-
+ BAE832C911C4F2F70AC225DD5ACC050EAD3F3888191C380887EFEB61F27F1736767CE6D2D9B474C80AE7FD09990DF65EF3389899321EFBCCDFA81923FE492F76
mp-wp/wp-trackback.php
(0 . 0)(1 . 119)
161161 <?php
161162 /**
161163 * Handle Trackbacks and Pingbacks sent to WordPress
161164 *
161165 * @package WordPress
161166 */
161167
161168 if (empty($wp)) {
161169 require_once('./wp-load.php');
161170 wp('tb=1');
161171 }
161172
161173 /**
161174 * trackback_response() - Respond with error or success XML message
161175 *
161176 * @param int|bool $error Whether there was an error or not
161177 * @param string $error_message Error message if an error occurred
161178 */
161179
161180 function trackback_response($error = 0, $error_message = '') {
161181 header('Content-Type: text/xml; charset=' . get_option('blog_charset') );
161182 if ($error) {
161183 echo '<?xml version="1.0" encoding="utf-8"?'.">\n";
161184 echo "<response>\n";
161185 echo "<error>1</error>\n";
161186 echo "<message>$error_message</message>\n";
161187 echo "</response>";
161188 die();
161189 } else {
161190 echo '<?xml version="1.0" encoding="utf-8"?'.">\n";
161191 echo "<response>\n";
161192 echo "<error>0</error>\n";
161193 echo "</response>";
161194 }
161195 }
161196
161197 // trackback is done by a POST
161198 $request_array = 'HTTP_POST_VARS';
161199
161200 if ( !$_GET['tb_id'] ) {
161201 $tb_id = explode('/', $_SERVER['REQUEST_URI']);
161202 $tb_id = intval( $tb_id[ count($tb_id) - 1 ] );
161203 }
161204
161205 $tb_url = $_POST['url'];
161206 $charset = $_POST['charset'];
161207
161208 // These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
161209 $title = stripslashes($_POST['title']);
161210 $excerpt = stripslashes($_POST['excerpt']);
161211 $blog_name = stripslashes($_POST['blog_name']);
161212
161213 if ($charset)
161214 $charset = strtoupper( trim($charset) );
161215 else
161216 $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
161217
161218 // No valid uses for UTF-7
161219 if ( false !== strpos($charset, 'UTF-7') )
161220 die();
161221
161222 if ( function_exists('mb_convert_encoding') ) { // For international trackbacks
161223 $title = mb_convert_encoding($title, get_option('blog_charset'), $charset);
161224 $excerpt = mb_convert_encoding($excerpt, get_option('blog_charset'), $charset);
161225 $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset);
161226 }
161227
161228 // Now that mb_convert_encoding() has been given a swing, we need to escape these three
161229 $title = $wpdb->escape($title);
161230 $excerpt = $wpdb->escape($excerpt);
161231 $blog_name = $wpdb->escape($blog_name);
161232
161233 if ( is_single() || is_page() )
161234 $tb_id = $posts[0]->ID;
161235
161236 if ( !intval( $tb_id ) )
161237 trackback_response(1, 'I really need an ID for this to work.');
161238
161239 if (empty($title) && empty($tb_url) && empty($blog_name)) {
161240 // If it doesn't look like a trackback at all...
161241 wp_redirect(get_permalink($tb_id));
161242 exit;
161243 }
161244
161245 if ( !empty($tb_url) && !empty($title) ) {
161246 header('Content-Type: text/xml; charset=' . get_option('blog_charset') );
161247
161248 if ( !pings_open($tb_id) )
161249 trackback_response(1, 'Sorry, trackbacks are closed for this item.');
161250
161251 $title = wp_html_excerpt( $title, 250 ).'...';
161252 $excerpt = wp_html_excerpt( $excerpt, 252 ).'...';
161253
161254 $comment_post_ID = (int) $tb_id;
161255 $comment_author = $blog_name;
161256 $comment_author_email = '';
161257 $comment_author_url = $tb_url;
161258 $comment_content = "<strong>$title</strong>\n\n$excerpt";
161259 $comment_type = 'trackback';
161260
161261 $dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) );
161262 if ( $dupe )
161263 trackback_response(1, 'We already have a ping from that URL for this post.');
161264
161265 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type');
161266
161267
161268 if (gethostbyname(parse_url($tb_url, PHP_URL_HOST)) != $_SERVER['REMOTE_ADDR']) {
161269 trackback_response(1, 'FU Spammer boy.');
161270 exit;
161271 }
161272
161273
161274 wp_new_comment($commentdata);
161275
161276 do_action('trackback_post', $wpdb->insert_id);
161277 trackback_response(0);
161278 }
161279 ?>