
if (!empty($content_struct['post_type'])) {
if ($content_struct['post_type'] == 'page') {
if ($publish || 'publish' == $content_struct['page_status']) {
$cap = 'publish_pages';
} else {
$cap = 'edit_pages';
}
$error_message = __('Sorry, you are not allowed to publish pages on this site.');
} elseif ($content_struct['post_type'] == 'post') {
if ($publish || 'publish' == $content_struct['post_status']) {
$cap = 'publish_posts';
} else {
$cap = 'edit_posts';
}
$error_message = __('Sorry, you are not allowed to publish posts on this site.');
} else {
$error_message = __('Invalid post type.');
}
} else {
if ($publish || 'publish' == $content_struct['post_status']) {
$cap = 'publish_posts';
} else {
$cap = 'edit_posts';
}
$error_message = __('Sorry, you are not allowed to publish posts on this site.');
}
if (current_user_can($cap)) {
return true;
}
break;
case 'metaWeblog.editPost':
$post_ID = (int) $args[0];
$content_struct = $args[3];
$publish = $args[4];
$cap = $publish ? 'publish_posts' : 'edit_posts';
$error_message = __('Sorry, you are not allowed to publish posts on this site.');
if (!empty($content_struct['post_type'])) {
if ($content_struct['post_type'] == 'page') {
if ($publish || 'publish' == $content_struct['page_status']) {
$cap = 'publish_pages';
} else {
$cap = 'edit_pages';
}
$error_message = __('Sorry, you are not allowed to publish pages on this site.');
} elseif ($content_struct['post_type'] == 'post') {
if ($publish || 'publish' == $content_struct['post_status']) {
$cap = 'publish_posts';
} else {
$cap = 'edit_posts';
}
$error_message = __('Sorry, you are not allowed to publish posts on this site.');
} else {
$error_message = __('Invalid post type.');
}
} else {
if ($publish || 'publish' == $content_struct['post_status']) {
$cap = 'publish_posts';
} else {
$cap = 'edit_posts';
}
$error_message = __('Sorry, you are not allowed to publish posts on this site.');
}
if (current_user_can($cap)) {
return true;
}
break;
case 'mt.publishPost':
$post_ID = (int) $args[0];
if (current_user_can('publish_posts') && current_user_can('edit_post', $post_ID)) {
return true;
}
$error_message = __('Sorry, you cannot edit this post.');
break;
case 'blogger.deletePost':
$post_ID = (int) $args[1];
if (current_user_can('delete_post', $post_ID)) {
return true;
}
$error_message = __('Sorry, you do not have the right to delete this post.');
break;
case 'wp.getPageStatusList':
if (current_user_can('edit_pages')) {
return true;
}
$error_code = 403;
$error_message = __('You are not allowed access to details about this site.');
break;
case 'wp.deleteComment':
case 'wp.editComment':
$comment_ID = (int) $args[3];
if (!($comment = get_comment($comment_ID))) {
return true;
}
// This will be handled in the calling function explicitly
if (current_user_can('edit_post', $comment->comment_post_ID)) {
return true;
}
$error_code = 403;
$error_message = __('You are not allowed to moderate comments on this site.');
break;
default:
return true;
}
// If we are here then this was a handlable xmlrpc call and the capability checks above all failed
// ( otherwise they would have returned to the do_action from the switch statement above ) so it's
// time to exit with whatever error we've determined is the problem (thus short circuiting the
// original XMLRPC method call, and enforcing the above capability checks -- with an ax. We'll
// mimic the behavior from the end of IXR_Server::serve()
$r = new IXR_Error($error_code, $error_message);
$resultxml = $r->getXml();
$xml = <<<EOD
<methodResponse>
<params>
\t<param>
\t <value>
\t\t{$resultxml}
\t </value>
\t</param>
</params>
</methodResponse>
EOD;
$wp_xmlrpc_server->output($xml);
// For good measure...
die;
}
