Commit 336ee230 authored by Dries's avatar Dries

- Patch #214209 by Arancaytar, pwolanin, gabor, etc: blogapi doesn't confirm node type exist.

parent 1d390ef3
......@@ -184,8 +184,13 @@ function blogapi_blogger_new_post($appkey, $blogid, $username, $password, $conte
return blogapi_error($user);
}
if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
// Return an error if not configured type.
return $error;
}
$edit = array();
$edit['type'] = _blogapi_blogid($blogid);
$edit['type'] = $blogid;
// get the node type defaults
$node_type_default = variable_get('node_options_'. $edit['type'], array('status', 'promote'));
$edit['uid'] = $user->uid;
......@@ -327,12 +332,16 @@ function blogapi_blogger_get_recent_posts($appkey, $blogid, $username, $password
return blogapi_error($user);
}
$type = _blogapi_blogid($blogid);
if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
// Return an error if not configured type.
return $error;
}
if ($bodies) {
$result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts);
$result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $blogid, $user->uid, 0, $number_of_posts);
}
else {
$result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts);
$result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $blogid, $user->uid, 0, $number_of_posts);
}
$blogs = array();
while ($blog = db_fetch_object($result)) {
......@@ -381,8 +390,12 @@ function blogapi_metaweblog_new_media_object($blogid, $username, $password, $fil
* associated with a blog node.
*/
function blogapi_metaweblog_get_category_list($blogid, $username, $password) {
$type = _blogapi_blogid($blogid);
$vocabularies = module_invoke('taxonomy', 'get_vocabularies', $type, 'vid');
if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
// Return an error if not configured type.
return $error;
}
$vocabularies = module_invoke('taxonomy', 'get_vocabularies', $blogid, 'vid');
$categories = array();
if ($vocabularies) {
foreach ($vocabularies as $vocabulary) {
......@@ -685,13 +698,21 @@ function _blogapi_get_post($node, $bodies = TRUE) {
return $xmlrpcval;
}
function _blogapi_blogid($id) {
if (is_numeric($id)) {
return 'blog';
}
else {
return $id;
/**
* Validate blog ID, which maps to a content type in Drupal.
*
* Only content types configured to work with Blog API are supported.
*
* @return
* TRUE if the content type is supported and the user has permission
* to post, or a blogapi_error() XML construct otherwise.
*/
function _blogapi_validate_blogid($blogid) {
$types = _blogapi_get_node_types();
if (in_array($blogid, $types, TRUE)) {
return TRUE;
}
return blogapi_error(t("Blog API module is not configured to support the %type content type, or you don't have sufficient permissions to post this type of content.", array('%type' => $blogid)));
}
function _blogapi_get_node_types() {
......@@ -705,5 +726,3 @@ function _blogapi_get_node_types() {
return $types;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment