function blogger_editPost($args) { global $wpdb; $this->escape($args); $post_ID = (int) $args[1]; $user_login = $args[2]; $user_pass = $args[3]; $content = $args[4]; $publish = $args[5]; if (!$this->login_pass_ok($user_login, $user_pass)) { return $this->error; } $actual_post = wp_get_single_post($post_ID, ARRAY_A); if (!$actual_post) { return new IXR_Error(404, __('Sorry, no such post.')); } $this->escape($actual_post); set_current_user(0, $user_login); if (!current_user_can('edit_post', $post_ID)) { return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); } extract($actual_post, EXTR_SKIP); if ('publish' == $post_status && !current_user_can('publish_posts')) { return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); } $post_title = xmlrpc_getposttitle($content); $post_category = xmlrpc_getpostcategory($content); $post_content = xmlrpc_removepostdata($content); $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt'); $result = wp_update_post($postdata); if (!$result) { return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be edited.')); } $this->attach_uploads($ID, $post_content); return true; }
/** * Edit a post. * * @since 1.5.0 * * @param array $args Method parameters. * @return bool true when done. */ function blogger_editPost($args) { $this->escape($args); $post_ID = (int) $args[1]; $username = $args[2]; $password = $args[3]; $content = $args[4]; $publish = $args[5]; if (!($user = $this->login($username, $password))) { return $this->error; } do_action('xmlrpc_call', 'blogger.editPost'); $actual_post = get_post($post_ID, ARRAY_A); if (!$actual_post || $actual_post['post_type'] != 'post') { return new IXR_Error(404, __('Sorry, no such post.')); } $this->escape($actual_post); if (!current_user_can('edit_post', $post_ID)) { return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); } extract($actual_post, EXTR_SKIP); if ('publish' == $post_status && !current_user_can('publish_posts')) { return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); } $post_title = xmlrpc_getposttitle($content); $post_category = xmlrpc_getpostcategory($content); $post_content = xmlrpc_removepostdata($content); $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt'); $result = wp_update_post($postdata); if (!$result) { return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be edited.')); } $this->attach_uploads($ID, $post_content); do_action('xmlrpc_call_success_blogger_editPost', $post_ID, $args); return true; }
/** * Edit a post. * * @since 1.5.0 * * @param array $args Method parameters. * @return bool|IXR_Error true when done. */ public function blogger_editPost($args) { $this->escape($args); $post_ID = (int) $args[1]; $username = $args[2]; $password = $args[3]; $content = $args[4]; $publish = $args[5]; if (!($user = $this->login($username, $password))) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action('xmlrpc_call', 'blogger.editPost'); $actual_post = get_post($post_ID, ARRAY_A); if (!$actual_post || $actual_post['post_type'] != 'post') { return new IXR_Error(404, __('Sorry, no such post.')); } $this->escape($actual_post); if (!current_user_can('edit_post', $post_ID)) { return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); } if ('publish' == $actual_post['post_status'] && !current_user_can('publish_posts')) { return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.')); } $postdata = array(); $postdata['ID'] = $actual_post['ID']; $postdata['post_content'] = xmlrpc_removepostdata($content); $postdata['post_title'] = xmlrpc_getposttitle($content); $postdata['post_category'] = xmlrpc_getpostcategory($content); $postdata['post_status'] = $actual_post['post_status']; $postdata['post_excerpt'] = $actual_post['post_excerpt']; $result = wp_update_post($postdata); if (!$result) { return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be edited.')); } $this->attach_uploads($actual_post['ID'], $postdata['post_content']); /** * Fires after a post has been successfully updated via the XML-RPC Blogger API. * * @since 3.4.0 * * @param int $post_ID ID of the updated post. * @param array $args An array of arguments for the post to edit. */ do_action('xmlrpc_call_success_blogger_editPost', $post_ID, $args); return true; }
function blogger_editPost($args) { global $wpdb; $this->escape($args); $post_ID = $args[1]; $user_login = $args[2]; $user_pass = $args[3]; $content = $args[4]; $publish = $args[5]; if (!$this->login_pass_ok($user_login, $user_pass)) { return $this->error; } $actual_post = wp_get_single_post($post_ID, ARRAY_A); if (!$actual_post) { return new IXR_Error(404, 'Sorry, no such post.'); } $this->escape($actual_post); $user = new WP_User(0, $user_login); if (!$user->has_cap('edit_post', $post_ID)) { return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.'); } extract($actual_post); $post_title = xmlrpc_getposttitle($content); $post_category = xmlrpc_getpostcategory($content); $post_content = xmlrpc_removepostdata($content); $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt'); $result = wp_update_post($postdata); if (!$result) { return new IXR_Error(500, 'For some strange yet very annoying reason, this post could not be edited.'); } return true; }
function bloggereditpost($m) { global $wpdb; global $xmlrpcerruser; // import user errcode value global $blog_ID, $cache_userdata, $tableposts, $use_rss, $use_weblogsping, $post_autobr; global $post_default_title, $post_default_category, $sleep_after_edit; $err = ""; $post_ID = $m->getParam(1); $username = $m->getParam(2); $password = $m->getParam(3); $newcontent = $m->getParam(4); $publish = $m->getParam(5); $ID = $post_ID->scalarval(); $username = $username->scalarval(); $password = $password->scalarval(); $newcontent = $newcontent->scalarval(); $post_status = $publish->scalarval() ? 'publish' : 'draft'; $result = wp_get_single_post($ID, ARRAY_A); if (!$result) { return new xmlrpcresp(0, $xmlrpcerruser + 2, "No such post '{$ID}'."); } $userdata = get_userdatabylogin($username); $user_ID = $userdata->ID; $user_level = $userdata->user_level; $postdata = get_postdata($ID); $post_authordata = get_userdata($postdata["Author_ID"]); $post_author_ID = $postdata["Author_ID"]; if ($user_ID != $post_author_ID && $user_level <= $post_authordata->user_level) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Sorry, you do not have the right to edit this post"); } if (user_pass_ok($username, $password)) { if ($user_level < 1) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Sorry, level 0 users can not edit posts"); } extract($result); $content = $newcontent; $post_title = xmlrpc_getposttitle($content); $post_category = xmlrpc_getpostcategory($content); $content = xmlrpc_removepostdata($content); $post_content = format_to_post($content); $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_date', 'post_excerpt'); $result = wp_update_post($postdata); if (!$result) { return new xmlrpcresp(0, $xmlrpcerruser + 2, "For some strange yet very annoying reason, the entry couldn't be edited."); } if (!isset($blog_ID)) { $blog_ID = 1; } if (isset($sleep_after_edit) && $sleep_after_edit > 0) { sleep($sleep_after_edit); } pingWeblogs($blog_ID); return new xmlrpcresp(new xmlrpcval("1", "boolean")); } else { return new xmlrpcresp(0, $xmlrpcerruser + 3, 'Wrong username/password combination ' . $username . ' / ' . starify($password)); } }
/** * blogger.editPost changes the contents of a given post. * * Optionally, will publish the blog the post belongs to after changing the post. * (In b2evo, this means the changed post will be moved to published state). * On success, it returns a boolean true value. * On error, it will return a fault with an error message. * * @see http://www.blogger.com/developers/api/1_docs/xmlrpc_editPost.html * @see http://www.sixapart.com/developers/xmlrpc/blogger_api/bloggereditpost.html * * @param xmlrpcmsg XML-RPC Message * 0 appkey (string): Unique identifier/passcode of the application sending the post. * (See access info {@link http://www.blogger.com/developers/api/1_docs/#access} .) * 1 postid (string): Unique identifier of the post to be changed. * 2 username (string): Login for a Blogger user who has permission to edit the given * post (either the user who originally created it or an admin of the blog). * 3 password (string): Password for said username. * 4 content (string): New content of the post. * 5 publish (boolean): If true, the blog will be published immediately after the * post is made. (In b2evo,this means, the new post will be in 'published' state, * otherwise it would be in draft state). * @return xmlrpcresp XML-RPC Response * * @todo check current status and permission on it */ function blogger_editpost($m) { // CHECK LOGIN: /** * @var User */ if (!($current_User =& xmlrpcs_login($m, 2, 3))) { // Login failed, return (last) error: return xmlrpcs_resperror(); } // GET POST: /** * @var Item */ if (!($edited_Item =& xmlrpcs_get_Item($m, 1))) { // Failed, return (last) error: return xmlrpcs_resperror(); } // We need to be able to edit this post: if (!$current_User->check_perm('item_post!CURSTATUS', 'edit', false, $edited_Item)) { return xmlrpcs_resperror(3); // Permission denied } $content = $m->getParam(4); $content = $content->scalarval(); $publish = $m->getParam(5); $publish = $publish->scalarval(); $status = $publish ? 'published' : 'draft'; logIO("Publish: {$publish} -> Status: {$status}"); $title = xmlrpc_getposttitle($content); $cat_IDs = xmlrpc_getpostcategories($content); // Cleanup content from extra tags like <category> and <title>: $content = xmlrpc_removepostdata($content); $params = array('title' => $title, 'content' => $content, 'cat_IDs' => $cat_IDs, 'status' => $status); // COMPLETE VALIDATION & INSERT: return xmlrpcs_edit_item($edited_Item, $params); }
function bloggereditpost($m) { $ID = $m->getParam(1); $username = $m->getParam(2); $password = $m->getParam(3); $newcontent = $m->getParam(4); $publish = $m->getParam(5); $ID = intval($ID->scalarval()); $username = $username->scalarval(); $password = $password->scalarval(); $newcontent = $newcontent->scalarval(); $postarr['post_status'] = $publish->scalarval() ? 'publish' : 'draft'; if (user_pass_ok($username, $password)) { $postdata = wp_get_single_post($ID, ARRAY_A); if (!$postdata) { return new xmlrpcresp(0, $GLOBALS['xmlrpcerruser'] + 2, "No such post '{$ID}'."); } $userdata = get_userdatabylogin($username); if ($userdata->user_level < 1) { return new xmlrpcresp(0, $GLOBALS['xmlrpcerruser'] + 1, 'Sorry, level 0 users can not edit posts'); } if ($userdata->ID != $postdata['post_author'] && $userdata->user_level != 10) { $authordata = get_userdata($postdata['post_author']); if ($userdata->user_level <= $authordata->user_level) { return new xmlrpcresp(0, $GLOBALS['xmlrpcerruser'] + 1, 'Sorry, you do not have the right to edit this post'); } } $postarr['ID'] = $ID; $postarr['post_title'] = xmlrpc_getposttitle($newcontent); $postarr['post_category'] = array(xmlrpc_getpostcategory($newcontent)); $postarr['post_content'] = format_to_post(xmlrpc_removepostdata($newcontent)); $post_ID = wp_update_post($postarr); if (!$post_ID) { return new xmlrpcresp(0, $GLOBALS['xmlrpcerruser'] + 2, 'For some strange yet very annoying reason, the entry could not be edited.'); } if (!isset($GLOBALS['blog_ID'])) { $GLOBALS['blog_ID'] = 1; } pingWeblogs($GLOBALS['blog_ID']); return new xmlrpcresp(new xmlrpcval('1', 'boolean')); } else { return new xmlrpcresp(0, $GLOBALS['xmlrpcerruser'] + 3, 'Wrong username/password combination ' . $username . ' / ' . starify($password)); } }
function wp_mail_receive() { global $img_target; require_once wp_base() . '/wp-includes/class-pop3.php'; timer_start(); $use_cache = 1; $time_difference = get_settings('time_difference'); error_reporting(2037); $GLOBALS['wp_pop3'] = new POP3(); if (!$GLOBALS['wp_pop3']->connect(get_settings('mailserver_url'), get_settings('mailserver_port'))) { echo "Ooops {$GLOBALS['wp_pop3']}->ERROR <br />\n"; return; } $mail_count = $GLOBALS['wp_pop3']->login(get_settings('mailserver_login'), get_settings('mailserver_pass')); if ($mail_count == false) { if (!$GLOBALS['wp_pop3']->FP) { echo "Oooops Login Failed: {$wp_pop3->ERROR}<br />\n"; } else { echo "No Message<br />\n"; $GLOBALS['wp_pop3']->quit(); } return; } // ONLY USE THIS IF YOUR PHP VERSION SUPPORTS IT! register_shutdown_function('wp_mail_quit'); for ($mail_num = 1; $mail_num <= $mail_count; $mail_num++) { $MsgOne = $GLOBALS['wp_pop3']->get($mail_num); if (!$MsgOne || gettype($MsgOne) != 'array') { echo "oops, {$GLOBALS['wp_pop3']}->ERROR<br />\n"; $GLOBALS['wp_pop3']->quit(); return; } $content = ''; $content_type = ''; $boundary = ''; $alt_boundary = ''; $emb_boundary = ''; $dmonths = array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); $mailMsg = ''; while (list($lineNum, $line) = each($MsgOne)) { $mailMsg .= $line; } $mailParts = parse_msg($mailMsg); if (!empty($mailParts['header']['date'])) { $ddate = trim($mailParts['header']['date'][0]); if (strpos($ddate, ',')) { $ddate = trim(substr($ddate, strpos($ddate, ',') + 1, strlen($ddate))); } $ddate_U = strtotime($ddate) + $time_difference * 3600; $post_date = date('Y-m-d H:i:s', $ddate_U); } if (!empty($mailParts['header']['subject'])) { $subject = trim($mailParts['header']['subject'][0]); if (function_exists('mb_decode_mimeheader')) { $subject1 = mb_decode_mimeheader($subject); if ($subject1 != $subject) { $sub_charset = mb_internal_encoding(); } else { $sub_charset = "auto"; } $subject = $subject1; } if (get_settings('use_phoneemail')) { $subject = explode(get_settings('phoneemail_separator'), $subject); $subject = trim($subject[0]); } } if (!ereg(get_settings('subjectprefix'), $subject)) { continue; } $charset = ""; $ncharset = preg_match("/\\s?charset=\"?([A-Za-z0-9\\-]*)\"?/i", $content, $matches); if ($ncharset) { $charset = $matches[1]; } $ddate_today = time() + $time_difference * 3600; $ddate_difference_days = ($ddate_today - $ddate_U) / 86400; if ($ddate_difference_days > 14) { echo "Too old<br />\n"; continue; } if (preg_match('/' . get_settings('subjectprefix') . '/', $subject)) { $userpassstring = ''; echo "<div style=\"border: 1px dashed #999; padding: 10px; margin: 10px;\">\n"; echo "<p><b>{$mail_num}</b></p><p><b>Subject: </b>{$subject}</p>\n"; $subject = trim(str_replace(get_settings('subjectprefix'), '', $subject)); $attaches = array(); if ($mailParts['type'] == 'multipart') { if ($mailParts['subtype'] == 'mixed') { for ($i = 1; $i < count($mailParts['body']); $i++) { $attaches[] = array('type' => 'mix', 'body' => $mailParts['body'][$i]); } if (!is_array($mailParts['body'][0]['body'])) { $content = $mailParts['body'][0]['body']; $charset = $mailParts['body'][0]['charset']; $encoding = $mailParts['body'][0]['encodings']; $content = convert_content($content, $charest, $encoding); } else { $mailParts = $mailParts['body'][0]; } } if ($mailParts['type'] == 'multipart' && $mailParts['subtype'] == 'related') { if ($mailParts['body'][0]['type'] == 'multipart' && $mailParts['body'][0]['subtype'] == 'alternative') { $content = $mailParts['body'][0]['body'][1]['body']; $charset = $mailParts['body'][0]['body'][1]['charset']; $encoding = $mailParts['body'][0]['body'][1]['encodings']; $content = convert_content($content, $charest, $encoding); } else { $content = $mailParts['body'][0]['body']; $charset = $mailParts['body'][0]['charset']; $encoding = $mailParts['body'][0]['encodings']; $content = convert_content($content, $charest, $encoding); } $content = preg_replace('/(\\<.*?\\>)/es', 'str_replace(array("\\n","\\r"), array(" ", " "), "\\1")', $content); $content = preg_replace('/\\<head\\>.*\\<\\/head\\>/is', '', $content); $content = preg_replace('/(\\<body\\s*[^\\>]*\\>)\\s*\\<br\\s*\\/*\\>\\s*/is', '\\1', $content); $content = strip_tags($content, '<img><p><br><i><b><u><em><strong><strike><font><span><div><dl><dt><dd><ol><ul><li>,<table><tr><td><category><title>'); $content = preg_replace('!(</div>|</p>)([^\\r\\n])!i', "\\1\n\\2", $content); for ($i = 1; $i < count($mailParts['body']); $i++) { $attaches[] = array('type' => 'relate', 'body' => $mailParts['body'][$i], 'id' => preg_replace('/<(.*)>/', '$1', $mailParts['body'][$i]['header']['content-id'][0])); } } if ($mailParts['type'] == 'multipart' && $mailParts['subtype'] == 'alternative') { if ($mailParts['body'][1]['type'] == 'multipart' && $mailParts['body'][1]['subtype'] == 'related') { $content = $mailParts['body'][1]['body'][0]['body']; $charset = $mailParts['body'][1]['body'][0]['charset']; $encoding = $mailParts['body'][1]['body'][0]['encodings']; $content = convert_content($content, $charest, $encoding); for ($i = 1; $i < count($mailParts['body'][1]['body']); $i++) { $attaches[] = array('type' => 'relate', 'body' => $mailParts['body'][1]['body'][$i], 'id' => preg_replace('/<(.*)>/', '$1', $mailParts['body'][1]['body'][$i]['header']['content-id'][0])); } } else { $content = $mailParts['body'][1]['body']; $charset = $mailParts['body'][1]['charset']; $encoding = $mailParts['body'][1]['encodings']; $content = convert_content($content, $charest, $encoding); } $content = preg_replace('/(\\<[^\\>]*\\>)/es', 'str_replace(array("\\n","\\r"), array(" ", " "), "\\1")', $content); $content = preg_replace('/\\<head\\>.*\\<\\/head\\>/is', '', $content); $content = preg_replace('/(\\<body\\s*[^\\>]*\\>)\\s*\\<br\\s*\\/*\\>\\s*/is', '\\1', $content); $content = strip_tags($content, '<img><p><br><i><b><u><em><strong><strike><font><span><div><dl><dt><dd><ol><ul><li>,<table><tr><td><category><title>'); $content = preg_replace('!(</div>|</p>)([^\\r\\n])!i', "\\1\n\\2", $content); } } else { $content = $mailParts['body']; $charset = $mailParts['charset']; $encoding = $mailParts['encodings']; $content = convert_content($content, $charest, $encoding); } $content = trim($content); echo "<p><b>Content-type:</b> {$content_type}, <b>boundary:</b> {$boundary}</p>\n"; echo "<p><b>alt_boundary:</b> {$alt_boundary}, <b>emb_boundary:</b> {$emb_boundary}</p>\n"; echo "<p><b>charset:</b>{$charset}, <b>BLOG charset:</b>" . $GLOBALS['blog_charset'] . "</p>\n"; // echo "<p><b>Raw content:</b><br /><pre>".$content.'</pre></p>'; if ($charset == "" || trim(strtoupper($charset)) == "ISO-2022-JP") { $charset = "JIS"; } if (trim(strtoupper($charset)) == "SHIFT_JIS") { $charset = "SJIS"; } $btpos = strpos($content, get_settings('bodyterminator')); if ($btpos) { $content = substr($content, 0, $btpos); } $content = trim($content); $blah = explode("\n", preg_replace("/^[\n\r\\s]*/", "", strip_tags($content))); $firstline = preg_replace("/[\n\r]/", "", $blah[0]); $secondline = $blah[1]; if (get_settings('use_phoneemail')) { echo "<p><b>Use Phone Mail:</b> Yes</p>\n"; $btpos = strpos($firstline, get_settings('phoneemail_separator')); if ($btpos) { $userpassstring = trim(substr($firstline, 0, $btpos)); $content = trim(substr($content, $btpos + strlen(get_settings('phoneemail_separator')), strlen($content))); $btpos = strpos($content, get_settings('phoneemail_separator')); if ($btpos) { $userpassstring = trim(substr($content, 0, $btpos)); $content = trim(substr($content, $btpos + strlen(get_settings('phoneemail_separator')), strlen($content))); } } $contentfirstline = $blah[1]; } else { echo "<p><b>Use Phone Mail:</b> No</p>\n"; $userpassstring = strip_tags($firstline); $contentfirstline = ''; } $flat = 999.0; $flon = 999.0; $secondlineParts = explode(':', strip_tags($secondline)); if (strncmp($secondlineParts[0], "POS", 3) == 0) { echo "Found POS:<br />\n"; // echo "Second parts is:".$secondlineParts[1]; // the second line is the postion listing line $secLineParts = explode(',', $secondlineParts[1]); $flatStr = $secLineParts[0]; $flonStr = $secLineParts[1]; // echo "String are ".$flatStr.$flonStr; $flat = floatval($secLineParts[0]); $flon = floatval($secLineParts[1]); // echo "values are ".$flat." and ".$flon; // ok remove that position... we should not have it in the final output $content = str_replace($secondline, '', $content); } $blah = explode(':', $userpassstring); $user_login = trim($blah[0]); $user_pass = $blah[1]; $content = $contentfirstline . str_replace($firstline, '', $content); $content = trim($content); // Please uncomment following line, only if you want to check user and password. // echo "<p><b>Login:</b> $user_login, <b>Pass:</b> $user_pass</p>"; echo "<p><b>Login:</b> {$user_login}, <b>Pass:</b> *********</p>"; if (!user_pass_ok($user_login, $user_pass)) { echo "<p><b>Error: Wrong Login.</b></p></div>\n"; continue; } $userdata = get_userdatabylogin($user_login); $user_level = $userdata->user_level; $post_author = $userdata->ID; if ($user_level > 0) { $post_title = xmlrpc_getposttitle($content); if ($post_title == '') { $post_title = $subject; } echo "Subject : " . mb_conv($post_title, $GLOBALS['blog_charset'], $sub_charset) . " <br />\n"; $post_category = get_settings('default_category'); if (preg_match('/<category>(.+?)<\\/category>/is', $content, $matchcat)) { $post_category = xmlrpc_getpostcategory($content); $content = xmlrpc_removepostdata($content); } if (empty($post_category)) { $post_category = get_settings('default_post_category'); } echo "Category : {$post_category} <br />\n"; $post_category = explode(',', $post_category); if (!get_settings('emailtestonly')) { $content = preg_replace('|\\n([^\\n])|', " \$1", trim($content)); $content_before = ""; $content_after = ""; for ($i = 0; $i < count($attaches); $i++) { $create_thumbs = $attaches[$i]['type'] == 'mix' ? 1 : 0; list($file_name, $is_img, $orig_name) = wp_getattach($attaches[$i]['body'], "user-" . trim($post_author), $create_thumbs); if ($file_name) { if ($attaches[$i]['type'] == 'relate') { $content = preg_replace("/cid:" . preg_quote($attaches[$i]['id']) . "/", get_settings('fileupload_url') . '/' . $file_name, $content); } else { if (isset($img_target) && $img_target) { $img_target = ' target="' . $img_target . '"'; } else { $img_target = ''; } if ($is_img) { if (file_exists(get_settings('fileupload_realpath') . "/thumb-" . $file_name)) { $content_before .= "<a href=\"" . get_settings('fileupload_url') . '/' . rawurlencode($file_name) . "\"" . $img_target . "><img style=\"float: left;\" hspace=\"6\" src=\"" . get_settings('fileupload_url') . '/thumb-' . rawurlencode($file_name) . "\" alt=\"" . $orig_name . "\" title=\"" . $orig_name . "\" /></a>"; } else { $content_before .= "<a href=\"" . get_settings('fileupload_url') . '/' . rawurlencode($file_name) . "\"" . $img_target . "><img style=\"float: left;\" hspace=\"6\" src=\"" . get_settings('fileupload_url') . '/' . rawurlencode($file_name) . "\" alt=\"" . $orig_name . "\" title=\"" . $orig_name . "\" /></a>"; } } else { $content_after .= "<a href=\"" . wp_siteurl() . "/wp-download.php?from=" . rawurlencode($file_name) . "&fname=" . urlencode($orig_name) . "\"" . $img_target . "><img style=\"float: left;\" hspace=\"6\" src=\"" . wp_siteurl() . "/wp-images/file.gif\" alt=\"" . $orig_name . "\" title=\"" . $orig_name . "\" />" . $orig_name . "</a>"; } } } } $content = $content_before . $content . "<br clear=\"left\" />" . $content_after; $postHandler =& wp_handler('Post'); $postObject =& $postHandler->create(); $postObject->setVar('post_content', $content, true); $postObject->setVar('post_title', trim(mb_conv($post_title, $GLOBALS['blog_charset'], $sub_charset)), true); $postObject->setVar('post_date', $post_date, true); $postObject->setVar('post_author', $post_author, true); $postObject->setVar('post_category', $post_category[0], true); $postObject->setVar('post_name', sanitize_title($post_title), true); if ($flat < 500) { $postObject->setVar('post_lat', $flat, true); $postObject->setVar('post_lon', $flon, true); } $postObject->setVar('post_status', get_settings('default_post_status'), true); $postObject->setVar('ping_status', get_settings('default_ping_status'), true); $postObject->setVar('comment_status', get_settings('default_comment_status'), true); if (!$postHandler->insert($postObject, true)) { echo "<b>Error: Insert New Post</b><br />"; } $post_ID = $postObject->getVar('ID'); echo "Post ID = {$post_ID}<br />\n"; $postObject->assignCategories($post_category, true); do_action('publish_post', $post_ID); do_action('publish_phone', $post_ID); if ($flat < 500) { pingGeoUrl($post_ID); } $blog_ID = 1; pingWeblogs($blog_ID); pingback($content, $post_ID); } echo "\n<p><b>Posted title:</b> {$post_title}<br />\n"; echo "<b>Posted content:</b><br /><pre>" . $content . "</pre></p>\n"; if (!$GLOBALS['wp_pop3']->delete($mail_num)) { echo "<p>Oops " . $GLOBALS['wp_pop3']->ERROR . "</p></div>\n"; $GLOBALS['wp_pop3']->reset(); return; } else { echo "<p>Mission complete, message <strong>{$mail_num}</strong> deleted.</p>\n"; } } else { echo "<p><strong>Level 0 users can\\'t post.</strong></p>\n"; } echo "</div>\n"; } } $GLOBALS['wp_pop3']->quit(); timer_stop($GLOBALS['wp_mail_debug']); return; }
$content = substr($content, 0, $os_terminator); } } $content = trim($content); $UserCache =& get_Cache('UserCache'); $loop_User =& $UserCache->get_by_login($user_login); // --- get infos from content ----------- $post_title = xmlrpc_getposttitle($content); if ($post_title == '') { $post_title = $subject; } if (!($post_category = xmlrpc_getpostcategory($content))) { $post_category = $Settings->get('eblog_default_category'); } echo_message('•<b>' . T_('Category ID') . ':</b> ' . $post_category . '<br />', '', 3); $content = xmlrpc_removepostdata($content); $blog_ID = get_catblog($post_category); // TODO: should not die, if cat does not exist! echo_message('•<b>' . T_('Blog ID') . ':</b> ' . $blog_ID . '<br />', '', 3); // Check permission: echo_message('•' . sprintf(T_('Checking permissions for user «%s» to post to Blog #%d'), $user_login, $blog_ID) . ' '); if (!$loop_User->check_perm('blog_post!published', 'edit', false, $blog_ID)) { echo_message('[ ' . T_('Permission denied') . ' ]', 'red'); continue; } else { echo_message('[ ' . T_('Pass') . ' ]<br />', 'green'); } // todo: finish this last section if (!$test_type > 0) { // CHECK and FORMAT content $post_title = format_to_post(trim($post_title), 0, 0);
function bloggereditpost($m) { global $xmlrpcerruser; // import user errcode value global $blog_ID, $cache_userdata, $tableposts, $use_rss, $use_weblogsping, $post_autobr; global $post_default_title, $post_default_category, $sleep_after_edit; $err = ""; dbconnect(); $post_ID = $m->getParam(1); $username = $m->getParam(2); $password = $m->getParam(3); $newcontent = $m->getParam(4); $post_ID = $post_ID->scalarval(); $username = $username->scalarval(); $password = $password->scalarval(); $newcontent = $newcontent->scalarval(); $sql = "SELECT * FROM {$tableposts} WHERE ID = '{$post_ID}'"; $result = @mysql_query($sql); if (!$result) { return new xmlrpcresp(0, $xmlrpcerruser + 2, "No such post."); } $userdata = get_userdatabylogin($username); $user_ID = $userdata["ID"]; $user_level = $userdata["user_level"]; $postdata = get_postdata($post_ID); $post_authordata = get_userdata($postdata["Author_ID"]); $post_author_ID = $postdata["Author_ID"]; if ($user_ID != $post_author_ID && $user_level <= $post_authordata["user_level"]) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Sorry, you do not have the right to edit this post"); } if (user_pass_ok($username, $password)) { if ($user_level < 1) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Sorry, level 0 users can not edit posts"); } $content = $newcontent; $post_title = addslashes(xmlrpc_getposttitle($content)); $post_category = xmlrpc_getpostcategory($content); $content = xmlrpc_removepostdata($content); $content = format_to_post($content); $sql = "UPDATE {$tableposts} SET post_content='{$content}', post_title='{$post_title}', post_category='{$post_category}' WHERE ID = '{$post_ID}'"; $result = mysql_query($sql); if (!$result) { return new xmlrpcresp(0, $xmlrpcerruser + 2, "For some strange yet very annoying reason, the entry couldn't be edited."); } if (!isset($blog_ID)) { $blog_ID = 1; } if (isset($sleep_after_edit) && $sleep_after_edit > 0) { sleep($sleep_after_edit); } rss_update($blog_ID); pingWeblogs($blog_ID); return new xmlrpcresp(new xmlrpcval("1", "boolean")); } else { return new xmlrpcresp(0, $xmlrpcerruser + 3, 'Wrong username/password combination ' . $username . ' / ' . starify($password)); } }
/** * Read messages from server and create posts * * @param resource $mbox created by pbm_connect() (by reference) * @param integer the number of messages to process * @return boolean true on success */ function pbm_process_messages(&$mbox, $limit) { global $Settings; global $pbm_item_files, $pbm_messages, $pbm_items, $post_cntr, $del_cntr, $is_cron_mode; // No execution time limit set_max_execution_time(0); // Are we in test mode? $test_mode_on = $Settings->get('eblog_test_mode'); $post_cntr = 0; $del_cntr = 0; for ($index = 1; $index <= $limit; $index++) { pbm_msg('<hr /><h3>Processing message #' . $index . ':</h3>'); $strbody = ''; $hasAttachment = false; $hasRelated = false; $pbm_item_files = array(); // reset the value for each new Item // Save email to hard drive, otherwise attachments may take a lot of RAM if (!($tmpMIME = tempnam(sys_get_temp_dir(), 'b2evoMail'))) { pbm_msg(T_('Could not create temporary file.'), true); continue; } imap_savebody($mbox, $tmpMIME, $index); // Create random temp directory for message parts $tmpDirMIME = pbm_tempdir(sys_get_temp_dir(), 'b2evo_'); $mimeParser = new mime_parser_class(); $mimeParser->mbox = 0; // Set to 0 for parsing a single message file $mimeParser->decode_headers = 1; $mimeParser->ignore_syntax_errors = 1; $mimeParser->extract_addresses = 0; $MIMEparameters = array('File' => $tmpMIME, 'SaveBody' => $tmpDirMIME, 'SkipBody' => 1); if (!$mimeParser->Decode($MIMEparameters, $decodedMIME)) { pbm_msg(sprintf('MIME message decoding error: %s at position %d.', $mimeParser->error, $mimeParser->error_position), true); rmdir_r($tmpDirMIME); unlink($tmpMIME); continue; } else { pbm_msg('MIME message decoding successful'); if (!$mimeParser->Analyze($decodedMIME[0], $parsedMIME)) { pbm_msg(sprintf('MIME message analyse error: %s', $mimeParser->error), true); rmdir_r($tmpDirMIME); unlink($tmpMIME); continue; } // Get message $subject and $post_date from headers (by reference) if (!pbm_process_header($parsedMIME, $subject, $post_date)) { // Couldn't process message headers rmdir_r($tmpDirMIME); unlink($tmpMIME); continue; } // TODO: handle type == "message" recursively // sam2kb> For some reason imap_qprint() demages HTML text... needs more testing if ($parsedMIME['Type'] == 'html') { // Mail is HTML if ($Settings->get('eblog_html_enabled')) { // HTML posting enabled pbm_msg('HTML message part saved as ' . $parsedMIME['DataFile']); $html_body = file_get_contents($parsedMIME['DataFile']); } foreach ($parsedMIME['Alternative'] as $alternative) { // First try to get HTML alternative (when possible) if ($alternative['Type'] == 'html' && $Settings->get('eblog_html_enabled')) { // HTML text pbm_msg('HTML alternative message part saved as ' . $alternative['DataFile']); // sam2kb> TODO: we may need to use $html_body here instead $strbody = file_get_contents($alternative['DataFile']); break; // stop after first alternative } elseif ($alternative['Type'] == 'text') { // Plain text pbm_msg('Text alternative message part saved as ' . $alternative['DataFile']); $strbody = imap_qprint(file_get_contents($alternative['DataFile'])); break; // stop after first alternative } } } elseif ($parsedMIME['Type'] == 'text') { // Mail is plain text pbm_msg('Plain-text message part saved as ' . $parsedMIME['DataFile']); $strbody = imap_qprint(file_get_contents($parsedMIME['DataFile'])); } // Check for attachments if (!empty($parsedMIME['Attachments'])) { $hasAttachment = true; foreach ($parsedMIME['Attachments'] as $file) { pbm_msg('Attachment: ' . $file['FileName'] . ' stored as ' . $file['DataFile']); } } // Check for inline images if (!empty($parsedMIME['Related'])) { $hasRelated = true; foreach ($parsedMIME['Related'] as $file) { pbm_msg('Related file with content ID: ' . $file['ContentID'] . ' stored as ' . $file['DataFile']); } } if (count($mimeParser->warnings) > 0) { pbm_msg(sprintf('<h4>%d warnings during decode:</h4>', count($mimeParser->warnings))); foreach ($mimeParser->warnings as $k => $v) { pbm_msg('Warning: ' . $v . ' at position ' . $k); } } } unlink($tmpMIME); if (empty($html_body)) { // Plain text message pbm_msg('Message type: TEXT'); pbm_msg('Message body: <pre style="font-size:10px">' . htmlspecialchars($strbody) . '</pre>'); // Process body. First fix different line-endings (dos, mac, unix), remove double newlines $content = str_replace(array("\r", "\n\n"), "\n", trim($strbody)); // First see if there's an <auth> tag with login and password if (($auth = pbm_get_auth_tag($content)) === false) { // No <auth> tag, let's detect legacy "username:password" on the first line $a_body = explode("\n", $content, 2); // tblue> splitting only into 2 parts allows colons in the user PW // Note: login and password cannot include '<' ! $auth = explode(':', strip_tags($a_body[0]), 2); // Drop the first line with username and password $content = $a_body[1]; } } else { // HTML message pbm_msg('Message type: HTML'); if (($parsed_message = pbm_prepare_html_message($html_body)) === false) { // No 'auth' tag provided, skip to the next message rmdir_r($tmpDirMIME); continue; } list($auth, $content) = $parsed_message; } // TODO: dh> should the password really get trimmed here?! $user_pass = isset($auth[1]) ? trim(remove_magic_quotes($auth[1])) : NULL; $user_login = trim(evo_strtolower(remove_magic_quotes($auth[0]))); if (empty($user_login) || empty($user_pass)) { pbm_msg(sprintf(T_('Please add username and password in message body in format %s.'), '"<auth>username:password</auth>"'), true); rmdir_r($tmpDirMIME); continue; } // Authenticate user pbm_msg('Authenticating user: «' . $user_login . '»'); $pbmUser =& pbm_validate_user_password($user_login, $user_pass); if (!$pbmUser) { pbm_msg(sprintf(T_('Authentication failed for user «%s»'), htmlspecialchars($user_login)), true); rmdir_r($tmpDirMIME); continue; } $pbmUser->get_Group(); // Load group if (!empty($is_cron_mode)) { // Assign current User if we are in cron mode. This is needed in order to check user permissions global $current_User; $current_User = duplicate($pbmUser); } // Activate User's locale locale_activate($pbmUser->get('locale')); pbm_msg('<b class="green">Success</b>'); if ($post_categories = xmlrpc_getpostcategories($content)) { $main_cat_ID = array_shift($post_categories); $extra_cat_IDs = $post_categories; pbm_msg('Extra categories: ' . implode(', ', $extra_cat_IDs)); } else { $main_cat_ID = $Settings->get('eblog_default_category'); $extra_cat_IDs = array(); } pbm_msg('Main category ID: ' . $main_cat_ID); $ChapterCache =& get_ChapterCache(); $pbmChapter =& $ChapterCache->get_by_ID($main_cat_ID, false, false); if (empty($pbmChapter)) { pbm_msg(sprintf(T_('Requested category %s does not exist!'), $main_cat_ID), true); rmdir_r($tmpDirMIME); continue; } $blog_ID = $pbmChapter->blog_ID; pbm_msg('Blog ID: ' . $blog_ID); $BlogCache =& get_BlogCache(); $pbmBlog =& $BlogCache->get_by_ID($blog_ID, false, false); if (empty($pbmBlog)) { pbm_msg(sprintf(T_('Requested blog %s does not exist!'), $blog_ID), true); rmdir_r($tmpDirMIME); continue; } // Check permission: pbm_msg(sprintf('Checking permissions for user «%s» to post to Blog #%d', $user_login, $blog_ID)); if (!$pbmUser->check_perm('blog_post!published', 'edit', false, $blog_ID)) { pbm_msg(T_('Permission denied.'), true); rmdir_r($tmpDirMIME); continue; } if (($hasAttachment || $hasRelated) && !$pbmUser->check_perm('files', 'add', false, $blog_ID)) { pbm_msg(T_('You have no permission to add/upload files.'), true); rmdir_r($tmpDirMIME); continue; } pbm_msg('<b class="green">Success</b>'); // Remove content after terminator $eblog_terminator = $Settings->get('eblog_body_terminator'); if (!empty($eblog_terminator) && ($os_terminator = evo_strpos($content, $eblog_terminator)) !== false) { $content = evo_substr($content, 0, $os_terminator); } $post_title = pbm_get_post_title($content, $subject); // Remove 'title' and 'category' tags $content = xmlrpc_removepostdata($content); // Remove <br> tags from string start and end // We do it here because there might be extra <br> left after deletion of <auth>, <category> and <title> tags $content = preg_replace(array('~^(\\s*<br[\\s/]*>\\s*){1,}~i', '~(\\s*<br[\\s/]*>\\s*){1,}$~i'), '', $content); if ($hasAttachment || $hasRelated) { // Handle attachments if (isset($GLOBALS['files_Module'])) { if ($mediadir = $pbmBlog->get_media_dir()) { if ($hasAttachment) { pbm_process_attachments($content, $parsedMIME['Attachments'], $mediadir, $pbmBlog->get_media_url(), $Settings->get('eblog_add_imgtag'), 'attach'); } if ($hasRelated) { pbm_process_attachments($content, $parsedMIME['Related'], $mediadir, $pbmBlog->get_media_url(), true, 'related'); } } else { pbm_msg(T_('Unable to access media directory. No attachments processed.'), true); } } else { pbm_msg(T_('Files module is disabled or missing!'), true); } } // CHECK and FORMAT content global $Plugins; $renderer_params = array('Blog' => &$pbmBlog, 'setting_name' => 'coll_apply_rendering'); $renderers = $Plugins->validate_renderer_list($Settings->get('eblog_renderers'), $renderer_params); pbm_msg('Applying the following text renderers: ' . implode(', ', $renderers)); // Do some optional filtering on the content // Typically stuff that will help the content to validate // Useful for code display // Will probably be used for validation also $Plugins_admin =& get_Plugins_admin(); $params = array('object_type' => 'Item', 'object_Blog' => &$pbmBlog); $Plugins_admin->filter_contents($post_title, $content, $renderers, $params); pbm_msg('Filtered post content: <pre style="font-size:10px">' . htmlspecialchars($content) . '</pre>'); $context = $Settings->get('eblog_html_tag_limit') ? 'commenting' : 'posting'; $post_title = check_html_sanity($post_title, $context, $pbmUser); $content = check_html_sanity($content, $context, $pbmUser); global $Messages; if ($Messages->has_errors()) { // Make it easier for user to find and correct the errors pbm_msg("\n" . sprintf(T_('Processing message: %s'), $post_title), true); pbm_msg($Messages->get_string(T_('Cannot post, please correct these errors:'), 'error'), true); $Messages->clear(); rmdir_r($tmpDirMIME); continue; } if ($test_mode_on) { // Test mode pbm_msg('<b class="green">It looks like the post can be successfully saved in the database. However we will not do it in test mode.</b>'); } else { load_class('items/model/_item.class.php', 'Item'); global $pbm_items, $DB, $localtimenow; $post_status = 'published'; pbm_msg(sprintf('<h4>Saving item "%s" in the database</h4>', $post_title)); // INSERT NEW POST INTO DB: $edited_Item = new Item(); $edited_Item->set_creator_User($pbmUser); $edited_Item->set($edited_Item->lasteditor_field, $pbmUser->ID); $edited_Item->set('title', $post_title); $edited_Item->set('content', $content); $edited_Item->set('datestart', $post_date); $edited_Item->set('datemodified', date('Y-m-d H:i:s', $localtimenow)); $edited_Item->set('main_cat_ID', $main_cat_ID); $edited_Item->set('extra_cat_IDs', $extra_cat_IDs); $edited_Item->set('status', $post_status); $edited_Item->set('locale', $pbmUser->locale); $edited_Item->set('renderers', $renderers); // INSERT INTO DB: $edited_Item->dbinsert('through_email'); pbm_msg(sprintf('Item created?: ' . (isset($edited_Item->ID) ? 'yes' : 'no'))); // Execute or schedule notifications & pings: $edited_Item->handle_post_processing(true); if (!empty($pbm_item_files)) { // Attach files $FileCache =& get_FileCache(); $order = 1; foreach ($pbm_item_files as $filename) { pbm_msg(sprintf('Saving file "%s" in the database', $filename)); $pbmFile =& $FileCache->get_by_root_and_path('collection', $pbmBlog->ID, $filename); $pbmFile->meta = 'notfound'; // Save time and don't try to load meta from DB, it's not there anyway $pbmFile->dbsave(); pbm_msg(sprintf('File saved?: ' . (isset($pbmFile->ID) ? 'yes' : 'no'))); pbm_msg(sprintf('Attaching file "%s" to the post', $filename)); // Let's make the link! $pbmLink = new Link(); $pbmLink->set('itm_ID', $edited_Item->ID); $pbmLink->set('file_ID', $pbmFile->ID); $pbmLink->set('position', 'aftermore'); $pbmLink->set('order', $order++); $pbmLink->dbinsert(); pbm_msg(sprintf('File attached?: ' . (isset($pbmLink->ID) ? 'yes' : 'no'))); } } // Save posted items sorted by author user for reports $pbm_items['user_' . $pbmUser->ID][] = $edited_Item; ++$post_cntr; } pbm_msg('Message posting successful'); // Delete temporary directory rmdir_r($tmpDirMIME); if (!$test_mode_on && $Settings->get('eblog_delete_emails')) { pbm_msg('Marking message for deletion from inbox: ' . $index); imap_delete($mbox, $index); ++$del_cntr; } } // Expunge messages marked for deletion imap_expunge($mbox); return true; }
/** * blogger.editPost changes the contents of a given post. * * Optionally, will publish the blog the post belongs to after changing the post. * (In b2evo, this means the changed post will be moved to published state). * On success, it returns a boolean true value. * On error, it will return a fault with an error message. * * @see http://www.blogger.com/developers/api/1_docs/xmlrpc_editPost.html * @see http://www.sixapart.com/developers/xmlrpc/blogger_api/bloggereditpost.html * * @param xmlrpcmsg XML-RPC Message * 0 appkey (string): Unique identifier/passcode of the application sending the post. * (See access info {@link http://www.blogger.com/developers/api/1_docs/#access} .) * 1 postid (string): Unique identifier of the post to be changed. * 2 username (string): Login for a Blogger user who has permission to edit the given * post (either the user who originally created it or an admin of the blog). * 3 password (string): Password for said username. * 4 content (string): New content of the post. * 5 publish (boolean): If true, the blog will be published immediately after the * post is made. (In b2evo,this means, the new post will be in 'published' state, * otherwise it would be in draft state). * @return xmlrpcresp XML-RPC Response * * @todo check current status and permission on it */ function blogger_editpost($m) { global $xmlrpcerruser; // import user errcode value global $DB; global $Messages; // CHECK LOGIN: /** * @var User */ if (!($current_User =& xmlrpcs_login($m, 2, 3))) { // Login failed, return (last) error: return xmlrpcs_resperror(); } // GET POST: /** * @var Item */ if (!($edited_Item =& xmlrpcs_get_Item($m, 1))) { // Failed, return (last) error: return xmlrpcs_resperror(); } $content = $m->getParam(4); $content = $content->scalarval(); $publish = $m->getParam(5); $publish = $publish->scalarval(); $status = $publish ? 'published' : 'draft'; logIO("Publish: {$publish} -> Status: {$status}"); $cat_IDs = xmlrpc_getpostcategories($content); if (empty($cat_IDs)) { // There were no categories passed in the content: $main_cat = $edited_Item->main_cat_ID; $cat_IDs = array($main_cat); } else { $main_cat = $cat_IDs[0]; } // CHECK PERMISSION: (we need perm on all categories, especially if they are in different blogs) if (!$current_User->check_perm('cats_post!' . $status, 'edit', false, $cat_IDs)) { // Permission denied return xmlrpcs_resperror(3); // User error 3 } logIO('Permission granted.'); logIO('Main cat: ' . $main_cat); // Check if category exists if (get_the_category_by_ID($main_cat, false) === false) { // Cat does not exist: // fp> TODO use $Blog->get_default_cat_ID(); return xmlrpcs_resperror(11); // User error 11 } $post_date = NULL; $post_title = xmlrpc_getposttitle($content); $content = xmlrpc_removepostdata($content); // COMPLETE VALIDATION & UPDATE: return xmlrpcs_edit_item($edited_Item, $post_title, $content, $post_date, $main_cat, $cat_IDs, $status); }