PageRenderTime 27ms CodeModel.GetById 1ms RepoModel.GetById 0ms app.codeStats 0ms

/wp-trackback.php

http://github.com/wordpress/wordpress
PHP | 152 lines | 84 code | 24 blank | 44 comment | 21 complexity | 0b86f565bb77cf6fa412a59ece526446 MD5 | raw file
Possible License(s): 0BSD 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Handle Trackbacks and Pingbacks Sent to WordPress
    4. 

  4.  *
    5. 

  5.  * @since 0.71
    6. 

  6.  *
    7. 

  7.  * @package WordPress
    8. 

  8.  * @subpackage Trackbacks
    9. 

  9.  */
    10. 

  10. 

  11. if ( empty( $wp ) ) {
    12. 

  12. 	require_once __DIR__ . '/wp-load.php';
    13. 

  13. 	wp( array( 'tb' => '1' ) );
    14. 

  14. }
    15. 

  15. 

  16. /**
    17. 

  17.  * Response to a trackback.
    18. 

  18.  *
    19. 

  19.  * Responds with an error or success XML message.
    20. 

  20.  *
    21. 

  21.  * @since 0.71
    22. 

  22.  *
    23. 

  23.  * @param int|bool $error         Whether there was an error.
    24. 

  24.  *                                Default '0'. Accepts '0' or '1', true or false.
    25. 

  25.  * @param string   $error_message Error message if an error occurred.
    26. 

  26.  */
    27. 

  27. function trackback_response( $error = 0, $error_message = '' ) {
    28. 

  28. 	header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) );
    29. 

  29. 	if ( $error ) {
    30. 

  30. 		echo '<?xml version="1.0" encoding="utf-8"?' . ">\n";
    31. 

  31. 		echo "<response>\n";
    32. 

  32. 		echo "<error>1</error>\n";
    33. 

  33. 		echo "<message>$error_message</message>\n";
    34. 

  34. 		echo '</response>';
    35. 

  35. 		die();
    36. 

  36. 	} else {
    37. 

  37. 		echo '<?xml version="1.0" encoding="utf-8"?' . ">\n";
    38. 

  38. 		echo "<response>\n";
    39. 

  39. 		echo "<error>0</error>\n";
    40. 

  40. 		echo '</response>';
    41. 

  41. 	}
    42. 

  42. }
    43. 

  43. 

  44. // Trackback is done by a POST.
    45. 

  45. $request_array = 'HTTP_POST_VARS';
    46. 

  46. 

  47. if ( ! isset( $_GET['tb_id'] ) || ! $_GET['tb_id'] ) {
    48. 

  48. 	$tb_id = explode( '/', $_SERVER['REQUEST_URI'] );
    49. 

  49. 	$tb_id = intval( $tb_id[ count( $tb_id ) - 1 ] );
    50. 

  50. }
    51. 

  51. 

  52. $tb_url  = isset( $_POST['url'] ) ? $_POST['url'] : '';
    53. 

  53. $charset = isset( $_POST['charset'] ) ? $_POST['charset'] : '';
    54. 

  54. 

  55. // These three are stripslashed here so they can be properly escaped after mb_convert_encoding().
    56. 

  56. $title     = isset( $_POST['title'] ) ? wp_unslash( $_POST['title'] ) : '';
    57. 

  57. $excerpt   = isset( $_POST['excerpt'] ) ? wp_unslash( $_POST['excerpt'] ) : '';
    58. 

  58. $blog_name = isset( $_POST['blog_name'] ) ? wp_unslash( $_POST['blog_name'] ) : '';
    59. 

  59. 

  60. if ( $charset ) {
    61. 

  61. 	$charset = str_replace( array( ',', ' ' ), '', strtoupper( trim( $charset ) ) );
    62. 

  62. } else {
    63. 

  63. 	$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
    64. 

  64. }
    65. 

  65. 

  66. // No valid uses for UTF-7.
    67. 

  67. if ( false !== strpos( $charset, 'UTF-7' ) ) {
    68. 

  68. 	die;
    69. 

  69. }
    70. 

  70. 

  71. // For international trackbacks.
    72. 

  72. if ( function_exists( 'mb_convert_encoding' ) ) {
    73. 

  73. 	$title     = mb_convert_encoding( $title, get_option( 'blog_charset' ), $charset );
    74. 

  74. 	$excerpt   = mb_convert_encoding( $excerpt, get_option( 'blog_charset' ), $charset );
    75. 

  75. 	$blog_name = mb_convert_encoding( $blog_name, get_option( 'blog_charset' ), $charset );
    76. 

  76. }
    77. 

  77. 

  78. // Now that mb_convert_encoding() has been given a swing, we need to escape these three.
    79. 

  79. $title     = wp_slash( $title );
    80. 

  80. $excerpt   = wp_slash( $excerpt );
    81. 

  81. $blog_name = wp_slash( $blog_name );
    82. 

  82. 

  83. if ( is_single() || is_page() ) {
    84. 

  84. 	$tb_id = $posts[0]->ID;
    85. 

  85. }
    86. 

  86. 

  87. if ( ! isset( $tb_id ) || ! intval( $tb_id ) ) {
    88. 

  88. 	trackback_response( 1, __( 'I really need an ID for this to work.' ) );
    89. 

  89. }
    90. 

  90. 

  91. if ( empty( $title ) && empty( $tb_url ) && empty( $blog_name ) ) {
    92. 

  92. 	// If it doesn't look like a trackback at all.
    93. 

  93. 	wp_redirect( get_permalink( $tb_id ) );
    94. 

  94. 	exit;
    95. 

  95. }
    96. 

  96. 

  97. if ( ! empty( $tb_url ) && ! empty( $title ) ) {
    98. 

  98. 	/**
    99. 

  99. 	 * Fires before the trackback is added to a post.
    100. 

  100. 	 *
    101. 

  101. 	 * @since 4.7.0
    102. 

  102. 	 *
    103. 

  103. 	 * @param int    $tb_id     Post ID related to the trackback.
    104. 

  104. 	 * @param string $tb_url    Trackback URL.
    105. 

  105. 	 * @param string $charset   Character Set.
    106. 

  106. 	 * @param string $title     Trackback Title.
    107. 

  107. 	 * @param string $excerpt   Trackback Excerpt.
    108. 

  108. 	 * @param string $blog_name Blog Name.
    109. 

  109. 	 */
    110. 

  110. 	do_action( 'pre_trackback_post', $tb_id, $tb_url, $charset, $title, $excerpt, $blog_name );
    111. 

  111. 

  112. 	header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) );
    113. 

  113. 

  114. 	if ( ! pings_open( $tb_id ) ) {
    115. 

  115. 		trackback_response( 1, __( 'Sorry, trackbacks are closed for this item.' ) );
    116. 

  116. 	}
    117. 

  117. 

  118. 	$title   = wp_html_excerpt( $title, 250, '&#8230;' );
    119. 

  119. 	$excerpt = wp_html_excerpt( $excerpt, 252, '&#8230;' );
    120. 

  120. 

  121. 	$comment_post_ID      = (int) $tb_id;
    122. 

  122. 	$comment_author       = $blog_name;
    123. 

  123. 	$comment_author_email = '';
    124. 

  124. 	$comment_author_url   = $tb_url;
    125. 

  125. 	$comment_content      = "<strong>$title</strong>\n\n$excerpt";
    126. 

  126. 	$comment_type         = 'trackback';
    127. 

  127. 

  128. 	$dupe = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url ) );
    129. 

  129. 	if ( $dupe ) {
    130. 

  130. 		trackback_response( 1, __( 'We already have a ping from that URL for this post.' ) );
    131. 

  131. 	}
    132. 

  132. 

  133. 	$commentdata = compact( 'comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type' );
    134. 

  134. 

  135. 	$result = wp_new_comment( $commentdata );
    136. 

  136. 

  137. 	if ( is_wp_error( $result ) ) {
    138. 

  138. 		trackback_response( 1, $result->get_error_message() );
    139. 

  139. 	}
    140. 

  140. 

  141. 	$trackback_id = $wpdb->insert_id;
    142. 

  142. 

  143. 	/**
    144. 

  144. 	 * Fires after a trackback is added to a post.
    145. 

  145. 	 *
    146. 

  146. 	 * @since 1.2.0
    147. 

  147. 	 *
    148. 

  148. 	 * @param int $trackback_id Trackback ID.
    149. 

  149. 	 */
    150. 

  150. 	do_action( 'trackback_post', $trackback_id );
    151. 

  151. 	trackback_response( 0 );
    152. 

  152. }
    153. 

  153.