Limit what getAuthors exposes. Props josephscott for the patch and xknown for the find. fixes #5534 for 2.4

git-svn-id: https://develop.svn.wordpress.org/trunk@6498 602fd350-edb4-49c9-b593-d223f7449a82
2007-12-26 19:54:35 +00:00 · 2007-12-26 19:54:35 +00:00 · 4eae78fe70
parent 5709654d4b
commit 4eae78fe70
1 changed files with 15 additions and 1 deletions
--- a/xmlrpc.php
+++ b/xmlrpc.php
@ -527,9 +527,23 @@ class wp_xmlrpc_server extends IXR_Server {
 			return($this->error);
 		}

+		set_current_user(0, $username);
+		if(!current_user_can("edit_posts")) {
+			return(new IXR_Error(401, __("Sorry, you can not edit posts on this blog.")));
+        }
+
 		do_action('xmlrpc_call', 'wp.getAuthors');

-		return(get_users_of_blog());
+		$authors = array();
+		foreach( (array) get_users_of_blog() as $row ) {
+			$authors[] = array(
+				"user_id"       => $row->user_id,
+				"user_login"    => $row->user_login,
+				"display_name"  => $row->display_name
+			);
+		}
+
+		return($authors);
 	}

 	/**