mp-wp/wp-trackback.php [mp-wp

mp-wp/wp-trackback.php

1	<?php
2	/**
3	* Handle Trackbacks and Pingbacks sent to WordPress
4	*
5	* @package WordPress
6	*/
7
8	if (empty($wp)) {
9	require_once('./wp-load.php');
10	wp('tb=1');
11	}
12
13	/**
14	* trackback_response() - Respond with error or success XML message
15	*
16	* @param int\|bool $error Whether there was an error or not
17	* @param string $error_message Error message if an error occurred
18	*/
19
20	function trackback_response($error = 0, $error_message = '') {
21	header('Content-Type: text/xml; charset=' . get_option('blog_charset') );
22	if ($error) {
23	echo '<?xml version="1.0" encoding="utf-8"?'.">\n";
24	echo "<response>\n";
25	echo "<error>1</error>\n";
26	echo "<message>$error_message</message>\n";
27	echo "</response>";
28	die();
29	} else {
30	echo '<?xml version="1.0" encoding="utf-8"?'.">\n";
31	echo "<response>\n";
32	echo "<error>0</error>\n";
33	echo "</response>";
34	}
35	}
36
37	// trackback is done by a POST
38	$request_array = 'HTTP_POST_VARS';
39
40	if ( !$_GET['tb_id'] ) {
41	$tb_id = explode('/', $_SERVER['REQUEST_URI']);
42	$tb_id = intval( $tb_id[ count($tb_id) - 1 ] );
43	}
44
45	$tb_url = $_POST['url'];
46	$charset = $_POST['charset'];
47
48	// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
49	$title = stripslashes($_POST['title']);
50	$excerpt = stripslashes($_POST['excerpt']);
51	$blog_name = stripslashes($_POST['blog_name']);
52
53	if ($charset)
54	$charset = strtoupper( trim($charset) );
55	else
56	$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
57
58	// No valid uses for UTF-7
59	if ( false !== strpos($charset, 'UTF-7') )
60	die();
61
62	if ( function_exists('mb_convert_encoding') ) { // For international trackbacks
63	$title = mb_convert_encoding($title, get_option('blog_charset'), $charset);
64	$excerpt = mb_convert_encoding($excerpt, get_option('blog_charset'), $charset);
65	$blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset);
66	}
67
68	// Now that mb_convert_encoding() has been given a swing, we need to escape these three
69	$title = $wpdb->escape($title);
70	$excerpt = $wpdb->escape($excerpt);
71	$blog_name = $wpdb->escape($blog_name);
72
73	if ( is_single() \|\| is_page() )
74	$tb_id = $posts[0]->ID;
75
76	if ( !intval( $tb_id ) )
77	trackback_response(1, 'I really need an ID for this to work.');
78
79	if (empty($title) && empty($tb_url) && empty($blog_name)) {
80	// If it doesn't look like a trackback at all...
81	wp_redirect(get_permalink($tb_id));
82	exit;
83	}
84
85	if ( !empty($tb_url) && !empty($title) ) {
86	header('Content-Type: text/xml; charset=' . get_option('blog_charset') );
87
88	if ( !pings_open($tb_id) )
89	trackback_response(1, 'Sorry, trackbacks are closed for this item.');
90
91	$title = wp_html_excerpt( $title, 250 ).'...';
92	$excerpt = wp_html_excerpt( $excerpt, 252 ).'...';
93
94	$comment_post_ID = (int) $tb_id;
95	$comment_author = $blog_name;
96	$comment_author_email = '';
97	$comment_author_url = $tb_url;
98	$comment_content = "<strong>$title</strong>\n\n$excerpt";
99	$comment_type = 'trackback';
100
101	$dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) );
102	if ( $dupe )
103	trackback_response(1, 'We already have a ping from that URL for this post.');
104
105	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type');
106
107
108	if (gethostbyname(parse_url($tb_url, PHP_URL_HOST)) != $_SERVER['REMOTE_ADDR']) {
109	trackback_response(1, 'FU Spammer boy.');
110	exit;
111	}
112
113
114	wp_new_comment($commentdata);
115
116	do_action('trackback_post', $wpdb->insert_id);
117	trackback_response(0);
118	}
119	?>