Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/plugins/jetpack/class.jetpack-xmlrpc-server.php
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/jetpack/class.jetpack-xmlrpc-server.php')
-rw-r--r--plugins/jetpack/class.jetpack-xmlrpc-server.php225
1 files changed, 197 insertions, 28 deletions
diff --git a/plugins/jetpack/class.jetpack-xmlrpc-server.php b/plugins/jetpack/class.jetpack-xmlrpc-server.php
index cf01db52..3aa5adb1 100644
--- a/plugins/jetpack/class.jetpack-xmlrpc-server.php
+++ b/plugins/jetpack/class.jetpack-xmlrpc-server.php
@@ -10,22 +10,37 @@ class Jetpack_XMLRPC_Server {
var $error = null;
/**
- * Whitelist of the XML-RPC methods available to the Jetpack Server. If the
+ * Whitelist of the XML-RPC methods available to the Jetpack Server. If the
* user is not authenticated (->login()) then the methods are never added,
* so they will get a "does not exist" error.
*/
- function xmlrpc_methods() {
- if ( !$user = $this->login() ) {
- return array();
+ function xmlrpc_methods( $core_methods ) {
+ $jetpack_methods = array(
+ 'jetpack.jsonAPI' => array( $this, 'json_api' ),
+ 'jetpack.verifyAction' => array( $this, 'verify_action' ),
+ );
+
+ $user = $this->login();
+
+ if ( $user ) {
+ $jetpack_methods = array_merge( $jetpack_methods, array(
+ 'jetpack.testConnection' => array( $this, 'test_connection' ),
+ 'jetpack.testAPIUserCode' => array( $this, 'test_api_user_code' ),
+ 'jetpack.featuresAvailable' => array( $this, 'features_available' ),
+ 'jetpack.featuresEnabled' => array( $this, 'features_enabled' ),
+ 'jetpack.getPost' => array( $this, 'get_post' ),
+ 'jetpack.getPosts' => array( $this, 'get_posts' ),
+ 'jetpack.getComment' => array( $this, 'get_comment' ),
+ 'jetpack.getComments' => array( $this, 'get_comments' ),
+ ) );
+
+ if ( isset( $core_methods['metaWeblog.editPost'] ) ) {
+ $jetpack_methods['metaWeblog.newMediaObject'] = $core_methods['metaWeblog.newMediaObject'];
+ $jetpack_methods['jetpack.updateAttachmentParent'] = array( $this, 'update_attachment_parent' );
+ }
}
- return apply_filters( 'jetpack_xmlrpc_methods', array(
- 'jetpack.testConnection' => array( $this, 'test_connection' ),
- 'jetpack.featuresAvailable' => array( $this, 'features_available' ),
- 'jetpack.featuresEnabled' => array( $this, 'features_enabled' ),
- 'jetpack.getPost' => array( $this, 'get_post' ),
- 'jetpack.getComment' => array( $this, 'get_comment' ),
- ) );
+ return apply_filters( 'jetpack_xmlrpc_methods', $jetpack_methods, $core_methods, $user );
}
/**
@@ -34,12 +49,18 @@ class Jetpack_XMLRPC_Server {
function bootstrap_xmlrpc_methods() {
return array(
'jetpack.verifyRegistration' => array( $this, 'verify_registration' ),
+ 'jetpack.verifyAction' => array( $this, 'verify_action' ),
);
}
/**
- * Verifies that Jetpack.WordPress.com received a registration request from this site
- *
+ * Verifies that Jetpack.WordPress.com received a registration request from this site
+ */
+ function verify_registration( $verify_secret ) {
+ return $this->verify_action( array( 'register', $verify_secret ) );
+ }
+
+ /**
* @return WP_Error|string secret_2 on success, WP_Error( error_code => error_code, error_message => error description, error_data => status code ) on failure
*
* Possible error_codes:
@@ -49,31 +70,34 @@ class Jetpack_XMLRPC_Server {
* verify_secrets_missing: No longer have verification secrets stored
* verify_secrets_mismatch: stored secret_1 does not match secret_1 sent by Jetpack.WordPress.com
*/
- function verify_registration( $verify_secret ) {
+ function verify_action( $params ) {
+ $action = $params[0];
+ $verify_secret = $params[1];
+
if ( empty( $verify_secret ) ) {
return $this->error( new Jetpack_Error( 'verify_secret_1_missing', sprintf( 'The required "%s" parameter is missing.', 'secret_1' ), 400 ) );
} else if ( !is_string( $verify_secret ) ) {
return $this->error( new Jetpack_Error( 'verify_secret_1_malformed', sprintf( 'The required "%s" parameter is malformed.', 'secret_1' ), 400 ) );
}
- $secrets = Jetpack::get_option( 'register' );
+ $secrets = Jetpack::get_option( $action );
if ( !$secrets || is_wp_error( $secrets ) ) {
- Jetpack::delete_option( 'register' );
+ Jetpack::delete_option( $action );
return $this->error( new Jetpack_Error( 'verify_secrets_missing', 'Verification took too long', 400 ) );
}
@list( $secret_1, $secret_2, $secret_eol ) = explode( ':', $secrets );
if ( empty( $secret_1 ) || empty( $secret_2 ) || empty( $secret_eol ) || $secret_eol < time() ) {
- Jetpack::delete_option( 'register' );
+ Jetpack::delete_option( $action );
return $this->error( new Jetpack_Error( 'verify_secrets_missing', 'Verification took too long', 400 ) );
}
if ( $verify_secret !== $secret_1 ) {
- Jetpack::delete_option( 'register' );
+ Jetpack::delete_option( $action );
return $this->error( new Jetpack_Error( 'verify_secrets_mismatch', 'Secret mismatch', 400 ) );
}
- Jetpack::delete_option( 'register' );
+ Jetpack::delete_option( $action );
return $secret_2;
}
@@ -132,7 +156,50 @@ class Jetpack_XMLRPC_Server {
* @return bool|IXR_Error
*/
function test_connection() {
- return true;
+ return JETPACK__VERSION;
+ }
+
+ function test_api_user_code( $args ) {
+ $client_id = (int) $args[0];
+ $user_id = (int) $args[1];
+ $nonce = (string) $args[2];
+ $verify = (string) $args[3];
+
+ if ( !$client_id || !$user_id || !strlen( $nonce ) || 32 !== strlen( $verify ) ) {
+ return false;
+ }
+
+ $user = get_user_by( 'id', $user_id );
+ if ( !$user || is_wp_error( $user ) ) {
+ return false;
+ }
+
+ /* debugging
+ error_log( "CLIENT: $client_id" );
+ error_log( "USER: $user_id" );
+ error_log( "NONCE: $nonce" );
+ error_log( "VERIFY: $verify" );
+ */
+
+ $jetpack_token = Jetpack_Data::get_access_token( JETPACK_MASTER_USER );
+
+ $api_user_code = get_user_meta( $user_id, "jetpack_json_api_$client_id", true );
+ if ( !$api_user_code ) {
+ return false;
+ }
+
+ $hmac = hash_hmac( 'md5', json_encode( (object) array(
+ 'client_id' => (int) $client_id,
+ 'user_id' => (int) $user_id,
+ 'nonce' => (string) $nonce,
+ 'code' => (string) $api_user_code,
+ ) ), $jetpack_token->secret );
+
+ if ( $hmac !== $verify ) {
+ return false;
+ }
+
+ return $user_id;
}
/**
@@ -164,35 +231,137 @@ class Jetpack_XMLRPC_Server {
return $modules;
}
-
+
function get_post( $id ) {
if ( !$id = (int) $id ) {
return false;
}
$jetpack = Jetpack::init();
- $post = $jetpack->get_post( $id );
- if ( $jetpack->is_post_public( $post ) )
- return $post;
+ $post = $jetpack->sync->get_post( $id );
+ return $post;
+ }
- return false;
+ function get_posts( $args ) {
+ list( $post_ids ) = $args;
+ $post_ids = array_map( 'intval', (array) $post_ids );
+ $jp = Jetpack::init();
+ $sync_data = $jp->sync->get_content( array( 'posts' => $post_ids ) );
+
+ return $sync_data;
}
-
+
function get_comment( $id ) {
if ( !$id = (int) $id ) {
return false;
}
$jetpack = Jetpack::init();
- $comment = $jetpack->get_comment( $id );
+ $comment = $jetpack->sync->get_comment( $id );
if ( !is_array( $comment ) )
return false;
- if ( !$this->get_post( $comment['comment_post_ID'] ) )
+ $post = $jetpack->sync->get_post( $comment['comment_post_ID'] );
+ if ( !$post ) {
return false;
+ }
return $comment;
}
+
+ function get_comments( $args ) {
+ list( $comment_ids ) = $args;
+ $comment_ids = array_map( 'intval', (array) $comment_ids );
+ $jp = Jetpack::init();
+ $sync_data = $jp->sync->get_content( array( 'comments' => $comment_ids ) );
+
+ return $sync_data;
+ }
+
+ function update_attachment_parent( $args ) {
+ $attachment_id = (int) $args[0];
+ $parent_id = (int) $args[1];
+
+ return wp_update_post( array(
+ 'ID' => $attachment_id,
+ 'post_parent' => $parent_id,
+ ) );
+ }
+
+ function json_api( $args = array() ) {
+ $json_api_args = $args[0];
+ $verify_api_user_args = $args[1];
+
+ $method = (string) $json_api_args[0];
+ $url = (string) $json_api_args[1];
+ $post_body = is_null( $json_api_args[2] ) ? null : (string) $json_api_args[2];
+ $my_id = (int) $json_api_args[3];
+ $user_details = (array) $json_api_args[4];
+
+ if ( !$verify_api_user_args ) {
+ $user_id = 0;
+ } elseif ( 'internal' === $verify_api_user_args[0] ) {
+ $user_id = (int) $verify_api_user_args[1];
+ if ( $user_id ) {
+ $user = get_user_by( 'id', $user_id );
+ if ( !$user || is_wp_error( $user ) ) {
+ return false;
+ }
+ }
+ } else {
+ $user_id = call_user_func( array( $this, 'test_api_user_code' ), $verify_api_user_args );
+ if ( !$user_id ) {
+ return false;
+ }
+ }
+
+ /* debugging
+ error_log( "-- begin json api via jetpack debugging -- " );
+ error_log( "METHOD: $method" );
+ error_log( "URL: $url" );
+ error_log( "POST BODY: $post_body" );
+ error_log( "MY JETPACK ID: $my_id" );
+ error_log( "VERIFY_ARGS: " . print_r( $verify_api_user_args, 1 ) );
+ error_log( "VERIFIED USER_ID: " . (int) $user_id );
+ error_log( "-- end json api via jetpack debugging -- " );
+ */
+
+ $old_user = wp_get_current_user();
+ wp_set_current_user( $user_id );
+
+ $token = Jetpack_Data::get_access_token( get_current_user_id() );
+ if ( !$token || is_wp_error( $token ) ) {
+ return false;
+ }
+
+ define( 'REST_API_REQUEST', true );
+ define( 'WPCOM_JSON_API__BASE', 'public-api.wordpress.com/rest/v1' );
+
+ // needed?
+ require_once ABSPATH . 'wp-admin/includes/admin.php';
+
+ require_once dirname( __FILE__ ) . '/class.json-api.php';
+ $api = WPCOM_JSON_API::init( $method, $url, $post_body );
+ $api->token_details['user'] = $user_details;
+ require_once dirname( __FILE__ ) . '/class.json-api-endpoints.php';
+
+ $display_errors = ini_set( 'display_errors', 0 );
+ ob_start();
+ $content_type = $api->serve( false );
+ $output = ob_get_clean();
+ ini_set( 'display_errors', $display_errors );
+
+ $nonce = wp_generate_password( 10, false );
+ $hmac = hash_hmac( 'md5', $nonce . $output, $token->secret );
+
+ wp_set_current_user( isset( $old_user->ID ) ? $old_user->ID : 0 );
+
+ return array(
+ (string) $output,
+ (string) $nonce,
+ (string) $hmac,
+ );
+ }
}