2013-10-25 00:58:23 +02:00
< ? php
/**
* Handle Trackbacks and Pingbacks Sent to WordPress
*
* @ since 0.71
*
* @ package WordPress
* @ subpackage Trackbacks
*/
2017-12-01 00:11:00 +01:00
if ( empty ( $wp ) ) {
2020-02-06 07:33:11 +01:00
require_once __DIR__ . '/wp-load.php' ;
2013-10-25 00:58:23 +02:00
wp ( array ( 'tb' => '1' ) );
}
Grouped backports to the 5.8 branch.
- Editor: Bump @wordpress packages for the 5.9 branch,
- Media: Refactor search by filename within the admin,
- REST API: Lockdown post parameter of the terms endpoint,
- Customize: Escape blogname option in underscores templates,
- Query: Validate relation in `WP_Date_Query`,
- Users: Revert use of shared objects for current user,
- Posts, Post types: Apply KSES to post-by-email content,
- General: Validate host on "Are you sure?" screen,
- Posts, Post types: Remove emails from post-by-email logs,
- Pings/trackbacks: Apply KSES to all trackbacks,
- Mail: Reset PHPMailer properties between use,
- Comments: Apply kses when editing comments,
- Widgets: Escape RSS error messages for display.
Merges [54521-54530] to the 5.8 branch.
Props audrasjb, costdev, cu121, dd32, davidbaumwald, ehtis, johnbillion, johnjamesjacoby, martinkrcho, matveb, oztaser, paulkevan, peterwilsoncc, ravipatel, SergeyBiryukov, talldanwp, timothyblynjacobs, tykoted, voldemortensen, vortfu, xknown.
Built from https://develop.svn.wordpress.org/branches/5.8@54548
git-svn-id: http://core.svn.wordpress.org/branches/5.8@54103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 19:48:01 +02:00
// Always run as an unauthenticated user.
wp_set_current_user ( 0 );
2013-10-25 00:58:23 +02:00
/**
* Response to a trackback .
*
* Responds with an error or success XML message .
*
* @ since 0.71
*
2019-11-05 22:23:02 +01:00
* @ param int | bool $error Whether there was an error .
* Default '0' . Accepts '0' or '1' , true or false .
* @ param string $error_message Error message if an error occurred .
2013-10-25 00:58:23 +02:00
*/
2017-12-01 00:11:00 +01:00
function trackback_response ( $error = 0 , $error_message = '' ) {
header ( 'Content-Type: text/xml; charset=' . get_option ( 'blog_charset' ) );
if ( $error ) {
echo '<?xml version="1.0" encoding="utf-8"?' . " > \n " ;
2013-10-25 00:58:23 +02:00
echo " <response> \n " ;
echo " <error>1</error> \n " ;
echo " <message> $error_message </message> \n " ;
2017-12-01 00:11:00 +01:00
echo '</response>' ;
2013-10-25 00:58:23 +02:00
die ();
} else {
2017-12-01 00:11:00 +01:00
echo '<?xml version="1.0" encoding="utf-8"?' . " > \n " ;
2013-10-25 00:58:23 +02:00
echo " <response> \n " ;
echo " <error>0</error> \n " ;
2017-12-01 00:11:00 +01:00
echo '</response>' ;
2013-10-25 00:58:23 +02:00
}
}
// Trackback is done by a POST.
$request_array = 'HTTP_POST_VARS' ;
2017-12-01 00:11:00 +01:00
if ( ! isset ( $_GET [ 'tb_id' ] ) || ! $_GET [ 'tb_id' ] ) {
$tb_id = explode ( '/' , $_SERVER [ 'REQUEST_URI' ] );
2020-10-08 23:15:13 +02:00
$tb_id = ( int ) $tb_id [ count ( $tb_id ) - 1 ];
2013-10-25 00:58:23 +02:00
}
2017-12-01 00:11:00 +01:00
$tb_url = isset ( $_POST [ 'url' ] ) ? $_POST [ 'url' ] : '' ;
$charset = isset ( $_POST [ 'charset' ] ) ? $_POST [ 'charset' ] : '' ;
2013-10-25 00:58:23 +02:00
// These three are stripslashed here so they can be properly escaped after mb_convert_encoding().
2017-12-01 00:11:00 +01:00
$title = isset ( $_POST [ 'title' ] ) ? wp_unslash ( $_POST [ 'title' ] ) : '' ;
$excerpt = isset ( $_POST [ 'excerpt' ] ) ? wp_unslash ( $_POST [ 'excerpt' ] ) : '' ;
$blog_name = isset ( $_POST [ 'blog_name' ] ) ? wp_unslash ( $_POST [ 'blog_name' ] ) : '' ;
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
if ( $charset ) {
$charset = str_replace ( array ( ',' , ' ' ), '' , strtoupper ( trim ( $charset ) ) );
} else {
2013-10-25 00:58:23 +02:00
$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS' ;
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
// No valid uses for UTF-7.
2017-12-01 00:11:00 +01:00
if ( false !== strpos ( $charset , 'UTF-7' ) ) {
2013-10-25 00:58:23 +02:00
die ;
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
// For international trackbacks.
2017-12-01 00:11:00 +01:00
if ( function_exists ( 'mb_convert_encoding' ) ) {
$title = mb_convert_encoding ( $title , get_option ( 'blog_charset' ), $charset );
$excerpt = mb_convert_encoding ( $excerpt , get_option ( 'blog_charset' ), $charset );
$blog_name = mb_convert_encoding ( $blog_name , get_option ( 'blog_charset' ), $charset );
2013-10-25 00:58:23 +02:00
}
// Now that mb_convert_encoding() has been given a swing, we need to escape these three.
2017-12-01 00:11:00 +01:00
$title = wp_slash ( $title );
$excerpt = wp_slash ( $excerpt );
$blog_name = wp_slash ( $blog_name );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
if ( is_single () || is_page () ) {
2013-10-25 00:58:23 +02:00
$tb_id = $posts [ 0 ] -> ID ;
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
2020-10-08 23:15:13 +02:00
if ( ! isset ( $tb_id ) || ! ( int ) $tb_id ) {
2016-10-06 20:09:29 +02:00
trackback_response ( 1 , __ ( 'I really need an ID for this to work.' ) );
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
if ( empty ( $title ) && empty ( $tb_url ) && empty ( $blog_name ) ) {
2013-10-25 00:58:23 +02:00
// If it doesn't look like a trackback at all.
2017-12-01 00:11:00 +01:00
wp_redirect ( get_permalink ( $tb_id ) );
2013-10-25 00:58:23 +02:00
exit ;
}
2017-12-01 00:11:00 +01:00
if ( ! empty ( $tb_url ) && ! empty ( $title ) ) {
2016-10-14 21:39:28 +02:00
/**
2017-12-01 00:11:00 +01:00
* Fires before the trackback is added to a post .
*
* @ since 4.7 . 0
*
* @ param int $tb_id Post ID related to the trackback .
* @ param string $tb_url Trackback URL .
* @ param string $charset Character Set .
* @ param string $title Trackback Title .
* @ param string $excerpt Trackback Excerpt .
* @ param string $blog_name Blog Name .
*/
2016-10-14 21:39:28 +02:00
do_action ( 'pre_trackback_post' , $tb_id , $tb_url , $charset , $title , $excerpt , $blog_name );
2017-12-01 00:11:00 +01:00
header ( 'Content-Type: text/xml; charset=' . get_option ( 'blog_charset' ) );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
if ( ! pings_open ( $tb_id ) ) {
2016-10-06 20:09:29 +02:00
trackback_response ( 1 , __ ( 'Sorry, trackbacks are closed for this item.' ) );
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
$title = wp_html_excerpt ( $title , 250 , '…' );
2013-10-25 00:58:23 +02:00
$excerpt = wp_html_excerpt ( $excerpt , 252 , '…' );
2017-12-01 00:11:00 +01:00
$comment_post_ID = ( int ) $tb_id ;
$comment_author = $blog_name ;
2013-10-25 00:58:23 +02:00
$comment_author_email = '' ;
2017-12-01 00:11:00 +01:00
$comment_author_url = $tb_url ;
$comment_content = " <strong> $title </strong> \n \n $excerpt " ;
$comment_type = 'trackback' ;
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
$dupe = $wpdb -> get_results ( $wpdb -> prepare ( " SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s " , $comment_post_ID , $comment_author_url ) );
if ( $dupe ) {
2016-10-06 20:09:29 +02:00
trackback_response ( 1 , __ ( 'We already have a ping from that URL for this post.' ) );
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
$commentdata = compact ( 'comment_post_ID' , 'comment_author' , 'comment_author_email' , 'comment_author_url' , 'comment_content' , 'comment_type' );
2013-10-25 00:58:23 +02:00
2017-10-24 00:12:51 +02:00
$result = wp_new_comment ( $commentdata );
if ( is_wp_error ( $result ) ) {
trackback_response ( 1 , $result -> get_error_message () );
}
2013-10-25 00:58:23 +02:00
$trackback_id = $wpdb -> insert_id ;
/**
* Fires after a trackback is added to a post .
*
* @ since 1.2 . 0
*
* @ param int $trackback_id Trackback ID .
*/
do_action ( 'trackback_post' , $trackback_id );
trackback_response ( 0 );
}