function callback($path = '', $blog_id = 0, $user_id = 0) { $blog_id = $this->api->switch_to_blog_and_validate_user($this->api->get_blog_id($blog_id)); if (is_wp_error($blog_id)) { return $blog_id; } if (defined('IS_WPCOM') && IS_WPCOM) { if (wpcom_get_blog_owner($blog_id) == $user_id) { return new WP_Error('forbidden', 'A site owner can not be removed through this endpoint.', 403); } } if ($this->api->ends_with($path, '/delete')) { return $this->delete_or_remove_user($user_id); } return false; }
/** * Updates user data * * @return (array) */ public function update_user($user_id, $blog_id) { $input = $this->input(); $user['ID'] = $user_id; $is_wpcom = defined('IS_WPCOM') && IS_WPCOM; if (get_current_user_id() == $user_id && isset($input['roles'])) { return new WP_Error('unauthorized', 'You cannot change your own role', 403); } if ($is_wpcom && $user_id !== get_current_user_id() && $user_id == wpcom_get_blog_owner($blog_id)) { return new WP_Error('unauthorized_edit_owner', 'Current user can not edit blog owner', 403); } if (!$is_wpcom) { foreach ($input as $key => $value) { if (!is_array($value)) { $value = trim($value); } $value = wp_unslash($value); switch ($key) { case 'first_name': case 'last_name': $user[$key] = $value; break; case 'display_name': case 'name': $user['display_name'] = $value; break; } } } if (isset($input['roles'])) { if (is_array($input['roles'])) { $user['role'] = $input['roles'][0]; } else { $user['role'] = $input['roles']; } } $result = wp_update_user($user); if (is_wp_error($result)) { return $result; } return $this->get_user($user_id); }
/** * SyndicatedPost::normalize_post() * * @param bool $new If true, this post is to be inserted anew. If false, it is an update of an existing post. * @return array A normalized representation of the post ready to be inserted into the database or sent to the WordPress API functions */ function normalize_post($new = true) { $out = array(); // Why doesn't wp_insert_post already do this? foreach ($this->post as $key => $value) { // For DB sanitization, no post ID needs passed $out[$key] = sanitize_post_field($key, $this->post[$key], null, 'db'); } // May not always have a post excerpt $excerpt = isset($out['post_excerpt']) ? $out['post_excerpt'] : ''; if (strlen($out['post_title'] . $out['post_content'] . $excerpt) == 0) { // FIXME: Option for filtering out empty posts } if (strlen($out['post_title']) == 0) { $offset = (int) get_option('gmt_offset') * 60 * 60; $out['post_title'] = $this->post['meta']['syndication_source'] . ' ' . gmdate('Y-m-d H:i:s', $this->published() + $offset); // FIXME: Option for what to fill a blank title with... } // WPCOM: never allow 1 (super admin) as the author if (function_exists('wpcom_get_blog_owner') && 1 == $out['post_author']) { $out['post_author'] = wpcom_get_blog_owner(); } return $out; }