From 7854ebaeab3716ac4daf9f38c8f2774da3eb1c9a Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Wed, 19 Sep 2012 01:27:21 +0000
Subject: [PATCH] XML-RPC: Have the deprecated login_pass_ok() method wrap
 login(). Move it below login() so the proper method is found first. see
 #21907.

git-svn-id: https://develop.svn.wordpress.org/trunk@21910 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/class-wp-xmlrpc-server.php | 55 +++++++++-----------------
 1 file changed, 19 insertions(+), 36 deletions(-)

diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php
index f8d0428ea4..0f0a813aaa 100644
--- a/wp-includes/class-wp-xmlrpc-server.php
+++ b/wp-includes/class-wp-xmlrpc-server.php
@@ -161,49 +161,16 @@ class wp_xmlrpc_server extends IXR_Server {
 		return $number1 + $number2;
 	}
 
-	/**
-	 * Check user's credentials.
-	 *
-	 * @since 1.5.0
-	 *
-	 * @param string $user_login User's username.
-	 * @param string $user_pass User's password.
-	 * @return bool Whether authentication passed.
-	 * @deprecated use wp_xmlrpc_server::login
-	 * @see wp_xmlrpc_server::login
-	 */
-	function login_pass_ok($user_login, $user_pass) {
-
-		// Respect any old filters against get_option() for 'enable_xmlrpc'.
-		$enabled = apply_filters( 'pre_option_enable_xmlrpc', false ); // Deprecated
-		if ( false === $enabled )
-			$enabled = apply_filters( 'option_enable_xmlrpc', true ); // Deprecated
-
-		// Proper filter for turning off XML-RPC. It is on by default.
-		$enabled = apply_filters( 'xmlrpc_enabled', $enabled );
-
-		if ( ! $enabled ) {
-			$this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this site.' ) ) );
-			return false;
-		}
-
-		if (!user_pass_ok($user_login, $user_pass)) {
-			$this->error = new IXR_Error(403, __('Bad login/pass combination.'));
-			return false;
-		}
-		return true;
-	}
-
 	/**
 	 * Log user in.
 	 *
-	 * @since 2.8
+	 * @since 2.8.0
 	 *
 	 * @param string $username User's username.
 	 * @param string $password User's password.
 	 * @return mixed WP_User object if authentication passed, false otherwise
 	 */
-	function login($username, $password) {
+	function login( $username, $password ) {
 		// Respect any old filters against get_option() for 'enable_xmlrpc'.
 		$enabled = apply_filters( 'pre_option_enable_xmlrpc', false ); // Deprecated
 		if ( false === $enabled )
@@ -220,7 +187,7 @@ class wp_xmlrpc_server extends IXR_Server {
 		$user = wp_authenticate($username, $password);
 
 		if (is_wp_error($user)) {
-			$this->error = new IXR_Error(403, __('Bad login/pass combination.'));
+			$this->error = new IXR_Error( 403, __('Bad login/pass combination.' ) );
 			return false;
 		}
 
@@ -228,6 +195,22 @@ class wp_xmlrpc_server extends IXR_Server {
 		return $user;
 	}
 
+	/**
+	 * Check user's credentials. Deprecated.
+	 *
+	 * @since 1.5.0
+	 * @deprecated 2.8.0
+	 * @deprecated use wp_xmlrpc_server::login
+	 * @see wp_xmlrpc_server::login
+	 *
+	 * @param string $username User's username.
+	 * @param string $password User's password.
+	 * @return bool Whether authentication passed.
+	 */
+	function login_pass_ok( $username, $password ) {
+		return (bool) $this->login( $username, $password );
+	}
+
 	/**
 	 * Sanitize string or array of strings for database.
 	 *