WordPress.org

Make WordPress Core

Ticket #10758: 10758-wp-trackback.patch

File 10758-wp-trackback.patch, 1.4 KB (added by hakre, 5 years ago)
  • wp-trackback.php

     
    3636// trackback is done by a POST 
    3737$request_array = 'HTTP_POST_VARS'; 
    3838 
    39 if ( !$_GET['tb_id'] ) { 
     39if ( !isset($_GET['tb_id']) || !$_GET['tb_id'] ) { 
    4040        $tb_id = explode('/', $_SERVER['REQUEST_URI']); 
    4141        $tb_id = intval( $tb_id[ count($tb_id) - 1 ] ); 
    4242} 
    4343 
    44 $tb_url  = $_POST['url']; 
    45 $charset = $_POST['charset']; 
     44$tb_url  = isset($_POST['url'])     ? $_POST['url']     : ''; 
     45$charset = isset($_POST['charset']) ? $_POST['charset'] : ''; 
    4646 
    4747// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding() 
    48 $title     = stripslashes($_POST['title']); 
    49 $excerpt   = stripslashes($_POST['excerpt']); 
    50 $blog_name = stripslashes($_POST['blog_name']); 
     48$title     = isset($_POST['title'])     ? stripslashes($_POST['title'])      : ''; 
     49$excerpt   = isset($_POST['excerpt'])   ? stripslashes($_POST['excerpt'])    : ''; 
     50$blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name'])  : ''; 
    5151 
    5252if ($charset) 
    5353        $charset = strtoupper( trim($charset) ); 
     
    7272if ( is_single() || is_page() ) 
    7373        $tb_id = $posts[0]->ID; 
    7474 
    75 if ( !intval( $tb_id ) ) 
     75if ( !isset($tb_id) || !intval( $tb_id ) ) 
    7676        trackback_response(1, 'I really need an ID for this to work.'); 
    7777 
    7878if (empty($title) && empty($tb_url) && empty($blog_name)) {