Projects : mp-wp : mp-wp_genesis
1 | <?php |
2 | /** |
3 | * Handle Trackbacks and Pingbacks sent to WordPress |
4 | * |
5 | * @package WordPress |
6 | */ |
7 | |
8 | if (empty($wp)) { |
9 | require_once('./wp-load.php'); |
10 | wp('tb=1'); |
11 | } |
12 | |
13 | /** |
14 | * trackback_response() - Respond with error or success XML message |
15 | * |
16 | * @param int|bool $error Whether there was an error or not |
17 | * @param string $error_message Error message if an error occurred |
18 | */ |
19 | |
20 | function trackback_response($error = 0, $error_message = '') { |
21 | header('Content-Type: text/xml; charset=' . get_option('blog_charset') ); |
22 | if ($error) { |
23 | echo '<?xml version="1.0" encoding="utf-8"?'.">\n"; |
24 | echo "<response>\n"; |
25 | echo "<error>1</error>\n"; |
26 | echo "<message>$error_message</message>\n"; |
27 | echo "</response>"; |
28 | die(); |
29 | } else { |
30 | echo '<?xml version="1.0" encoding="utf-8"?'.">\n"; |
31 | echo "<response>\n"; |
32 | echo "<error>0</error>\n"; |
33 | echo "</response>"; |
34 | } |
35 | } |
36 | |
37 | // trackback is done by a POST |
38 | $request_array = 'HTTP_POST_VARS'; |
39 | |
40 | if ( !$_GET['tb_id'] ) { |
41 | $tb_id = explode('/', $_SERVER['REQUEST_URI']); |
42 | $tb_id = intval( $tb_id[ count($tb_id) - 1 ] ); |
43 | } |
44 | |
45 | $tb_url = $_POST['url']; |
46 | $charset = $_POST['charset']; |
47 | |
48 | // These three are stripslashed here so that they can be properly escaped after mb_convert_encoding() |
49 | $title = stripslashes($_POST['title']); |
50 | $excerpt = stripslashes($_POST['excerpt']); |
51 | $blog_name = stripslashes($_POST['blog_name']); |
52 | |
53 | if ($charset) |
54 | $charset = strtoupper( trim($charset) ); |
55 | else |
56 | $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS'; |
57 | |
58 | // No valid uses for UTF-7 |
59 | if ( false !== strpos($charset, 'UTF-7') ) |
60 | die(); |
61 | |
62 | if ( function_exists('mb_convert_encoding') ) { // For international trackbacks |
63 | $title = mb_convert_encoding($title, get_option('blog_charset'), $charset); |
64 | $excerpt = mb_convert_encoding($excerpt, get_option('blog_charset'), $charset); |
65 | $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset); |
66 | } |
67 | |
68 | // Now that mb_convert_encoding() has been given a swing, we need to escape these three |
69 | $title = $wpdb->escape($title); |
70 | $excerpt = $wpdb->escape($excerpt); |
71 | $blog_name = $wpdb->escape($blog_name); |
72 | |
73 | if ( is_single() || is_page() ) |
74 | $tb_id = $posts[0]->ID; |
75 | |
76 | if ( !intval( $tb_id ) ) |
77 | trackback_response(1, 'I really need an ID for this to work.'); |
78 | |
79 | if (empty($title) && empty($tb_url) && empty($blog_name)) { |
80 | // If it doesn't look like a trackback at all... |
81 | wp_redirect(get_permalink($tb_id)); |
82 | exit; |
83 | } |
84 | |
85 | if ( !empty($tb_url) && !empty($title) ) { |
86 | header('Content-Type: text/xml; charset=' . get_option('blog_charset') ); |
87 | |
88 | if ( !pings_open($tb_id) ) |
89 | trackback_response(1, 'Sorry, trackbacks are closed for this item.'); |
90 | |
91 | $title = wp_html_excerpt( $title, 250 ).'...'; |
92 | $excerpt = wp_html_excerpt( $excerpt, 252 ).'...'; |
93 | |
94 | $comment_post_ID = (int) $tb_id; |
95 | $comment_author = $blog_name; |
96 | $comment_author_email = ''; |
97 | $comment_author_url = $tb_url; |
98 | $comment_content = "<strong>$title</strong>\n\n$excerpt"; |
99 | $comment_type = 'trackback'; |
100 | |
101 | $dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) ); |
102 | if ( $dupe ) |
103 | trackback_response(1, 'We already have a ping from that URL for this post.'); |
104 | |
105 | $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type'); |
106 | |
107 | |
108 | if (gethostbyname(parse_url($tb_url, PHP_URL_HOST)) != $_SERVER['REMOTE_ADDR']) { |
109 | trackback_response(1, 'FU Spammer boy.'); |
110 | exit; |
111 | } |
112 | |
113 | |
114 | wp_new_comment($commentdata); |
115 | |
116 | do_action('trackback_post', $wpdb->insert_id); |
117 | trackback_response(0); |
118 | } |
119 | ?> |