diff --git a/modules/blogapi/blogapi.module b/modules/blogapi/blogapi.module index cbe3162499c..40395a8c0a5 100644 --- a/modules/blogapi/blogapi.module +++ b/modules/blogapi/blogapi.module @@ -184,8 +184,13 @@ function blogapi_blogger_new_post($appkey, $blogid, $username, $password, $conte return blogapi_error($user); } + if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) { + // Return an error if not configured type. + return $error; + } + $edit = array(); - $edit['type'] = _blogapi_blogid($blogid); + $edit['type'] = $blogid; // get the node type defaults $node_type_default = variable_get('node_options_'. $edit['type'], array('status', 'promote')); $edit['uid'] = $user->uid; @@ -327,12 +332,16 @@ function blogapi_blogger_get_recent_posts($appkey, $blogid, $username, $password return blogapi_error($user); } - $type = _blogapi_blogid($blogid); + if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) { + // Return an error if not configured type. + return $error; + } + if ($bodies) { - $result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts); + $result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $blogid, $user->uid, 0, $number_of_posts); } else { - $result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts); + $result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $blogid, $user->uid, 0, $number_of_posts); } $blogs = array(); while ($blog = db_fetch_object($result)) { @@ -381,8 +390,12 @@ function blogapi_metaweblog_new_media_object($blogid, $username, $password, $fil * associated with a blog node. */ function blogapi_metaweblog_get_category_list($blogid, $username, $password) { - $type = _blogapi_blogid($blogid); - $vocabularies = module_invoke('taxonomy', 'get_vocabularies', $type, 'vid'); + if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) { + // Return an error if not configured type. + return $error; + } + + $vocabularies = module_invoke('taxonomy', 'get_vocabularies', $blogid, 'vid'); $categories = array(); if ($vocabularies) { foreach ($vocabularies as $vocabulary) { @@ -685,13 +698,21 @@ function _blogapi_get_post($node, $bodies = TRUE) { return $xmlrpcval; } -function _blogapi_blogid($id) { - if (is_numeric($id)) { - return 'blog'; - } - else { - return $id; +/** + * Validate blog ID, which maps to a content type in Drupal. + * + * Only content types configured to work with Blog API are supported. + * + * @return + * TRUE if the content type is supported and the user has permission + * to post, or a blogapi_error() XML construct otherwise. + */ +function _blogapi_validate_blogid($blogid) { + $types = _blogapi_get_node_types(); + if (in_array($blogid, $types, TRUE)) { + return TRUE; } + return blogapi_error(t("Blog API module is not configured to support the %type content type, or you don't have sufficient permissions to post this type of content.", array('%type' => $blogid))); } function _blogapi_get_node_types() { @@ -705,5 +726,3 @@ function _blogapi_get_node_types() { return $types; } - -