root/tags/1.3/xmlrpc.php

<?php

define('XMLRPC_REQUEST', true);

// Some browser-embedded clients send cookies. We don't want them.
$_COOKIE = array();

// A bug in PHP < 5.2.2 makes $HTTP_RAW_POST_DATA not set by default,
// but we can do it ourself.
if ( !isset( $HTTP_RAW_POST_DATA ) ) {
    $HTTP_RAW_POST_DATA = file_get_contents( 'php://input' );
}

# fix for mozBlog and other cases where '<?xml' isn't on the very first line
if ( isset($HTTP_RAW_POST_DATA) )
    $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA);

include('./wp-config.php');

if ( isset( $_GET['rsd'] ) ) { // http://archipelago.phrasewise.com/rsd
header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true);

?>
<?php echo '<?xml version="1.0" encoding="'.get_option('blog_charset').'"?'.'>'; ?>
<rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd">
  <service>
    <engineName>WordPress</engineName>
    <engineLink>http://wordpress.org/</engineLink>
    <homePageLink><?php bloginfo_rss('url') ?></homePageLink>
    <apis>
      <api name="WordPress" blogID="1" preferred="true" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
      <api name="Movable Type" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
      <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
      <api name="Blogger" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
    </apis>
  </service>
</rsd>
<?php
exit;
}

include_once(ABSPATH . 'wp-admin/includes/admin.php');
include_once(ABSPATH . WPINC . '/class-IXR.php');

// Turn off all warnings and errors.
// error_reporting(0);

$post_default_title = ""; // posts submitted via the xmlrpc interface get that title

$xmlrpc_logging = 0;

function logIO($io,$msg) {
    global $xmlrpc_logging;
    if ($xmlrpc_logging) {
        $fp = fopen("../xmlrpc.log","a+");
        $date = gmdate("Y-m-d H:i:s ");
        $iot = ($io == "I") ? " Input: " : " Output: ";
        fwrite($fp, "\n\n".$date.$iot.$msg);
        fclose($fp);
    }
    return true;
    }

function starify($string) {
    $i = strlen($string);
    return str_repeat('*', $i);
}

if ( isset($HTTP_RAW_POST_DATA) )
  logIO("I", $HTTP_RAW_POST_DATA);


class wp_xmlrpc_server extends IXR_Server {

    function wp_xmlrpc_server() {
        $this->methods = array(
            // WordPress API
            'wp.getPage'            => 'this:wp_getPage',
            'wp.getPages'            => 'this:wp_getPages',
            'wp.newPage'            => 'this:wp_newPage',
            'wp.deletePage'            => 'this:wp_deletePage',
            'wp.editPage'            => 'this:wp_editPage',
            'wp.getPageList'        => 'this:wp_getPageList',
            'wp.getAuthors'            => 'this:wp_getAuthors',
            'wp.getCategories'        => 'this:mw_getCategories',        // Alias
            'wp.newCategory'        => 'this:wp_newCategory',
            'wp.suggestCategories'    => 'this:wp_suggestCategories',
            'wp.uploadFile'            => 'this:mw_newMediaObject',    // Alias

            // Blogger API
            'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs',
            'blogger.getUserInfo' => 'this:blogger_getUserInfo',
            'blogger.getPost' => 'this:blogger_getPost',
            'blogger.getRecentPosts' => 'this:blogger_getRecentPosts',
            'blogger.getTemplate' => 'this:blogger_getTemplate',
            'blogger.setTemplate' => 'this:blogger_setTemplate',
            'blogger.newPost' => 'this:blogger_newPost',
            'blogger.editPost' => 'this:blogger_editPost',
            'blogger.deletePost' => 'this:blogger_deletePost',

            // MetaWeblog API (with MT extensions to structs)
            'metaWeblog.newPost' => 'this:mw_newPost',
            'metaWeblog.editPost' => 'this:mw_editPost',
            'metaWeblog.getPost' => 'this:mw_getPost',
            'metaWeblog.getRecentPosts' => 'this:mw_getRecentPosts',
            'metaWeblog.getCategories' => 'this:mw_getCategories',
            'metaWeblog.newMediaObject' => 'this:mw_newMediaObject',

            // MetaWeblog API aliases for Blogger API
            // see http://www.xmlrpc.com/stories/storyReader$2460
            'metaWeblog.deletePost' => 'this:blogger_deletePost',
            'metaWeblog.getTemplate' => 'this:blogger_getTemplate',
            'metaWeblog.setTemplate' => 'this:blogger_setTemplate',
            'metaWeblog.getUsersBlogs' => 'this:blogger_getUsersBlogs',

            // MovableType API
            'mt.getCategoryList' => 'this:mt_getCategoryList',
            'mt.getRecentPostTitles' => 'this:mt_getRecentPostTitles',
            'mt.getPostCategories' => 'this:mt_getPostCategories',
            'mt.setPostCategories' => 'this:mt_setPostCategories',
            'mt.supportedMethods' => 'this:mt_supportedMethods',
            'mt.supportedTextFilters' => 'this:mt_supportedTextFilters',
            'mt.getTrackbackPings' => 'this:mt_getTrackbackPings',
            'mt.publishPost' => 'this:mt_publishPost',

            // PingBack
            'pingback.ping' => 'this:pingback_ping',
            'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks',

            'demo.sayHello' => 'this:sayHello',
            'demo.addTwoNumbers' => 'this:addTwoNumbers'
        );
        $this->methods = apply_filters('xmlrpc_methods', $this->methods);
        $this->IXR_Server($this->methods);
    }

    function sayHello($args) {
        return 'Hello!';
    }

    function addTwoNumbers($args) {
        $number1 = $args[0];
        $number2 = $args[1];
        return $number1 + $number2;
    }

    function login_pass_ok($user_login, $user_pass) {
        if (!user_pass_ok($user_login, $user_pass)) {
            $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
            return false;
        }
        return true;
    }

    function escape(&$array) {
        global $wpdb;

        if(!is_array($array)) {
            return($wpdb->escape($array));
        }
        else {
            foreach ( (array) $array as $k => $v ) {
                if (is_array($v)) {
                    $this->escape($array[$k]);
                } else if (is_object($v)) {
                    //skip
                } else {
                    $array[$k] = $wpdb->escape($v);
                }
            }
        }
    }

    /**
     * WordPress XML-RPC API
     * wp_getPage
     */
    function wp_getPage($args) {
        $this->escape($args);

        $blog_id    = (int) $args[0];
        $page_id    = (int) $args[1];
        $username    = $args[2];
        $password    = $args[3];

        if(!$this->login_pass_ok($username, $password)) {
            return($this->error);
        }

        // Lookup page info.
        $page = get_page($page_id);

        // If we found the page then format the data.
        if($page->ID && ($page->post_type == "page")) {
            // Get all of the page content and link.
            $full_page = get_extended($page->post_content);
            $link = post_permalink($page->ID);

            // Get info the page parent if there is one.
            $parent_title = "";
            if(!empty($page->post_parent)) {
                $parent = get_page($page->post_parent);
                $parent_title = $parent->post_title;
            }

            // Determine comment and ping settings.
            $allow_comments = ("open" == $page->comment_status) ? 1 : 0;
            $allow_pings = ("open" == $page->ping_status) ? 1 : 0;

            // Format page date.
            $page_date = mysql2date("Ymd\TH:i:s", $page->post_date);
            $page_date_gmt = mysql2date("Ymd\TH:i:s", $page->post_date_gmt);

            // Pull the categories info together.
            $categories = array();
            foreach(wp_get_post_categories($page->ID) as $cat_id) {
                $categories[] = get_cat_name($cat_id);
            }

            // Get the author info.
            $author = get_userdata($page->post_author);

            $page_struct = array(
                "dateCreated"            => new IXR_Date($page_date),
                "userid"                => $page->post_author,
                "page_id"                => $page->ID,
                "page_status"            => $page->post_status,
                "description"            => $full_page["main"],
                "title"                    => $page->post_title,
                "link"                    => $link,
                "permaLink"                => $link,
                "categories"            => $categories,
                "excerpt"                => $page->post_excerpt,
                "text_more"                => $full_page["extended"],
                "mt_allow_comments"        => $allow_comments,
                "mt_allow_pings"        => $allow_pings,
                "wp_slug"                => $page->post_name,
                "wp_password"            => $page->post_password,
                "wp_author"                => $author->display_name,
                "wp_page_parent_id"        => $page->post_parent,
                "wp_page_parent_title"    => $parent_title,
                "wp_page_order"            => $page->menu_order,
                "wp_author_id"            => $author->ID,
                "wp_author_display_name"    => $author->display_name,
                "date_created_gmt"        => new IXR_Date($page_date_gmt)
            );

            return($page_struct);
        }
        // If the page doesn't exist indicate that.
        else {
            return(new IXR_Error(404, __("Sorry, no such page.")));
        }
    }

    /**
     * WordPress XML-RPC API
      * wp_getPages
     */
    function wp_getPages($args) {
        $this->escape($args);

        $blog_id    = (int) $args[0];
        $username    = $args[1];
        $password    = $args[2];

        if(!$this->login_pass_ok($username, $password)) {
            return($this->error);
        }

        // Lookup info on pages.
        $pages = get_pages();
        $num_pages = count($pages);

        // If we have pages, put together their info.
        if($num_pages >= 1) {
            $pages_struct = array();

            for($i = 0; $i < $num_pages; $i++) {
                $page = wp_xmlrpc_server::wp_getPage(array(
                    $blog_id, $pages[$i]->ID, $username, $password
                ));
                $pages_struct[] = $page;
            }

            return($pages_struct);
        }
        // If no pages were found return an error.
        else {
            return(array());
        }
    }

    /**
     * WordPress XML-RPC API
      * wp_newPage
     */
    function wp_newPage($args) {
        // Items not escaped here will be escaped in newPost.
        $username    = $this->escape($args[1]);
        $password    = $this->escape($args[2]);
        $page        = $args[3];
        $publish    = $args[4];

        if(!$this->login_pass_ok($username, $password)) {
            return($this->error);
        }

        // Set the user context and check if they are allowed
        // to add new pages.
        $user = set_current_user(0, $username);
        if(!current_user_can("publish_pages")) {
            return(new IXR_Error(401, __("Sorry, you can not add new pages.")));
        }

        // Mark this as content for a page.
        $args[3]["post_type"] = "page";

        // Let mw_newPost do all of the heavy lifting.
        return($this->mw_newPost($args));
    }

    /**
     * WordPress XML-RPC API
     * wp_deletePage
     */
    function wp_deletePage($args) {
        $this->escape($args);

        $blog_id    = (int) $args[0];
        $username    = $args[1];
        $password    = $args[2];
        $page_id    = (int) $args[3];

        if(!$this->login_pass_ok($username, $password)) {
            return($this->error);
        }

        // Get the current page based on the page_id and
        // make sure it is a page and not a post.
        $actual_page = wp_get_single_post($page_id, ARRAY_A);
        if(
            !$actual_page
            || ($actual_page["post_type"] != "page")
        ) {
            return(new IXR_Error(404, __("Sorry, no such page.")));
        }

        // Set the user context and make sure they can delete pages.
        set_current_user(0, $username);
        if(!current_user_can("delete_page", $page_id)) {
            return(new IXR_Error(401, __("Sorry, you do not have the right to delete this page.")));
        }

        // Attempt to delete the page.
        $result = wp_delete_post($page_id);
        if(!$result) {
            return(new IXR_Error(500, __("Failed to delete the page.")));
        }

        return(true);
    }

    /**
     * WordPress XML-RPC API
     * wp_editPage
     */
    function wp_editPage($args) {
        // Items not escaped here will be escaped in editPost.
        $blog_id    = (int) $args[0];
        $page_id    = (int) $this->escape($args[1]);
        $username    = $this->escape($args[2]);
        $password    = $this->escape($args[3]);
        $content    = $args[4];
        $publish    = $args[5];

        if(!$this->login_pass_ok($username, $password)) {
            return($this->error);
        }

        // Get the page data and make sure it is a page.
        $actual_page = wp_get_single_post($page_id, ARRAY_A);
        if(
            !$actual_page
            || ($actual_page["post_type"] != "page")
        ) {
            return(new IXR_Error(404, __("Sorry, no such page.")));
        }

        // Set the user context and make sure they are allowed to edit pages.
        set_current_user(0, $username);
        if(!current_user_can("edit_page", $page_id)) {
            return(new IXR_Error(401, __("Sorry, you do not have the right to edit this page.")));
        }

        // Mark this as content for a page.
        $content["post_type"] = "page";

        // Arrange args in the way mw_editPost understands.
        $args = array(
            $page_id,
            $username,
            $password,
            $content,
            $publish
        );

        // Let mw_editPost do all of the heavy lifting.
        return($this->mw_editPost($args));
    }

    /**
     * WordPress XML-RPC API
     * wp_getPageList
     */
    function wp_getPageList($args) {
        global $wpdb;

        $this->escape($args);

        $blog_id                = (int) $args[0];
        $username                = $args[1];
        $password                = $args[2];

        if(!$this->login_pass_ok($username, $password)) {
            return($this->error);
        }

        // Get list of pages ids and titles
        $page_list = $wpdb->get_results("
            SELECT ID page_id,
                post_title page_title,
                post_parent page_parent_id,
                post_date_gmt,
                post_date
            FROM {$wpdb->posts}
            WHERE post_type = 'page'
            ORDER BY ID
        ");

        // The date needs to be formated properly.
        $num_pages = count($page_list);
        for($i = 0; $i < $num_pages; $i++) {
            $post_date = mysql2date("Ymd\TH:i:s", $page_list[$i]->post_date);
            $post_date_gmt = mysql2date("Ymd\TH:i:s", $page_list[$i]->post_date_gmt);

            $page_list[$i]->dateCreated = new IXR_Date($post_date);
            $page_list[$i]->date_created_gmt = new IXR_Date($post_date_gmt);

            unset($page_list[$i]->post_date_gmt);
            unset($page_list[$i]->post_date);
        }

        return($page_list);
    }

    /**
     * WordPress XML-RPC API
     * wp_getAuthors
     */
    function wp_getAuthors($args) {
        global $wpdb;

        $this->escape($args);

        $blog_id    = (int) $args[0];
        $username    = $args[1];
        $password    = $args[2];

        if(!$this->login_pass_ok($username, $password)) {
            return($this->error);
        }

        return(get_users_of_blog());
    }

    /**
     * WordPress XML-RPC API
     * wp_newCategory
     */
    function wp_newCategory($args) {
        $this->escape($args);

        $blog_id                = (int) $args[0];
        $username                = $args[1];
        $password                = $args[2];
        $category                = $args[3];

        if(!$this->login_pass_ok($username, $password)) {
            return($this->error);
        }

        // Set the user context and make sure they are
        // allowed to add a category.
        set_current_user(0, $username);
        if(!current_user_can("manage_categories", $page_id)) {
            return(new IXR_Error(401, __("Sorry, you do not have the right to add a category.")));
        }

        // If no slug was provided make it empty so that
        // WordPress will generate one.
        if(empty($category["slug"])) {
            $category["slug"] = "";
        }

        // If no parent_id was provided make it empty
        // so that it will be a top level page (no parent).
        if ( !isset($category["parent_id"]) )
            $category["parent_id"] = "";

        // If no description was provided make it empty.
        if(empty($category["description"])) {
            $category["description"] = "";
        }

        $new_category = array(