[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Handle Trackbacks and Pingbacks Sent to WordPress
   4   *
   5   * @since 0.71
   6   *
   7   * @package WordPress
   8   * @subpackage Trackbacks
   9   */
  10  
  11  if ( empty( $wp ) ) {
  12      require_once  __DIR__ . '/wp-load.php';
  13      wp( array( 'tb' => '1' ) );
  14  }
  15  
  16  /**
  17   * Response to a trackback.
  18   *
  19   * Responds with an error or success XML message.
  20   *
  21   * @since 0.71
  22   *
  23   * @param int|bool $error         Whether there was an error.
  24   *                                Default '0'. Accepts '0' or '1', true or false.
  25   * @param string   $error_message Error message if an error occurred.
  26   */
  27  function trackback_response( $error = 0, $error_message = '' ) {
  28      header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) );
  29      if ( $error ) {
  30          echo '<?xml version="1.0" encoding="utf-8"?' . ">\n";
  31          echo "<response>\n";
  32          echo "<error>1</error>\n";
  33          echo "<message>$error_message</message>\n";
  34          echo '</response>';
  35          die();
  36      } else {
  37          echo '<?xml version="1.0" encoding="utf-8"?' . ">\n";
  38          echo "<response>\n";
  39          echo "<error>0</error>\n";
  40          echo '</response>';
  41      }
  42  }
  43  
  44  // Trackback is done by a POST.
  45  $request_array = 'HTTP_POST_VARS';
  46  
  47  if ( ! isset( $_GET['tb_id'] ) || ! $_GET['tb_id'] ) {
  48      $tb_id = explode( '/', $_SERVER['REQUEST_URI'] );
  49      $tb_id = (int) $tb_id[ count( $tb_id ) - 1 ];
  50  }
  51  
  52  $tb_url  = isset( $_POST['url'] ) ? $_POST['url'] : '';
  53  $charset = isset( $_POST['charset'] ) ? $_POST['charset'] : '';
  54  
  55  // These three are stripslashed here so they can be properly escaped after mb_convert_encoding().
  56  $title     = isset( $_POST['title'] ) ? wp_unslash( $_POST['title'] ) : '';
  57  $excerpt   = isset( $_POST['excerpt'] ) ? wp_unslash( $_POST['excerpt'] ) : '';
  58  $blog_name = isset( $_POST['blog_name'] ) ? wp_unslash( $_POST['blog_name'] ) : '';
  59  
  60  if ( $charset ) {
  61      $charset = str_replace( array( ',', ' ' ), '', strtoupper( trim( $charset ) ) );
  62  } else {
  63      $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
  64  }
  65  
  66  // No valid uses for UTF-7.
  67  if ( false !== strpos( $charset, 'UTF-7' ) ) {
  68      die;
  69  }
  70  
  71  // For international trackbacks.
  72  if ( function_exists( 'mb_convert_encoding' ) ) {
  73      $title     = mb_convert_encoding( $title, get_option( 'blog_charset' ), $charset );
  74      $excerpt   = mb_convert_encoding( $excerpt, get_option( 'blog_charset' ), $charset );
  75      $blog_name = mb_convert_encoding( $blog_name, get_option( 'blog_charset' ), $charset );
  76  }
  77  
  78  // Now that mb_convert_encoding() has been given a swing, we need to escape these three.
  79  $title     = wp_slash( $title );
  80  $excerpt   = wp_slash( $excerpt );
  81  $blog_name = wp_slash( $blog_name );
  82  
  83  if ( is_single() || is_page() ) {
  84      $tb_id = $posts[0]->ID;
  85  }
  86  
  87  if ( ! isset( $tb_id ) || ! (int) $tb_id ) {
  88      trackback_response( 1, __( 'I really need an ID for this to work.' ) );
  89  }
  90  
  91  if ( empty( $title ) && empty( $tb_url ) && empty( $blog_name ) ) {
  92      // If it doesn't look like a trackback at all.
  93      wp_redirect( get_permalink( $tb_id ) );
  94      exit;
  95  }
  96  
  97  if ( ! empty( $tb_url ) && ! empty( $title ) ) {
  98      /**
  99       * Fires before the trackback is added to a post.
 100       *
 101       * @since 4.7.0
 102       *
 103       * @param int    $tb_id     Post ID related to the trackback.
 104       * @param string $tb_url    Trackback URL.
 105       * @param string $charset   Character Set.
 106       * @param string $title     Trackback Title.
 107       * @param string $excerpt   Trackback Excerpt.
 108       * @param string $blog_name Blog Name.
 109       */
 110      do_action( 'pre_trackback_post', $tb_id, $tb_url, $charset, $title, $excerpt, $blog_name );
 111  
 112      header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) );
 113  
 114      if ( ! pings_open( $tb_id ) ) {
 115          trackback_response( 1, __( 'Sorry, trackbacks are closed for this item.' ) );
 116      }
 117  
 118      $title   = wp_html_excerpt( $title, 250, '&#8230;' );
 119      $excerpt = wp_html_excerpt( $excerpt, 252, '&#8230;' );
 120  
 121      $comment_post_ID      = (int) $tb_id;
 122      $comment_author       = $blog_name;
 123      $comment_author_email = '';
 124      $comment_author_url   = $tb_url;
 125      $comment_content      = "<strong>$title</strong>\n\n$excerpt";
 126      $comment_type         = 'trackback';
 127  
 128      $dupe = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url ) );
 129      if ( $dupe ) {
 130          trackback_response( 1, __( 'There is already a ping from that URL for this post.' ) );
 131      }
 132  
 133      $commentdata = compact( 'comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type' );
 134  
 135      $result = wp_new_comment( $commentdata );
 136  
 137      if ( is_wp_error( $result ) ) {
 138          trackback_response( 1, $result->get_error_message() );
 139      }
 140  
 141      $trackback_id = $wpdb->insert_id;
 142  
 143      /**
 144       * Fires after a trackback is added to a post.
 145       *
 146       * @since 1.2.0
 147       *
 148       * @param int $trackback_id Trackback ID.
 149       */
 150      do_action( 'trackback_post', $trackback_id );
 151      trackback_response( 0 );
 152  }