11 if ( empty( $wp ) ) { |
11 if ( empty( $wp ) ) { |
12 require_once __DIR__ . '/wp-load.php'; |
12 require_once __DIR__ . '/wp-load.php'; |
13 wp( array( 'tb' => '1' ) ); |
13 wp( array( 'tb' => '1' ) ); |
14 } |
14 } |
15 |
15 |
|
16 // Always run as an unauthenticated user. |
|
17 wp_set_current_user( 0 ); |
|
18 |
16 /** |
19 /** |
17 * Response to a trackback. |
20 * Response to a trackback. |
18 * |
21 * |
19 * Responds with an error or success XML message. |
22 * Responds with an error or success XML message. |
20 * |
23 * |
21 * @since 0.71 |
24 * @since 0.71 |
22 * |
25 * |
23 * @param int|bool $error Whether there was an error. |
26 * @param int|bool $error Whether there was an error. |
24 * Default '0'. Accepts '0' or '1', true or false. |
27 * Default '0'. Accepts '0' or '1', true or false. |
25 * @param string $error_message Error message if an error occurred. |
28 * @param string $error_message Error message if an error occurred. Default empty string. |
26 */ |
29 */ |
27 function trackback_response( $error = 0, $error_message = '' ) { |
30 function trackback_response( $error = 0, $error_message = '' ) { |
28 header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) ); |
31 header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) ); |
|
32 |
29 if ( $error ) { |
33 if ( $error ) { |
30 echo '<?xml version="1.0" encoding="utf-8"?' . ">\n"; |
34 echo '<?xml version="1.0" encoding="utf-8"?' . ">\n"; |
31 echo "<response>\n"; |
35 echo "<response>\n"; |
32 echo "<error>1</error>\n"; |
36 echo "<error>1</error>\n"; |
33 echo "<message>$error_message</message>\n"; |
37 echo "<message>$error_message</message>\n"; |
39 echo "<error>0</error>\n"; |
43 echo "<error>0</error>\n"; |
40 echo '</response>'; |
44 echo '</response>'; |
41 } |
45 } |
42 } |
46 } |
43 |
47 |
44 // Trackback is done by a POST. |
|
45 $request_array = 'HTTP_POST_VARS'; |
|
46 |
|
47 if ( ! isset( $_GET['tb_id'] ) || ! $_GET['tb_id'] ) { |
48 if ( ! isset( $_GET['tb_id'] ) || ! $_GET['tb_id'] ) { |
48 $tb_id = explode( '/', $_SERVER['REQUEST_URI'] ); |
49 $post_id = explode( '/', $_SERVER['REQUEST_URI'] ); |
49 $tb_id = (int) $tb_id[ count( $tb_id ) - 1 ]; |
50 $post_id = (int) $post_id[ count( $post_id ) - 1 ]; |
50 } |
51 } |
51 |
52 |
52 $tb_url = isset( $_POST['url'] ) ? $_POST['url'] : ''; |
53 $trackback_url = isset( $_POST['url'] ) ? $_POST['url'] : ''; |
53 $charset = isset( $_POST['charset'] ) ? $_POST['charset'] : ''; |
54 $charset = isset( $_POST['charset'] ) ? $_POST['charset'] : ''; |
54 |
55 |
55 // These three are stripslashed here so they can be properly escaped after mb_convert_encoding(). |
56 // These three are stripslashed here so they can be properly escaped after mb_convert_encoding(). |
56 $title = isset( $_POST['title'] ) ? wp_unslash( $_POST['title'] ) : ''; |
57 $title = isset( $_POST['title'] ) ? wp_unslash( $_POST['title'] ) : ''; |
57 $excerpt = isset( $_POST['excerpt'] ) ? wp_unslash( $_POST['excerpt'] ) : ''; |
58 $excerpt = isset( $_POST['excerpt'] ) ? wp_unslash( $_POST['excerpt'] ) : ''; |
58 $blog_name = isset( $_POST['blog_name'] ) ? wp_unslash( $_POST['blog_name'] ) : ''; |
59 $blog_name = isset( $_POST['blog_name'] ) ? wp_unslash( $_POST['blog_name'] ) : ''; |
62 } else { |
63 } else { |
63 $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS'; |
64 $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS'; |
64 } |
65 } |
65 |
66 |
66 // No valid uses for UTF-7. |
67 // No valid uses for UTF-7. |
67 if ( false !== strpos( $charset, 'UTF-7' ) ) { |
68 if ( str_contains( $charset, 'UTF-7' ) ) { |
68 die; |
69 die; |
69 } |
70 } |
70 |
71 |
71 // For international trackbacks. |
72 // For international trackbacks. |
72 if ( function_exists( 'mb_convert_encoding' ) ) { |
73 if ( function_exists( 'mb_convert_encoding' ) ) { |
73 $title = mb_convert_encoding( $title, get_option( 'blog_charset' ), $charset ); |
74 $title = mb_convert_encoding( $title, get_option( 'blog_charset' ), $charset ); |
74 $excerpt = mb_convert_encoding( $excerpt, get_option( 'blog_charset' ), $charset ); |
75 $excerpt = mb_convert_encoding( $excerpt, get_option( 'blog_charset' ), $charset ); |
75 $blog_name = mb_convert_encoding( $blog_name, get_option( 'blog_charset' ), $charset ); |
76 $blog_name = mb_convert_encoding( $blog_name, get_option( 'blog_charset' ), $charset ); |
76 } |
77 } |
77 |
78 |
78 // Now that mb_convert_encoding() has been given a swing, we need to escape these three. |
79 // Escape values to use in the trackback. |
79 $title = wp_slash( $title ); |
80 $title = wp_slash( $title ); |
80 $excerpt = wp_slash( $excerpt ); |
81 $excerpt = wp_slash( $excerpt ); |
81 $blog_name = wp_slash( $blog_name ); |
82 $blog_name = wp_slash( $blog_name ); |
82 |
83 |
83 if ( is_single() || is_page() ) { |
84 if ( is_single() || is_page() ) { |
84 $tb_id = $posts[0]->ID; |
85 $post_id = $posts[0]->ID; |
85 } |
86 } |
86 |
87 |
87 if ( ! isset( $tb_id ) || ! (int) $tb_id ) { |
88 if ( ! isset( $post_id ) || ! (int) $post_id ) { |
88 trackback_response( 1, __( 'I really need an ID for this to work.' ) ); |
89 trackback_response( 1, __( 'I really need an ID for this to work.' ) ); |
89 } |
90 } |
90 |
91 |
91 if ( empty( $title ) && empty( $tb_url ) && empty( $blog_name ) ) { |
92 if ( empty( $title ) && empty( $trackback_url ) && empty( $blog_name ) ) { |
92 // If it doesn't look like a trackback at all. |
93 // If it doesn't look like a trackback at all. |
93 wp_redirect( get_permalink( $tb_id ) ); |
94 wp_redirect( get_permalink( $post_id ) ); |
94 exit; |
95 exit; |
95 } |
96 } |
96 |
97 |
97 if ( ! empty( $tb_url ) && ! empty( $title ) ) { |
98 if ( ! empty( $trackback_url ) && ! empty( $title ) ) { |
98 /** |
99 /** |
99 * Fires before the trackback is added to a post. |
100 * Fires before the trackback is added to a post. |
100 * |
101 * |
101 * @since 4.7.0 |
102 * @since 4.7.0 |
102 * |
103 * |
103 * @param int $tb_id Post ID related to the trackback. |
104 * @param int $post_id Post ID related to the trackback. |
104 * @param string $tb_url Trackback URL. |
105 * @param string $trackback_url Trackback URL. |
105 * @param string $charset Character Set. |
106 * @param string $charset Character set. |
106 * @param string $title Trackback Title. |
107 * @param string $title Trackback title. |
107 * @param string $excerpt Trackback Excerpt. |
108 * @param string $excerpt Trackback excerpt. |
108 * @param string $blog_name Blog Name. |
109 * @param string $blog_name Site name. |
109 */ |
110 */ |
110 do_action( 'pre_trackback_post', $tb_id, $tb_url, $charset, $title, $excerpt, $blog_name ); |
111 do_action( 'pre_trackback_post', $post_id, $trackback_url, $charset, $title, $excerpt, $blog_name ); |
111 |
112 |
112 header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) ); |
113 header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) ); |
113 |
114 |
114 if ( ! pings_open( $tb_id ) ) { |
115 if ( ! pings_open( $post_id ) ) { |
115 trackback_response( 1, __( 'Sorry, trackbacks are closed for this item.' ) ); |
116 trackback_response( 1, __( 'Sorry, trackbacks are closed for this item.' ) ); |
116 } |
117 } |
117 |
118 |
118 $title = wp_html_excerpt( $title, 250, '…' ); |
119 $title = wp_html_excerpt( $title, 250, '…' ); |
119 $excerpt = wp_html_excerpt( $excerpt, 252, '…' ); |
120 $excerpt = wp_html_excerpt( $excerpt, 252, '…' ); |
120 |
121 |
121 $comment_post_ID = (int) $tb_id; |
122 $comment_post_id = (int) $post_id; |
122 $comment_author = $blog_name; |
123 $comment_author = $blog_name; |
123 $comment_author_email = ''; |
124 $comment_author_email = ''; |
124 $comment_author_url = $tb_url; |
125 $comment_author_url = $trackback_url; |
125 $comment_content = "<strong>$title</strong>\n\n$excerpt"; |
126 $comment_content = "<strong>$title</strong>\n\n$excerpt"; |
126 $comment_type = 'trackback'; |
127 $comment_type = 'trackback'; |
127 |
128 |
128 $dupe = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url ) ); |
129 $dupe = $wpdb->get_results( |
|
130 $wpdb->prepare( |
|
131 "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", |
|
132 $comment_post_id, |
|
133 $comment_author_url |
|
134 ) |
|
135 ); |
|
136 |
129 if ( $dupe ) { |
137 if ( $dupe ) { |
130 trackback_response( 1, __( 'There is already a ping from that URL for this post.' ) ); |
138 trackback_response( 1, __( 'There is already a ping from that URL for this post.' ) ); |
131 } |
139 } |
132 |
140 |
133 $commentdata = compact( 'comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type' ); |
141 $commentdata = array( |
|
142 'comment_post_ID' => $comment_post_id, |
|
143 ); |
|
144 |
|
145 $commentdata += compact( |
|
146 'comment_author', |
|
147 'comment_author_email', |
|
148 'comment_author_url', |
|
149 'comment_content', |
|
150 'comment_type' |
|
151 ); |
134 |
152 |
135 $result = wp_new_comment( $commentdata ); |
153 $result = wp_new_comment( $commentdata ); |
136 |
154 |
137 if ( is_wp_error( $result ) ) { |
155 if ( is_wp_error( $result ) ) { |
138 trackback_response( 1, $result->get_error_message() ); |
156 trackback_response( 1, $result->get_error_message() ); |