/** * Create a new Item and return an XML-RPC response * * @param array Item properties * @param object Blog where we are going to create a new Item * @return xmlrpcmsg */ function xmlrpcs_new_item($params, &$Blog = NULL) { global $current_User, $Settings, $Messages, $DB, $posttypes_perms; $params = array_merge(array('title' => '', 'content' => '', 'date' => '', 'main_cat_ID' => 0, 'extra_cat_IDs' => array(), 'cat_IDs' => array(), 'status' => 'published', 'tags' => '', 'excerpt' => '', 'item_typ_ID' => 1, 'comment_status' => 'open', 'urltitle' => '', 'featured' => 0, 'custom_fields' => array(), 'order' => '', 'parent_ID' => ''), $params); if (empty($Blog) && !empty($params['main_cat_ID'])) { // Get the blog by main category ID // Check if category exists and can be used $ChapterCache =& get_ChapterCache(); $main_Chapter =& $ChapterCache->get_by_ID($params['main_cat_ID'], false, false); if (empty($main_Chapter)) { // Cat does not exist: return xmlrpcs_resperror(11); // User error 11 } $BlogCache =& get_BlogCache(); $Blog =& $BlogCache->get_by_ID($main_Chapter->blog_ID, false, false); logIO('Requested Blog: ' . $Blog->ID . ' - ' . $Blog->name); } if (empty($Blog)) { // Blog does not exist: return xmlrpcs_resperror(); } if (empty($params['main_cat_ID'])) { if (is_array($params['cat_IDs']) && count($params['cat_IDs']) > 0) { // Let's use first cat for MAIN and others for EXTRA $params['main_cat_ID'] = array_shift($params['cat_IDs']); $params['extra_cat_IDs'] = $params['cat_IDs']; } else { if (!($main_cat = $Blog->get_default_cat_ID())) { // No default category found for requested blog return xmlrpcs_resperror(12); // User error 12 } $params['main_cat_ID'] = $main_cat; } } logIO('Main cat ID: ' . $params['main_cat_ID']); logIO('Extra cat IDs: ' . implode(', ', $params['extra_cat_IDs'])); if (empty($params['main_cat_ID'])) { // Main category does not exist: return xmlrpcs_resperror(11); // User error 11 } // Check if category exists and can be used if (!xmlrpcs_check_cats($params['main_cat_ID'], $Blog, $params['extra_cat_IDs'])) { // Permission denied return xmlrpcs_resperror(3); // User error 3 } /* * CHECK PERMISSION: (we need perm on all categories, especially if they are in different blogs) * NOTE: extra_cat_IDs array now includes main_cat_ID too, so we are actually checking ALL categories below */ if (!$current_User->check_perm('cats_post!' . $params['status'], 'edit', false, $params['extra_cat_IDs'])) { // Permission denied return xmlrpcs_resperror(3); // User error 3 } if (!empty($params['item_typ_ID'])) { if (!preg_match('~^[0-9]+$~', $params['item_typ_ID'])) { // Only accept numeric values, switch to default value $params['item_typ_ID'] = 1; } foreach ($posttypes_perms as $l_permname => $l_posttypes) { // "Reverse" the $posttypes_perms array: foreach ($l_posttypes as $ll_posttype) { $posttype2perm[$ll_posttype] = $l_permname; } } if (isset($posttype2perm[$params['item_typ_ID']])) { // Check permission for this post type if (!$current_User->check_perm('cats_' . $posttype2perm[$params['item_typ_ID']], 'edit', false, $params['extra_cat_IDs'])) { // Permission denied return xmlrpcs_resperror(3); // User error 3 } } } logIO('Post type: ' . $params['item_typ_ID']); logIO('Permission granted.'); // CHECK HTML SANITY: if (($params['title'] = check_html_sanity($params['title'], 'xmlrpc_posting')) === false) { return xmlrpcs_resperror(21, $Messages->get_string('Invalid post title, please correct these errors:', '')); } if (($params['content'] = check_html_sanity($params['content'], 'xmlrpc_posting')) === false) { return xmlrpcs_resperror(22, $Messages->get_string('Invalid post contents, please correct these errors:' . "\n", '', " // \n", 'xmlrpc')); } if (empty($params['date'])) { $params['date'] = date('Y-m-d H:i:s', time() + $Settings->get('time_difference')); } // INSERT NEW POST INTO DB: load_class('items/model/_item.class.php', 'Item'); $edited_Item = new Item(); $edited_Item->set('title', $params['title']); $edited_Item->set('content', $params['content']); $edited_Item->set('issue_date', $params['date']); $edited_Item->set('main_cat_ID', $params['main_cat_ID']); $edited_Item->set('extra_cat_IDs', $params['extra_cat_IDs']); $edited_Item->set('status', $params['status']); $edited_Item->set('ptyp_ID', $params['item_typ_ID']); $edited_Item->set('featured', $params['featured']); $edited_Item->set_tags_from_string($params['tags']); $edited_Item->set('locale', $current_User->locale); $edited_Item->set_creator_User($current_User); if ($params['excerpt'] != '') { $edited_Item->set('excerpt', $params['excerpt']); } if ($params['urltitle'] != '') { $edited_Item->set('urltitle', $params['urltitle']); } if ($params['parent_ID'] != '') { $edited_Item->set('parent_ID', $params['parent_ID']); } if (!empty($params['order'])) { $edited_Item->set('order', $params['order']); } // Do not set if order is 0 if ($Blog->get_setting('allow_comments') != 'never' && $Blog->get_setting('disable_comments_bypost')) { // Comment status $edited_Item->set('comment_status', $params['comment_status']); } $edited_Item->dbinsert('through_xmlrpc'); if (empty($edited_Item->ID)) { return xmlrpcs_resperror(99, 'Error while inserting item: ' . $DB->last_error); } logIO('Posted with ID: ' . $edited_Item->ID); if (!empty($params['custom_fields']) && is_array($params['custom_fields']) && count($params['custom_fields']) > 0) { // TODO sam2kb> Add custom fields foreach ($params['custom_fields'] as $field) { // id, key, value logIO('Custom field: ' . var_export($field, true)); } } // Execute or schedule notifications & pings: logIO('Handling notifications...'); $edited_Item->handle_post_processing(true); logIO('OK.'); return new xmlrpcresp(new xmlrpcval($edited_Item->ID)); }