diff --git a/modules/blogapi/blogapi.module b/modules/blogapi/blogapi.module
index cbe3162499cbc3e21b391accedfab39bf6233c11..40395a8c0a5ac61039f818b146db9e717f6453e1 100644
--- a/modules/blogapi/blogapi.module
+++ b/modules/blogapi/blogapi.module
@@ -184,8 +184,13 @@ function blogapi_blogger_new_post($appkey, $blogid, $username, $password, $conte
return blogapi_error($user);
}
+ if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
+ // Return an error if not configured type.
+ return $error;
+ }
+
$edit = array();
- $edit['type'] = _blogapi_blogid($blogid);
+ $edit['type'] = $blogid;
// get the node type defaults
$node_type_default = variable_get('node_options_'. $edit['type'], array('status', 'promote'));
$edit['uid'] = $user->uid;
@@ -327,12 +332,16 @@ function blogapi_blogger_get_recent_posts($appkey, $blogid, $username, $password
return blogapi_error($user);
}
- $type = _blogapi_blogid($blogid);
+ if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
+ // Return an error if not configured type.
+ return $error;
+ }
+
if ($bodies) {
- $result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts);
+ $result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $blogid, $user->uid, 0, $number_of_posts);
}
else {
- $result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts);
+ $result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $blogid, $user->uid, 0, $number_of_posts);
}
$blogs = array();
while ($blog = db_fetch_object($result)) {
@@ -381,8 +390,12 @@ function blogapi_metaweblog_new_media_object($blogid, $username, $password, $fil
* associated with a blog node.
*/
function blogapi_metaweblog_get_category_list($blogid, $username, $password) {
- $type = _blogapi_blogid($blogid);
- $vocabularies = module_invoke('taxonomy', 'get_vocabularies', $type, 'vid');
+ if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
+ // Return an error if not configured type.
+ return $error;
+ }
+
+ $vocabularies = module_invoke('taxonomy', 'get_vocabularies', $blogid, 'vid');
$categories = array();
if ($vocabularies) {
foreach ($vocabularies as $vocabulary) {
@@ -685,13 +698,21 @@ function _blogapi_get_post($node, $bodies = TRUE) {
return $xmlrpcval;
}
-function _blogapi_blogid($id) {
- if (is_numeric($id)) {
- return 'blog';
- }
- else {
- return $id;
+/**
+ * Validate blog ID, which maps to a content type in Drupal.
+ *
+ * Only content types configured to work with Blog API are supported.
+ *
+ * @return
+ * TRUE if the content type is supported and the user has permission
+ * to post, or a blogapi_error() XML construct otherwise.
+ */
+function _blogapi_validate_blogid($blogid) {
+ $types = _blogapi_get_node_types();
+ if (in_array($blogid, $types, TRUE)) {
+ return TRUE;
}
+ return blogapi_error(t("Blog API module is not configured to support the %type content type, or you don't have sufficient permissions to post this type of content.", array('%type' => $blogid)));
}
function _blogapi_get_node_types() {
@@ -705,5 +726,3 @@ function _blogapi_get_node_types() {
return $types;
}
-
-